1 /* Copyright (c) 2007-2012, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
16 #include <openssl/evp.h>
17 #include <openssl/pem.h>
18 #include <openssl/rsa.h>
19 #include <openssl/objects.h>
20 #include <openssl/obj_mac.h>
21 #include <openssl/err.h>
30 #define CRYPTO_PRIVATE
33 #include "../common/util.h"
34 #include "../common/torlog.h"
38 #define IDENTITY_KEY_BITS 3072
39 #define SIGNING_KEY_BITS 1024
40 #define DEFAULT_LIFETIME 12
42 /* These globals are set via command line options. */
43 char *identity_key_file
= NULL
;
44 char *signing_key_file
= NULL
;
45 char *certificate_file
= NULL
;
46 int reuse_signing_key
= 0;
49 int months_lifetime
= DEFAULT_LIFETIME
;
50 int passphrase_fd
= -1;
53 char *passphrase
= NULL
;
54 size_t passphrase_len
= 0;
56 EVP_PKEY
*identity_key
= NULL
;
57 EVP_PKEY
*signing_key
= NULL
;
59 /** Write a usage message for tor-gencert to stderr. */
63 fprintf(stderr
, "Syntax:\n"
64 "tor-gencert [-h|--help] [-v] [-r|--reuse] [--create-identity-key]\n"
65 " [-i identity_key_file] [-s signing_key_file] "
66 "[-c certificate_file]\n"
67 " [-m lifetime_in_months] [-a address:port] "
68 "[--passphrase-fd <fd>]\n");
71 /* XXXX copied from crypto.c */
73 crypto_log_errors(int severity
, const char *doing
)
76 const char *msg
, *lib
, *func
;
77 while ((err
= ERR_get_error()) != 0) {
78 msg
= (const char*)ERR_reason_error_string(err
);
79 lib
= (const char*)ERR_lib_error_string(err
);
80 func
= (const char*)ERR_func_error_string(err
);
81 if (!msg
) msg
= "(null)";
82 if (!lib
) lib
= "(null)";
83 if (!func
) func
= "(null)";
85 log(severity
, LD_CRYPTO
, "crypto error while %s: %s (in %s:%s)",
86 doing
, msg
, lib
, func
);
88 log(severity
, LD_CRYPTO
, "crypto error: %s (in %s:%s)", msg
, lib
, func
);
93 /** Read the passphrase from the passphrase fd. */
98 char buf
[1024]; /* "Ought to be enough for anybody." */
99 ssize_t n
= read_all(passphrase_fd
, buf
, sizeof(buf
), 0);
101 log_err(LD_GENERAL
, "Couldn't read from passphrase fd: %s",
105 cp
= memchr(buf
, '\n', n
);
106 passphrase_len
= cp
-buf
;
107 passphrase
= tor_strndup(buf
, passphrase_len
);
108 memwipe(buf
, 0, sizeof(buf
));
113 clear_passphrase(void)
116 memwipe(passphrase
, 0, passphrase_len
);
117 tor_free(passphrase
);
121 /** Read the command line options from <b>argc</b> and <b>argv</b>,
122 * setting global option vars as needed.
