1 /* apps/genpkey.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 2006
4  */
5 /* ====================================================================
6  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 #include <stdio.h>
59 #include <string.h>
60 #include "apps.h"
61 #include <openssl/pem.h>
62 #include <openssl/err.h>
63 #include <openssl/evp.h>
64 #ifndef OPENSSL_NO_ENGINE
65 #include <openssl/engine.h>
66 #endif
67 
68 static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
69 				const char *file, ENGINE *e);
70 static int genpkey_cb(EVP_PKEY_CTX *ctx);
71 
72 #define PROG genpkey_main
73 
74 int MAIN(int, char **);
75 
76 int MAIN(int argc, char **argv)
77 	{
78 	ENGINE *e = NULL;
79 	char **args, *outfile = NULL;
80 	char *passarg = NULL;
81 	BIO *in = NULL, *out = NULL;
82 	const EVP_CIPHER *cipher = NULL;
83 	int outformat;
84 	int text = 0;
85 	EVP_PKEY *pkey=NULL;
86 	EVP_PKEY_CTX *ctx = NULL;
87 	char *pass = NULL;
88 	int badarg = 0;
89 	int ret = 1, rv;
90 
91 	int do_param = 0;
92 
93 	if (bio_err == NULL)
94 		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
95 
96 	if (!load_config(bio_err, NULL))
97 		goto end;
98 
99 	outformat=FORMAT_PEM;
100 
101 	ERR_load_crypto_strings();
102 	OpenSSL_add_all_algorithms();
103 	args = argv + 1;
104 	while (!badarg && *args && *args[0] == '-')
105 		{
106 		if (!strcmp(*args,"-outform"))
107 			{
108 			if (args[1])
109 				{
110 				args++;
111 				outformat=str2fmt(*args);
112 				}
113 			else badarg = 1;
114 			}
115 		else if (!strcmp(*args,"-pass"))
116 			{
117 			if (!args[1]) goto bad;
118 			passarg= *(++args);
119 			}
120 #ifndef OPENSSL_NO_ENGINE
121 		else if (strcmp(*args,"-engine") == 0)
122 			{
123 			if (!args[1])
124 				goto bad;
125         		e = setup_engine(bio_err, *(++args), 0);
126 			}
127 #endif
128 		else if (!strcmp (*args, "-paramfile"))
129 			{
130 			if (!args[1])
131 				goto bad;
132 			args++;
133 			if (do_param == 1)
134 				goto bad;
135 			if (!init_keygen_file(bio_err, &ctx, *args, e))
136 				goto end;
137 			}
138 		else if (!strcmp (*args, "-out"))
139 			{
140 			if (args[1])
141 				{
142 				args++;
143 				outfile = *args;
144 				}
145 			else badarg = 1;
146 			}
147 		else if (strcmp(*args,"-algorithm") == 0)
148 			{
149 			if (!args[1])
150 				goto bad;
151 			if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
152 				goto end;
153 			}
154 		else if (strcmp(*args,"-pkeyopt") == 0)
155 			{
156 			if (!args[1])
157 				goto bad;
158 			if (!ctx)
159 				{
160 				BIO_puts(bio_err, "No keytype specified\n");
161 				goto bad;
162 				}
163 			else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
164 				{
165 				BIO_puts(bio_err, "parameter setting error\n");
166 				ERR_print_errors(bio_err);
167 				goto end;
168 				}
169 			}
170 		else if (strcmp(*args,"-genparam") == 0)
171 			{
172 			if (ctx)
173 				goto bad;
174 			do_param = 1;
175 			}
176 		else if (strcmp(*args,"-text") == 0)
177 			text=1;
178 		else
179 			{
180 			cipher = EVP_get_cipherbyname(*args + 1);
181 			if (!cipher)
182 				{
183 				BIO_printf(bio_err, "Unknown cipher %s\n",
184 								*args + 1);
185 				badarg = 1;
186 				}
187 			if (do_param == 1)
188 				badarg = 1;
189 			}
190 		args++;
191 		}
192 
193 	if (!ctx)
194 		badarg = 1;
195 
196 	if (badarg)
197 		{
198 		bad:
199 		BIO_printf(bio_err, "Usage: genpkey [options]\n");
200 		BIO_printf(bio_err, "where options may be\n");
201 		BIO_printf(bio_err, "-out file          output file\n");
202 		BIO_printf(bio_err, "-outform X         output format (DER or PEM)\n");
203 		BIO_printf(bio_err, "-pass arg          output file pass phrase source\n");
204 		BIO_printf(bio_err, "-<cipher>          use cipher <cipher> to encrypt the key\n");
205 #ifndef OPENSSL_NO_ENGINE
206 		BIO_printf(bio_err, "-engine e          use engine e, possibly a hardware device.\n");
207 #endif
208 		BIO_printf(bio_err, "-paramfile file    parameters file\n");
209 		BIO_printf(bio_err, "-algorithm alg     the public key algorithm\n");
210 		BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
211 				            "                   to value <value>\n");
212 		BIO_printf(bio_err, "-genparam          generate parameters, not key\n");
213 		BIO_printf(bio_err, "-text              print the in text\n");
214 		BIO_printf(bio_err, "NB: options order may be important!  See the manual page.\n");
215 		goto end;
216 		}
217 
218 	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
219 		{
220 		BIO_puts(bio_err, "Error getting password\n");
221 		goto end;
222 		}
223 
224 	if (outfile)
225 		{
226 		if (!(out = BIO_new_file (outfile, "wb")))
227 			{
228 			BIO_printf(bio_err,
