mbedtls/programs/pkey/gen_key.c

420 lines
13 KiB
C
Raw Normal View History

2013-09-23 12:05:44 +02:00
/*
* Key generation application
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
2013-09-23 12:05:44 +02:00
*/
#include "mbedtls/build_info.h"
2013-09-23 12:05:44 +02:00
2015-03-09 18:05:11 +01:00
#include "mbedtls/platform.h"
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
2015-03-09 18:05:11 +01:00
#include "mbedtls/error.h"
#include "mbedtls/pk.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/rsa.h"
#include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
2013-09-23 12:05:44 +02:00
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
2013-09-23 12:05:44 +02:00
#if !defined(_WIN32)
#include <unistd.h>
#define DEV_RANDOM_THRESHOLD 32
int dev_random_entropy_poll(void *data, unsigned char *output,
size_t len, size_t *olen)
{
FILE *file;
size_t ret, left = len;
unsigned char *p = output;
((void) data);
*olen = 0;
file = fopen("/dev/random", "rb");
if (file == NULL) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
while (left > 0) {
/* /dev/random can return much less than requested. If so, try again */
ret = fread(p, 1, left, file);
if (ret == 0 && ferror(file)) {
fclose(file);
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
p += ret;
left -= ret;
sleep(1);
}
fclose(file);
*olen = len;
return 0;
}
#endif /* !_WIN32 */
#endif
#if defined(MBEDTLS_ECP_C)
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
#else
#define DFL_EC_CURVE 0
#endif
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
#define USAGE_DEV_RANDOM \
" use_dev_random=0|1 default: 0\n"
#else
#define USAGE_DEV_RANDOM ""
#endif /* !_WIN32 && MBEDTLS_FS_IO */
#define FORMAT_PEM 0
#define FORMAT_DER 1
#define DFL_TYPE MBEDTLS_PK_RSA
#define DFL_RSA_KEYSIZE 4096
#define DFL_FILENAME "keyfile.key"
#define DFL_FORMAT FORMAT_PEM
#define DFL_USE_DEV_RANDOM 0
#define USAGE \
"\n usage: gen_key param=<>...\n" \
"\n acceptable parameters:\n" \
" type=rsa|ec default: rsa\n" \
" rsa_keysize=%%d default: 4096\n" \
" ec_curve=%%s see below\n" \
" filename=%%s default: keyfile.key\n" \
" format=pem|der default: pem\n" \
USAGE_DEV_RANDOM \
"\n"
#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_PEM_WRITE_C"
"not defined.\n");
mbedtls_exit(0);
}
#else
/*
* global options
*/
struct options {
int type; /* the type of key to generate */
int rsa_keysize; /* length of key in bits */
int ec_curve; /* curve identifier for EC keys */
const char *filename; /* filename of the key file */
int format; /* the output format to use */
int use_dev_random; /* use /dev/random as entropy source */
} opt;
static int write_private_key(mbedtls_pk_context *key, const char *output_file)
2013-09-23 12:05:44 +02:00
{
int ret;
FILE *f;
unsigned char output_buf[16000];
unsigned char *c = output_buf;
size_t len = 0;
memset(output_buf, 0, 16000);
if (opt.format == FORMAT_PEM) {
if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
return ret;
}
2013-09-23 12:05:44 +02:00
len = strlen((char *) output_buf);
} else {
if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
return ret;
}
2013-09-23 12:05:44 +02:00
len = ret;
c = output_buf + sizeof(output_buf) - len;
2013-09-23 12:05:44 +02:00
}
if ((f = fopen(output_file, "wb")) == NULL) {
return -1;
}
2013-09-23 12:05:44 +02:00
if (fwrite(c, 1, len, f) != len) {
fclose(f);
return -1;
}
2013-09-23 12:05:44 +02:00
fclose(f);
2013-09-23 12:05:44 +02:00
return 0;
2013-09-23 12:05:44 +02:00
}
int main(int argc, char *argv[])
2013-09-23 12:05:44 +02:00
{
2018-04-29 20:51:56 +02:00
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context key;
2013-09-23 12:05:44 +02:00
char buf[1024];
int i;
char *p, *q;
#if defined(MBEDTLS_RSA_C)
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
#endif /* MBEDTLS_RSA_C */
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
2013-09-23 12:05:44 +02:00
const char *pers = "gen_key";
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_curve_info *curve_info;
2013-11-30 15:32:47 +01:00
#endif
2013-09-23 12:05:44 +02:00
/*
* Set to sane values
*/
#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
#endif /* MBEDTLS_RSA_C */
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
2013-09-23 12:05:44 +02:00
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
mbedtls_printf(" available ec_curve values:\n");
curve_info = mbedtls_ecp_curve_list();
mbedtls_printf(" %s (default)\n", curve_info->name);
while ((++curve_info)->name != NULL) {
mbedtls_printf(" %s\n", curve_info->name);
}
2018-04-29 20:51:56 +02:00
#endif /* MBEDTLS_ECP_C */
2013-09-23 12:05:44 +02:00
goto exit;
}
opt.type = DFL_TYPE;
opt.rsa_keysize = DFL_RSA_KEYSIZE;
