search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update copyrights to 2021, using "make update-copyright"
[tor.git] / src / tools / tor-gencert.c
blobefd4d000fb581934a4d8d7f7fba42d43d8272854
1 /* Copyright (c) 2007-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3
4 #include "orconfig.h"
5
6 #include <stdio.h>
7 #include <string.h>
8
9 #include <sys/types.h>
10 #include <sys/stat.h>
11 #include <fcntl.h>
12 #ifdef HAVE_UNISTD_H
13 #include <unistd.h>
14 #endif
15
16 #include "lib/cc/compat_compiler.h"
17 #include "lib/crypt_ops/crypto_init.h"
18 #include "lib/crypt_ops/crypto_openssl_mgt.h"
19
20 #ifdef ENABLE_OPENSSL
21 /* Some versions of OpenSSL declare X509_STORE_CTX_set_verify_cb twice in
22 * x509.h and x509_vfy.h. Suppress the GCC warning so we can build with
23 * -Wredundant-decl. */
24 DISABLE_GCC_WARNING("-Wredundant-decls")
25
26 #include <openssl/evp.h>
27 #include <openssl/pem.h>
28 #include <openssl/rsa.h>
29 #include <openssl/objects.h>
30 #include <openssl/obj_mac.h>
31 #include <openssl/err.h>
32
33 ENABLE_GCC_WARNING("-Wredundant-decls")
34 #endif /* defined(ENABLE_OPENSSL) */
35
36 #include <errno.h>
37
38 #include "lib/crypt_ops/crypto_digest.h"
39 #include "lib/crypt_ops/crypto_rand.h"
40 #include "lib/crypt_ops/crypto_rsa.h"
41 #include "lib/crypt_ops/crypto_util.h"
42 #include "lib/encoding/binascii.h"
43 #include "lib/encoding/time_fmt.h"
44 #include "lib/fs/files.h"
45 #include "lib/log/log.h"
46 #include "lib/malloc/malloc.h"
47 #include "lib/net/address.h"
48 #include "lib/net/inaddr.h"
49 #include "lib/net/resolve.h"
50 #include "lib/string/compat_string.h"
51 #include "lib/string/printf.h"
52
53 #define IDENTITY_KEY_BITS 3072
54 #define SIGNING_KEY_BITS 2048
55 #define DEFAULT_LIFETIME 12
56
57 /* These globals are set via command line options. */
58 static char *identity_key_file = NULL;
59 static char *signing_key_file = NULL;
60 static char *certificate_file = NULL;
61 static int reuse_signing_key = 0;
62 static int verbose = 0;
63 static int make_new_id = 0;
64 static int months_lifetime = DEFAULT_LIFETIME;
65 static int passphrase_fd = -1;
66 static char *address = NULL;
67
68 static char *passphrase = NULL;
69 static size_t passphrase_len = 0;
70
71 static EVP_PKEY *identity_key = NULL;
72 static EVP_PKEY *signing_key = NULL;
73
74 /** Write a usage message for tor-gencert to stderr. */
75 static void
76 show_help(void)
77 {
78 fprintf(stderr, "Syntax:\n"
79 "tor-gencert [-h|--help] [-v] [-r|--reuse] [--create-identity-key]\n"
80 " [-i identity_key_file] [-s signing_key_file] "
81 "[-c certificate_file]\n"
82 " [-m lifetime_in_months] [-a address:port] "
83 "[--passphrase-fd <fd>]\n");
84 }
85
86 /** Read the passphrase from the passphrase fd. */
87 static int
88 load_passphrase(void)
89 {
90 char *cp;
91 char buf[1024]; /* "Ought to be enough for anybody." */
92 memset(buf, 0, sizeof(buf)); /* should be needless */
93 ssize_t n = read_all_from_fd(passphrase_fd, buf, sizeof(buf));
94 if (n < 0) {
95 log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
96 strerror(errno));
97 return -1;
98 }
99 /* We'll take everything from the buffer except for optional terminating
100 * newline. */
101 cp = memchr(buf, '\n', n);
102 if (cp == NULL) {
103 passphrase_len = n;
104 } else {
105 passphrase_len = cp-buf;
106 }
107 passphrase = tor_strndup(buf, passphrase_len);
108 memwipe(buf, 0, sizeof(buf));
109 return 0;
110 }
111
112 static void
113 clear_passphrase(void)
114 {
115 if (passphrase) {
116 memwipe(passphrase, 0, passphrase_len);
117 tor_free(passphrase);
118 }
119 }
120
121 /** Read the command line options from <b>argc</b> and <b>argv</b>,
122 * setting global option vars as needed.
