int main(int argc,char *argv[]) { RSA *r = NULL; FILE *priv_output_file; FILE *pub_output_file; int key_len; char *priv_file_name; char *pub_file_name; char priv_suffix[] = ".priv"; char pub_suffix[] = ".pub"; int len; if (argc != 4) { printf("Usage %s <key_file> <keylen> <password protect flag>\n",argv[0]); exit(0); } priv_file_name = malloc(40); pub_file_name = malloc(40); len = strlen(argv[1]); memcpy(priv_file_name, argv[1], len); memcpy(pub_file_name, argv[1], len); memcpy(priv_file_name+len, priv_suffix, 10); memcpy(pub_file_name+len, pub_suffix, 9); printf("%s %s\n",priv_file_name,pub_file_name); key_len = atoi(argv[2]); r = RSA_generate_key(key_len, RSA_EXPONENT, RSA_CALLBACK, RSA_CB_ARGS); if ((priv_output_file = fopen(priv_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if ((pub_output_file = fopen(pub_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if (strcmp(argv[3],"0")==0) { if (PEM_write_RSAPrivateKey(priv_output_file,r,EVP_des_ede3_cbc(),NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } else { if (PEM_write_RSAPrivateKey(priv_output_file,r,NULL,NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } if (PEM_write_RSAPublicKey(pub_output_file,r) != 1) { printf("Error writing the public key\n"); } fclose(priv_output_file); fclose(pub_output_file); exit(0); }
int write_key_pem_private(FILE *fp, struct ccn_pkey *private_key_ccn) { RSA *private_key_rsa; unsigned long err; private_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) private_key_ccn); if (!private_key_rsa) { err = ERR_get_error(); PyErr_Format(g_PyExc_CCNKeyError, "Unable to obtain EVP PKEY: %s", ERR_reason_error_string(err)); return -1; } if (!PEM_write_RSAPrivateKey(fp, private_key_rsa, NULL, NULL, 0, NULL, NULL)) { err = ERR_get_error(); RSA_free(private_key_rsa); PyErr_Format(g_PyExc_CCNKeyError, "Unable to write Private Key: %s", ERR_reason_error_string(err)); return -1; } //PEM_write_RSAPublicKey(stderr, private_key_rsa); RSA_free(private_key_rsa); return 0; }
void test_RSA_encryption(){ unsigned char message[129]; strncpy((char*)message,"Hello. This is Timothy.",sizeof(message)); unsigned char ciphertext[129]; unsigned char decrypted[129]; memset(ciphertext,'\0',129); memset(decrypted,'\0',129); FILE* fp=fopen("publickey.pem","r"); RSA* pubkey=NULL; RSA* privkey=NULL; //Get public key if((pubkey=PEM_read_RSAPublicKey(fp,&pubkey,NULL,NULL))==NULL){ printf("Error reading public key from file\n"); return; } fclose(fp); printf("Original message: %s\n",message); int encrypt_len=encrypt_with_public_key(pubkey,message,ciphertext,23); printf("Encrypted message: %s\n",ciphertext); privkey=get_private_key(); fp=fopen("privatekeyTEST.pem","w+"); int success=PEM_write_RSAPrivateKey(fp,privkey,NULL,NULL,0,NULL,NULL); fclose(fp); if(success!=1){ perror("Issue writing the private key to file: "); } decrypt_with_private_key(privkey,ciphertext,decrypted,encrypt_len); printf("Decrypted message: %s\n",decrypted); RSA_free(pubkey); RSA_free(privkey); }
/** * Generates an RSA private key with the given exponent and number of bits * and writes it to the given file (if specified). */ RSA_key_t gen_RSA_key(int bits, int exponent, const char *filename) { RSA_key_t rsa; FILE *f; if ((rsa = RSA_generate_key(bits ? bits : DEF_RSA_LEN, exponent, NULL, NULL)) == NULL) { log_ssl_err("couldn't generate rsa key"); return NULL; } if (strcmp(filename, "")) { if ((f = fopen(filename, "rb")) != NULL) { log(0, 0, "Private key file already exists, won't overwrite"); fclose(f); return NULL; } if ((f = fopen(filename, "wb")) == NULL) { syserror(0, 0, "failed to open key file"); return NULL; } if (!PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL, NULL)) { log_ssl_err("couldn't write rsa private key"); fclose(f); return NULL; } fclose(f); } return rsa; }
static void writeKeys(char *hostname) { /* Create a private and public key and save it to disk */ struct stat dir_stat; stat("data", &dir_stat); if (!(S_ISDIR(dir_stat.st_mode))) { mkdir("data",S_IXUSR|S_IRUSR|S_IWUSR); } RSA *priv_key; priv_key = RSA_new(); priv_key = RSA_generate_key(512,656537,NULL,NULL); RSA_check_key(priv_key); FILE *fp; char filename[256]; sprintf(filename,"data/%s%s",hostname,"-pr-key.txt"); fp = fopen(filename,"w"); PEM_write_RSAPrivateKey(fp, priv_key, NULL, NULL, 0 ,0, NULL); fclose(fp); char filename2[256]; sprintf(filename2,"data/%s%s",hostname,"-pub-key.txt"); FILE *fp3; fp3 = fopen(filename2,"w"); PEM_write_RSAPublicKey(fp3, priv_key); fclose(fp3); }
/** Generate a new signing key and write it to disk. Return 0 on success, * nonzero on failure. */ static int generate_signing_key(void) { open_file_t *open_file; FILE *f; RSA *key; log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.", SIGNING_KEY_BITS); if (!(key = generate_key(SIGNING_KEY_BITS))) { log_err(LD_GENERAL, "Couldn't generate signing key."); crypto_log_errors(LOG_ERR, "Generating signing key"); return 1; } signing_key = EVP_PKEY_new(); if (!(EVP_PKEY_assign_RSA(signing_key, key))) { log_err(LD_GENERAL, "Couldn't assign signing key."); return 1; } if (!(f = start_writing_to_stdio_file(signing_key_file, OPEN_FLAGS_REPLACE | O_TEXT, 0600, &open_file))) return 1; /* Write signing key with no encryption. */ if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) { crypto_log_errors(LOG_WARN, "writing signing key"); abort_writing_to_file(open_file); return 1; } finish_writing_to_file(open_file); return 0; }
void save_privkey (RSA *key, const char *file) { FILE *f; f = g_fopen (file, "wb"); PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL); fclose (f); }
/* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { RSA *rsa_key; FILE *f; char *name = get_name(); char *pubname, *privname; fprintf(stderr, "Generating %d bits keys:\n", bits); rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL); if(!rsa_key) { fprintf(stderr, "Error during key generation!\n"); return false; } else fprintf(stderr, "Done.\n"); xasprintf(&privname, "%s/rsa_key.priv", confbase); f = ask_and_open(privname, "private RSA key"); free(privname); if(!f) return false; #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif fputc('\n', f); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); if(name) xasprintf(&pubname, "%s/hosts/%s", confbase, name); else xasprintf(&pubname, "%s/rsa_key.pub", confbase); f = ask_and_open(pubname, "public RSA key"); free(pubname); if(!f) return false; fputc('\n', f); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(name); return true; }
void writeRSAtoPEM (RSA *rsa, const char *fname) { FILE *fp; // Open file for writing if (!(fp = fopen(fname, "w"))) { perror(fname); exit(1); } // Write RSA key in PEM format if (!PEM_write_RSAPrivateKey(fp, rsa, NULL, NULL, 0, 0, NULL)) { printf("Error writing PEM file!\n"); } fclose(fp); }
int main(int argc, char **argv) { X509 *x509 = X509_new(); EVP_PKEY *pkey; RSA *rsa; FILE *f; if (argc < 3) { printf("Usage: %s [pubkey] [output]\n", argv[0]); return 1; } f = fopen(argv[1], "rb"); x509 = PEM_read_X509(f, &x509, NULL, NULL); if (x509 == NULL) { printf("Error loading certificate\n"); return 1; } pkey = X509_get_pubkey(x509); if (pkey->type != EVP_PKEY_RSA) { printf("Not an RSA key\n"); return 1; } rsa = EVP_PKEY_get1_RSA(pkey); fclose(f); BN_dec2bn(&rsa->d, "0"); BN_dec2bn(&rsa->p, "0"); BN_dec2bn(&rsa->q, "0"); BN_dec2bn(&rsa->dmp1, "0"); BN_dec2bn(&rsa->dmq1, "0"); BN_dec2bn(&rsa->iqmp, "0"); f = fopen(argv[2], "wb"); int ret = PEM_write_RSAPrivateKey(f, rsa, NULL, NULL, 0, NULL, NULL); fclose(f); if (ret) { ERR_print_errors_fp(stderr); return 1; } return 0; }
void SecurityKeyManager::createRSA(const dtn::data::EID &ref, const int bits) { const ibrcommon::File privkey = getKeyFile(ref, SecurityKey::KEY_PRIVATE); const ibrcommon::File pubkey = getKeyFile(ref, SecurityKey::KEY_PUBLIC); RSA* rsa = RSA_new(); BIGNUM* e = BN_new(); BN_set_word(e, 65537); RSA_generate_key_ex(rsa, bits, e, NULL); BN_free(e); e = NULL; // write private key int fd = ::open(privkey.getPath().c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0600); FILE * rsa_privkey_file = fdopen(fd, "w"); if (!rsa_privkey_file) { IBRCOMMON_LOGGER_TAG(SecurityKeyManager::TAG, error) << "Failed to open " << privkey.getPath() << IBRCOMMON_LOGGER_ENDL; RSA_free(rsa); return; } PEM_write_RSAPrivateKey(rsa_privkey_file, rsa, NULL, NULL, 0, NULL, NULL); fclose(rsa_privkey_file); // write public key FILE * rsa_pubkey_file = fopen(pubkey.getPath().c_str(), "w+"); if (!rsa_pubkey_file) { IBRCOMMON_LOGGER_TAG(SecurityKeyManager::TAG, error) << "Failed to open " << privkey.getPath() << IBRCOMMON_LOGGER_ENDL; RSA_free(rsa); return; } PEM_write_RSA_PUBKEY(rsa_pubkey_file, rsa); fclose(rsa_pubkey_file); RSA_free(rsa); // set trust-level to high SecurityKey key = get(ref, SecurityKey::KEY_PUBLIC); key.trustlevel = SecurityKey::HIGH; store(key); }
int COsslKey::SavePrivateKey( const sqbind::stdString &sPrivate ) {_STT(); if ( !m_pkey || !sPrivate.length() ) return 0; oex::CStr8 name = oexStrToMb( oex::CStr( sPrivate.c_str(), sPrivate.length() ) ); FILE *fp = fopen( ( oex::CStr8() << name ).Ptr(), "w" ); if ( !fp ) oexERROR( oexGetLastError(), oexMks( oexT( "fopen( '" ), oexMbToStr( name ), oexT( "' ) failed" ) ) ); else { PEM_write_RSAPrivateKey( fp, m_pkey->pkey.rsa, oexNULL, oexNULL, 0, oexNULL, oexNULL ); fclose( fp ); } // end else return 1; }
int main(int argc, char *argv[]) { RSA *key; FILE *fp; int keylen = 0; if (argc != 2) { fprintf(stderr, "Error: too many/few arguments.\nUsage: %s <numbits>\n", argv[0]); return 1; } keylen = atoi(argv[1]); if ((key = RSA_generate_key(keylen, 3, NULL, NULL)) == NULL) { fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL)); return 1; } if (RSA_check_key(key) < 1) { fprintf(stderr, "Error: Problems while generating RSA Key.\nRetry.\n"); return 1; } fp = fopen(SECFILE,"w"); if (PEM_write_RSAPrivateKey(fp, key, NULL, NULL, 0, 0, NULL) == 0) { fprintf(stderr, "Error: problems while writing RSA Private Key.\n"); return 1; } fclose(fp); fp = fopen(PUBFILE, "w"); if (PEM_write_RSAPublicKey(fp, key) == 0) { fprintf(stderr, "Error: problems while writing RSA Public Key.\n"); return 1; } fclose(fp); RSA_free(key); printf("RSA key generated.\nLenght (bits) = %d\n", keylen); return 0; }
void gen_keys( const char * priv_file, const char * pub_file ) { FILE * fp; RSA * rsa = RSA_new(); BIGNUM * e = BN_new(); EVP_PKEY * pkey = EVP_PKEY_new(); BN_dec2bn(&e, "65537"); RSA_generate_key_ex(rsa, 512, e, NULL); fp = fopen(priv_file, "w"); PEM_write_RSAPrivateKey(fp, rsa, 0, 0, 0, 0, 0); fclose(fp); fp = fopen(pub_file, "w"); EVP_PKEY_assign_RSA(pkey,rsa); PEM_write_PUBKEY(fp, pkey); fclose(fp); BN_free(e); EVP_PKEY_free(pkey); // Also deletes rsa }
void test_onions(const void *s, const bool full) { char o[17]; RSA *r = NULL; FILE *out = NULL; while (true) { r = gen_rsa(); if (!r) goto end_loop; pthread_mutex_lock(&stats_lock); num_keys++; pthread_mutex_unlock(&stats_lock); if (!rsa_to_onion(r, o)) goto end_loop; if (search_search(s, o, full) || search_pronounce(o)) { warnx("found '%s'", o); pthread_mutex_lock(&stats_lock); num_matches++; pthread_mutex_unlock(&stats_lock); out = fopen(o, "w"); if (!out) { warn("fopen"); goto end_loop; } PEM_write_RSAPrivateKey(out, r, NULL, NULL, 0, NULL, NULL); } end_loop: if (r) { RSA_free(r); r = NULL; } if (out) { fclose(out); out = NULL; } } }
