int keygen_init(void) { m_bignumber = BN_new(); if(!m_bignumber) { fprintf(stderr, "Failed to init bignumber\n"); return -1; } m_rsa=RSA_new(); if(!m_rsa) { fprintf(stderr, "Failed to create RSA context\n"); return -1; } if(!BN_set_word(m_bignumber, RSA_F4) || !RSA_generate_key_ex(m_rsa,RSA_KEY_BITS,m_bignumber,NULL)) { fprintf(stderr, "Failed to generate RSA key\n"); return -1; } m_evpkey=EVP_PKEY_new(); if(!EVP_PKEY_set1_RSA(m_evpkey, m_rsa)) { fprintf(stderr, "Unable to convert RSA key to EVP key\n"); return -1; } m_p8info=EVP_PKEY2PKCS8(m_evpkey); if(!m_p8info) { fprintf(stderr, "Failed to convert EVP to PKCS8\n"); return -1; } return 0; }
static RSA *gen_rsa(void) { if (!RAND_status()) seed_rng(); int ret = 0; _Thread_local static int e_init = 0; _Thread_local static BIGNUM e; RSA *r = NULL; if (!e_init) { BN_init(&e); if (!BN_set_word(&e, 65537)) { warnx("BN_set_word"); goto fail; } e_init = 1; } r = RSA_new(); if (!r) { warnx("RSA_new"); goto fail; } ret = RSA_generate_key_ex(r, 1024, &e, NULL); if (!ret) { warnx("RSA_generate_key"); goto fail; } return r; fail: if (r) { RSA_free(r); r = NULL; } return NULL; }
int genRsaKey(const int bits, char * privkey) { BIO * out = BIO_new(BIO_s_mem()); RSA * rsa = 0; BIGNUM * bn = 0; int err = 0; if (!(rsa = RSA_new())) return -1; if (!(bn = BN_new())) return -2; if (!(err = BN_set_word(bn,RSA_F4))) { BN_free(bn); return err; } if (!(err = RSA_generate_key_ex(rsa,bits,bn,NULL))) { BN_free(bn); RSA_free(rsa); return err; } if (!(err = PEM_write_bio_RSAPrivateKey(out, rsa, NULL, NULL, 0, NULL, NULL))) { BIO_free_all(out); BN_free(bn); RSA_free(rsa); return err; } if (!(err = BIO_read(out,privkey,bits) <= 0)) { BIO_free_all(out); BN_free(bn); RSA_free(rsa); return err; } return 0; }
/* Zeroize */ static int Zeroize() { RSA *key; BIGNUM *bn; unsigned char userkey[16] = { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 }; int i, n; key = FIPS_rsa_new(); bn = BN_new(); if (!key || !bn) return 0; BN_set_word(bn, 65537); if (!RSA_generate_key_ex(key, 1024,bn,NULL)) return 0; BN_free(bn); n = BN_num_bytes(key->d); printf(" Generated %d byte RSA private key\n", n); printf("\tBN key before overwriting:\n"); do_bn_print(stdout, key->d); BN_rand(key->d,n*8,-1,0); printf("\tBN key after overwriting:\n"); do_bn_print(stdout, key->d); printf("\tchar buffer key before overwriting: \n\t\t"); for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); printf("\n"); RAND_bytes(userkey, sizeof userkey); printf("\tchar buffer key after overwriting: \n\t\t"); for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]); printf("\n"); return 1; }
// Generate a key pair. Caller is responsible for freeing the returned object. static EVP_PKEY* MakeKey() { LOG(LS_INFO) << "Making key pair"; EVP_PKEY* pkey = EVP_PKEY_new(); #if OPENSSL_VERSION_NUMBER < 0x00908000l // Only RSA_generate_key is available. Use that. RSA* rsa = RSA_generate_key(KEY_LENGTH, 0x10001, NULL, NULL); if (!EVP_PKEY_assign_RSA(pkey, rsa)) { EVP_PKEY_free(pkey); RSA_free(rsa); return NULL; } #else // RSA_generate_key is deprecated. Use _ex version. BIGNUM* exponent = BN_new(); RSA* rsa = RSA_new(); if (!pkey || !exponent || !rsa || !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) || !EVP_PKEY_assign_RSA(pkey, rsa)) { EVP_PKEY_free(pkey); BN_free(exponent); RSA_free(rsa); return NULL; } // ownership of rsa struct was assigned, don't free it. BN_free(exponent); #endif LOG(LS_INFO) << "Returning key pair"; return pkey; }
RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): _pRSA(0) { #if OPENSSL_VERSION_NUMBER >= 0x00908000L _pRSA = RSA_new(); int ret = 0; BIGNUM* bn = 0; try { bn = BN_new(); BN_set_word(bn, exponent); ret = RSA_generate_key_ex(_pRSA, keyLength, bn, 0); BN_free(bn); } catch (...) { BN_free(bn); throw; } if (!ret) throw Poco::InvalidArgumentException("Failed to create RSA context"); #else _pRSA = RSA_generate_key(keyLength, exponent, 0, 0); if (!_pRSA) throw Poco::InvalidArgumentException("Failed to create RSA context"); #endif }
int main(void) { BIO* bio_out; RSA* key_pair = NULL; BIGNUM* public_key_exponent = NULL; unsigned char seed_data[ENTROPY_SIZE]; /* Setup the output */ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); /* Before generating the keys, the pseudo-random number generator must be seeded */ obtain_seed_data(seed_data, ENTROPY_SIZE); RAND_seed(seed_data, ENTROPY_SIZE); BIO_printf(bio_out, "\nGenereating key pair:\n"); /* Generate a 2048-bit key pair with a public exponent of 65537 (RSA_F4) */ public_key_exponent = BN_new(); key_pair = RSA_new(); BN_set_word(public_key_exponent, RSA_F4); RSA_generate_key_ex(key_pair, 2048, public_key_exponent, NULL); BIO_printf(bio_out, "-----------------------\n\n"); BIO_printf(bio_out, "Value for the modulus \"n\":\n"); BN_print(bio_out, key_pair -> n); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for the distinct prime, \"p\":\n"); BN_print(bio_out, key_pair -> p); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for the distinct prime, \"q\":\n"); BN_print(bio_out, key_pair -> q); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for \"dP\":\n"); BN_print(bio_out, key_pair -> dmp1); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for \"dQ\":\n"); BN_print(bio_out, key_pair -> dmq1); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for \"qInv\":\n"); BN_print(bio_out, key_pair -> iqmp); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for the public key exponent \"e\":\n"); BN_print(bio_out, key_pair -> e); BIO_printf(bio_out, "\n\n"); BIO_printf(bio_out, "Value for the private key exponent \"d\":\n"); BN_print(bio_out, key_pair -> d); BIO_printf(bio_out, "\n\n"); return 0; }
bool GenerateRSAKeyPair(int numBits, std::string& privKey, std::string& pubKey) { // TODO: add some error checking RSA* rsa = RSA_new(); BIGNUM* bn = BN_new(); BN_GENCB cb; BIO* bio_err = NULL; BN_GENCB_set(&cb, genrsa_cb, bio_err); BN_set_word(bn, RSA_F4); RSA_generate_key_ex(rsa, numBits, bn, &cb); BIO* privKeyBuff = BIO_new(BIO_s_mem()); BIO* pubKeyBuff = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPrivateKey(privKeyBuff, rsa, 0, 0, 0, 0, 0); PEM_write_bio_RSA_PUBKEY(pubKeyBuff, rsa); // RSA_PUBKEY includes some data that RSAPublicKey doesn't have char* privKeyData; char* pubKeyData; auto privKeySize = BIO_get_mem_data(privKeyBuff, &privKeyData); auto pubKeySize = BIO_get_mem_data(pubKeyBuff, &pubKeyData); privKey = std::string(privKeyData, privKeySize); pubKey = std::string(pubKeyData, pubKeySize); BIO_free_all(privKeyBuff); BIO_free_all(pubKeyBuff); BN_free(bn); RSA_free(rsa); return true; }
