1 /* $OpenBSD: genrsa.c,v 1.19 2022/01/14 09:25:42 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <openssl/opensslconf.h>
60 
61 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
62  * deprecated functions for openssl-internal code */
63 #ifdef OPENSSL_NO_DEPRECATED
64 #undef OPENSSL_NO_DEPRECATED
65 #endif
66 
67 
68 #include <sys/types.h>
69 #include <sys/stat.h>
70 
71 #include <stdio.h>
72 #include <string.h>
73 
74 #include "apps.h"
75 
76 #include <openssl/bio.h>
77 #include <openssl/bn.h>
78 #include <openssl/err.h>
79 #include <openssl/evp.h>
80 #include <openssl/pem.h>
81 #include <openssl/rsa.h>
82 #include <openssl/x509.h>
83 
84 #define DEFBITS	2048
85 
86 static int genrsa_cb(int p, int n, BN_GENCB *cb);
87 
88 static struct {
89 	const EVP_CIPHER *enc;
90 	unsigned long f4;
91 	char *outfile;
92 	char *passargout;
93 } genrsa_config;
94 
95 static int
96 set_public_exponent(int argc, char **argv, int *argsused)
97 {
98 	char *option = argv[0];
99 
100 	if (strcmp(option, "-3") == 0)
101 		genrsa_config.f4 = 3;
102 	else if (strcmp(option, "-f4") == 0 || strcmp(option, "-F4") == 0)
103 		genrsa_config.f4 = RSA_F4;
104 	else
105 		return (1);
106 
107 	*argsused = 1;
108 	return (0);
109 }
110 
111 static const EVP_CIPHER *get_cipher_by_name(char *name)
112 {
113 	if (name == NULL || strcmp(name, "") == 0)
114 		return (NULL);
115 #ifndef OPENSSL_NO_AES
116 	else if (strcmp(name, "aes128") == 0)
117 		return EVP_aes_128_cbc();
118 	else if (strcmp(name, "aes192") == 0)
119 		return EVP_aes_192_cbc();
120 	else if (strcmp(name, "aes256") == 0)
121 		return EVP_aes_256_cbc();
122 #endif
123 #ifndef OPENSSL_NO_CAMELLIA
124 	else if (strcmp(name, "camellia128") == 0)
125 		return EVP_camellia_128_cbc();
126 	else if (strcmp(name, "camellia192") == 0)
127 		return EVP_camellia_192_cbc();
128 	else if (strcmp(name, "camellia256") == 0)
129 		return EVP_camellia_256_cbc();
130 #endif
131 #ifndef OPENSSL_NO_DES
132 	else if (strcmp(name, "des") == 0)
133 		return EVP_des_cbc();
134 	else if (strcmp(name, "des3") == 0)
135 		return EVP_des_ede3_cbc();
136 #endif
137 #ifndef OPENSSL_NO_IDEA
138 	else if (strcmp(name, "idea") == 0)
139 		return EVP_idea_cbc();
140 #endif
141 	else
142 		return (NULL);
143 }
144 
145 static int
146 set_enc(int argc, char **argv, int *argsused)
147 {
148 	char *name = argv[0];
149 
150 	if (*name++ != '-')
151 		return (1);
152 
153 	if ((genrsa_config.enc = get_cipher_by_name(name)) == NULL)
154 		return (1);
155 
156 	*argsused = 1;
157 	return (0);
158 }
159 
160 static const struct option genrsa_options[] = {
161 	{
162 		.name = "3",
163 		.desc = "Use 3 for the E value",
164 		.type = OPTION_ARGV_FUNC,
165 		.opt.argvfunc = set_public_exponent,
166 	},
167 	{
168 		.name = "f4",
