]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
33388b44 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
3eeaab4b | 10 | #include <openssl/opensslconf.h> |
1ae56f2f RS |
11 | |
12 | #include <stdio.h> | |
13 | #include <string.h> | |
14 | #include <sys/types.h> | |
15 | #include <sys/stat.h> | |
16 | #include "apps.h" | |
17 | #include "progs.h" | |
18 | #include <openssl/bio.h> | |
19 | #include <openssl/err.h> | |
20 | #include <openssl/bn.h> | |
21 | #include <openssl/rsa.h> | |
22 | #include <openssl/evp.h> | |
23 | #include <openssl/x509.h> | |
24 | #include <openssl/pem.h> | |
25 | #include <openssl/rand.h> | |
26 | ||
27 | #define DEFBITS 2048 | |
28 | #define DEFPRIMES 2 | |
d02b48c6 | 29 | |
c43fa566 PP |
30 | static int verbose = 0; |
31 | ||
8f7e1f68 | 32 | static int genrsa_cb(EVP_PKEY_CTX *ctx); |
667ac4ec | 33 | |
7e1b7485 RS |
34 | typedef enum OPTION_choice { |
35 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
8bf37709 SL |
36 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
37 | OPT_3, | |
38 | #endif | |
39 | OPT_F4, OPT_ENGINE, | |
c43fa566 | 40 | OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, |
10203a34 | 41 | OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL |
7e1b7485 | 42 | } OPTION_CHOICE; |
667ac4ec | 43 | |
44c83ebd | 44 | const OPTIONS genrsa_options[] = { |
92de469f | 45 | {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"}, |
5388f986 RS |
46 | |
47 | OPT_SECTION("General"), | |
7e1b7485 | 48 | {"help", OPT_HELP, '-', "Display this summary"}, |
1ae56f2f | 49 | #ifndef OPENSSL_NO_ENGINE |
5388f986 | 50 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, |
1ae56f2f | 51 | #endif |
5388f986 RS |
52 | |
53 | OPT_SECTION("Input"), | |
8bf37709 SL |
54 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
55 | {"3", OPT_3, '-', "(deprecated) Use 3 for the E value"}, | |
56 | #endif | |
57 | {"F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, | |
58 | {"f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, | |
5388f986 RS |
59 | |
60 | OPT_SECTION("Output"), | |
6f007824 | 61 | {"out", OPT_OUT, '>', "Output the key to specified file"}, |
7e1b7485 | 62 | {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, |
665d899f | 63 | {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, |
c43fa566 | 64 | {"verbose", OPT_VERBOSE, '-', "Verbose output"}, |
10203a34 KR |
65 | {"traditional", OPT_TRADITIONAL, '-', |
66 | "Use traditional format for private keys"}, | |
5388f986 RS |
67 | {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, |
68 | ||
69 | OPT_R_OPTIONS, | |
6bd4e3f2 | 70 | OPT_PROV_OPTIONS, |
92de469f RS |
71 | |
72 | OPT_PARAMETERS(), | |
73 | {"numbits", 0, 0, "Size of key in bits"}, | |
7e1b7485 RS |
74 | {NULL} |
75 | }; | |
76 | ||
77 | int genrsa_main(int argc, char **argv) | |
78 | { | |
79 | BN_GENCB *cb = BN_GENCB_new(); | |
9862e9aa | 80 | ENGINE *eng = NULL; |
7e1b7485 RS |
81 | BIGNUM *bn = BN_new(); |
82 | BIO *out = NULL; | |
8f7e1f68 P |
83 | EVP_PKEY *pkey = NULL; |
84 | EVP_PKEY_CTX *ctx = NULL; | |
0f113f3e | 85 | const EVP_CIPHER *enc = NULL; |
665d899f | 86 | int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES; |