static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length ) { RSA *tmp_rsa; /* FIXME: Pregenerate the key on startup */ /* FIXME: Who frees the key? */ #if OPENSSL_VERSION_NUMBER >= 0x00908000 BIGNUM *bn = BN_new(); tmp_rsa = NULL; if ( bn ) { if ( BN_set_word( bn, RSA_F4 )) { tmp_rsa = RSA_new(); if ( tmp_rsa && !RSA_generate_key_ex( tmp_rsa, key_length, bn, NULL )) { RSA_free( tmp_rsa ); tmp_rsa = NULL; } } BN_free( bn ); } #else tmp_rsa = RSA_generate_key( key_length, RSA_F4, NULL, NULL ); #endif if ( !tmp_rsa ) { Debug( LDAP_DEBUG_ANY, "TLS: Failed to generate temporary %d-bit %s RSA key\n", key_length, is_export ? "export" : "domestic", 0 ); } return tmp_rsa; }
static RSA* rsa_genkey(u32 size) { zassert(size >= DNSSEC_MINIMUM_KEY_SIZE && size <= DNSSEC_MAXIMUM_KEY_SIZE); BN_CTX *ctx; BIGNUM *e; RSA* rsa; ctx = BN_CTX_new(); zassert(ctx != NULL); e = BN_new(); BN_set_word(e, 0x10001); zassert(e != NULL); rsa = RSA_new(); zassert(rsa != NULL); int err = RSA_generate_key_ex(rsa, size, e, NULL); /* no callback */ if(err == 0) { RSA_free(rsa); rsa = NULL; } BN_free(e); BN_CTX_free(ctx); return rsa; }
RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback) (int, int, void *), void *cb_arg) { int i; BN_GENCB *cb = BN_GENCB_new(); RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); if (cb == NULL || rsa == NULL || e == NULL) goto err; /* * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long * can be larger */ for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) { if (e_value & (1UL << i)) if (BN_set_bit(e, i) == 0) goto err; } BN_GENCB_set_old(cb, callback, cb_arg); if (RSA_generate_key_ex(rsa, bits, e, cb)) { BN_free(e); BN_GENCB_free(cb); return rsa; } err: BN_free(e); RSA_free(rsa); BN_GENCB_free(cb); return 0; }
static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) { Unique_BIGNUM bn(BN_new()); if (bn.get() == NULL) { logOpenSSLError("generate_rsa_keypair"); return -1; } if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) { logOpenSSLError("generate_rsa_keypair"); return -1; } /* initialize RSA */ Unique_RSA rsa(RSA_new()); if (rsa.get() == NULL) { logOpenSSLError("generate_rsa_keypair"); return -1; } if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) || RSA_check_key(rsa.get()) < 0) { logOpenSSLError("generate_rsa_keypair"); return -1; } if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) { logOpenSSLError("generate_rsa_keypair"); return -1; } release_because_ownership_transferred(rsa); return 0; }
std::unique_ptr<RSA_PrivateKey> make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits) { if (rsa_bits > INT_MAX) throw Internal_Error("rsa_bits overflow"); secure_vector<uint8_t> seed(BOTAN_SYSTEM_RNG_POLL_REQUEST); rng.randomize(seed.data(), seed.size()); RAND_seed(seed.data(), seed.size()); std::unique_ptr<BIGNUM, std::function<void (BIGNUM*)>> bn(BN_new(), BN_free); if(!bn) throw OpenSSL_Error("BN_new"); if(!BN_set_word(bn.get(), RSA_F4)) throw OpenSSL_Error("BN_set_word"); std::unique_ptr<RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free); if(!rsa) throw OpenSSL_Error("RSA_new"); if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), nullptr)) throw OpenSSL_Error("RSA_generate_key_ex"); uint8_t* der = nullptr; int bytes = i2d_RSAPrivateKey(rsa.get(), &der); if(bytes < 0) throw OpenSSL_Error("i2d_RSAPrivateKey"); const secure_vector<uint8_t> keydata(der, der + bytes); memset(der, 0, bytes); free(der); return std::unique_ptr<Botan::RSA_PrivateKey> (new RSA_PrivateKey(AlgorithmIdentifier(), keydata)); }