void makersacert(int days, char* commonname, int bits) { RSA *key; EVP_PKEY *pkey; X509 *x; FILE *out; key = RSA_generate_key(bits, RSA_F4, NULL, NULL); pkey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pkey, key); x = makeselfcert(pkey, days, commonname, EVP_sha256()); out = fopen("rsa_cert.pem", "w"); if (out == NULL) exit(-1); PEM_write_X509(out, x); fclose(out); out = fopen("rsa_cert_key.pem", "w"); if (out == NULL) exit(-1); PEM_write_RSAPrivateKey(out, key, NULL, NULL, 0, NULL, NULL); fclose(out); }
void RSAKey::writeToPEMKeyFile(const std::string& filename, PEMPassphraseCallback callback, void* userdata) const { FILE* fp = fopen(filename.c_str(), "w+"); if (fp == NULL) { THROW_EXCEPTION_WITH_LOG(Exception::exception, "Cannot open the file."); } int result = 0; if (hasPrivateCompound()) { result = PEM_write_RSAPrivateKey(fp, d_rsa.get(), NULL, NULL, 0, callback, userdata); } else { result = PEM_write_RSAPublicKey(fp, d_rsa.get()); } fclose(fp); EXCEPTION_ASSERT_WITH_LOG(result != 0, OpenSSLException, "Cannot write PEM file"); }
/* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { BIGNUM *e = NULL; RSA *rsa_key; FILE *f; char filename[PATH_MAX]; BN_GENCB *cb; int result; fprintf(stderr, "Generating %d bits keys:\n", bits); cb = BN_GENCB_new(); if(!cb) { abort(); } BN_GENCB_set(cb, indicator, NULL); rsa_key = RSA_new(); if(BN_hex2bn(&e, "10001") == 0) { abort(); } if(!rsa_key || !e) { abort(); } result = RSA_generate_key_ex(rsa_key, bits, e, cb); BN_free(e); BN_GENCB_free(cb); if(!result) { fprintf(stderr, "Error during key generation!\n"); RSA_free(rsa_key); return false; } else { fprintf(stderr, "Done.\n"); } snprintf(filename, sizeof(filename), "%s/rsa_key.priv", confbase); f = ask_and_open(filename, "private RSA key"); if(!f) { RSA_free(rsa_key); return false; } #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif fputc('\n', f); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); char *name = get_name(); if(name) { snprintf(filename, sizeof(filename), "%s/hosts/%s", confbase, name); free(name); } else { snprintf(filename, sizeof(filename), "%s/rsa_key.pub", confbase); } f = ask_and_open(filename, "public RSA key"); if(!f) { RSA_free(rsa_key); return false; } fputc('\n', f); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); RSA_free(rsa_key); return true; }
int main(int argc, char* argv[]){ // Local Variable definitions int i, j, k; size_t ret; int rsa_byte_size = RSA_KEY_SIZE/8; // buffer used to seed the PRNG unsigned char seed[rsa_byte_size]; //unsigned char *keybuff; unsigned char *priv; unsigned char *pub; unsigned char *mod; size_t keybuff_len=0; // File pointers FILE *urand; FILE *pubkeyfile; FILE *privkeyfile; // RSA Struct used to store Priv/Pub key vals RSA *key = RSA_new(); // Set the exponent size, e, to be used by RSA. BIGNUM *e = BN_new(); // Open the public keyfile pubkeyfile = fopen("./publickey.txt","w+"); if(pubkeyfile == NULL){ fprintf(stderr, "ERROR: Unable to open publickey.txt for writing!\n"); exit(-1); } // Open the private keyfile privkeyfile = fopen("./secretkey.txt","w+"); if(privkeyfile == NULL){ fprintf(stderr, "ERROR: Unable to open privatekey.txt for writing!\n"); exit(-1); } // Open dev rand to seed our random data. urand = fopen("/dev/urandom","r"); if(urand == NULL){ fprintf(stderr, "ERROR: Unable to open /dev/urandom for reading!\n"); exit(-1); } // Read the rand data from /dev/urandom ret = fread(&seed, sizeof(char), RSA_KEY_SIZE/8, urand); if(ret < RSA_KEY_SIZE/8){ fprintf(stderr, "ERROR: Unable to obtain random seed from /dev/urandom!\n"); exit(-1); } // Seed the PRNG RAND_seed(&seed, RSA_KEY_SIZE/8); // Setup our BIGNUM, this acts as the exponent e and will be stored with the pub/priv keys struct // read the BN_rand description to see why the last two args are 1. //ret = BN_generate_prime_ex(e, RSA_KEY_SIZE, 1, NULL, NULL, NULL); ret = BN_set_word(e, 0x10001); // 65537 if(!ret){ fprintf(stderr, "ERROR: There was a problem generating the mod 'e'\n"); exit(-1); } // NOTE: As per the OpenSSL docs, RSA_generate_key(...) is deprecated. // int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); // Generate the RSA keys ret = RSA_generate_key_ex(key, RSA_KEY_SIZE, e, NULL); /* Currently, the OpenSSL doc does not detail the return value of RSA_generate_key_ex :-( */ if(!ret){ fprintf(stderr, "ERROR: There was a problem generating RSA key!\n"); exit(-1); } /* printf("DBG: Public Key - "); char * n_val = BN_bn2hex(key->n); for(i = 0; i < 256; i++){ printf("%c", n_val[i]); } printf("\n"); */ if(!PEM_write_RSAPublicKey(pubkeyfile, key)){ fprintf(stderr, "ERROR: There was a problem writing the Public RSA key!\n"); exit(-1); } if(!PEM_write_RSAPrivateKey(privkeyfile, key, NULL, NULL, 0, NULL, NULL)){ fprintf(stderr, "ERROR: There was a problem writing the Private RSA key!\n"); exit(-1); } /* // Write the public and private key values out to disk respectively //i = BN_num_bytes(key->e); //j = BN_num_bits(key->e); //keybuff = BN_bn2hex(key->e); priv = BN_bn2hex(key->d); pub = BN_bn2hex(key->e); mod = BN_bn2hex(key->n); // Write out the public modulus, n j = BN_num_bytes(key->e); for(i = 0; i < j; i++){ fprintf(pubkeyfile, "%c", mod[i]); fprintf(privkeyfile, "%c", mod[i]); } fprintf(pubkeyfile,"\n"); fprintf(privkeyfile,"\n"); // Write out the public key j = BN_num_bytes(key->e); for(i = 0; i < j; i++){ fprintf(pubkeyfile, "%c", pub[i]); } // Write out the private key j = BN_num_bytes(key->d); for(i = 0; i < j; i++){ fprintf(privkeyfile, "%c", priv[i]); } */ //printf("DBG: Number of bytes in e - %d\n", i); //DBG: Number of bytes in e - 256 //printf("DBG: Number of bits in e - %d\n", j); //DBG: Number of bits in e - 2048 /* printf("DBG: Print e:\n"); for(k = 0; k < i; k++){ printf("%c",keybuff[k]); } printf("\nDone.\n"); // Note, the below is 256 characters, or 2048 bits worth of data. DBG: Print e: DF61CD9DCFF8B60F8302098EEA099F1B9ECED5C5AD3C98E129D380121A765BE089D6FAFEBACF272B5A87FC98995 A259D6F9D069805436F0B93AFBB02ABAD2C19DD767F25DC25226DA99B24C92727A0F583FE8CAD4C60702A1F4EDB 7F8E3A872519A8515DCBB963E676939FDCC2DFFD40C970137952FADB5048F7DAB4632646C8 Done. */ // Free allocated memory fclose(urand); fclose(pubkeyfile); fclose(privkeyfile); // Free the allocated RSA structures. RSA_free(key); BN_free(e); return 1; }