125 parse_commandline(int argc
, char **argv
)
128 log_severity_list_t s
;
129 for (i
= 1; i
< argc
; ++i
) {
130 if (!strcmp(argv
[i
], "--help") || !strcmp(argv
[i
], "-h")) {
133 } else if (!strcmp(argv
[i
], "-i")) {
135 fprintf(stderr
, "No argument to -i\n");
138 identity_key_file
= tor_strdup(argv
[++i
]);
139 } else if (!strcmp(argv
[i
], "-s")) {
141 fprintf(stderr
, "No argument to -s\n");
144 signing_key_file
= tor_strdup(argv
[++i
]);
145 } else if (!strcmp(argv
[i
], "-c")) {
147 fprintf(stderr
, "No argument to -c\n");
150 certificate_file
= tor_strdup(argv
[++i
]);
151 } else if (!strcmp(argv
[i
], "-m")) {
153 fprintf(stderr
, "No argument to -m\n");
156 months_lifetime
= atoi(argv
[++i
]);
157 if (months_lifetime
> 24 || months_lifetime
< 0) {
158 fprintf(stderr
, "Lifetime (in months) was out of range.\n");
161 } else if (!strcmp(argv
[i
], "-r") || !strcmp(argv
[i
], "--reuse")) {
162 reuse_signing_key
= 1;
163 } else if (!strcmp(argv
[i
], "-v")) {
165 } else if (!strcmp(argv
[i
], "-a")) {
168 char b
[INET_NTOA_BUF_LEN
];
171 fprintf(stderr
, "No argument to -a\n");
174 if (addr_port_lookup(LOG_ERR
, argv
[++i
], NULL
, &addr
, &port
)<0)
176 in
.s_addr
= htonl(addr
);
177 tor_inet_ntoa(&in
, b
, sizeof(b
));
178 address
= tor_malloc(INET_NTOA_BUF_LEN
+32);
179 tor_snprintf(address
, INET_NTOA_BUF_LEN
+32, "%s:%d", b
, (int)port
);
180 } else if (!strcmp(argv
[i
], "--create-identity-key")) {
182 } else if (!strcmp(argv
[i
], "--passphrase-fd")) {
184 fprintf(stderr
, "No argument to --passphrase-fd\n");
187 passphrase_fd
= atoi(argv
[++i
]);
189 fprintf(stderr
, "Unrecognized option %s\n", argv
[i
]);
194 memwipe(&s
, 0, sizeof(s
));
196 set_log_severity_config(LOG_DEBUG
, LOG_ERR
, &s
);
198 set_log_severity_config(LOG_WARN
, LOG_ERR
, &s
);
199 add_stream_log(&s
, "<stderr>", fileno(stderr
));
201 if (!identity_key_file
) {
202 identity_key_file
= tor_strdup("./authority_identity_key");
203 log_info(LD_GENERAL
, "No identity key file given; defaulting to %s",
206 if (!signing_key_file
) {
207 signing_key_file
= tor_strdup("./authority_signing_key");
208 log_info(LD_GENERAL
, "No signing key file given; defaulting to %s",
211 if (!certificate_file
) {
212 certificate_file
= tor_strdup("./authority_certificate");
213 log_info(LD_GENERAL
, "No signing key file given; defaulting to %s",
216 if (passphrase_fd
>= 0) {
217 if (load_passphrase()<0)
224 generate_key(int bits
)
227 crypto_pk_t
*env
= crypto_pk_new();
228 if (crypto_pk_generate_key_with_bits(env
,bits
)<0)
230 rsa
= _crypto_pk_get_rsa(env
);
231 rsa
= RSAPrivateKey_dup(rsa
);
237 /** Try to read the identity key from <b>identity_key_file</b>. If no such
238 * file exists and create_identity_key is set, make a new identity key and
239 * store it. Return 0 on success, nonzero on failure.