static EVP_PKEY * generate_private_key (void) { RSA *rsa = RSA_new(); BIGNUM *bn = BN_new(); EVP_PKEY *pkey; /* * create an RSA keypair and assign them to a PKEY and return it. */ BN_set_word(bn, 0x10001); RSA_generate_key_ex(rsa, 1024, bn, NULL); pkey = EVP_PKEY_new(); if (pkey==NULL) { printf("\nError allocating PKEY structure for new key pair\n"); return NULL; } if (!EVP_PKEY_set1_RSA(pkey, rsa)) { printf("\nError assigning RSA key pair to PKEY structure\n"); return NULL; } RSA_free(rsa); BN_free(bn); return (pkey); }
unsigned char* CreatePrivateKey(size_t* len, size_t* pubLen) { //MOD, PUB_EXP, PRIV_EXP RSA* msa = RSA_new(); BIGNUM* e = BN_new(); BN_set_word(e, 65537); RSA_generate_key_ex(msa, 4096, e, 0); BN_free(e); size_t pubSize = 4+BN_num_bytes(msa->n)+4+BN_num_bytes(msa->e); size_t privSize = 4+BN_num_bytes(msa->d); unsigned char* retval = (unsigned char*)malloc(pubSize+privSize); unsigned char* izard = retval; uint32_t count = BN_num_bytes(msa->n); memcpy(izard, &count, 4); izard+=4; BN_bn2bin(msa->n, izard); izard+=count; count = BN_num_bytes(msa->e); memcpy(izard, &count, 4); izard+=4; BN_bn2bin(msa->e, izard); izard+=count; count = BN_num_bytes(msa->d); memcpy(izard, &count, 4); izard+=4; BN_bn2bin(msa->d, izard); *len = pubSize+privSize; *pubLen = pubSize; RSA_free(msa); return retval; }
RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) { BN_GENCB cb; int i; RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); if(!rsa || !e) goto err; /* The problem is when building with 8, 16, or 32 BN_ULONG, * unsigned long can be larger */ for (i=0; i<(int)sizeof(unsigned long)*8; i++) { if (e_value & (1UL<<i)) BN_set_bit(e,i); } BN_GENCB_set_old(&cb, callback, cb_arg); if(RSA_generate_key_ex(rsa, bits, e, &cb)) { BN_free(e); return rsa; } err: if(e) BN_free(e); if(rsa) RSA_free(rsa); return 0; }
ndn_Error ndn_RsaPrivateKey_generate(struct ndn_RsaPrivateKey *self, uint32_t keySize) { BIGNUM* exponent = 0; int success = 0; if (self->privateKey) { // Free a previous value. RSA_free(self->privateKey); self->privateKey = 0; } exponent = BN_new(); if (BN_set_word(exponent, RSA_F4) == 1) { self->privateKey = RSA_new(); if (RSA_generate_key_ex(self->privateKey, keySize, exponent, NULL) == 1) success = 1; } BN_free(exponent); if (success) return NDN_ERROR_success; else { RSA_free(self->privateKey); self->privateKey = 0; return NDN_ERROR_Error_in_generate_operation; } }
static int test_bad_key(void) { RSA *key = RSA_new(); BIGNUM e; BN_init(&e); BN_set_word(&e, RSA_F4); if (!RSA_generate_key_ex(key, 512, &e, NULL)) { fprintf(stderr, "RSA_generate_key_ex failed.\n"); ERR_print_errors_fp(stderr); return 0; } if (!BN_add(key->p, key->p, BN_value_one())) { fprintf(stderr, "BN error.\n"); ERR_print_errors_fp(stderr); return 0; } if (RSA_check_key(key)) { fprintf(stderr, "RSA_check_key passed with invalid key!\n"); return 0; } ERR_clear_error(); BN_free(&e); RSA_free(key); return 1; }
static int lws_tls_openssl_rsa_new_key(RSA **rsa, int bits) { BIGNUM *bn = BN_new(); int n; if (!bn) return 1; if (BN_set_word(bn, RSA_F4) != 1) { BN_free(bn); return 1; } *rsa = RSA_new(); if (!*rsa) { BN_free(bn); return 1; } n = RSA_generate_key_ex(*rsa, bits, bn, NULL); BN_free(bn); if (n == 1) return 0; RSA_free(*rsa); *rsa = NULL; return 1; }
