2
0

genrsa.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196
  1. /*
  2. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/opensslconf.h>
  10. #include <stdio.h>
  11. #include <string.h>
  12. #include <sys/types.h>
  13. #include <sys/stat.h>
  14. #include "apps.h"
  15. #include "progs.h"
  16. #include <openssl/bio.h>
  17. #include <openssl/err.h>
  18. #include <openssl/bn.h>
  19. #include <openssl/rsa.h>
  20. #include <openssl/evp.h>
  21. #include <openssl/x509.h>
  22. #include <openssl/pem.h>
  23. #include <openssl/rand.h>
  24. #define DEFBITS 2048
  25. #define DEFPRIMES 2
  26. static int genrsa_cb(int p, int n, BN_GENCB *cb);
  27. typedef enum OPTION_choice {
  28. OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
  29. OPT_3, OPT_F4, OPT_ENGINE,
  30. OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES,
  31. OPT_R_ENUM
  32. } OPTION_CHOICE;
  33. const OPTIONS genrsa_options[] = {
  34. {"help", OPT_HELP, '-', "Display this summary"},
  35. {"3", OPT_3, '-', "Use 3 for the E value"},
  36. {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
  37. {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
  38. {"out", OPT_OUT, '>', "Output the key to specified file"},
  39. OPT_R_OPTIONS,
  40. {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
  41. {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
  42. #ifndef OPENSSL_NO_ENGINE
  43. {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
  44. #endif
  45. {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
  46. {NULL}
  47. };
  48. int genrsa_main(int argc, char **argv)
  49. {
  50. BN_GENCB *cb = BN_GENCB_new();
  51. PW_CB_DATA cb_data;
  52. ENGINE *eng = NULL;
  53. BIGNUM *bn = BN_new();
  54. BIO *out = NULL;
  55. const BIGNUM *e;
  56. RSA *rsa = NULL;
  57. const EVP_CIPHER *enc = NULL;
  58. int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
  59. unsigned long f4 = RSA_F4;
  60. char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
  61. char *prog, *hexe, *dece;
  62. OPTION_CHOICE o;
  63. if (bn == NULL || cb == NULL)
  64. goto end;
  65. BN_GENCB_set(cb, genrsa_cb, bio_err);
  66. prog = opt_init(argc, argv, genrsa_options);
  67. while ((o = opt_next()) != OPT_EOF) {
  68. switch (o) {
  69. case OPT_EOF:
  70. case OPT_ERR:
  71. opthelp:
  72. BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
  73. goto end;
  74. case OPT_HELP:
  75. ret = 0;
  76. opt_help(genrsa_options);
  77. goto end;
  78. case OPT_3:
  79. f4 = 3;
  80. break;
  81. case OPT_F4:
  82. f4 = RSA_F4;
  83. break;
  84. case OPT_OUT:
  85. outfile = opt_arg();
  86. break;
  87. case OPT_ENGINE:
  88. eng = setup_engine(opt_arg(), 0);
  89. break;
  90. case OPT_R_CASES:
  91. if (!opt_rand(o))
  92. goto end;
  93. break;
  94. case OPT_PASSOUT:
  95. passoutarg = opt_arg();
  96. break;
  97. case OPT_CIPHER:
  98. if (!opt_cipher(opt_unknown(), &enc))
  99. goto end;
  100. break;
  101. case OPT_PRIMES:
  102. if (!opt_int(opt_arg(), &primes))
  103. goto end;
  104. break;
  105. }
  106. }
  107. argc = opt_num_rest();
  108. argv = opt_rest();
  109. if (argc == 1) {
  110. if (!opt_int(argv[0], &num) || num <= 0)
  111. goto end;
  112. if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
  113. BIO_printf(bio_err,
  114. "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
  115. " Your key size is %d! Larger key size may behave not as expected.\n",
  116. OPENSSL_RSA_MAX_MODULUS_BITS, num);
  117. } else if (argc > 0) {
  118. BIO_printf(bio_err, "Extra arguments given.\n");
  119. goto opthelp;
  120. }
  121. private = 1;
  122. if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
  123. BIO_printf(bio_err, "Error getting password\n");
  124. goto end;
  125. }
  126. out = bio_open_owner(outfile, FORMAT_PEM, private);
  127. if (out == NULL)
  128. goto end;
  129. BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
  130. num, primes);
  131. rsa = eng ? RSA_new_method(eng) : RSA_new();
  132. if (rsa == NULL)
  133. goto end;
  134. if (!BN_set_word(bn, f4)
  135. || !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
  136. goto end;
  137. RSA_get0_key(rsa, NULL, &e, NULL);
  138. hexe = BN_bn2hex(e);
  139. dece = BN_bn2dec(e);
  140. if (hexe && dece) {
  141. BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
  142. }
  143. OPENSSL_free(hexe);
  144. OPENSSL_free(dece);
  145. cb_data.password = passout;
  146. cb_data.prompt_info = outfile;
  147. assert(private);
  148. if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
  149. (pem_password_cb *)password_callback,
  150. &cb_data))
  151. goto end;
  152. ret = 0;
  153. end:
  154. BN_free(bn);
  155. BN_GENCB_free(cb);
  156. RSA_free(rsa);
  157. BIO_free_all(out);
  158. release_engine(eng);
  159. OPENSSL_free(passout);
  160. if (ret != 0)
  161. ERR_print_errors(bio_err);
  162. return ret;
  163. }
  164. static int genrsa_cb(int p, int n, BN_GENCB *cb)
  165. {
  166. char c = '*';
  167. if (p == 0)
  168. c = '.';
  169. if (p == 1)
  170. c = '+';
  171. if (p == 2)
  172. c = '*';
  173. if (p == 3)
  174. c = '\n';
  175. BIO_write(BN_GENCB_get_arg(cb), &c, 1);
  176. (void)BIO_flush(BN_GENCB_get_arg(cb));
  177. return 1;
  178. }