]>
git.ipfire.org Git - thirdparty/openssl.git/blob - apps/genpkey.c
2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
14 #include <openssl/pem.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
20 static int init_keygen_file(EVP_PKEY_CTX
**pctx
, const char *file
, ENGINE
*e
,
21 OSSL_LIB_CTX
*libctx
, const char *propq
);
22 static int genpkey_cb(EVP_PKEY_CTX
*ctx
);
24 typedef enum OPTION_choice
{
26 OPT_ENGINE
, OPT_OUTFORM
, OPT_OUT
, OPT_PASS
, OPT_PARAMFILE
,
27 OPT_ALGORITHM
, OPT_PKEYOPT
, OPT_GENPARAM
, OPT_TEXT
, OPT_CIPHER
,
28 OPT_QUIET
, OPT_CONFIG
,
32 const OPTIONS genpkey_options
[] = {
33 OPT_SECTION("General"),
34 {"help", OPT_HELP
, '-', "Display this summary"},
35 #ifndef OPENSSL_NO_ENGINE
36 {"engine", OPT_ENGINE
, 's', "Use engine, possibly a hardware device"},
38 {"paramfile", OPT_PARAMFILE
, '<', "Parameters file"},
39 {"algorithm", OPT_ALGORITHM
, 's', "The public key algorithm"},
40 {"quiet", OPT_QUIET
, '-', "Do not output status while generating keys"},
41 {"pkeyopt", OPT_PKEYOPT
, 's',
42 "Set the public key algorithm option as opt:value"},
45 OPT_SECTION("Output"),
46 {"out", OPT_OUT
, '>', "Output file"},
47 {"outform", OPT_OUTFORM
, 'F', "output format (DER or PEM)"},
48 {"pass", OPT_PASS
, 's', "Output file pass phrase source"},
49 {"genparam", OPT_GENPARAM
, '-', "Generate parameters, not key"},
50 {"text", OPT_TEXT
, '-', "Print the in text"},
51 {"", OPT_CIPHER
, '-', "Cipher to use to encrypt the key"},
55 /* This is deliberately last. */
57 "Order of options may be important! See the documentation.\n"},
61 int genpkey_main(int argc
, char **argv
)
64 BIO
*in
= NULL
, *out
= NULL
;
66 EVP_PKEY
*pkey
= NULL
;
67 EVP_PKEY_CTX
*ctx
= NULL
;
68 char *outfile
= NULL
, *passarg
= NULL
, *pass
= NULL
, *prog
, *p
;
69 const char *ciphername
= NULL
, *paramfile
= NULL
, *algname
= NULL
;
70 EVP_CIPHER
*cipher
= NULL
;
72 int outformat
= FORMAT_PEM
, text
= 0, ret
= 1, rv
, do_param
= 0;
74 OSSL_LIB_CTX
*libctx
= app_get0_libctx();
75 STACK_OF(OPENSSL_STRING
) *keyopt
= NULL
;
77 prog
= opt_init(argc
, argv
, genpkey_options
);
78 keyopt
= sk_OPENSSL_STRING_new_null();
81 while ((o
= opt_next()) != OPT_EOF
) {
86 BIO_printf(bio_err
, "%s: Use -help for summary.\n", prog
);
90 opt_help(genpkey_options
);
93 if (!opt_format(opt_arg(), OPT_FMT_PEMDER
, &outformat
))
103 e
= setup_engine(opt_arg(), 0);
108 paramfile
= opt_arg();
114 if (!sk_OPENSSL_STRING_push(keyopt
, opt_arg()))
127 ciphername
= opt_unknown();
130 conf
= app_load_config_modules(opt_arg());
135 if (!opt_provider(o
))
141 /* No extra arguments. */
142 if (!opt_check_rest_arg(NULL
))
145 /* Fetch cipher, etc. */
146 if (paramfile
!= NULL
) {
147 if (!init_keygen_file(&ctx
, paramfile
, e
, libctx
, app_get0_propq()))
150 if (algname
!= NULL
) {
151 if (!init_gen_str(&ctx
, algname
, e
, do_param
, libctx
, app_get0_propq()))
157 for (i
= 0; i
< sk_OPENSSL_STRING_num(keyopt
); i
++) {
158 p