static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; RSA_PKEY_CTX *rctx = ctx->data; BN_GENCB *pcb, cb; int ret; if (!rctx->pub_exp) { rctx->pub_exp = BN_new(); if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) return 0; } rsa = RSA_new(); if (!rsa) return 0; if (ctx->pkey_gencb) { pcb = &cb; evp_pkey_set_cb_translate(pcb, ctx); } else pcb = NULL; ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); if (ret > 0) EVP_PKEY_assign_RSA(pkey, rsa); else RSA_free(rsa); return ret; }
static ERL_NIF_TERM rsa_generate_key(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) {/* (ModulusSize, PublicExponent) */ int modulus_bits; BIGNUM *pub_exp, *three; RSA *rsa; int success; ERL_NIF_TERM result; BN_GENCB *intr_cb; #ifndef HAVE_OPAQUE_BN_GENCB BN_GENCB intr_cb_buf; #endif if (!enif_get_int(env, argv[0], &modulus_bits) || modulus_bits < 256) { return enif_make_badarg(env); } if (!get_bn_from_bin(env, argv[1], &pub_exp)) { return enif_make_badarg(env); } /* Make sure the public exponent is large enough (at least 3). * Without this, RSA_generate_key_ex() can run forever. */ three = BN_new(); BN_set_word(three, 3); success = BN_cmp(pub_exp, three); BN_free(three); if (success < 0) { BN_free(pub_exp); return enif_make_badarg(env); } /* For large keys, prime generation can take many seconds. Set up * the callback which we use to test whether the process has been * interrupted. */ #ifdef HAVE_OPAQUE_BN_GENCB intr_cb = BN_GENCB_new(); #else intr_cb = &intr_cb_buf; #endif BN_GENCB_set(intr_cb, check_erlang_interrupt, env); rsa = RSA_new(); success = RSA_generate_key_ex(rsa, modulus_bits, pub_exp, intr_cb); BN_free(pub_exp); #ifdef HAVE_OPAQUE_BN_GENCB BN_GENCB_free(intr_cb); #endif if (!success) { RSA_free(rsa); return atom_error; } result = put_rsa_private_key(env, rsa); RSA_free(rsa); return result; }
static int openssl_generate_keypair(const keymaster_device_t* dev, const keymaster_keypair_t key_type, const void* key_params, uint8_t** keyBlob, size_t* keyBlobLength) { ssize_t privateLen, publicLen; if (key_type != TYPE_RSA) { ALOGW("Unsupported key type %d", key_type); return -1; } else if (key_params == NULL) { ALOGW("key_params == null"); return -1; } keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params; Unique_BIGNUM bn(BN_new()); if (bn.get() == NULL) { logOpenSSLError("openssl_generate_keypair"); return -1; } if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) { logOpenSSLError("openssl_generate_keypair"); return -1; } /* initialize RSA */ Unique_RSA rsa(RSA_new()); if (rsa.get() == NULL) { logOpenSSLError("openssl_generate_keypair"); return -1; } if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) || RSA_check_key(rsa.get()) < 0) { logOpenSSLError("openssl_generate_keypair"); return -1; } /* assign to EVP */ Unique_EVP_PKEY pkey(EVP_PKEY_new()); if (pkey.get() == NULL) { logOpenSSLError("openssl_generate_keypair"); return -1; } if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) == 0) { logOpenSSLError("openssl_generate_keypair"); return -1; } OWNERSHIP_TRANSFERRED(rsa); if (wrap_key(pkey.get(), EVP_PKEY_RSA, keyBlob, keyBlobLength)) { return -1; } return 0; }