0f113f3e | 87 | unsigned long f4 = RSA_F4; |
7e1b7485 | 88 | char *outfile = NULL, *passoutarg = NULL, *passout = NULL; |
3ee1eac2 | 89 | char *prog, *hexe, *dece; |
7e1b7485 | 90 | OPTION_CHOICE o; |
10203a34 | 91 | int traditional = 0; |
348d0d14 | 92 | |
96487cdd | 93 | if (bn == NULL || cb == NULL) |
7e1b7485 | 94 | goto end; |
348d0d14 | 95 | |
7e1b7485 RS |
96 | prog = opt_init(argc, argv, genrsa_options); |
97 | while ((o = opt_next()) != OPT_EOF) { | |
98 | switch (o) { | |
99 | case OPT_EOF: | |
100 | case OPT_ERR: | |
c27363f5 | 101 | opthelp: |
7e1b7485 RS |
102 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); |
103 | goto end; | |
104 | case OPT_HELP: | |
105 | ret = 0; | |
106 | opt_help(genrsa_options); | |
107 | goto end; | |
8bf37709 | 108 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
7e1b7485 | 109 | case OPT_3: |
8f7e1f68 | 110 | f4 = RSA_3; |
7e1b7485 | 111 | break; |
8bf37709 | 112 | #endif |
7e1b7485 | 113 | case OPT_F4: |
0f113f3e | 114 | f4 = RSA_F4; |
7e1b7485 | 115 | break; |
7e1b7485 RS |
116 | case OPT_OUT: |
117 | outfile = opt_arg(); | |
902c6b95 | 118 | break; |
7e1b7485 | 119 | case OPT_ENGINE: |
9862e9aa | 120 | eng = setup_engine(opt_arg(), 0); |
7e1b7485 | 121 | break; |
3ee1eac2 RS |
122 | case OPT_R_CASES: |
123 | if (!opt_rand(o)) | |
124 | goto end; | |
7e1b7485 | 125 | break; |
6bd4e3f2 P |
126 | case OPT_PROV_CASES: |
127 | if (!opt_provider(o)) | |
128 | goto end; | |
129 | break; | |
7e1b7485 RS |
130 | case OPT_PASSOUT: |
131 | passoutarg = opt_arg(); | |
132 | break; | |
133 | case OPT_CIPHER: | |
134 | if (!opt_cipher(opt_unknown(), &enc)) | |
135 | goto end; | |
136 | break; | |
665d899f PY |
137 | case OPT_PRIMES: |
138 | if (!opt_int(opt_arg(), &primes)) | |
139 | goto end; | |
140 | break; | |
c43fa566 PP |
141 | case OPT_VERBOSE: |
142 | verbose = 1; | |
143 | break; | |
10203a34 KR |
144 | case OPT_TRADITIONAL: |
145 | traditional = 1; | |
146 | break; | |
7e1b7485 | 147 | } |
0f113f3e | 148 | } |
021410ea RS |
149 | |
150 | /* One optional argument, the bitsize. */ | |
7e1b7485 RS |
151 | argc = opt_num_rest(); |
152 | argv = opt_rest(); | |
a3fe382e | 153 | |
c27363f5 RS |
154 | if (argc == 1) { |
155 | if (!opt_int(argv[0], &num) || num <= 0) | |
156 | goto end; | |
0336df2f GS |
157 | if (num > OPENSSL_RSA_MAX_MODULUS_BITS) |
158 | BIO_printf(bio_err, | |
159 | "Warning: It is not recommended to use more than %d bit for RSA keys.\n" | |
160 | " Your key size is %d! Larger key size may behave not as expected.\n", | |
161 | OPENSSL_RSA_MAX_MODULUS_BITS, num); | |
c27363f5 RS |
162 | } else if (argc > 0) { |
163 | BIO_printf(bio_err, "Extra arguments given.\n"); | |
164 | goto opthelp; | |
165 | } | |
a3fe382e | 166 | |
51e5df0e | 167 | app_RAND_load(); |
c27363f5 | 168 | private = 1; |
7e1b7485 | 169 | if (!app_passwd(NULL, passoutarg, NULL, &passout)) { |
0f113f3e | 170 | BIO_printf(bio_err, "Error getting password\n"); |
7e1b7485 | 171 | goto end; |
0f113f3e | 172 | } |
5270e702 | 173 | |
bdd58d98 | 174 | out = bio_open_owner(outfile, FORMAT_PEM, private); |
7e1b7485 RS |
175 | if (out == NULL) |
176 | goto end; | |
d02b48c6 | 177 | |