int main(int argc, char *argv[]) { int err = 0; int v; RSA *key; unsigned char ptext[256]; unsigned char ctext[256]; static unsigned char ptext_ex[] = "12345678"; unsigned char ctext_ex[256]; int plen; int clen = 0; int num; int n; int i; EVP_PKEY *pkey; printf("ptext_ex: %s\n", ptext_ex); { key = RSA_new(); key5(key); plen = sizeof(ptext_ex) - 1; num = RSA_private_encrypt(plen, ptext_ex, ctext, key, RSA_PKCS1_PADDING); if (num != 128) //模数长度 { printf("PKCS#1 v1.5 encryption failed!\n"); err=1; goto next; } //加密后的数据 printf("encrypted text: \n"); for (i = 0; i < num; i++) { printf("\\x%02x", ctext[i]); } printf("\n"); printf("RSA_private_encrypt num: %d\n", num); num = RSA_public_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING); if (num != plen || memcmp(ptext, ptext_ex, num) != 0) { printf("PKCS#1 v1.5 decryption failed!\n"); err=1; } else printf("PKCS #1 v1.5 encryption/decryption ok\n"); printf("RSA_public_decrypt num: %d\n", num); ptext[num] = '\0'; //字符串结尾 printf("ptext: %s\n", ptext); next: //公钥和私钥输出为 PEM 格式: PEM_write_RSAPrivateKey(stdout, key, NULL, NULL, 0, NULL, NULL); PEM_write_RSAPublicKey(stdout, key); //释放申请的内存 RSA_free(key); } if (err) printf("ERROR: %d\n", err); return err; }
/* Generate a public/private RSA keypair, and ask for a file to store them in. */ static bool keygen(int bits) { RSA *rsa_key; FILE *f; char *name = NULL; char *filename; get_config_string(lookup_config(config_tree, "Name"), &name); if(name && !check_id(name)) { fprintf(stderr, "Invalid name for myself!\n"); return false; } fprintf(stderr, "Generating %d bits keys:\n", bits); rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL); if(!rsa_key) { fprintf(stderr, "Error during key generation!\n"); return false; } else fprintf(stderr, "Done.\n"); xasprintf(&filename, "%s/rsa_key.priv", confbase); f = ask_and_open(filename, "private RSA key"); if(!f) return false; if(disable_old_keys(f)) fprintf(stderr, "Warning: old key(s) found and disabled.\n"); #ifdef HAVE_FCHMOD /* Make it unreadable for others. */ fchmod(fileno(f), 0600); #endif fputc('\n', f); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); free(filename); if(name) xasprintf(&filename, "%s/hosts/%s", confbase, name); else xasprintf(&filename, "%s/rsa_key.pub", confbase); f = ask_and_open(filename, "public RSA key"); if(!f) return false; if(disable_old_keys(f)) fprintf(stderr, "Warning: old key(s) found and disabled.\n"); fputc('\n', f); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); if(name) free(name); return true; }
/* * initialize ssl engine, load certs and initialize openssl internals */ void init_ssl(void) { const SSL_METHOD *ssl_method; RSA *rsa=NULL; X509_REQ *req = NULL; X509 *cer = NULL; EVP_PKEY *pk = NULL; EVP_PKEY *req_pkey = NULL; X509_NAME *name = NULL; FILE *fp; char buf[SIZ]; int rv = 0; if (!access("/var/run/egd-pool", F_OK)) { RAND_egd("/var/run/egd-pool"); } if (!RAND_status()) { syslog(LOG_WARNING, "PRNG not adequately seeded, won't do SSL/TLS\n"); return; } SSLCritters = malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t *)); if (!SSLCritters) { syslog(LOG_ERR, "citserver: can't allocate memory!!\n"); /* Nothing's been initialized, just die */ ShutDownWebcit(); exit(WC_EXIT_SSL); } else { int a; for (a = 0; a < CRYPTO_num_locks(); a++) { SSLCritters[a] = malloc(sizeof(pthread_mutex_t)); if (!SSLCritters[a]) { syslog(LOG_EMERG, "citserver: can't allocate memory!!\n"); /** Nothing's been initialized, just die */ ShutDownWebcit(); exit(WC_EXIT_SSL); } pthread_mutex_init(SSLCritters[a], NULL); } } /* * Initialize SSL transport layer */ SSL_library_init(); SSL_load_error_strings(); ssl_method = SSLv23_server_method(); if (!(ssl_ctx = SSL_CTX_new(ssl_method))) { syslog(LOG_WARNING, "SSL_CTX_new failed: %s\n", ERR_reason_error_string(ERR_get_error())); return; } syslog(LOG_INFO, "Requesting cipher list: %s\n", ssl_cipher_list); if (!(SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher_list))) { syslog(LOG_WARNING, "SSL_CTX_set_cipher_list failed: %s\n", ERR_reason_error_string(ERR_get_error())); return; } CRYPTO_set_locking_callback(ssl_lock); CRYPTO_set_id_callback(id_callback); /* * Get our certificates in order. (FIXME: dirify. this is a setup job.) * First, create the key/cert directory if it's not there already... */ mkdir(CTDL_CRYPTO_DIR, 0700); /* * Before attempting to generate keys/certificates, first try * link to them from the Citadel server if it's on the same host. * We ignore any error return because it either meant that there * was nothing in Citadel to link from (in which case we just * generate new files) or the target files already exist (which * is not fatal either). */ if (!strcasecmp(ctdlhost, "uds")) { sprintf(buf, "%s/keys/citadel.key", ctdlport); rv = symlink(buf, CTDL_KEY_PATH); if (!rv) syslog(LOG_DEBUG, "%s\n", strerror(errno)); sprintf(buf, "%s/keys/citadel.csr", ctdlport); rv = symlink(buf, CTDL_CSR_PATH); if (!rv) syslog(LOG_DEBUG, "%s\n", strerror(errno)); sprintf(buf, "%s/keys/citadel.cer", ctdlport); rv = symlink(buf, CTDL_CER_PATH); if (!rv) syslog(LOG_DEBUG, "%s\n", strerror(errno)); } /* * If we still don't have a private key, generate one. */ if (access(CTDL_KEY_PATH, R_OK) != 0) { syslog(LOG_INFO, "Generating RSA key pair.