229 				 "Can't open output file %s\n", outfile);
230 			goto end;
231 			}
232 		}
233 	else
234 		{
235 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
236 #ifdef OPENSSL_SYS_VMS
237 			{
238 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
239 			out = BIO_push(tmpbio, out);
240 			}
241 #endif
242 		}
243 
244 	EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
245 	EVP_PKEY_CTX_set_app_data(ctx, bio_err);
246 
247 	if (do_param)
248 		{
249 		if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
250 			{
251 			BIO_puts(bio_err, "Error generating parameters\n");
252 			ERR_print_errors(bio_err);
253 			goto end;
254 			}
255 		}
256 	else
257 		{
258 		if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
259 			{
260 			BIO_puts(bio_err, "Error generating key\n");
261 			ERR_print_errors(bio_err);
262 			goto end;
263 			}
264 		}
265 
266 	if (do_param)
267 		rv = PEM_write_bio_Parameters(out, pkey);
268 	else if (outformat == FORMAT_PEM)
269 		rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
270 								NULL, pass);
271 	else if (outformat == FORMAT_ASN1)
272 		rv = i2d_PrivateKey_bio(out, pkey);
273 	else
274 		{
275 		BIO_printf(bio_err, "Bad format specified for key\n");
276 		goto end;
277 		}
278 
279 	if (rv <= 0)
280 		{
281 		BIO_puts(bio_err, "Error writing key\n");
282 		ERR_print_errors(bio_err);
283 		}
284 
285 	if (text)
286 		{
287 		if (do_param)
288 			rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
289 		else
290 			rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
291 
292 		if (rv <= 0)
293 			{
294 			BIO_puts(bio_err, "Error printing key\n");
295 			ERR_print_errors(bio_err);
296 			}
297 		}
298 
299 	ret = 0;
300 
301 	end:
302 	if (pkey)
303 		EVP_PKEY_free(pkey);
304 	if (ctx)
305 		EVP_PKEY_CTX_free(ctx);
306 	if (out)
307 		BIO_free_all(out);
308 	BIO_free(in);
309 	if (pass)
310 		OPENSSL_free(pass);
311 
312 	return ret;
313 	}
314 
315 static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
316 				const char *file, ENGINE *e)
317 	{
318 	BIO *pbio;
319 	EVP_PKEY *pkey = NULL;
320 	EVP_PKEY_CTX *ctx = NULL;
321 	if (*pctx)
322 		{
323 		BIO_puts(err, "Parameters already set!\n");
324 		return 0;
325 		}
326 
327 	pbio = BIO_new_file(file, "r");
328 	if (!pbio)
329 		{
330 		BIO_printf(err, "Can't open parameter file %s\n", file);
331 		return 0;
332 		}
333 
334 	pkey = PEM_read_bio_Parameters(pbio, NULL);
335 	BIO_free(pbio);
336 
337 	if (!pkey)
338 		{
339 		BIO_printf(bio_err, "Error reading parameter file %s\n", file);
340 		return 0;
341 		}
342 
343 	ctx = EVP_PKEY_CTX_new(pkey, e);
344 	if (!ctx)
345 		goto err;
346 	if (EVP_PKEY_keygen_init(ctx) <= 0)
347 		goto err;
348 	EVP_PKEY_free(pkey);
349 	*pctx = ctx;
350 	return 1;
351 
352 	err:
353 	BIO_puts(err, "Error initializing context\n");
354 	ERR_print_errors(err);
355 	if (ctx)
356 		EVP_PKEY_CTX_free(ctx);
357 	if (pkey)
358 		EVP_PKEY_free(pkey);
359 	return 0;
360 
361 	}
362 
363 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
364 			const char *algname, ENGINE *e, int do_param)
365 	{
366 	EVP_PKEY_CTX *ctx = NULL;
367 	const EVP_PKEY_ASN1_METHOD *ameth;
368 	ENGINE *tmpeng = NULL;
369 	int pkey_id;
370 
371 	if (*pctx)
372 		{
373 		BIO_puts(err, "Algorithm already set!\n");
374 		return 0;
375 		}
376 
377 	ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
378 
379 #ifndef OPENSSL_NO_ENGINE
380 	if (!ameth && e)
381 		ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
382 #endif
383 
384 	if (!ameth)
385 		{
386 		BIO_printf(bio_err, "Algorithm %s not found\n", algname);
387 		return 0;
388 		}
389 
390 	ERR_clear_error();
391 
392 	EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
393 #ifndef OPENSSL_NO_ENGINE
394 	if (tmpeng)
395 		ENGINE_finish(tmpeng);
396 #endif
397 	ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
398 
399 	if (!ctx)
400 		goto err;
401 	if (do_param)
402 		{
403 		if (EVP_PKEY_paramgen_init(ctx) <= 0)
404 			goto err;
405 		}
406 	else
407 		{
408 		if (EVP_PKEY_keygen_init(ctx) <= 0)
409 			goto err;
410 		}
411 
412 	*pctx = ctx;
413 	return 1;
414 
415 	err:
416 	BIO_printf(err, "Error initializing %s context\n", algname);
417 	ERR_print_errors(err);
418 	if (ctx)
419 		EVP_PKEY_CTX_free(ctx);
420 	return 0;
421 
422 	}
423 
424 static int genpkey_cb(EVP_PKEY_CTX *ctx)
425 	{
426 	char c='*';
427 	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
428 	int p;
429 	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
430 	if (p == 0) c='.';
431 	if (p == 1) c='+';
432 	if (p == 2) c='*';
433 	if (p == 3) c='\n';
434 	BIO_write(b,&c,1);
435 	(void)BIO_flush(b);
436 #ifdef LINT
437 	p=n;
438 #endif
439 	return 1;
440 	}
441