/* * Generate and store a private key on the token * FIXME: We should check first whether the token supports * on-board key generation, and if it does, use its own algorithm */ int pkcs11_generate_key(PKCS11_TOKEN *token, int algorithm, unsigned int bits, char *label, unsigned char* id, size_t id_len) { PKCS11_KEY *key_obj; EVP_PKEY *pk; RSA *rsa; BIO *err; #if OPENSSL_VERSION_NUMBER >= 0x10100000L BIGNUM *exp = NULL; BN_GENCB *gencb = NULL; #endif int rc; if (algorithm != EVP_PKEY_RSA) { PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_NOT_SUPPORTED); return -1; } err = BIO_new_fp(stderr, BIO_NOCLOSE); #if OPENSSL_VERSION_NUMBER >= 0x10100000L exp = BN_new(); rsa = RSA_new(); gencb = BN_GENCB_new(); if (gencb) BN_GENCB_set(gencb, NULL, err); if ( rsa == NULL || exp == NULL || gencb == NULL || !BN_set_word(exp, RSA_F4) || !RSA_generate_key_ex(rsa, bits, exp, gencb)) { RSA_free(rsa); } BN_GENCB_free(gencb); BN_free(exp); #else rsa = RSA_generate_key(bits, RSA_F4, NULL, err); #endif BIO_free(err); if (rsa == NULL) { PKCS11err(PKCS11_F_PKCS11_GENERATE_KEY, PKCS11_KEYGEN_FAILED); return -1; } pk = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pk, rsa); rc = pkcs11_store_key(token, pk, CKO_PRIVATE_KEY, label, id, id_len, &key_obj); if (rc == 0) { PKCS11_KEY_private *kpriv; kpriv = PRIVKEY(key_obj); rc = pkcs11_store_key(token, pk, CKO_PUBLIC_KEY, label, kpriv->id, kpriv->id_len, NULL); } EVP_PKEY_free(pk); return rc; }
/* returns error generates a new rsa key exp is passed in and mod and pri are passed out */ int APP_CC ssl_gen_key_xrdp1(int key_size_in_bits, char* exp, int exp_len, char* mod, int mod_len, char* pri, int pri_len) { BIGNUM* my_e; RSA* my_key; char* lexp; char* lmod; char* lpri; int error; int len; if ((exp_len != 4) || (mod_len != 64) || (pri_len != 64)) { return 1; } lexp = (char*)g_malloc(exp_len, 0); lmod = (char*)g_malloc(mod_len, 0); lpri = (char*)g_malloc(pri_len, 0); g_memcpy(lexp, exp, exp_len); ssl_reverse_it(lexp, exp_len); my_e = BN_new(); BN_bin2bn((tui8*)lexp, exp_len, my_e); my_key = RSA_new(); error = RSA_generate_key_ex(my_key, key_size_in_bits, my_e, 0) == 0; if (error == 0) { len = BN_num_bytes(my_key->n); error = len != mod_len; } if (error == 0) { BN_bn2bin(my_key->n, (tui8*)lmod); ssl_reverse_it(lmod, mod_len); } if (error == 0) { len = BN_num_bytes(my_key->d); error = len != pri_len; } if (error == 0) { BN_bn2bin(my_key->d, (tui8*)lpri); ssl_reverse_it(lpri, pri_len); } if (error == 0) { g_memcpy(mod, lmod, mod_len); g_memcpy(pri, lpri, pri_len); } BN_free(my_e); RSA_free(my_key); g_free(lexp); g_free(lmod); g_free(lpri); return error; }
static bool generate_keys(ScopedEVP_PKEY &private_key_out, ScopedEVP_PKEY &public_key_out) { ScopedEVP_PKEY private_key(EVP_PKEY_new(), EVP_PKEY_free); ScopedEVP_PKEY public_key(EVP_PKEY_new(), EVP_PKEY_free); ScopedRSA rsa(RSA_new(), RSA_free); ScopedBIGNUM e(BN_new(), BN_free); if (!private_key) { LOGE("Failed to allocate private key"); openssl_log_errors(); return false; } if (!public_key) { LOGE("Failed to allocate public key"); openssl_log_errors(); return false; } if (!rsa) { LOGE("Failed to allocate RSA"); openssl_log_errors(); return false; } if (!e) { LOGE("Failed to allocate BIGNUM"); openssl_log_errors(); return false; } BN_set_word(e.get(), RSA_F4); if (RSA_generate_key_ex(rsa.get(), 2048, e.get(), nullptr) < 0) { LOGE("RSA_generate_key_ex() failed"); openssl_log_errors(); return false; } if (!EVP_PKEY_assign_RSA(private_key.get(), RSAPrivateKey_dup(rsa.get()))) { LOGE("EVP_PKEY_assign_RSA() failed for private key"); openssl_log_errors(); return false; } if (!EVP_PKEY_assign_RSA(public_key.get(), RSAPublicKey_dup(rsa.get()))) { LOGE("EVP_PKEY_assign_RSA() failed for public key"); openssl_log_errors(); return false; } private_key_out = std::move(private_key); public_key_out = std::move(public_key); return true; }
