1 /* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <openssl/opensslconf.h>
60
61 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
62 * deprecated functions for openssl-internal code */
63 #ifdef OPENSSL_NO_DEPRECATED
64 #undef OPENSSL_NO_DEPRECATED
65 #endif
66
67
68 #include <sys/types.h>
69 #include <sys/stat.h>
70
71 #include <stdio.h>
72 #include <string.h>
73
74 #include "apps.h"
75
76 #include <openssl/bio.h>
77 #include <openssl/bn.h>
78 #include <openssl/err.h>
79 #include <openssl/evp.h>
80 #include <openssl/pem.h>
81 #include <openssl/rsa.h>
82 #include <openssl/x509.h>
83
84 #define DEFBITS 2048
85
86 static int genrsa_cb(int p, int n, BN_GENCB *cb);
87
88 static struct {
89 const EVP_CIPHER *enc;
90 unsigned long f4;
91 char *outfile;
92 char *passargout;
93 } cfg;
94
95 static int
set_public_exponent(int argc,char ** argv,int * argsused)96 set_public_exponent(int argc, char **argv, int *argsused)
97 {
98 char *option = argv[0];
99
100 if (strcmp(option, "-3") == 0)
101 cfg.f4 = 3;
102 else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0)
103 cfg.f4 = RSA_F4;
104 else
105 return (1);
106
107 *argsused = 1;
108 return (0);
109 }
110
get_cipher_by_name(char * name)111 static const EVP_CIPHER *get_cipher_by_name(char *name)
112 {
113 if (name == NULL || strcmp(name, "") == 0)
114 return (NULL);
115 #ifndef OPENSSL_NO_AES
116 else if (strcmp(name, "aes128") == 0)
117 return EVP_aes_128_cbc();
118 else if (strcmp(name, "aes192") == 0)
119 return EVP_aes_192_cbc();
120 else if (strcmp(name, "aes256") == 0)
121 return EVP_aes_256_cbc();
122 #endif
123 #ifndef OPENSSL_NO_CAMELLIA
124 else if (strcmp(name, "camellia128") == 0)
125 return EVP_camellia_128_cbc();
126 else if (strcmp(name, "camellia192") == 0)
127 return EVP_camellia_192_cbc();
128 else if (strcmp(name, "camellia256") == 0)
129 return EVP_camellia_256_cbc();
130 #endif
131 #ifndef OPENSSL_NO_DES
132 else if (strcmp(name, "des") == 0)
133 return EVP_des_cbc();
134 else if (strcmp(name, "des3") == 0)
135 return EVP_des_ede3_cbc();
136 #endif
137 #ifndef OPENSSL_NO_IDEA
138 else if (strcmp(name, "idea") == 0)
139 return EVP_idea_cbc();
140 #endif
141 else
142 return (NULL);
143 }
144
145 static int
set_enc(int argc,char ** argv,int * argsused)146 set_enc(int argc, char **argv, int *argsused)
147 {
148 char *name = argv[0];
149
150 if (*name++ != '-')
151 return (1);
152
153 if ((cfg.enc = get_cipher_by_name(name)) == NULL)
154 return (1);
155
156 *argsused = 1;
157 return (0);
158 }
159
160 static const struct option genrsa_options[] = {
161 {
162 .name = "3",
163 .desc = "Use 3 for the E value",
164 .type = OPTION_ARGV_FUNC,
165 .opt.argvfunc = set_public_exponent,
166 },
167 {
168 .name = "f4",
169 .desc = "Use F4 (0x10001) for the E value",
170 .type = OPTION_ARGV_FUNC,
171 .opt.argvfunc = set_public_exponent,
172 },
173 {
174 .name = "F4",
175 .desc = "Use F4 (0x10001) for the E value",
176 .type = OPTION_ARGV_FUNC,
177 .opt.argvfunc = set_public_exponent,
178 },
179 #ifndef OPENSSL_NO_AES
180 {
181 .name = "aes128",
182 .desc = "Encrypt PEM output with CBC AES",
183 .type = OPTION_ARGV_FUNC,
184 .opt.argvfunc = set_enc,
185 },
186 {
187 .name = "aes192",
188 .desc = "Encrypt PEM output with CBC AES",
189 .type = OPTION_ARGV_FUNC,
190 .opt.argvfunc = set_enc,
191 },
192 {
193 .name = "aes256",
194 .desc = "Encrypt PEM output with CBC AES",
195 .type = OPTION_ARGV_FUNC,
196 .opt.argvfunc = set_enc,
197 },
198 #endif
199 #ifndef OPENSSL_NO_CAMELLIA
200 {
201 .name = "camellia128",
202 .desc = "Encrypt PEM output with CBC Camellia",
203 .type = OPTION_ARGV_FUNC,
204 .opt.argvfunc = set_enc,
205 },
206 {
207 .name = "camellia192",
208 .desc = "Encrypt PEM output with CBC Camellia",
209 .type = OPTION_ARGV_FUNC,
210 .opt.argvfunc = set_enc,
211 },
212 {
213 .name = "camellia256",
214 .desc = "Encrypt PEM output with CBC Camellia",
215 .type = OPTION_ARGV_FUNC,
216 .opt.argvfunc = set_enc,
217 },
218 #endif
219 #ifndef OPENSSL_NO_DES