123 */
124 static int
125 parse_commandline(int argc, char **argv)
126 {
127 int i;
128 log_severity_list_t s;
129 for (i = 1; i < argc; ++i) {
130 if (!strcmp(argv[i], "--help") || !strcmp(argv[i], "-h")) {
131 show_help();
132 return 1;
133 } else if (!strcmp(argv[i], "-i")) {
134 if (i+1>=argc) {
135 fprintf(stderr, "No argument to -i\n");
136 return 1;
137 }
138 if (identity_key_file) {
139 fprintf(stderr, "Duplicate values for -i\n");
140 return -1;
141 }
142 identity_key_file = tor_strdup(argv[++i]);
143 } else if (!strcmp(argv[i], "-s")) {
144 if (i+1>=argc) {
145 fprintf(stderr, "No argument to -s\n");
146 return 1;
147 }
148 if (signing_key_file) {
149 fprintf(stderr, "Duplicate values for -s\n");
150 return -1;
151 }
152 signing_key_file = tor_strdup(argv[++i]);
153 } else if (!strcmp(argv[i], "-c")) {
154 if (i+1>=argc) {
155 fprintf(stderr, "No argument to -c\n");
156 return 1;
157 }
158 if (certificate_file) {
159 fprintf(stderr, "Duplicate values for -c\n");
160 return -1;
161 }
162 certificate_file = tor_strdup(argv[++i]);
163 } else if (!strcmp(argv[i], "-m")) {
164 if (i+1>=argc) {
165 fprintf(stderr, "No argument to -m\n");
166 return 1;
167 }
168 months_lifetime = atoi(argv[++i]);
169 if (months_lifetime > 24 || months_lifetime < 0) {
170 fprintf(stderr, "Lifetime (in months) was out of range.\n");
171 return 1;
172 }
173 } else if (!strcmp(argv[i], "-r") || !strcmp(argv[i], "--reuse")) {
174 reuse_signing_key = 1;
175 } else if (!strcmp(argv[i], "-v")) {
176 verbose = 1;
177 } else if (!strcmp(argv[i], "-a")) {
178 tor_addr_t addr;
179 uint16_t port;
180 if (i+1>=argc) {
181 fprintf(stderr, "No argument to -a\n");
182 return 1;
183 }
184 const char *addr_arg = argv[++i];
185 if (tor_addr_port_lookup(addr_arg, &addr, &port)<0) {
186 fprintf(stderr, "Can't resolve address/port for %s", addr_arg);
187 return 1;
188 }
189 if (tor_addr_family(&addr) != AF_INET) {
190 fprintf(stderr, "%s must resolve to an IPv4 address", addr_arg);
191 return 1;
192 }
193 tor_free(address);
194 address = tor_strdup(fmt_addrport(&addr, port));
195 } else if (!strcmp(argv[i], "--create-identity-key")) {
196 make_new_id = 1;
197 } else if (!strcmp(argv[i], "--passphrase-fd")) {
198 if (i+1>=argc) {
199 fprintf(stderr, "No argument to --passphrase-fd\n");
200 return 1;
201 }
202 passphrase_fd = atoi(argv[++i]);
203 } else {
204 fprintf(stderr, "Unrecognized option %s\n", argv[i]);
205 return 1;
206 }
207 }
208
209 memwipe(&s, 0, sizeof(s));
210 if (verbose)
211 set_log_severity_config(LOG_DEBUG, LOG_ERR, &s);
212 else
213 set_log_severity_config(LOG_WARN, LOG_ERR, &s);
214 add_stream_log(&s, "<stderr>", fileno(stderr));
215
216 if (!identity_key_file) {
217 identity_key_file = tor_strdup("./authority_identity_key");
218 log_info(LD_GENERAL, "No identity key file given; defaulting to %s",
219 identity_key_file);
220 }
221 if (!signing_key_file) {
222 signing_key_file = tor_strdup("./authority_signing_key");
223 log_info(LD_GENERAL, "No signing key file given; defaulting to %s",
224 signing_key_file);
225 }
226 if (!certificate_file) {
227 certificate_file = tor_strdup("./authority_certificate");
228 log_info(LD_GENERAL, "No signing key file given; defaulting to %s",
229 certificate_file);
230 }
231 if (passphrase_fd >= 0) {
232 if (load_passphrase()<0)
233 return 1;
234 }
235 return 0;
236 }
237
238 static RSA *
239 generate_key(int bits)
240 {
241 RSA *rsa = NULL;
242 crypto_pk_t *env = crypto_pk_new();
243 if (crypto_pk_generate_key_with_bits(env,bits)<0)
244 goto done;
245 rsa = crypto_pk_get_openssl_rsa_(env);
246 done:
247 crypto_pk_free(env);
248 return rsa;
249 }
250
251 #define MIN_PASSPHRASE_LEN 4
252
253 /** Try to read the identity key from <b>identity_key_file</b>. If no such
254 * file exists and create_identity_key is set, make a new identity key and
255 * store it. Return 0 on success, nonzero on failure.
256 */
257 static int
258 load_identity_key(void)
259 {
260 file_status_t status = file_status(identity_key_file);
261 FILE *f;
262
263 if (make_new_id) {
264 open_file_t *open_file = NULL;
265 RSA *key;
266 if (status != FN_NOENT) {
267 log_err(LD_GENERAL, "--create-identity-key was specified, but %s "
268 "already exists.", identity_key_file);
269 return 1;
270 }
271 log_notice(LD_GENERAL, "Generating %d-bit RSA identity key.",
272 IDENTITY_KEY_BITS);
273 if (!(key = generate_key(IDENTITY_KEY_BITS))) {
274 log_err(LD_GENERAL, "Couldn't generate identity key.");
275 crypto_openssl_log_errors(LOG_ERR, "Generating identity key");
276 return 1;
277 }
278 identity_key = EVP_PKEY_new();
279 if (!(EVP_PKEY_assign_RSA(identity_key, key))) {
280 log_err(LD_GENERAL, "Couldn't assign identity key.");
281 return 1;
282 }
283
284 if (!(f = start_writing_to_stdio_file(identity_key_file,
285 OPEN_FLAGS_REPLACE | O_TEXT, 0400,
286 &open_file)))
287 return 1;
288
289 /* Write the key to the file. If passphrase is not set, takes it from
290 * the terminal. */
291 if (!PEM_write_PKCS8PrivateKey_nid(f, identity_key,
292 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
293 passphrase, (int) passphrase_len,
294 NULL, NULL)) {
295 if ((int) passphrase_len < MIN_PASSPHRASE_LEN) {
296 log_err(LD_GENERAL, "Passphrase empty or too short. Passphrase needs "
297 "to be at least %d characters.", MIN_PASSPHRASE_LEN);
298 } else {
299 log_err(LD_GENERAL, "Couldn't write identity key to %s",
300 identity_key_file);
301 crypto_openssl_log_errors(LOG_ERR, "Writing identity key");
302 }
303 abort_writing_to_file(open_file);
304 return 1;
305 }
306 finish_writing_to_file(open_file);
307 } else {
308 if (status != FN_FILE) {
309 log_err(LD_GENERAL,
310 "No identity key found in %s. To specify a location "
311 "for an identity key, use -i. To generate a new identity key, "
312 "use --create-identity-key.", identity_key_file);
313 return 1;
314 }
315
316 if (!(f = fopen(identity_key_file, "r"))) {
317 log_err(LD_GENERAL, "Couldn't open %s for reading: %s",
318 identity_key_file, strerror(errno));
319 return 1;
320 }
321
322 /* Read the key. If passphrase is not set, takes it from the terminal. */
323 identity_key = PEM_read_PrivateKey(f, NULL, NULL, passphrase);
324 if (!identity_key) {
325 log_err(LD_GENERAL, "Couldn't read identity key from %s",
326 identity_key_file);
327 fclose(f);
328 return 1;
329 }
330 fclose(f);
331 }
332 return 0;
333 }
334
335 /** Load a saved signing key from disk. Return 0 on success, nonzero on
336 * failure. */
337 static int
338 load_signing_key(void)
339 {
340 FILE *f;
341 if (!(f = fopen(signing_key_file, "r"))) {
342 log_err(LD_GENERAL, "Couldn't open %s for reading: %s",
343 signing_key_file, strerror(errno));
344 return 1;
345 }
346 if (!(signing_key = PEM_read_PrivateKey(f, NULL, NULL, NULL))) {
347 log_err(LD_GENERAL, "Couldn't read siging key from %s", signing_key_file);
348 fclose(f);
349 return 1;
350 }
351 fclose(f);
352 return 0;
353 }
354
355 /** Generate a new signing key and write it to disk. Return 0 on success,
356 * nonzero on failure. */
357 static int
358 generate_signing_key(void)
359 {
360 open_file_t *open_file;
361 FILE *f;
362 RSA *key;
363 log_notice(LD_GENERAL, "Generating %d-bit RSA signing key.",
364 SIGNING_KEY_BITS);
365 if (!(key = generate_key(SIGNING_KEY_BITS))) {
366 log_err(LD_GENERAL, "Couldn't generate signing key.");
367 crypto_openssl_log_errors(LOG_ERR, "Generating signing key");
368 return 1;
369 }
370 signing_key = EVP_PKEY_new();
371 if (!(EVP_PKEY_assign_RSA(signing_key, key))) {
372 log_err(LD_GENERAL, "Couldn't assign signing key.");
373 return 1;
374 }
375
376 if (!(f = start_writing_to_stdio_file(signing_key_file,
377 OPEN_FLAGS_REPLACE | O_TEXT, 0600,
378 &open_file)))
379 return 1;
380
381 /* Write signing key with no encryption. */
382 if (!PEM_write_RSAPrivateKey(f, key, NULL, NULL, 0, NULL, NULL)) {
383 crypto_openssl_log_errors(LOG_WARN, "writing signing key");
384 abort_writing_to_file(open_file);
385 return 1;
386 }
387
388 finish_writing_to_file(open_file);
389
390 return 0;
391 }
392
393 /** Encode <b>key</b> in the format used in directory documents; return
394 * a newly allocated string holding the result or NULL on failure. */
395 static char *
396 key_to_string(EVP_PKEY *key)
397 {
398 BUF_MEM *buf;
399 BIO *b;
400 RSA *rsa = EVP_PKEY_get1_RSA(key);
401 char *result;
402 if (!rsa)
403 return NULL;
404
405 b = BIO_new(BIO_s_mem());
406 if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
407 crypto_openssl_log_errors(LOG_WARN, "writing public key to string");
408 RSA_free(rsa);
409 return NULL;
410 }
411
412 BIO_get_mem_ptr(b, &buf);
413 result = tor_malloc(buf->length + 1);
414 memcpy(result, buf->data, buf->length);
415 result[buf->length] = 0;
416
417 BIO_free(b);
418
419 RSA_free(rsa);
420 return result;
421 }
422
423 /** Set <b>out</b> to the hex-encoded fingerprint of <b>pkey</b>. */
424 static int
425 get_fingerprint(EVP_PKEY *pkey, char *out)
426 {
427 int r = -1;
428 crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(EVP_PKEY_get1_RSA(pkey));
429 if (pk) {
430 r = crypto_pk_get_fingerprint(pk, out, 0);
431 crypto_pk_free(pk);
432 }
433 return r;
434 }
435
436 /** Set <b>out</b> to the hex-encoded fingerprint of <b>pkey</b>. */
437 static int
438 get_digest(EVP_PKEY *pkey, char *out)
439 {
440 int r = -1;
441 crypto_pk_t *pk = crypto_new_pk_from_openssl_rsa_(EVP_PKEY_get1_RSA(pkey));
442 if (pk) {
443 r = crypto_pk_get_digest(pk, out);
444 crypto_pk_free(pk);
445 }
446 return r;
447 }
448
449 /** Generate a new certificate for our loaded or generated keys, and write it
450 * to disk. Return 0 on success, nonzero on failure. */
451 static int
452 generate_certificate(void)
453 {
454 char buf[8192];
455 time_t now = time(NULL);
456 struct tm tm;
457 char published[ISO_TIME_LEN+1];
458 char expires[ISO_TIME_LEN+1];
459 char id_digest[DIGEST_LEN];
460 char fingerprint[FINGERPRINT_LEN+1];
461 FILE *f;
462 size_t signed_len;
463 char digest[DIGEST_LEN];
464 char signature[1024]; /* handles up to 8192-bit keys. */
465 int r;
466
467 if (get_fingerprint(identity_key, fingerprint) < 0) {
468 return -1;
469 }
470 if (get_digest(identity_key, id_digest)) {
471 return -1;
472 }
473 char *ident = key_to_string(identity_key);