2013-11-30 15:32:47 +01:00
opt.ec_curve = DFL_EC_CURVE;
2013-09-23 12:05:44 +02:00
opt.filename = DFL_FILENAME;
opt.format = DFL_FORMAT;
opt.use_dev_random = DFL_USE_DEV_RANDOM;
2013-09-23 12:05:44 +02:00
for (i = 1; i < argc; i++) {
2013-09-23 12:05:44 +02:00
p = argv[i];
if ((q = strchr(p, '=')) == NULL) {
2013-09-23 12:05:44 +02:00
goto usage;
}
2013-09-23 12:05:44 +02:00
*q++ = '\0';
if (strcmp(p, "type") == 0) {
if (strcmp(q, "rsa") == 0) {
opt.type = MBEDTLS_PK_RSA;
} else if (strcmp(q, "ec") == 0) {
opt.type = MBEDTLS_PK_ECKEY;
} else {
2013-09-23 12:05:44 +02:00
goto usage;
}
} else if (strcmp(p, "format") == 0) {
if (strcmp(q, "pem") == 0) {
2013-09-23 12:05:44 +02:00
opt.format = FORMAT_PEM;
} else if (strcmp(q, "der") == 0) {
2013-09-23 12:05:44 +02:00
opt.format = FORMAT_DER;
} else {
2013-09-23 12:05:44 +02:00
goto usage;
}
} else if (strcmp(p, "rsa_keysize") == 0) {
opt.rsa_keysize = atoi(q);
if (opt.rsa_keysize < 1024 ||
opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
2013-09-23 12:05:44 +02:00
goto usage;
}
2013-09-23 12:05:44 +02:00
}
#if defined(MBEDTLS_ECP_C)
else if (strcmp(p, "ec_curve") == 0) {
if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
2013-11-30 15:32:47 +01:00
goto usage;
}
opt.ec_curve = curve_info->grp_id;
2013-11-30 15:32:47 +01:00
}
#endif
else if (strcmp(p, "filename") == 0) {
2013-09-23 12:05:44 +02:00
opt.filename = q;
} else if (strcmp(p, "use_dev_random") == 0) {
opt.use_dev_random = atoi(q);
if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
goto usage;
}
} else {
2013-09-23 12:05:44 +02:00
goto usage;
}
2013-09-23 12:05:44 +02:00
}
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
2013-09-23 12:05:44 +02:00
mbedtls_entropy_init(&entropy);
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
if (opt.use_dev_random) {
if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
NULL, DEV_RANDOM_THRESHOLD,
MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf("\n Using /dev/random, so can take a long time! ");
fflush(stdout);
}
#endif /* !_WIN32 && MBEDTLS_FS_IO */
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
2013-09-23 12:05:44 +02:00
goto exit;
}
/*
* 1.1. Generate the key
*/
mbedtls_printf("\n . Generating the private key ...");
fflush(stdout);
2013-09-23 12:05:44 +02:00
if ((ret = mbedtls_pk_setup(&key,
mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
2013-11-30 14:36:54 +01:00
goto exit;
}
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if (opt.type == MBEDTLS_PK_RSA) {
ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
opt.rsa_keysize, 65537);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x",
(unsigned int) -ret);
2013-09-23 12:05:44 +02:00
goto exit;
}
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if (opt.type == MBEDTLS_PK_ECKEY) {
ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
mbedtls_pk_ec(key),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
(unsigned int) -ret);
2013-11-30 14:36:54 +01:00
goto exit;
}
} else
#endif /* MBEDTLS_ECP_C */
2013-09-23 12:05:44 +02:00
{
mbedtls_printf(" failed\n ! key type not supported\n");
2013-09-23 12:05:44 +02:00
goto exit;
}
/*
* 1.2 Print the key
*/
mbedtls_printf(" ok\n . Key information:\n");
2013-09-23 12:05:44 +02:00
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
mbedtls_mpi_write_file("P: ", &P, 16, NULL);
mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
} else
2013-09-23 12:05:44 +02:00
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
mbedtls_printf("curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
mbedtls_mpi_write_file("X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
mbedtls_mpi_write_file("Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
mbedtls_mpi_write_file("D: ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL);
} else
2013-09-23 12:05:44 +02:00
#endif
mbedtls_printf(" ! key type not supported\n");
2013-09-23 12:05:44 +02:00
/*
* 1.3 Export key
*/
mbedtls_printf(" . Writing key to file...");
if ((ret = write_private_key(&key, opt.filename)) != 0) {
mbedtls_printf(" failed\n");
goto exit;
}
mbedtls_printf(" ok\n");
2013-09-23 12:05:44 +02:00
2018-04-29 20:51:56 +02:00
exit_code = MBEDTLS_EXIT_SUCCESS;
2013-09-23 12:05:44 +02:00
exit:
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" - %s\n", buf);
2013-09-23 12:05:44 +02:00
#else
mbedtls_printf("\n");
2013-09-23 12:05:44 +02:00
#endif
}
#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
#endif /* MBEDTLS_RSA_C */
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
2013-09-23 12:05:44 +02:00
mbedtls_exit(exit_code);
2013-09-23 12:05:44 +02:00
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */