1/* $NetBSD: plainrsa-gen.c,v 1.4 2006/09/09 16:22:10 manu Exp $ */ 2 3/* Id: plainrsa-gen.c,v 1.6 2005/04/21 09:08:40 monas Exp */ 4/* 5 * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. 6 * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34/* This file contains a generator for FreeS/WAN-style ipsec.secrets RSA keys. */ 35 36#include "config.h" 37 38#include <stdio.h> 39#include <string.h> 40#include <errno.h> 41 42#include <sys/types.h> 43#include <sys/stat.h> 44#include <sys/socket.h> 45#include <unistd.h> 46 47#include <openssl/bio.h> 48#include <openssl/bn.h> 49#include <openssl/err.h> 50#include <openssl/objects.h> 51#include <openssl/rsa.h> 52#include <openssl/evp.h> 53#ifdef HAVE_OPENSSL_ENGINE_H 54#include <openssl/engine.h> 55#endif 56 57#include "misc.h" 58#include "vmbuf.h" 59#include "plog.h" 60#include "crypto_openssl.h" 61 62#include "package_version.h" 63 64void 65usage (char *argv0) 66{ 67 fprintf(stderr, "Plain RSA key generator, part of %s\n", TOP_PACKAGE_STRING); 68 fprintf(stderr, "By Michal Ludvig (http://www.logix.cz/michal)\n"); 69 fprintf(stderr, "\n"); 70 fprintf(stderr, "Usage: %s [options]\n", argv0); 71 fprintf(stderr, "\n"); 72 fprintf(stderr, " -b bits Generate <bits> long RSA key (default=1024)\n"); 73 fprintf(stderr, " -e pubexp Public exponent to use (default=0x3)\n"); 74 fprintf(stderr, " -f filename Filename to store the key to (default=stdout)\n"); 75 fprintf(stderr, " -h Help\n"); 76 fprintf(stderr, "\n"); 77 fprintf(stderr, "Report bugs to <ipsec-tools-devel@lists.sourceforge.net>\n"); 78 exit(1); 79} 80 81/* 82 * See RFC 2065, section 3.5 for details about the output format. 83 */ 84vchar_t * 85mix_b64_pubkey(RSA *key) 86{ 87 char *binbuf; 88 long binlen, ret; 89 vchar_t *res; 90 91 binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n); 92 binbuf = malloc(binlen); 93 memset(binbuf, 0, binlen); 94 binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]); 95 ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1])); 96 if (1 + binbuf[0] + ret != binlen) { 97 plog(LLV_ERROR, LOCATION, NULL, 98 "Pubkey generation failed. This is really strange...\n"); 99 return NULL; 100 } 101 102 return base64_encode(binbuf, binlen); 103} 104 105char * 106lowercase(char *input) 107{ 108 char *ptr = input; 109 while (*ptr) { 110 if (*ptr >= 'A' && *ptr <= 'F') 111 *ptr -= 'A' - 'a'; 112 *ptr++; 113 } 114 115 return input; 116} 117 118int 119gen_rsa_key(FILE *fp, size_t bits, unsigned long exp) 120{ 121 RSA *key; 122 vchar_t *pubkey64 = NULL; 123 124 key = RSA_generate_key(bits, exp, NULL, NULL); 125 if (!key) { 126 fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror()); 127 return -1; 128 } 129 130 pubkey64 = mix_b64_pubkey(key); 131 if (!pubkey64) { 132 fprintf(stderr, "mix_b64_pubkey(): %s\n", eay_strerror()); 133 return -1; 134 } 135 136 fprintf(fp, "# : PUB 0s%s\n", pubkey64->v); 137 fprintf(fp, ": RSA\t{\n"); 138 fprintf(fp, "\t# RSA %zu bits\n", bits); 139 fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v); 140 fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n))); 141 fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e))); 142 fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d))); 143 fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p))); 144 fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q))); 145 fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1))); 146 fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1))); 147 fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp))); 148 fprintf(fp, " }\n"); 149 150 vfree(pubkey64); 151 152 return 0; 153} 154 155int 156main (int argc, char *argv[]) 157{ 158 FILE *fp = stdout; 159 size_t bits = 1024; 160 unsigned int pubexp = 0x3; 161 struct stat st; 162 extern char *optarg; 163 extern int optind; 164 int c; 165 char *fname = NULL; 166 167 while ((c = getopt(argc, argv, "e:b:f:h")) != -1) 168 switch (c) { 169 case 'e': 170 if (strncmp(optarg, "0x", 2) == 0) 171 sscanf(optarg, "0x%x", &pubexp); 172 else 173 pubexp = atoi(optarg); 174 break; 175 case 'b': 176 bits = atoi(optarg); 177 break; 178 case 'f': 179 fname = optarg; 180 break; 181 case 'h': 182 default: 183 usage(argv[0]); 184 } 185 186 if (fname) { 187 if (stat(fname, &st) >= 0) { 188 fprintf(stderr, "%s: file exists! Please use a different name.\n", fname); 189 exit(1); 190 } 191 192 umask(0077); 193 fp = fopen(fname, "w"); 194 if (fp == NULL) { 195 fprintf(stderr, "%s: %s\n", fname, strerror(errno)); 196 exit(1); 197 } 198 } 199 200 ploginit(); 201 eay_init(); 202 203 gen_rsa_key(fp, bits, pubexp); 204 205 fclose(fp); 206 207 return 0; 208} 209