474 char *signing = key_to_string(signing_key);
475
476 tor_localtime_r(&now, &tm);
477 tm.tm_mon += months_lifetime;
478
479 format_iso_time(published, now);
480 format_iso_time(expires, mktime(&tm));
481
482 tor_snprintf(buf, sizeof(buf),
483 "dir-key-certificate-version 3"
484 "%s%s"
485 "\nfingerprint %s\n"
486 "dir-key-published %s\n"
487 "dir-key-expires %s\n"
488 "dir-identity-key\n%s"
489 "dir-signing-key\n%s"
490 "dir-key-crosscert\n"
491 "-----BEGIN ID SIGNATURE-----\n",
492 address?"\ndir-address ":"", address?address:"",
493 fingerprint, published, expires, ident, signing
494 );
495 tor_free(ident);
496 tor_free(signing);
497
498 /* Append a cross-certification */
499 RSA *rsa = EVP_PKEY_get1_RSA(signing_key);
500 r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)id_digest,
501 (unsigned char*)signature,
502 rsa,
503 RSA_PKCS1_PADDING);
504 RSA_free(rsa);
505
506 signed_len = strlen(buf);
507 base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,
508 BASE64_ENCODE_MULTILINE);
509
510 strlcat(buf,
511 "-----END ID SIGNATURE-----\n"
512 "dir-key-certification\n", sizeof(buf));
513
514 signed_len = strlen(buf);
515 SHA1((const unsigned char*)buf,signed_len,(unsigned char*)digest);
516
517 rsa = EVP_PKEY_get1_RSA(identity_key);
518 r = RSA_private_encrypt(DIGEST_LEN, (unsigned char*)digest,
519 (unsigned char*)signature,
520 rsa,
521 RSA_PKCS1_PADDING);
522 RSA_free(rsa);
523 strlcat(buf, "-----BEGIN SIGNATURE-----\n", sizeof(buf));
524 signed_len = strlen(buf);
525 base64_encode(buf+signed_len, sizeof(buf)-signed_len, signature, r,
526 BASE64_ENCODE_MULTILINE);
527 strlcat(buf, "-----END SIGNATURE-----\n", sizeof(buf));
528
529 if (!(f = fopen(certificate_file, "w"))) {
530 log_err(LD_GENERAL, "Couldn't open %s for writing: %s",
531 certificate_file, strerror(errno));
532 return 1;
533 }
534
535 if (fputs(buf, f) < 0) {
536 log_err(LD_GENERAL, "Couldn't write to %s: %s",
537 certificate_file, strerror(errno));
538 fclose(f);
539 return 1;
540 }
541 fclose(f);
542 return 0;
543 }
544
545 /** Entry point to tor-gencert */
546 int
547 main(int argc, char **argv)
548 {
549 int r = 1;
550 init_logging(1);
551
552 /* Don't bother using acceleration. */
553 if (crypto_global_init(0, NULL, NULL)) {
554 fprintf(stderr, "Couldn't initialize crypto library.\n");
555 return 1;
556 }
557 if (crypto_seed_rng()) {
558 fprintf(stderr, "Couldn't seed RNG.\n");
559 goto done;
560 }
561 /* Make sure that files are made private. */
562 umask(0077);
563
564 if (parse_commandline(argc, argv))
565 goto done;
566 if (load_identity_key())
567 goto done;
568 if (reuse_signing_key) {
569 if (load_signing_key())
570 goto done;
571 } else {
572 if (generate_signing_key())
573 goto done;
574 }
575 if (generate_certificate())
576 goto done;
577
578 r = 0;
579 done:
580 clear_passphrase();
581 if (identity_key)
582 EVP_PKEY_free(identity_key);
583 if (signing_key)
584 EVP_PKEY_free(signing_key);
585 tor_free(address);
586 tor_free(identity_key_file);
587 tor_free(signing_key_file);
588 tor_free(certificate_file);
589 tor_free(address);
590
591 crypto_global_cleanup();
592 return r;
593 }
The Onion Router