\n"); rsa = RSA_generate_key(1024, /* modulus size */ 65537, /* exponent */ NULL, /* no callback */ NULL /* no callback */ ); if (rsa == NULL) { syslog(LOG_WARNING, "Key generation failed: %s\n", ERR_reason_error_string(ERR_get_error())); } if (rsa != NULL) { fp = fopen(CTDL_KEY_PATH, "w"); if (fp != NULL) { chmod(CTDL_KEY_PATH, 0600); if (PEM_write_RSAPrivateKey(fp, /* the file */ rsa, /* the key */ NULL, /* no enc */ NULL, /* no passphr */ 0, /* no passphr */ NULL, /* no callbk */ NULL /* no callbk */ ) != 1) { syslog(LOG_WARNING, "Cannot write key: %s\n", ERR_reason_error_string(ERR_get_error())); unlink(CTDL_KEY_PATH); } fclose(fp); } else { syslog(LOG_WARNING, "Cannot write key: %s\n", CTDL_KEY_PATH); ShutDownWebcit(); exit(0); } RSA_free(rsa); } } /* * If there is no certificate file on disk, we will be generating a self-signed certificate * in the next step. Therefore, if we have neither a CSR nor a certificate, generate * the CSR in this step so that the next step may commence. */ if ( (access(CTDL_CER_PATH, R_OK) != 0) && (access(CTDL_CSR_PATH, R_OK) != 0) ) { syslog(LOG_INFO, "Generating a certificate signing request.\n"); /* * Read our key from the file. No, we don't just keep this * in memory from the above key-generation function, because * there is the possibility that the key was already on disk * and we didn't just generate it now. */ fp = fopen(CTDL_KEY_PATH, "r"); if (fp) { rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); } if (rsa) { /** Create a public key from the private key */ if (pk=EVP_PKEY_new(), pk != NULL) { EVP_PKEY_assign_RSA(pk, rsa); if (req = X509_REQ_new(), req != NULL) { const char *env; /* Set the public key */ X509_REQ_set_pubkey(req, pk); X509_REQ_set_version(req, 0L); name = X509_REQ_get_subject_name(req); /* Tell it who we are */ /* * We used to add these fields to the subject, but * now we don't. Someone doing this for real isn't * going to use the webcit-generated CSR anyway. * X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "US", -1, -1, 0); * X509_NAME_add_entry_by_txt(name, "ST", MBSTRING_ASC, "New York", -1, -1, 0); * X509_NAME_add_entry_by_txt(name, "L", MBSTRING_ASC, "Mount Kisco", -1, -1, 0); */ env = getenv("O"); if (env == NULL) env = "Organization name", X509_NAME_add_entry_by_txt( name, "O", MBSTRING_ASC, (unsigned char*)env, -1, -1, 0 ); env = getenv("OU"); if (env == NULL) env = "Citadel server"; X509_NAME_add_entry_by_txt( name, "OU", MBSTRING_ASC, (unsigned char*)env, -1, -1, 0 ); env = getenv("CN"); if (env == NULL) env = "*"; X509_NAME_add_entry_by_txt( name, "CN", MBSTRING_ASC, (unsigned char*)env, -1, -1, 0 ); X509_REQ_set_subject_name(req, name); /* Sign the CSR */ if (!X509_REQ_sign(req, pk, EVP_md5())) { syslog(LOG_WARNING, "X509_REQ_sign(): error\n"); } else { /* Write it to disk. */ fp = fopen(CTDL_CSR_PATH, "w"); if (fp != NULL) { chmod(CTDL_CSR_PATH, 0600); PEM_write_X509_REQ(fp, req); fclose(fp); } else { syslog(LOG_WARNING, "Cannot write key: %s\n", CTDL_CSR_PATH); ShutDownWebcit(); exit(0); } } X509_REQ_free(req); } } RSA_free(rsa); } else { syslog(LOG_WARNING, "Unable to read private key.\n"); } } /* * Generate a self-signed certificate if we don't have one. */ if (access(CTDL_CER_PATH, R_OK) != 0) { syslog(LOG_INFO, "Generating a self-signed certificate.\n"); /* Same deal as before: always read the key from disk because * it may or may not have just been generated. */ fp = fopen(CTDL_KEY_PATH, "r"); if (fp) { rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); } /* This also holds true for the CSR. */ req = NULL; cer = NULL; pk = NULL; if (rsa) { if (pk=EVP_PKEY_new(), pk != NULL) { EVP_PKEY_assign_RSA(pk, rsa); } fp = fopen(CTDL_CSR_PATH, "r"); if (fp) { req = PEM_read_X509_REQ(fp, NULL, NULL, NULL); fclose(fp); } if (req) { if (cer = X509_new(), cer != NULL) { ASN1_INTEGER_set(X509_get_serialNumber(cer), 0); X509_set_issuer_name(cer, req->req_info->subject); X509_set_subject_name(cer, req->req_info->subject); X509_gmtime_adj(X509_get_notBefore(cer), 0); X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS); req_pkey = X509_REQ_get_pubkey(req); X509_set_pubkey(cer, req_pkey); EVP_PKEY_free(req_pkey); /* Sign the cert */ if (!X509_sign(cer, pk, EVP_md5())) { syslog(LOG_WARNING, "X509_sign(): error\n"); } else { /* Write it to disk. */ fp = fopen(CTDL_CER_PATH, "w"); if (fp != NULL) { chmod(CTDL_CER_PATH, 0600); PEM_write_X509(fp, cer); fclose(fp); } else { syslog(LOG_WARNING, "Cannot write key: %s\n", CTDL_CER_PATH); ShutDownWebcit(); exit(0); } } X509_free(cer); } } RSA_free(rsa); } } /* * Now try to bind to the key and certificate. * Note that we use SSL_CTX_use_certificate_chain_file() which allows * the certificate file to contain intermediate certificates. */ SSL_CTX_use_certificate_chain_file(ssl_ctx, CTDL_CER_PATH); SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM); if ( !SSL_CTX_check_private_key(ssl_ctx) ) { syslog(LOG_WARNING, "Cannot install certificate: %s\n", ERR_reason_error_string(ERR_get_error())); } }