242 load_identity_key(void)
244 file_status_t status
= file_status(identity_key_file
);
248 open_file_t
*open_file
= NULL
;
250 if (status
!= FN_NOENT
) {
251 log_err(LD_GENERAL
, "--create-identity-key was specified, but %s "
252 "already exists.", identity_key_file
);
255 log_notice(LD_GENERAL
, "Generating %d-bit RSA identity key.",
257 if (!(key
= generate_key(IDENTITY_KEY_BITS
))) {
258 log_err(LD_GENERAL
, "Couldn't generate identity key.");
259 crypto_log_errors(LOG_ERR
, "Generating identity key");
262 identity_key
= EVP_PKEY_new();
263 if (!(EVP_PKEY_assign_RSA(identity_key
, key
))) {
264 log_err(LD_GENERAL
, "Couldn't assign identity key.");
268 if (!(f
= start_writing_to_stdio_file(identity_key_file
,
269 OPEN_FLAGS_REPLACE
| O_TEXT
, 0400,
273 /* Write the key to the file. If passphrase is not set, takes it from
275 if (!PEM_write_PKCS8PrivateKey_nid(f
, identity_key
,
276 NID_pbe_WithSHA1And3_Key_TripleDES_CBC
,
277 passphrase
, (int)passphrase_len
,
279 log_err(LD_GENERAL
, "Couldn't write identity key to %s",
281 crypto_log_errors(LOG_ERR
, "Writing identity key");
282 abort_writing_to_file(open_file
);
285 finish_writing_to_file(open_file
);
287 if (status
!= FN_FILE
) {
289 "No identity key found in %s. To specify a location "
290 "for an identity key, use -i. To generate a new identity key, "
291 "use --create-identity-key.", identity_key_file
);
295 if (!(f
= fopen(identity_key_file
, "r"))) {
296 log_err(LD_GENERAL
, "Couldn't open %s for reading: %s",
297 identity_key_file
, strerror(errno
));
301 /* Read the key. If passphrase is not set, takes it from the terminal. */
302 identity_key
= PEM_read_PrivateKey(f
, NULL
, NULL
, passphrase
);
304 log_err(LD_GENERAL
, "Couldn't read identity key from %s",
313 /** Load a saved signing key from disk. Return 0 on success, nonzero on
316 load_signing_key(void)
319 if (!(f
= fopen(signing_key_file
, "r"))) {
320 log_err(LD_GENERAL
, "Couldn't open %s for reading: %s",
321 signing_key_file
, strerror(errno
));
324 if (!(signing_key
= PEM_read_PrivateKey(f
, NULL
, NULL
, NULL
))) {
325 log_err(LD_GENERAL
, "Couldn't read siging key from %s", signing_key_file
);
332 /** Generate a new signing key and write it to disk. Return 0 on success,
333 * nonzero on failure. */
335 generate_signing_key(void)
337 open_file_t
*open_file
;
340 log_notice(LD_GENERAL
, "Generating %d-bit RSA signing key.",
342 if (!(key
= generate_key(SIGNING_KEY_BITS
))) {
343 log_err(LD_GENERAL
, "Couldn't generate signing key.");
344 crypto_log_errors(LOG_ERR
, "Generating signing key");
347 signing_key
= EVP_PKEY_new();
348 if (!(EVP_PKEY_assign_RSA(signing_key
, key
))) {
349 log_err(LD_GENERAL
, "Couldn't assign signing key.");
353 if (!(f
= start_writing_to_stdio_file(signing_key_file
,
354 OPEN_FLAGS_REPLACE
| O_TEXT
, 0600,
358 /* Write signing key with no encryption. */
359 if (!PEM_write_RSAPrivateKey(f
, key
, NULL
, NULL
, 0, NULL
, NULL
)) {
360 crypto_log_errors(LOG_WARN
, "writing signing key");
361 abort_writing_to_file(open_file
);
365 finish_writing_to_file(open_file
);
370 /** Encode <b>key</b> in the format used in directory documents; return
371 * a newly allocated string holding the result or NULL on failure. */
373 key_to_string(EVP_PKEY
*key
)
377 RSA
*rsa
= EVP_PKEY_get1_RSA(key
);
382 b
= BIO_new(BIO_s_mem());
383 if (!PEM_write_bio_RSAPublicKey(b
, rsa
)) {
384 crypto_log_errors(LOG_WARN
, "writing public key to string");
388 BIO_get_mem_ptr(b
, &buf
);
389 (void) BIO_set_close(b
, BIO_NOCLOSE