7c9a7cf1 | 178 | if (!init_gen_str(&ctx, "RSA", eng, 0, NULL, NULL)) |
8f7e1f68 P |
179 | goto end; |
180 | ||
181 | EVP_PKEY_CTX_set_cb(ctx, genrsa_cb); | |
182 | EVP_PKEY_CTX_set_app_data(ctx, bio_err); | |
183 | ||
184 | if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, num) <= 0) { | |
185 | BIO_printf(bio_err, "Error setting RSA length\n"); | |
186 | goto end; | |
187 | } | |
188 | if (!BN_set_word(bn, f4)) { | |
189 | BIO_printf(bio_err, "Error allocating RSA public exponent\n"); | |
190 | goto end; | |
191 | } | |
3786d748 | 192 | if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, bn) <= 0) { |
8f7e1f68 P |
193 | BIO_printf(bio_err, "Error setting RSA public exponent\n"); |
194 | goto end; | |
195 | } | |
196 | if (EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) <= 0) { | |
197 | BIO_printf(bio_err, "Error setting number of primes\n"); | |
198 | goto end; | |
199 | } | |
c43fa566 PP |
200 | if (verbose) |
201 | BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n", | |
202 | num, primes); | |
8f7e1f68 P |
203 | if (!EVP_PKEY_keygen(ctx, &pkey)) { |
204 | BIO_printf(bio_err, "Error generating RSA key\n"); | |
7e1b7485 | 205 | goto end; |
8f7e1f68 | 206 | } |
dc03504d | 207 | |
8f7e1f68 | 208 | if (verbose) { |
d7e498ac RL |
209 | BIGNUM *e = NULL; |
210 | ||
211 | /* Every RSA key has an 'e' */ | |
212 | EVP_PKEY_get_bn_param(pkey, "e", &e); | |
213 | if (e == NULL) { | |
8f7e1f68 P |
214 | BIO_printf(bio_err, "Error cannot access RSA e\n"); |
215 | goto end; | |
216 | } | |
217 | hexe = BN_bn2hex(e); | |
218 | dece = BN_bn2dec(e); | |
219 | if (hexe && dece) { | |
220 | BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe); | |
221 | } | |
222 | OPENSSL_free(hexe); | |
223 | OPENSSL_free(dece); | |
d7e498ac | 224 | BN_free(e); |
0f113f3e | 225 | } |
10203a34 KR |
226 | if (traditional) { |
227 | if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, | |
228 | NULL, passout)) | |
229 | goto end; | |
230 | } else { | |
231 | if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) | |
232 | goto end; | |
233 | } | |
d02b48c6 | 234 | |
0f113f3e | 235 | ret = 0; |
7e1b7485 | 236 | end: |
23a1d5e9 RS |
237 | BN_free(bn); |
238 | BN_GENCB_free(cb); | |
8f7e1f68 P |
239 | EVP_PKEY_CTX_free(ctx); |
240 | EVP_PKEY_free(pkey); | |
ca3a82c3 | 241 | BIO_free_all(out); |
dd1abd44 | 242 | release_engine(eng); |
b548a1f1 | 243 | OPENSSL_free(passout); |
0f113f3e MC |
244 | if (ret != 0) |
245 | ERR_print_errors(bio_err); | |
26a7d938 | 246 | return ret; |
0f113f3e | 247 | } |
d02b48c6 | 248 | |
8f7e1f68 | 249 | static int genrsa_cb(EVP_PKEY_CTX *ctx) |
0f113f3e MC |
250 | { |
251 | char c = '*'; | |
8f7e1f68 P |
252 | BIO *b = EVP_PKEY_CTX_get_app_data(ctx); |
253 | int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); | |
d02b48c6 | 254 | |
c43fa566 PP |
255 | if (!verbose) |
256 | return 1; | |
257 | ||
0f113f3e MC |
258 | if (p == 0) |
259 | c = '.'; | |
260 | if (p == 1) | |
261 | c = '+'; | |
262 | if (p == 2) | |
263 | c = '*'; | |
264 | if (p == 3) | |
265 | c = '\n'; | |
8f7e1f68 P |
266 | BIO_write(b, &c, 1); |
267 | (void)BIO_flush(b); | |
0f113f3e MC |
268 | return 1; |
269 | } |