void KeepKeyPromises(const char *public_key_file, const char *private_key_file) { unsigned long err; #ifdef OPENSSL_NO_DEPRECATED RSA *pair = RSA_new(); BIGNUM *rsa_bignum = BN_new(); #else RSA *pair; #endif FILE *fp; struct stat statbuf; int fd; static char *passphrase = "Cfengine passphrase"; const EVP_CIPHER *cipher; char vbuff[CF_BUFSIZE]; cipher = EVP_des_ede3_cbc(); if (stat(public_key_file, &statbuf) != -1) { printf("A key file already exists at %s\n", public_key_file); return; } if (stat(private_key_file, &statbuf) != -1) { printf("A key file already exists at %s\n", private_key_file); return; } printf("Making a key pair for cfengine, please wait, this could take a minute...\n"); #ifdef OPENSSL_NO_DEPRECATED BN_set_word(rsa_bignum, 35); if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL)) #else pair = RSA_generate_key(2048, 35, NULL, NULL); if (pair == NULL) #endif { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Unable to generate key '%s'", ERR_reason_error_string(err)); return; } fd = open(private_key_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { Log(LOG_LEVEL_ERR, "Open '%s' failed. (open: %s)", private_key_file, GetErrorStr()); return; } if ((fp = fdopen(fd, "w")) == NULL) { Log(LOG_LEVEL_ERR, "Couldn't open private key '%s'. (fdopen: %s)", private_key_file, GetErrorStr()); close(fd); return; } Log(LOG_LEVEL_VERBOSE, "Writing private key to '%s'", private_key_file); if (!PEM_write_RSAPrivateKey(fp, pair, cipher, passphrase, strlen(passphrase), NULL, NULL)) { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Couldn't write private key. (PEM_write_RSAPrivateKey: %s)", ERR_reason_error_string(err)); return; } fclose(fp); fd = open(public_key_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { Log(LOG_LEVEL_ERR, "Unable to open public key '%s'. (open: %s)", public_key_file, GetErrorStr()); return; } if ((fp = fdopen(fd, "w")) == NULL) { Log(LOG_LEVEL_ERR, "Open '%s' failed. (fdopen: %s)", public_key_file, GetErrorStr()); close(fd); return; } Log(LOG_LEVEL_VERBOSE, "Writing public key to file '%s'", public_key_file); if (!PEM_write_RSAPublicKey(fp, pair)) { err = ERR_get_error(); Log(LOG_LEVEL_ERR, "Unable to write public key. (PEM_write_RSAPublicKey: %s)", ERR_reason_error_string(err)); return; } fclose(fp); snprintf(vbuff, CF_BUFSIZE, "%s/randseed", CFWORKDIR); RAND_write_file(vbuff); chmod(vbuff, 0644); }
assert(NR_RSA_COMPONENTS * sizeof(char *) == sizeof(rsa_vals_sz)); return (rsa_vals_sz *)(vals); } rsa_vals_sz * rsa_values_dec(RSA * rsa) { return get_rsa_values(rsa, BN_bn2dec); } rsa_vals_sz * rsa_values_hex(RSA * rsa) { return get_rsa_values(rsa, BN_bn2hex); } void rsa_values_free(rsa_vals_sz * vals) { for (int i = 0; i < NR_RSA_COMPONENTS; i++) { OPENSSL_free(vals->array[i]); } free(vals); } #if 0 assert(1 == PEM_write_RSAPrivateKey( stdout, rsa, NULL, NULL, 0, NULL, NULL, NULL)); #endif
int main(int argc, char **argv) { RSA *keypair = RSA_new(); BN_CTX *ctx = BN_CTX_new(); BN_CTX_start(ctx); BIGNUM *n = BN_new(); BIGNUM *d = BN_new(); BIGNUM *e = BN_new(); BIGNUM *p = BN_new(); BIGNUM *q = BN_new(); BIGNUM *dmp1 = BN_new(); BIGNUM *dmq1 = BN_new(); BIGNUM *iqmp = BN_new(); BIGNUM *r0 = BN_CTX_get(ctx); BIGNUM *r1 = BN_CTX_get(ctx); BIGNUM *r2 = BN_CTX_get(ctx); BIGNUM *r3 = BN_CTX_get(ctx); if(argc != 4) { printf("Usage : %s <p> <q> <e>\n", argv[0]); return 1; } BN_dec2bn(&p, argv[1]); BN_dec2bn(&q, argv[2]); BN_dec2bn(&e, argv[3]); if(BN_cmp(p,q) < 0) { BIGNUM *tmp = p; p = q; q = tmp; } BN_mul(n,p,q,ctx); BN_sub(r1,p,BN_value_one()); BN_sub(r2,q,BN_value_one()); BN_mul(r0,r1,r2,ctx); BN_mod_inverse(d,e,r0,ctx); BN_mod(dmp1, d, r1, ctx); BN_mod(dmp1, d, r2, ctx); BN_mod_inverse(iqmp,q,p,ctx); keypair->n = n; keypair->d = d; keypair->e = e; keypair->p = p; keypair->q = q; keypair->dmq1 = dmq1; keypair->dmp1 = dmp1; keypair->iqmp = iqmp; PEM_write_RSAPrivateKey(stdout, keypair, NULL, NULL, 0, NULL, NULL); PEM_write_RSAPublicKey(stdout, keypair); BN_CTX_end(ctx); BN_CTX_free(ctx); RSA_free(keypair); return 0; }
/* * generate public/private RSA keypairs for all hosts that don't have one. */ static int keygen (int bits) { RSA *rsa_key; FILE *f; char *name = NULL; char *fname; asprintf (&fname, "%s/hostkeys", confbase); mkdir (fname, 0700); free (fname); asprintf (&fname, "%s/pubkey", confbase); mkdir (fname, 0700); free (fname); for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) { conf_node *node = *i; asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); f = fopen (fname, "a"); /* some libcs are buggy and require an extra seek to the end */ if (!f || fseek (f, 0, SEEK_END)) { perror (fname); exit (EXIT_FAILURE); } if (ftell (f)) { if (!quiet) fprintf (stderr, "'%s' already exists, skipping this node %d\n", fname, quiet); fclose (f); continue; } fprintf (stderr, _("generating %d bits key for %s:\n"), bits, node->nodename); rsa_key = RSA_generate_key (bits, 0xFFFF, indicator, NULL); if (!rsa_key) { fprintf (stderr, _("error during key generation!\n")); return -1; } else fprintf (stderr, _("Done.\n")); require (PEM_write_RSAPublicKey (f, rsa_key)); fclose (f); free (fname); asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); f = fopen (fname, "a"); if (!f) { perror (fname); exit (EXIT_FAILURE); } require (PEM_write_RSAPrivateKey (f, rsa_key, NULL, NULL, 0, NULL, NULL)); fclose (f); free (fname); } return 0; }