);
391 result
= tor_malloc(buf
->length
+ 1);
392 memcpy(result
, buf
->data
, buf
->length
);
393 result
[buf
->length
] = 0;
399 /** Set <b>out</b> to the hex-encoded fingerprint of <b>pkey</b>. */
401 get_fingerprint(EVP_PKEY
*pkey
, char *out
)
404 crypto_pk_t
*pk
= _crypto_new_pk_from_rsa(EVP_PKEY_get1_RSA(pkey
));
406 r
= crypto_pk_get_fingerprint(pk
, out
, 0);
412 /** Set <b>out</b> to the hex-encoded fingerprint of <b>pkey</b>. */
414 get_digest(EVP_PKEY
*pkey
, char *out
)
417 crypto_pk_t
*pk
= _crypto_new_pk_from_rsa(EVP_PKEY_get1_RSA(pkey
));
419 r
= crypto_pk_get_digest(pk
, out
);
425 /** Generate a new certificate for our loaded or generated keys, and write it
426 * to disk. Return 0 on success, nonzero on failure. */
428 generate_certificate(void)
431 time_t now
= time(NULL
);
433 char published
[ISO_TIME_LEN
+1];
434 char expires
[ISO_TIME_LEN
+1];
435 char id_digest
[DIGEST_LEN
];
436 char fingerprint
[FINGERPRINT_LEN
+1];
437 char *ident
= key_to_string(identity_key
);
438 char *signing
= key_to_string(signing_key
);
441 char digest
[DIGEST_LEN
];
442 char signature
[1024]; /* handles up to 8192-bit keys. */
445 get_fingerprint(identity_key
, fingerprint
);
446 get_digest(identity_key
, id_digest
);
448 tor_localtime_r(&now
, &tm
);
449 tm
.tm_mon
+= months_lifetime
;
451 format_iso_time(published
, now
);
452 format_iso_time(expires
, mktime(&tm
));
454 tor_snprintf(buf
, sizeof(buf
),
455 "dir-key-certificate-version 3"
458 "dir-key-published %s\n"
459 "dir-key-expires %s\n"
460 "dir-identity-key\n%s"
461 "dir-signing-key\n%s"
462 "dir-key-crosscert\n"
463 "-----BEGIN ID SIGNATURE-----\n",
464 address
?"\ndir-address ":"", address
?address
:"",
465 fingerprint
, published
, expires
, ident
, signing
470 /* Append a cross-certification */
471 r
= RSA_private_encrypt(DIGEST_LEN
, (unsigned char*)id_digest
,
472 (unsigned char*)signature
,
473 EVP_PKEY_get1_RSA(signing_key
),
475 signed_len
= strlen(buf
);
476 base64_encode(buf
+signed_len
, sizeof(buf
)-signed_len
, signature
, r
);
479 "-----END ID SIGNATURE-----\n"
480 "dir-key-certification\n", sizeof(buf
));
482 signed_len
= strlen(buf
);
483 SHA1((const unsigned char*)buf
,signed_len
,(unsigned char*)digest
);
485 r
= RSA_private_encrypt(DIGEST_LEN
, (unsigned char*)digest
,
486 (unsigned char*)signature
,
487 EVP_PKEY_get1_RSA(identity_key
),
489 strlcat(buf
, "-----BEGIN SIGNATURE-----\n", sizeof(buf
));
490 signed_len
= strlen(buf
);
491 base64_encode(buf
+signed_len
, sizeof(buf
)-signed_len
, signature
, r
);
492 strlcat(buf
, "-----END SIGNATURE-----\n", sizeof(buf
));
494 if (!(f
= fopen(certificate_file
, "w"))) {
495 log_err(LD_GENERAL
, "Couldn't open %s for writing: %s",
496 certificate_file
, strerror(errno
));
500 if (fputs(buf
, f
) < 0) {
501 log_err(LD_GENERAL
, "Couldn't write to %s: %s",
502 certificate_file
, strerror(errno
));
510 /** Entry point to tor-gencert */
512 main(int argc
, char **argv
)
517 /* Don't bother using acceleration. */
518 if (crypto_global_init(0, NULL
, NULL
)) {
519 fprintf(stderr
, "Couldn't initialize crypto library.\n");
522 if (crypto_seed_rng(1)) {
523 fprintf(stderr
, "Couldn't seed RNG.\n");
526 /* Make sure that files are made private. */
529 if (parse_commandline(argc
, argv
))
531 if (load_identity_key())
533 if (reuse_signing_key
) {
534 if (load_signing_key())
537 if (generate_signing_key())
540 if (generate_certificate())
547 EVP_PKEY_free(identity_key
);
549 EVP_PKEY_free(signing_key
);
552 crypto_global_cleanup();