= sk_OPENSSL_STRING_value(keyopt
, i
);
159 if (pkey_ctrl_string(ctx
, p
) <= 0) {
160 BIO_printf(bio_err
, "%s: Error setting %s parameter:\n", prog
, p
);
161 ERR_print_errors(bio_err
);
165 if (!opt_cipher(ciphername
, &cipher
))
167 if (ciphername
!= NULL
&& do_param
== 1) {
168 BIO_printf(bio_err
, "Cannot use cipher with -genparam option\n");
172 private = do_param
? 0 : 1;
174 if (!app_passwd(passarg
, NULL
, &pass
, NULL
)) {
175 BIO_puts(bio_err
, "Error getting password\n");
179 out
= bio_open_owner(outfile
, outformat
, private);
183 EVP_PKEY_CTX_set_cb(ctx
, genpkey_cb
);
184 EVP_PKEY_CTX_set_app_data(ctx
, bio_err
);
186 pkey
= do_param
? app_paramgen(ctx
, algname
)
187 : app_keygen(ctx
, algname
, 0, 0 /* not verbose */);
190 rv
= PEM_write_bio_Parameters(out
, pkey
);
191 } else if (outformat
== FORMAT_PEM
) {
193 rv
= PEM_write_bio_PrivateKey(out
, pkey
, cipher
, NULL
, 0, NULL
, pass
);
194 } else if (outformat
== FORMAT_ASN1
) {
196 rv
= i2d_PrivateKey_bio(out
, pkey
);
198 BIO_printf(bio_err
, "Bad format specified for key\n");
205 BIO_puts(bio_err
, "Error writing key\n");
211 rv
= EVP_PKEY_print_params(out
, pkey
, 0, NULL
);
213 rv
= EVP_PKEY_print_private(out
, pkey
, 0, NULL
);
216 BIO_puts(bio_err
, "Error printing key\n");
222 sk_OPENSSL_STRING_free(keyopt
);
224 ERR_print_errors(bio_err
);
226 EVP_PKEY_CTX_free(ctx
);
227 EVP_CIPHER_free(cipher
);
236 static int init_keygen_file(EVP_PKEY_CTX
**pctx
, const char *file
, ENGINE
*e
,
237 OSSL_LIB_CTX
*libctx
, const char *propq
)
240 EVP_PKEY
*pkey
= NULL
;
241 EVP_PKEY_CTX
*ctx
= NULL
;
243 BIO_puts(bio_err
, "Parameters already set!\n");
247 pbio
= BIO_new_file(file
, "r");
249 BIO_printf(bio_err
, "Can't open parameter file %s\n", file
);
253 pkey
= PEM_read_bio_Parameters_ex(pbio
, NULL
, libctx
, propq
);
257 BIO_printf(bio_err
, "Error reading parameter file %s\n", file
);
262 ctx
= EVP_PKEY_CTX_new(pkey
, e
);
264 ctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, propq
);
267 if (EVP_PKEY_keygen_init(ctx
) <= 0)
274 BIO_puts(bio_err
, "Error initializing context\n");
275 ERR_print_errors(bio_err
);
276 EVP_PKEY_CTX_free(ctx
);
282 int init_gen_str(EVP_PKEY_CTX
**pctx
,
283 const char *algname
, ENGINE
*e
, int do_param
,
284 OSSL_LIB_CTX
*libctx
, const char *propq
)
286 EVP_PKEY_CTX
*ctx
= NULL
;
290 BIO_puts(bio_err
, "Algorithm already set!\n");
294 pkey_id
= get_legacy_pkey_id(libctx
, algname
, e
);
295 if (pkey_id
!= NID_undef
)
296 ctx
= EVP_PKEY_CTX_new_id(pkey_id
, e
);
298 ctx
= EVP_PKEY_CTX_new_from_name(libctx
, algname
, propq
);
303 if (EVP_PKEY_paramgen_init(ctx
) <= 0)
306 if (EVP_PKEY_keygen_init(ctx
) <= 0)
314 BIO_printf(bio_err
, "Error initializing %s context\n", algname
);
315 ERR_print_errors(bio_err
);
316 EVP_PKEY_CTX_free(ctx
);
321 static int genpkey_cb(EVP_PKEY_CTX
*ctx
)
324 BIO
*b
= EVP_PKEY_CTX_get_app_data(ctx
);
329 switch (EVP_PKEY_CTX_get_keygen_info(ctx
, 0)) {