169 		.desc = "Use F4 (0x10001) for the E value",
170 		.type = OPTION_ARGV_FUNC,
171 		.opt.argvfunc = set_public_exponent,
172 	},
173 	{
174 		.name = "F4",
175 		.desc = "Use F4 (0x10001) for the E value",
176 		.type = OPTION_ARGV_FUNC,
177 		.opt.argvfunc = set_public_exponent,
178 	},
179 #ifndef OPENSSL_NO_AES
180 	{
181 		.name = "aes128",
182 		.desc = "Encrypt PEM output with CBC AES",
183 		.type = OPTION_ARGV_FUNC,
184 		.opt.argvfunc = set_enc,
185 	},
186 	{
187 		.name = "aes192",
188 		.desc = "Encrypt PEM output with CBC AES",
189 		.type = OPTION_ARGV_FUNC,
190 		.opt.argvfunc = set_enc,
191 	},
192 	{
193 		.name = "aes256",
194 		.desc = "Encrypt PEM output with CBC AES",
195 		.type = OPTION_ARGV_FUNC,
196 		.opt.argvfunc = set_enc,
197 	},
198 #endif
199 #ifndef OPENSSL_NO_CAMELLIA
200 	{
201 		.name = "camellia128",
202 		.desc = "Encrypt PEM output with CBC Camellia",
203 		.type = OPTION_ARGV_FUNC,
204 		.opt.argvfunc = set_enc,
205 	},
206 	{
207 		.name = "camellia192",
208 		.desc = "Encrypt PEM output with CBC Camellia",
209 		.type = OPTION_ARGV_FUNC,
210 		.opt.argvfunc = set_enc,
211 	},
212 	{
213 		.name = "camellia256",
214 		.desc = "Encrypt PEM output with CBC Camellia",
215 		.type = OPTION_ARGV_FUNC,
216 		.opt.argvfunc = set_enc,
217 	},
218 #endif
219 #ifndef OPENSSL_NO_DES
220 	{
221 		.name = "des",
222 		.desc = "Encrypt the generated key with DES in CBC mode",
223 		.type = OPTION_ARGV_FUNC,
224 		.opt.argvfunc = set_enc,
225 	},
226 	{
227 		.name = "des3",
228 		.desc = "Encrypt the generated key with DES in EDE CBC mode (168 bit key)",
229 		.type = OPTION_ARGV_FUNC,
230 		.opt.argvfunc = set_enc,
231 	},
232 #endif
233 #ifndef OPENSSL_NO_IDEA
234 	{
235 		.name = "idea",
236 		.desc = "Encrypt the generated key with IDEA in CBC mode",
237 		.type = OPTION_ARGV_FUNC,
238 		.opt.argvfunc = set_enc,
239 	},
240 #endif
241 	{
242 		.name = "out",
243 		.argname = "file",
244 		.desc = "Output the key to 'file'",
245 		.type = OPTION_ARG,
246 		.opt.arg = &genrsa_config.outfile,
247 	},
248 	{
249 		.name = "passout",
250 		.argname = "arg",
251 		.desc = "Output file passphrase source",
252 		.type = OPTION_ARG,
253 		.opt.arg = &genrsa_config.passargout,
254 	},
255 	{ NULL },
256 };
257 
258 static void
259 genrsa_usage(void)
260 {
261 	fprintf(stderr, "usage: genrsa [-3 | -f4] [-aes128 | -aes192 |");
262 	fprintf(stderr, " -aes256 |\n");
263 	fprintf(stderr, "    -camellia128 | -camellia192 | -camellia256 |");
264 	fprintf(stderr, " -des | -des3 | -idea]\n");
265 	fprintf(stderr, "    [-out file] [-passout arg] [numbits]\n\n");
266 	options_usage(genrsa_options);
267 	fprintf(stderr, "\n");
268 }
269 
270 int
271 genrsa_main(int argc, char **argv)
272 {
273 	BN_GENCB *cb = NULL;
274 	int ret = 1;
275 	int num = DEFBITS;
