1 /* Copyright (c) 2007-2010 The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
14 #include <openssl/evp.h>
15 #include <openssl/pem.h>
16 #include <openssl/rsa.h>
17 #include <openssl/objects.h>
18 #include <openssl/obj_mac.h>
19 #include <openssl/err.h>
28 #define CRYPTO_PRIVATE
31 #include "../common/util.h"
32 #include "../common/torlog.h"
36 #define IDENTITY_KEY_BITS 3072
37 #define SIGNING_KEY_BITS 1024
38 #define DEFAULT_LIFETIME 12
40 /* These globals are set via command line options. */
41 char *identity_key_file
= NULL
;
42 char *signing_key_file
= NULL
;
43 char *certificate_file
= NULL
;
44 int reuse_signing_key
= 0;
47 int months_lifetime
= DEFAULT_LIFETIME
;
48 int passphrase_fd
= -1;
51 char *passphrase
= NULL
;
52 size_t passphrase_len
= 0;
54 EVP_PKEY
*identity_key
= NULL
;
55 EVP_PKEY
*signing_key
= NULL
;
57 /** Write a usage message for tor-gencert to stderr. */
61 fprintf(stderr
, "Syntax:\n"
62 "tor-gencert [-h|--help] [-v] [-r|--reuse] [--create-identity-key]\n"
63 " [-i identity_key_file] [-s signing_key_file] "
64 "[-c certificate_file]\n"
65 " [-m lifetime_in_months] [-a address:port] "
66 "[--passphrase-fd <fd>]\n");
69 /* XXXX copied from crypto.c */
71 crypto_log_errors(int severity
, const char *doing
)
74 const char *msg
, *lib
, *func
;
75 while ((err
= ERR_get_error()) != 0) {
76 msg
= (const char*)ERR_reason_error_string(err
);
77 lib
= (const char*)ERR_lib_error_string(err
);
78 func
= (const char*)ERR_func_error_string(err
);
79 if (!msg
) msg
= "(null)";
80 if (!lib
) lib
= "(null)";
81 if (!func
) func
= "(null)";
83 log(severity
, LD_CRYPTO
, "crypto error while %s: %s (in %s:%s)",
84 doing
, msg
, lib
, func
);
86 log(severity
, LD_CRYPTO
, "crypto error: %s (in %s:%s)", msg
, lib
, func
);
91 /** Read the passphrase from the passphrase fd. */
96 char buf
[1024]; /* "Ought to be enough for anybody." */
97 ssize_t n
= read_all(passphrase_fd
, buf
, sizeof(buf
), 0);
99 log_err(LD_GENERAL
, "Couldn't read from passphrase fd: %s",
103 cp
= memchr(buf
, '\n', n
);
104 passphrase_len
= cp
-buf
;
105 passphrase
= tor_strndup(buf
, passphrase_len
);
106 memset(buf
, 0, sizeof(buf
));
111 clear_passphrase(void)
114 memset(passphrase
, 0, passphrase_len
);
115 tor_free(passphrase
);
119 /** Read the command line options from <b>argc</b> and <b>argv</b>,
120 * setting global option vars as needed.