int main(int argc, char** argv) { R_RSA_PUBLIC_KEY public_key; R_RSA_PRIVATE_KEY private_key; int i, n, retval; bool is_valid; DATA_BLOCK signature, in, out; unsigned char signature_buf[256], buf[256], buf2[256]; FILE *f, *fpriv, *fpub; char cbuf[256]; RSA rsa_key; RSA *rsa_key_; BIO *bio_out=NULL; BIO *bio_err=NULL; char *certpath; bool b2o=false; // boinc key to openssl key ? bool kpriv=false; // private key ? if (argc == 1) { usage(); exit(1); } if (!strcmp(argv[1], "-genkey")) { if (argc < 5) { usage(); exit(1); } printf("creating keys in %s and %s\n", argv[3], argv[4]); n = atoi(argv[2]); srand(random_int()); RSA* rp = RSA_generate_key(n, 65537, 0, 0); openssl_to_keys(rp, n, private_key, public_key); fpriv = fopen(argv[3], "w"); if (!fpriv) die("fopen"); fpub = fopen(argv[4], "w"); if (!fpub) die("fopen"); print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); } else if (!strcmp(argv[1], "-sign")) { if (argc < 4) { usage(); exit(1); } fpriv = fopen(argv[3], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); signature.data = signature_buf; signature.len = 256; retval = sign_file(argv[2], private_key, signature); print_hex_data(stdout, signature); } else if (!strcmp(argv[1], "-sign_string")) { if (argc < 4) { usage(); exit(1); } fpriv = fopen(argv[3], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); generate_signature(argv[2], cbuf, private_key); puts(cbuf); } else if (!strcmp(argv[1], "-verify")) { if (argc < 5) { usage(); exit(1); } fpub = fopen(argv[4], "r"); if (!fpub) die("fopen"); retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); if (retval) die("read_public_key"); f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); if (retval) die("scan_hex_data"); retval = verify_file(argv[2], public_key, signature, is_valid); if (retval) die("verify_file"); if (is_valid) { printf("file is valid\n"); } else { printf("file is invalid\n"); return 1; } } else if (!strcmp(argv[1], "-test_crypt")) { if (argc < 4) { usage(); exit(1); } fpriv = fopen(argv[2], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); fpub = fopen(argv[3], "r"); if (!fpub) die("fopen"); retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); if (retval) die("read_public_key"); strcpy((char*)buf2, "encryption test successful"); in.data = buf2; in.len = strlen((char*)in.data); out.data = buf; encrypt_private(private_key, in, out); in = out; out.data = buf2; decrypt_public(public_key, in, out); printf("out: %s\n", out.data); } else if (!strcmp(argv[1], "-cert_verify")) { if (argc < 6) die("usage: crypt_prog -cert_verify file signature_file certificate_dir ca_dir \n"); f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); if (retval) die("cannot scan_hex_data"); certpath = check_validity(argv[4], argv[2], signature.data, argv[5]); if (certpath == NULL) { die("signature cannot be verfied.\n\n"); } else { printf("siganture verified using certificate '%s'.\n\n", certpath); free(certpath); } // this converts, but an executable signed with sign_executable, // and signature converted to OpenSSL format cannot be verified with // OpenSSL } else if (!strcmp(argv[1], "-convsig")) { if (argc < 5) { usage(); exit(1); } if (strcmp(argv[2], "b2o") == 0) { b2o = true; } else if (strcmp(argv[2], "o2b") == 0) { b2o = false; } else { die("either 'o2b' or 'b2o' must be defined for -convsig\n"); } if (b2o) { f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); fclose(f); f = fopen(argv[4], "w+"); print_raw_data(f, signature); fclose(f); } else { f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_raw_data(f, signature); fclose(f); f = fopen(argv[4], "w+"); print_hex_data(f, signature); fclose(f); } } else if (!strcmp(argv[1], "-convkey")) { if (argc < 6) { usage(); exit(1); } if (strcmp(argv[2], "b2o") == 0) { b2o = true; } else if (strcmp(argv[2], "o2b") == 0) { b2o = false; } else { die("either 'o2b' or 'b2o' must be defined for -convkey\n"); } if (strcmp(argv[3], "pub") == 0) { kpriv = false; } else if (strcmp(argv[3], "priv") == 0) { kpriv = true; } else { die("either 'pub' or 'priv' must be defined for -convkey\n"); } OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); if (bio_err == NULL) { bio_err = BIO_new_fp(stdout, BIO_NOCLOSE); } //enc=EVP_get_cipherbyname("des"); //if (enc == NULL) // die("could not get cypher.\n"); // no encription yet. bio_out=BIO_new(BIO_s_file()); if (BIO_write_filename(bio_out,argv[5]) <= 0) { perror(argv[5]); die("could not create output file.\n"); } if (b2o) { rsa_key_ = RSA_new(); if (kpriv) { fpriv = fopen(argv[4], "r"); if (!fpriv) { die("fopen"); } scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); fclose(fpriv); private_to_openssl(private_key, &rsa_key); //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, // enc, NULL, 0, pass_cb, NULL); // no encryption yet. //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key, // NULL, NULL, 0, pass_cb, NULL); fpriv = fopen(argv[5], "w+"); PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL); fclose(fpriv); //if (i == 0) { // ERR_print_errors(bio_err); // die("could not write key file.\n"); //} } else { fpub = fopen(argv[4], "r"); if (!fpub) { die("fopen"); } scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); fclose(fpub); fpub = fopen(argv[5], "w+"); if (!fpub) { die("fopen"); } public_to_openssl(public_key, rsa_key_); i = PEM_write_RSA_PUBKEY(fpub, rsa_key_); if (i == 0) { ERR_print_errors(bio_err); die("could not write key file.\n"); } fclose(fpub); } } else { // o2b rsa_key_ = (RSA *)calloc(1, sizeof(RSA)); memset(rsa_key_, 0, sizeof(RSA)); if (rsa_key_ == NULL) { die("could not allocate memory for RSA structure.\n"); } if (kpriv) { fpriv = fopen (argv[4], "r"); rsa_key_ = PEM_read_RSAPrivateKey(fpriv, NULL, NULL, NULL); fclose(fpriv); if (rsa_key_ == NULL) { ERR_print_errors(bio_err); die("could not load private key.\n"); } openssl_to_private(rsa_key_, &private_key); fpriv = fopen(argv[5], "w"); if (!fpriv) { die("fopen"); } print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); } else { fpub = fopen (argv[4], "r"); rsa_key_ = PEM_read_RSA_PUBKEY(fpub, NULL, NULL, NULL); fclose(fpub); if (rsa_key_ == NULL) { ERR_print_errors(bio_err); die("could not load public key.\n"); } openssl_to_keys(rsa_key_, 1024, private_key, public_key); //openssl_to_public(rsa_key_, &public_key); public_to_openssl(public_key, rsa_key_); // fpub = fopen(argv[5], "w"); if (!fpub) { die("fopen"); } print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); } } } else { usage(); exit(1); } return 0; }