220 {
221 .name = "des",
222 .desc = "Encrypt the generated key with DES in CBC mode",
223 .type = OPTION_ARGV_FUNC,
224 .opt.argvfunc = set_enc,
225 },
226 {
227 .name = "des3",
228 .desc = "Encrypt the generated key with DES in EDE CBC mode (168 bit key)",
229 .type = OPTION_ARGV_FUNC,
230 .opt.argvfunc = set_enc,
231 },
232 #endif
233 #ifndef OPENSSL_NO_IDEA
234 {
235 .name = "idea",
236 .desc = "Encrypt the generated key with IDEA in CBC mode",
237 .type = OPTION_ARGV_FUNC,
238 .opt.argvfunc = set_enc,
239 },
240 #endif
241 {
242 .name = "out",
243 .argname = "file",
244 .desc = "Output the key to 'file'",
245 .type = OPTION_ARG,
246 .opt.arg = &cfg.outfile,
247 },
248 {
249 .name = "passout",
250 .argname = "arg",
251 .desc = "Output file passphrase source",
252 .type = OPTION_ARG,
253 .opt.arg = &cfg.passargout,
254 },
255 { NULL },
256 };
257
258 static void
genrsa_usage(void)259 genrsa_usage(void)
260 {
261 fprintf(stderr, "usage: genrsa [-3 | -f4] [-aes128 | -aes192 |");
262 fprintf(stderr, " -aes256 |\n");
263 fprintf(stderr, " -camellia128 | -camellia192 | -camellia256 |");
264 fprintf(stderr, " -des | -des3 | -idea]\n");
265 fprintf(stderr, " [-out file] [-passout arg] [numbits]\n\n");
266 options_usage(genrsa_options);
267 fprintf(stderr, "\n");
268 }
269
270 int
genrsa_main(int argc,char ** argv)271 genrsa_main(int argc, char **argv)
272 {
273 BN_GENCB *cb = NULL;
274 int ret = 1;
275 int num = DEFBITS;
276 char *numbits = NULL;
277 char *passout = NULL;
278 BIO *out = NULL;
279 BIGNUM *bn = NULL;
280 RSA *rsa = NULL;
281 char *rsa_e_hex = NULL, *rsa_e_dec = NULL;
282
283 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
284 perror("pledge");
285 exit(1);
286 }
287
288 if ((bn = BN_new()) == NULL)
289 goto err;
290
291 if ((cb = BN_GENCB_new()) == NULL) {
292 BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
293 goto err;
294 }
295
296 BN_GENCB_set(cb, genrsa_cb, bio_err);
297
298 if ((out = BIO_new(BIO_s_file())) == NULL) {
299 BIO_printf(bio_err, "unable to create BIO for output\n");
300 goto err;
301 }
302
303 memset(&cfg, 0, sizeof(cfg));
304 cfg.f4 = RSA_F4;
305
306 if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) {
307 genrsa_usage();
308 goto err;
309 }
310
311 if ((numbits != NULL) &&
312 ((sscanf(numbits, "%d", &num) == 0) || (num < 0))) {
313 genrsa_usage();
314 goto err;
315 }
316
317 if (!app_passwd(bio_err, NULL, cfg.passargout, NULL,
318 &passout)) {
319 BIO_printf(bio_err, "Error getting password\n");
320 goto err;
321 }
322
323 if (cfg.outfile == NULL) {
324 BIO_set_fp(out, stdout, BIO_NOCLOSE);
325 } else {
326 if (BIO_write_filename(out, cfg.outfile) <= 0) {
327 perror(cfg.outfile);
328 goto err;
329 }
330 }
331
332 BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
333 num);
334 rsa = RSA_new();
335 if (!rsa)
336 goto err;
337
338 if (!BN_set_word(bn, cfg.f4) ||
339 !RSA_generate_key_ex(rsa, num, bn, cb))
340 goto err;
341
342 if ((rsa_e_hex = BN_bn2hex(RSA_get0_e(rsa))) == NULL)
343 goto err;
344 if ((rsa_e_dec = BN_bn2dec(RSA_get0_e(rsa))) == NULL)
345 goto err;
346
347 BIO_printf(bio_err, "e is %s (0x%s)\n", rsa_e_dec, rsa_e_hex);
348 {
349 PW_CB_DATA cb_data;
350 cb_data.password = passout;
351 cb_data.prompt_info = cfg.outfile;
352 if (!PEM_write_bio_RSAPrivateKey(out, rsa, cfg.enc,
353 NULL, 0, password_callback, &cb_data))
354 goto err;
355 }
356
357 ret = 0;
358 err:
359 BN_free(bn);
360 BN_GENCB_free(cb);
361 RSA_free(rsa);
362 BIO_free_all(out);
363 free(rsa_e_dec);
364 free(rsa_e_hex);
365 free(passout);
366
367 if (ret != 0)
368 ERR_print_errors(bio_err);
369
370 return (ret);
371 }
372
373 static int
genrsa_cb(int p,int n,BN_GENCB * cb)374 genrsa_cb(int p, int n, BN_GENCB *cb)
375 {
376 char c = '*';
377
378 if (p == 0)
379 c = '.';
380 if (p == 1)
381 c = '+';
382 if (p == 2)
383 c = '*';
384 if (p == 3)
385 c = '\n';
386 BIO_write(BN_GENCB_get_arg(cb), &c, 1);
387 (void) BIO_flush(BN_GENCB_get_arg(cb));
388 return 1;
389 }
390