276 	char *numbits = NULL;
277 	char *passout = NULL;
278 	BIO *out = NULL;
279 	BIGNUM *bn = NULL;
280 	RSA *rsa = NULL;
281 	char *rsa_e_hex = NULL, *rsa_e_dec = NULL;
282 
283 	if (single_execution) {
284 		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
285 			perror("pledge");
286 			exit(1);
287 		}
288 	}
289 
290 	if ((bn = BN_new()) == NULL)
291 		goto err;
292 
293 	if ((cb = BN_GENCB_new()) == NULL) {
294 		BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
295 		goto err;
296 	}
297 
298 	BN_GENCB_set(cb, genrsa_cb, bio_err);
299 
300 	if ((out = BIO_new(BIO_s_file())) == NULL) {
301 		BIO_printf(bio_err, "unable to create BIO for output\n");
302 		goto err;
303 	}
304 
305 	memset(&genrsa_config, 0, sizeof(genrsa_config));
306 	genrsa_config.f4 = RSA_F4;
307 
308 	if (options_parse(argc, argv, genrsa_options, &numbits, NULL) != 0) {
309 		genrsa_usage();
310 		goto err;
311 	}
312 
313 	if ((numbits != NULL) &&
314 	    ((sscanf(numbits, "%d", &num) == 0) || (num < 0))) {
315 		genrsa_usage();
316 		goto err;
317 	}
318 
319 	if (!app_passwd(bio_err, NULL, genrsa_config.passargout, NULL,
320 	    &passout)) {
321 		BIO_printf(bio_err, "Error getting password\n");
322 		goto err;
323 	}
324 
325 	if (genrsa_config.outfile == NULL) {
326 		BIO_set_fp(out, stdout, BIO_NOCLOSE);
327 	} else {
328 		if (BIO_write_filename(out, genrsa_config.outfile) <= 0) {
329 			perror(genrsa_config.outfile);
330 			goto err;
331 		}
332 	}
333 
334 	BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
335 	    num);
336 	rsa = RSA_new();
337 	if (!rsa)
338 		goto err;
339 
340 	if (!BN_set_word(bn, genrsa_config.f4) ||
341 	    !RSA_generate_key_ex(rsa, num, bn, cb))
342 		goto err;
343 
344 	if ((rsa_e_hex = BN_bn2hex(RSA_get0_e(rsa))) == NULL)
345 		goto err;
346 	if ((rsa_e_dec = BN_bn2dec(RSA_get0_e(rsa))) == NULL)
347 		goto err;
348 
349 	BIO_printf(bio_err, "e is %s (0x%s)\n", rsa_e_hex, rsa_e_dec);
350 	{
351 		PW_CB_DATA cb_data;
352 		cb_data.password = passout;
353 		cb_data.prompt_info = genrsa_config.outfile;
354 		if (!PEM_write_bio_RSAPrivateKey(out, rsa, genrsa_config.enc,
355 		    NULL, 0, password_callback, &cb_data))
356 			goto err;
357 	}
358 
359 	ret = 0;
360  err:
361 	BN_free(bn);
362 	BN_GENCB_free(cb);
363 	RSA_free(rsa);
364 	BIO_free_all(out);
365 	free(rsa_e_dec);
366 	free(rsa_e_hex);
367 	free(passout);
368 
369 	if (ret != 0)
370 		ERR_print_errors(bio_err);
371 
372 	return (ret);
373 }
374 
375 static int
376 genrsa_cb(int p, int n, BN_GENCB *cb)
377 {
378 	char c = '*';
379 
380 	if (p == 0)
381 		c = '.';
382 	if (p == 1)
383 		c = '+';
384 	if (p == 2)
385 		c = '*';
386 	if (p == 3)
387 		c = '\n';
388 	BIO_write(BN_GENCB_get_arg(cb), &c, 1);
389 	(void) BIO_flush(BN_GENCB_get_arg(cb));
390 	return 1;
391 }
392