123 parse_commandline(int argc
, char **argv
)
126 log_severity_list_t s
;
127 for (i
= 1; i
< argc
; ++i
) {
128 if (!strcmp(argv
[i
], "--help") || !strcmp(argv
[i
], "-h")) {
131 } else if (!strcmp(argv
[i
], "-i")) {
133 fprintf(stderr
, "No argument to -i\n");
136 identity_key_file
= tor_strdup(argv
[++i
]);
137 } else if (!strcmp(argv
[i
], "-s")) {
139 fprintf(stderr
, "No argument to -s\n");
142 signing_key_file
= tor_strdup(argv
[++i
]);
143 } else if (!strcmp(argv
[i
], "-c")) {
145 fprintf(stderr
, "No argument to -c\n");
148 certificate_file
= tor_strdup(argv
[++i
]);
149 } else if (!strcmp(argv
[i
], "-m")) {
151 fprintf(stderr
, "No argument to -m\n");
154 months_lifetime
= atoi(argv
[++i
]);
155 if (months_lifetime
> 24 || months_lifetime
< 0) {
156 fprintf(stderr
, "Lifetime (in months) was out of range.");
159 } else if (!strcmp(argv
[i
], "-r") || !strcmp(argv
[i
], "--reuse")) {
160 reuse_signing_key
= 1;
161 } else if (!strcmp(argv
[i
], "-v")) {
163 } else if (!strcmp(argv
[i
], "-a")) {
166 char b
[INET_NTOA_BUF_LEN
];
169 fprintf(stderr
, "No argument to -a\n");
172 if (parse_addr_port(LOG_ERR
, argv
[++i
], NULL
, &addr
, &port
)<0)
174 in
.s_addr
= htonl(addr
);
175 tor_inet_ntoa(&in
, b
, sizeof(b
));
176 address
= tor_malloc(INET_NTOA_BUF_LEN
+32);
177 tor_snprintf(address
, INET_NTOA_BUF_LEN
+32, "%s:%d", b
, (int)port
);
178 } else if (!strcmp(argv
[i
], "--create-identity-key")) {
180 } else if (!strcmp(argv
[i
], "--passphrase-fd")) {
182 fprintf(stderr
, "No argument to --passphrase-fd\n");
185 passphrase_fd
= atoi(argv
[++i
]);
187 fprintf(stderr
, "Unrecognized option %s\n", argv
[i
]);
192 memset(&s
, 0, sizeof(s
));
194 set_log_severity_config(LOG_DEBUG
, LOG_ERR
, &s
);
196 set_log_severity_config(LOG_WARN
, LOG_ERR
, &s
);
197 add_stream_log(&s
, "<stderr>", fileno(stderr
));
199 if (!identity_key_file
) {
200 identity_key_file
= tor_strdup("./authority_identity_key");
201 log_info(LD_GENERAL
, "No identity key file given; defaulting to %s",
204 if (!signing_key_file
) {
205 signing_key_file
= tor_strdup("./authority_signing_key");
206 log_info(LD_GENERAL
, "No signing key file given; defaulting to %s",
209 if (!certificate_file
) {
210 certificate_file
= tor_strdup("./authority_certificate");
211 log_info(LD_GENERAL
, "No signing key file given; defaulting to %s",
214 if (passphrase_fd
>= 0) {
215 if (load_passphrase()<0)
222 generate_key(int bits
)
225 crypto_pk_env_t
*env
= crypto_new_pk_env();
226 if (crypto_pk_generate_key_with_bits(env
,bits
)<0)
228 rsa
= _crypto_pk_env_get_rsa(env
);
229 rsa
= RSAPrivateKey_dup(rsa
);
231 crypto_free_pk_env(env
);
235 /** Try to read the identity key from <b>identity_key_file</b>. If no such
236 * file exists and create_identity_key is set, make a new identity key and
237 * store it. Return 0 on success, nonzero on failure.