RSA* Crypto::GenerateKeyPair() { BIGNUM* exp = BN_new(); BN_set_word(exp, DEFAULT_RSA_EXP); RSA* rsaKeys = RSA_new(); RSA_generate_key_ex(rsaKeys, DEFAULT_RSA_SIZE, exp, NULL); return rsaKeys; }
int generate_RSA_keys () { // DEBUG printf ( "Generation cles RSA ... \n" ) ; // Déclaration variables BIGNUM *bne = NULL ; // Exponent int bits = KEY_LENGTH ; // Taille clé // On alloue notre object RSA if ( ( client_key = RSA_new() ) == NULL ) { perror ( "Erreur_generate_RSA_keys : RSA_New() " ) ; fprintf ( stderr, "Code erreur OpenSSL : %lu \n ", ERR_get_error () ) ; return 0; } // On alloue notre object BIGNUM if ( ( bne = BN_new() ) == NULL ) { perror ( "Erreur_generate_RSA_keys : BN_new() " ) ; fprintf ( stderr, "Code erreur OpenSSL : %lu \n ", ERR_get_error () ) ; return 0 ; } // On fixe l'exposant sur la valeur maximale courante if ( ( BN_set_word ( bne, 65537 ) ) == 0 ) { perror ( "Erreur_generate_RSA_keys : BN_set_word() " ) ; fprintf ( stderr, "Code erreur OpenSSL : %lu \n ", ERR_get_error () ) ; return 0 ; } // On génère maintenant notre paire de clés RSA if ( ( RSA_generate_key_ex ( client_key, bits, bne, NULL ) ) != 1 ) { perror ( "Erreur_generate_RSA_keys : RSA_generate_key_ex() " ) ; fprintf ( stderr, "Code erreur OpenSSL : %lu \n ", ERR_get_error () ) ; return 0 ; } // On free notre object BIGNUM BN_free ( bne ) ; // Dernière vérification if ( client_key == NULL ) { perror ( "Erreur_generate_RSA_keys : impossible de generer les cles " ) ; return 0 ; } else{ return 1 ; } }
void openssl_rsa_pemkey() { long len; BIGNUM *bne; BIO *ins, *outs; RSA *r, *read; char *name, *head; unsigned char *data; const EVP_CIPHER *enc; EVP_CIPHER_INFO cipher; OpenSSL_add_all_algorithms(); bne = BN_new(); BN_set_word(bne, RSA_3); r = RSA_new(); RSA_generate_key_ex(r, LINE_LEN, bne, NULL); enc = EVP_des_ede3_ofb(); outs = BIO_new_file("/tmp/pri.pem", "w"); PEM_write_bio_RSAPrivateKey(outs, r, enc, NULL, 0, NULL, "beike2012"); BIO_free(outs); outs = BIO_new_file("/tmp/pub.pem", "w"); PEM_write_bio_RSAPublicKey(outs, r); BIO_free(outs); ins = BIO_new_file("/tmp/pri.pem", "rb"); r = RSA_new(); read = PEM_read_bio_RSAPrivateKey(ins, &r, NULL, "beike2012"); if (read->d == NULL) { printf("PEM_read_bio_RSAPrivateKey err!\n"); return; } printf("\nEVP_CIPHER_INFO:\n"); while (1) { if (PEM_read_bio(ins, &name, &head, &data, &len) == 0) break; if (strlen(head) > 0) { PEM_get_EVP_CIPHER_INFO(head, &cipher); if (PEM_do_header(&cipher, data, &len, NULL, NULL) == 0) return; printf("name=%s, head=%s, data=%s\n", name, head, data); } OPENSSL_free(name); OPENSSL_free(head); OPENSSL_free(data); } RSA_free(read); BIO_free(ins); }
/* * Generates RSA public and private key * @param public_key: where the DER encoded public key is put * @param private_key: where the DER encoded private key is put * @return: pointer to RSA object */ RSA *generate_rsa_keys(unsigned char **public_key, unsigned char **private_key) { RSA *key = RSA_new(); kExp = BN_new(); BN_set_word(kExp, kExp_long); if (RSA_generate_key_ex(key, kBits, kExp, 0) < 0) { printf("RSA_generate_key_ex failed\n"); exit(EXIT_FAILURE); } return key; }
void start_crypt(void) { ctx = BN_CTX_new(); BN_CTX_init(ctx); rsa = RSA_new(); e = BN_new(); BN_dec2bn(&e,"65537"); RSA_generate_key_ex(rsa, 2048, e, NULL); }