int main(int argc,char *argv[]) { RSA *r = NULL; FILE *priv_output_file; FILE *pub_output_file; int key_len; char *priv_file_name; char *pub_file_name; char priv_suffix[] = "_priv.txt"; char pub_suffix[] = "_pub.txt"; int len; if (argc != 4) { printf("Usage %s <key_file> <keylen> <password protect flag>\n",argv[0]); exit(0); } priv_file_name = malloc(40); pub_file_name = malloc(40); len = strlen(argv[1]); memcpy(priv_file_name, argv[1], len); memcpy(pub_file_name, argv[1], len); memcpy(priv_file_name+len, priv_suffix, 10); memcpy(pub_file_name+len, pub_suffix, 9); printf("%s %s\n",priv_file_name,pub_file_name); key_len = atoi(argv[2]); //daveti: add time measurement for this function call struct timeval tpstart,tpend; float timeuse = 0; gettimeofday(&tpstart,NULL); r = RSA_generate_key(key_len, RSA_EXPONENT, RSA_CALLBACK, RSA_CB_ARGS); gettimeofday(&tpend,NULL); timeuse=1000000*(tpend.tv_sec-tpstart.tv_sec)+tpend.tv_usec-tpstart.tv_usec; timeuse/=1000000; printf("Total time on crypto_genkeypair() is [%f] ms\n", timeuse); if ((priv_output_file = fopen(priv_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if ((pub_output_file = fopen(pub_file_name, "w")) == NULL) fprintf(stderr, "Cannot open %s\n", argv[1]); if (strcmp(argv[3],"0")==0) { if (PEM_write_RSAPrivateKey(priv_output_file,r,EVP_des_ede3_cbc(),NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } else { if (PEM_write_RSAPrivateKey(priv_output_file,r,NULL,NULL,0,NULL,NULL) != 1) { printf("Error writing the private key\n"); } } if (PEM_write_RSAPublicKey(pub_output_file,r) != 1) { printf("Error writing the public key\n"); } close(priv_output_file); close(pub_output_file); exit(0); }
//------------------------------------------------------------------------------------- bool KBE_RSA::generateKey(const std::string& pubkeyname, const std::string& prikeyname, int keySize, int e) { KBE_ASSERT(rsa_public == NULL && rsa_private == NULL); RSA* rsa = NULL; FILE *fp = NULL; if ((rsa = RSA_generate_key(keySize, e, NULL, NULL)) == NULL) { ERR_load_crypto_strings(); char err[1024]; char* errret = ERR_error_string(ERR_get_error(), err); ERROR_MSG(fmt::format("KBE_RSA::generateKey: RSA_generate_key error({} : {})\n", errret, err)); return false; } if (!RSA_check_key(rsa)) { ERROR_MSG("KBE_RSA::generateKey: invalid RSA Key.\n"); RSA_free(rsa); return false; } fp = fopen(prikeyname.c_str(), "w"); if (!fp) { RSA_free(rsa); return false; } if (!PEM_write_RSAPrivateKey(fp, static_cast<RSA*>(rsa), NULL, NULL, 0, 0, NULL)) { ERR_load_crypto_strings(); char err[1024]; char* errret = ERR_error_string(ERR_get_error(), err); ERROR_MSG(fmt::format("KBE_RSA::generateKey: PEM_write_RSAPrivateKey error({} : {})\n", errret, err)); fclose(fp); RSA_free(rsa); return false; } fclose(fp); fp = fopen(pubkeyname.c_str(), "w"); if (!fp) { RSA_free(rsa); return false; } if (!PEM_write_RSAPublicKey(fp, static_cast<RSA*>(rsa))) { ERR_load_crypto_strings(); char err[1024]; char* errret = ERR_error_string(ERR_get_error(), err); ERROR_MSG(fmt::format("KBE_RSA::generateKey: PEM_write_RSAPublicKey error({} : {})\n", errret, err)); fclose(fp); RSA_free(rsa); return false; } INFO_MSG(fmt::format("KBE_RSA::generateKey: RSA key generated. keysize({}) bits.\n", keySize)); RSA_free(rsa); fclose(fp); return loadPrivate(prikeyname) && loadPublic(pubkeyname); }
static void KeepKeyPromises(void) { unsigned long err; RSA *pair; FILE *fp; struct stat statbuf; int fd; static char *passphrase = "Cfengine passphrase"; const EVP_CIPHER *cipher; char vbuff[CF_BUFSIZE]; NewScope("common"); cipher = EVP_des_ede3_cbc(); if (cfstat(CFPUBKEYFILE, &statbuf) != -1) { CfOut(cf_cmdout, "", "A key file already exists at %s\n", CFPUBKEYFILE); return; } if (cfstat(CFPRIVKEYFILE, &statbuf) != -1) { CfOut(cf_cmdout, "", "A key file already exists at %s\n", CFPRIVKEYFILE); return; } printf("Making a key pair for cfengine, please wait, this could take a minute...\n"); pair = RSA_generate_key(2048, 35, NULL, NULL); if (pair == NULL) { err = ERR_get_error(); CfOut(cf_error, "", "Unable to generate key: %s\n", ERR_reason_error_string(err)); return; } if (DEBUG) { RSA_print_fp(stdout, pair, 0); } fd = open(CFPRIVKEYFILE, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { CfOut(cf_error, "open", "Open %s failed: %s.", CFPRIVKEYFILE, strerror(errno)); return; } if ((fp = fdopen(fd, "w")) == NULL) { CfOut(cf_error, "fdopen", "Couldn't open private key %s.", CFPRIVKEYFILE); close(fd); return; } CfOut(cf_verbose, "", "Writing private key to %s\n", CFPRIVKEYFILE); if (!PEM_write_RSAPrivateKey(fp, pair, cipher, passphrase, strlen(passphrase), NULL, NULL)) { err = ERR_get_error(); CfOut(cf_error, "", "Couldn't write private key: %s\n", ERR_reason_error_string(err)); return; } fclose(fp); fd = open(CFPUBKEYFILE, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { CfOut(cf_error, "open", "Unable to open public key %s.", CFPUBKEYFILE); return; } if ((fp = fdopen(fd, "w")) == NULL) { CfOut(cf_error, "fdopen", "Open %s failed.", CFPUBKEYFILE); close(fd); return; } CfOut(cf_verbose, "", "Writing public key to %s\n", CFPUBKEYFILE); if (!PEM_write_RSAPublicKey(fp, pair)) { err = ERR_get_error(); CfOut(cf_error, "", "Unable to write public key: %s\n", ERR_reason_error_string(err)); return; } fclose(fp); snprintf(vbuff, CF_BUFSIZE, "%s/randseed", CFWORKDIR); RAND_write_file(vbuff); cf_chmod(vbuff, 0644); }