240 load_identity_key(void)
242 file_status_t status
= file_status(identity_key_file
);
246 open_file_t
*open_file
= NULL
;
248 if (status
!= FN_NOENT
) {
249 log_err(LD_GENERAL
, "--create-identity-key was specified, but %s "
250 "already exists.", identity_key_file
);
253 log_notice(LD_GENERAL
, "Generating %d-bit RSA identity key.",
255 if (!(key
= generate_key(IDENTITY_KEY_BITS
))) {
256 log_err(LD_GENERAL
, "Couldn't generate identity key.");
257 crypto_log_errors(LOG_ERR
, "Generating identity key");
260 identity_key
= EVP_PKEY_new();
261 if (!(EVP_PKEY_assign_RSA(identity_key
, key
))) {
262 log_err(LD_GENERAL
, "Couldn't assign identity key.");
266 if (!(f
= start_writing_to_stdio_file(identity_key_file
,
267 OPEN_FLAGS_REPLACE
, 0400,
271 /* Write the key to the file. If passphrase is not set, takes it from
273 if (!PEM_write_PKCS8PrivateKey_nid(f
, identity_key
,
274 NID_pbe_WithSHA1And3_Key_TripleDES_CBC
,
275 passphrase
, (int)passphrase_len
,
277 log_err(LD_GENERAL
, "Couldn't write identity key to %s",
279 crypto_log_errors(LOG_ERR
, "Writing identity key");
280 abort_writing_to_file(open_file
);
283 finish_writing_to_file(open_file
);
285 if (status
!= FN_FILE
) {
287 "No identity key found in %s. To specify a location "
288 "for an identity key, use -i. To generate a new identity key, "
289 "use --create-identity-key.", identity_key_file
);
293 if (!(f
= fopen(identity_key_file
, "r"))) {
294 log_err(LD_GENERAL
, "Couldn't open %s for reading: %s",
295 identity_key_file
, strerror(errno
));
299 /* Read the key. If passphrase is not set, takes it from the terminal. */
300 identity_key
= PEM_read_PrivateKey(f
, NULL
, NULL
, passphrase
);
302 log_err(LD_GENERAL
, "Couldn't read identity key from %s",
311 /** Load a saved signing key from disk. Return 0 on success, nonzero on
314 load_signing_key(void)
317 if (!(f
= fopen(signing_key_file
, "r"))) {
318 log_err(LD_GENERAL
, "Couldn't open %s for reading: %s",
319 signing_key_file
, strerror(errno
));
322 if (!(signing_key
= PEM_read_PrivateKey(f
, NULL
, NULL
, NULL
))) {
323 log_err(LD_GENERAL
, "Couldn't read siging key from %s", signing_key_file
);
330 /** Generate a new signing key and write it to disk. Return 0 on success,
331 * nonzero on failure. */
333 generate_signing_key(void)
335 open_file_t
*open_file
;
338 log_notice(LD_GENERAL
, "Generating %d-bit RSA signing key.",
340 if (!(key
= generate_key(SIGNING_KEY_BITS
))) {
341 log_err(LD_GENERAL
, "Couldn't generate signing key.");
342 crypto_log_errors(LOG_ERR
, "Generating signing key");
345 signing_key
= EVP_PKEY_new();
346 if (!(EVP_PKEY_assign_RSA(signing_key
, key
))) {
347 log_err(LD_GENERAL
, "Couldn't assign signing key.");
351 if (!(f
= start_writing_to_stdio_file(signing_key_file
,
352 OPEN_FLAGS_REPLACE
, 0600,
356 /* Write signing key with no encryption. */
357 if (!PEM_write_RSAPrivateKey(f
, key
, NULL
, NULL
, 0, NULL
, NULL
)) {
358 crypto_log_errors(LOG_WARN
, "writing signing key");
359 abort_writing_to_file(open_file
);
363 finish_writing_to_file(open_file
);
368 /** Encode <b>key</b> in the format used in directory documents; return
369 * a newly allocated string holding the result or NULL on failure. */
371 key_to_string(EVP_PKEY
*key
)
375 RSA
*rsa
= EVP_PKEY_get1_RSA(key
);
380 b
= BIO_new(BIO_s_mem());
381 if (!PEM_write_bio_RSAPublicKey(b
, rsa
)) {
382 crypto_log_errors(LOG_WARN
, "writing public key to string");
386 BIO_get_mem_ptr(b
, &buf
);
387 (void) BIO_set_close(b
