1 /*
2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <limits.h>
14 #include "apps.h"
15 #include "progs.h"
16 #include <openssl/bio.h>
17 #include <openssl/err.h>
18 #include <openssl/evp.h>
19
20 typedef enum OPTION_choice {
21 OPT_COMMON,
22 OPT_PROV_ENUM,
23 OPT_CIPHER,
24 OPT_SKEYOPT, OPT_SKEYMGMT, OPT_GENKEY
25 } OPTION_CHOICE;
26
27 const OPTIONS skeyutl_options[] = {
28 OPT_SECTION("General"),
29 {"help", OPT_HELP, '-', "Display this summary"},
30 {"skeyopt", OPT_SKEYOPT, 's', "Key options as opt:value for opaque keys handling"},
31 {"skeymgmt", OPT_SKEYMGMT, 's', "Symmetric key management name for opaque keys handling"},
32 {"genkey", OPT_GENKEY, '-', "Generate an opaque symmetric key"},
33 {"cipher", OPT_CIPHER, 's', "The cipher to generate key for"},
34 OPT_PROV_OPTIONS,
35 {NULL}
36 };
37
skeyutl_main(int argc,char ** argv)38 int skeyutl_main(int argc, char **argv)
39 {
40 EVP_CIPHER *cipher = NULL;
41 int ret = 1;
42 OPTION_CHOICE o;
43 int genkey = 0;
44 char *prog, *ciphername = NULL;
45 STACK_OF(OPENSSL_STRING) *skeyopts = NULL;
46 const char *skeymgmt = NULL;
47 EVP_SKEY *skey = NULL;
48 EVP_SKEYMGMT *mgmt = NULL;
49
50 prog = opt_init(argc, argv, skeyutl_options);
51 while ((o = opt_next()) != OPT_EOF) {
52 switch (o) {
53 case OPT_EOF:
54 case OPT_ERR:
55 opthelp:
56 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
57 goto end;
58 case OPT_HELP:
59 opt_help(skeyutl_options);
60 ret = 0;
61 goto end;
62 case OPT_GENKEY:
63 genkey = 1;
64 break;
65 case OPT_CIPHER:
66 ciphername = opt_arg();
67 break;
68 case OPT_SKEYOPT:
69 if ((skeyopts == NULL &&
70 (skeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
71 sk_OPENSSL_STRING_push(skeyopts, opt_arg()) == 0) {
72 BIO_printf(bio_err, "%s: out of memory\n", prog);
73 goto end;
74 }
75 break;
76 case OPT_SKEYMGMT:
77 skeymgmt = opt_arg();
78 break;
79 case OPT_PROV_CASES:
80 if (!opt_provider(o))
81 goto end;
82 break;
83 }
84 }
85
86 /* Get the cipher name, either from progname (if set) or flag. */
87 if (!opt_cipher_any(ciphername, &cipher))
88 goto opthelp;
89
90 if (cipher == NULL && skeymgmt == NULL) {
91 BIO_printf(bio_err, "Either -skeymgmt -or -cipher option should be specified\n");
92 goto end;
93 }
94
95 if (genkey) {
96 OSSL_PARAM *params = NULL;
97
98 mgmt = EVP_SKEYMGMT_fetch(app_get0_libctx(),
99 skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher),
100 app_get0_propq());
101 if (mgmt == NULL)
102 goto end;
103 params = app_params_new_from_opts(skeyopts,
104 EVP_SKEYMGMT_get0_gen_settable_params(mgmt));
105
106 skey = EVP_SKEY_generate(app_get0_libctx(),
107 skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher),
108 app_get0_propq(), params);
109 OSSL_PARAM_free(params);
110 if (skey == NULL) {
111 BIO_printf(bio_err, "Error creating opaque key for skeymgmt %s\n",
112 skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher));
113 ERR_print_errors(bio_err);
114 } else {
115 const char *key_name = EVP_SKEY_get0_key_id(skey);
116
117 BIO_printf(bio_out, "An opaque key identified by %s is created\n",
118 key_name ? key_name : "<unknown>");
119 BIO_printf(bio_out, "Provider: %s\n", EVP_SKEY_get0_provider_name(skey));
120 BIO_printf(bio_out, "Key management: %s\n", EVP_SKEY_get0_skeymgmt_name(skey));
121 ret = 0;
122 }
123 goto end;
124 } else {
125 BIO_printf(bio_err, "Key generation is the only supported operation as of now\n");
126 }
127
128 end:
129 ERR_print_errors(bio_err);
130 sk_OPENSSL_STRING_free(skeyopts);
131 EVP_SKEYMGMT_free(mgmt);
132 EVP_SKEY_free(skey);
133 EVP_CIPHER_free(cipher);
134 return ret;
135 }
136