diff options
author | Adam Langley <alangley@gmail.com> | 2015-05-26 21:36:46 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-06-05 21:39:44 +0300 |
commit | 839b881c612c698d7331191beac7d565649f5351 (patch) | |
tree | 0ab948fffb1c878944ef828f0cb567691b7ccebd /tool/genrsa.cc | |
parent | af0e32cb84f0c9cc65b9233a3414d2562642b342 (diff) |
Multi-prime RSA support.
RSA with more than two primes is specified in
https://tools.ietf.org/html/rfc3447, although the idea goes back far
earier than that.
This change ports some of the changes in
http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest
to BoringSSL—specifically those bits that are under an OpenSSL license.
Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1
Reviewed-on: https://boringssl-review.googlesource.com/4870
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'tool/genrsa.cc')
-rw-r--r-- | tool/genrsa.cc | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/tool/genrsa.cc b/tool/genrsa.cc new file mode 100644 index 00000000..f5296cee --- /dev/null +++ b/tool/genrsa.cc @@ -0,0 +1,69 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include <openssl/rsa.h> + +#include "../crypto/test/scoped_types.h" +#include "internal.h" + + +static const struct argument kArguments[] = { + { + "-nprimes", kOptionalArgument, + "The number of primes to generate (default: 2)", + }, + { + "-bits", kOptionalArgument, + "The number of bits in the modulus (default: 2048)", + }, + { + "", kOptionalArgument, "", + }, +}; + +bool GenerateRSAKey(const std::vector<std::string> &args) { + std::map<std::string, std::string> args_map; + + if (!ParseKeyValueArguments(&args_map, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + unsigned bits, nprimes; + if (!GetUnsigned(&bits, "-bits", 2048, args_map) || + !GetUnsigned(&nprimes, "-nprimes", 2, args_map)) { + PrintUsage(kArguments); + return false; + } + + ScopedRSA rsa(RSA_new()); + ScopedBIGNUM e(BN_new()); + ScopedBIO bio(BIO_new_fp(stdout, BIO_NOCLOSE)); + + if (!BN_set_word(e.get(), RSA_F4) || + !RSA_generate_multi_prime_key(rsa.get(), bits, nprimes, e.get(), NULL) || + !PEM_write_bio_RSAPrivateKey(bio.get(), rsa.get(), NULL /* cipher */, + NULL /* key */, 0 /* key len */, + NULL /* password callback */, + NULL /* callback arg */)) { + ERR_print_errors_fp(stderr); + return false; + } + + return true; +} |