, BIO_NOCLOSE
);
389 result
= tor_malloc(buf
->length
+ 1);
390 memcpy(result
, buf
->data
, buf
->length
);
391 result
[buf
->length
] = 0;
397 /** Set <b>out</b> to the hex-encoded fingerprint of <b>pkey</b>. */
399 get_fingerprint(EVP_PKEY
*pkey
, char *out
)
402 crypto_pk_env_t
*pk
= _crypto_new_pk_env_rsa(EVP_PKEY_get1_RSA(pkey
));
404 r
= crypto_pk_get_fingerprint(pk
, out
, 0);
405 crypto_free_pk_env(pk
);
410 /** Set <b>out</b> to the hex-encoded fingerprint of <b>pkey</b>. */
412 get_digest(EVP_PKEY
*pkey
, char *out
)
415 crypto_pk_env_t
*pk
= _crypto_new_pk_env_rsa(EVP_PKEY_get1_RSA(pkey
));
417 r
= crypto_pk_get_digest(pk
, out
);
418 crypto_free_pk_env(pk
);
423 /** Generate a new certificate for our loaded or generated keys, and write it
424 * to disk. Return 0 on success, nonzero on failure. */
426 generate_certificate(void)
429 time_t now
= time(NULL
);
431 char published
[ISO_TIME_LEN
+1];
432 char expires
[ISO_TIME_LEN
+1];
433 char id_digest
[DIGEST_LEN
];
434 char fingerprint
[FINGERPRINT_LEN
+1];
435 char *ident
= key_to_string(identity_key
);
436 char *signing
= key_to_string(signing_key
);
439 char digest
[DIGEST_LEN
];
440 char signature
[1024]; /* handles up to 8192-bit keys. */
443 get_fingerprint(identity_key
, fingerprint
);
444 get_digest(identity_key
, id_digest
);
446 tor_localtime_r(&now
, &tm
);
447 tm
.tm_mon
+= months_lifetime
;
449 format_iso_time(published
, now
);
450 format_iso_time(expires
, mktime(&tm
));
452 tor_snprintf(buf
, sizeof(buf
),
453 "dir-key-certificate-version 3"
456 "dir-key-published %s\n"
457 "dir-key-expires %s\n"
458 "dir-identity-key\n%s"
459 "dir-signing-key\n%s"
460 "dir-key-crosscert\n"
461 "-----BEGIN ID SIGNATURE-----\n",
462 address
?"\ndir-address ":"", address
?address
:"",
463 fingerprint
, published
, expires
, ident
, signing
468 /* Append a cross-certification */
469 r
= RSA_private_encrypt(DIGEST_LEN
, (unsigned char*)id_digest
,
470 (unsigned char*)signature
,
471 EVP_PKEY_get1_RSA(signing_key
),
473 signed_len
= strlen(buf
);
474 base64_encode(buf
+signed_len
, sizeof(buf
)-signed_len
, signature
, r
);
477 "-----END ID SIGNATURE-----\n"
478 "dir-key-certification\n", sizeof(buf
));
480 signed_len
= strlen(buf
);
481 SHA1((const unsigned char*)buf
,signed_len
,(unsigned char*)digest
);
483 r
= RSA_private_encrypt(DIGEST_LEN
, (unsigned char*)digest
,
484 (unsigned char*)signature
,
485 EVP_PKEY_get1_RSA(identity_key
),
487 strlcat(buf
, "-----BEGIN SIGNATURE-----\n", sizeof(buf
));
488 signed_len
= strlen(buf
);
489 base64_encode(buf
+signed_len
, sizeof(buf
)-signed_len
, signature
, r
);
490 strlcat(buf
, "-----END SIGNATURE-----\n", sizeof(buf
));
492 if (!(f
= fopen(certificate_file
, "w"))) {
493 log_err(LD_GENERAL
, "Couldn't open %s for writing: %s",
494 certificate_file
, strerror(errno
));
503 /** Entry point to tor-gencert */
505 main(int argc
, char **argv
)
510 /* Don't bother using acceleration. */
511 if (crypto_global_init(0, NULL
, NULL
)) {
512 fprintf(stderr
, "Couldn't initialize crypto library.\n");
515 if (crypto_seed_rng(1)) {
516 fprintf(stderr
, "Couldn't seed RNG.\n");
519 /* Make sure that files are made private. */
522 if (parse_commandline(argc
, argv
))
524 if (load_identity_key())
526 if (reuse_signing_key
) {
527 if (load_signing_key())
530 if (generate_signing_key())
533 if (generate_certificate())
540 EVP_PKEY_free(identity_key
);
542 EVP_PKEY_free(signing_key
);
545 crypto_global_cleanup();