1*e7be843bSPierre Pronchery /*
2*e7be843bSPierre Pronchery * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3*e7be843bSPierre Pronchery *
4*e7be843bSPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5*e7be843bSPierre Pronchery * this file except in compliance with the License. You can obtain a copy
6*e7be843bSPierre Pronchery * in the file LICENSE in the source distribution or at
7*e7be843bSPierre Pronchery * https://www.openssl.org/source/license.html
8*e7be843bSPierre Pronchery */
9*e7be843bSPierre Pronchery
10*e7be843bSPierre Pronchery #include <stdio.h>
11*e7be843bSPierre Pronchery #include <stdlib.h>
12*e7be843bSPierre Pronchery #include <string.h>
13*e7be843bSPierre Pronchery #include <limits.h>
14*e7be843bSPierre Pronchery #include "apps.h"
15*e7be843bSPierre Pronchery #include "progs.h"
16*e7be843bSPierre Pronchery #include <openssl/bio.h>
17*e7be843bSPierre Pronchery #include <openssl/err.h>
18*e7be843bSPierre Pronchery #include <openssl/evp.h>
19*e7be843bSPierre Pronchery
20*e7be843bSPierre Pronchery typedef enum OPTION_choice {
21*e7be843bSPierre Pronchery OPT_COMMON,
22*e7be843bSPierre Pronchery OPT_PROV_ENUM,
23*e7be843bSPierre Pronchery OPT_CIPHER,
24*e7be843bSPierre Pronchery OPT_SKEYOPT, OPT_SKEYMGMT, OPT_GENKEY
25*e7be843bSPierre Pronchery } OPTION_CHOICE;
26*e7be843bSPierre Pronchery
27*e7be843bSPierre Pronchery const OPTIONS skeyutl_options[] = {
28*e7be843bSPierre Pronchery OPT_SECTION("General"),
29*e7be843bSPierre Pronchery {"help", OPT_HELP, '-', "Display this summary"},
30*e7be843bSPierre Pronchery {"skeyopt", OPT_SKEYOPT, 's', "Key options as opt:value for opaque keys handling"},
31*e7be843bSPierre Pronchery {"skeymgmt", OPT_SKEYMGMT, 's', "Symmetric key management name for opaque keys handling"},
32*e7be843bSPierre Pronchery {"genkey", OPT_GENKEY, '-', "Generate an opaque symmetric key"},
33*e7be843bSPierre Pronchery {"cipher", OPT_CIPHER, 's', "The cipher to generate key for"},
34*e7be843bSPierre Pronchery OPT_PROV_OPTIONS,
35*e7be843bSPierre Pronchery {NULL}
36*e7be843bSPierre Pronchery };
37*e7be843bSPierre Pronchery
skeyutl_main(int argc,char ** argv)38*e7be843bSPierre Pronchery int skeyutl_main(int argc, char **argv)
39*e7be843bSPierre Pronchery {
40*e7be843bSPierre Pronchery EVP_CIPHER *cipher = NULL;
41*e7be843bSPierre Pronchery int ret = 1;
42*e7be843bSPierre Pronchery OPTION_CHOICE o;
43*e7be843bSPierre Pronchery int genkey = 0;
44*e7be843bSPierre Pronchery char *prog, *ciphername = NULL;
45*e7be843bSPierre Pronchery STACK_OF(OPENSSL_STRING) *skeyopts = NULL;
46*e7be843bSPierre Pronchery const char *skeymgmt = NULL;
47*e7be843bSPierre Pronchery EVP_SKEY *skey = NULL;
48*e7be843bSPierre Pronchery EVP_SKEYMGMT *mgmt = NULL;
49*e7be843bSPierre Pronchery
50*e7be843bSPierre Pronchery prog = opt_init(argc, argv, skeyutl_options);
51*e7be843bSPierre Pronchery while ((o = opt_next()) != OPT_EOF) {
52*e7be843bSPierre Pronchery switch (o) {
53*e7be843bSPierre Pronchery case OPT_EOF:
54*e7be843bSPierre Pronchery case OPT_ERR:
55*e7be843bSPierre Pronchery opthelp:
56*e7be843bSPierre Pronchery BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
57*e7be843bSPierre Pronchery goto end;
58*e7be843bSPierre Pronchery case OPT_HELP:
59*e7be843bSPierre Pronchery opt_help(skeyutl_options);
60*e7be843bSPierre Pronchery ret = 0;
61*e7be843bSPierre Pronchery goto end;
62*e7be843bSPierre Pronchery case OPT_GENKEY:
63*e7be843bSPierre Pronchery genkey = 1;
64*e7be843bSPierre Pronchery break;
65*e7be843bSPierre Pronchery case OPT_CIPHER:
66*e7be843bSPierre Pronchery ciphername = opt_arg();
67*e7be843bSPierre Pronchery break;
68*e7be843bSPierre Pronchery case OPT_SKEYOPT:
69*e7be843bSPierre Pronchery if ((skeyopts == NULL &&
70*e7be843bSPierre Pronchery (skeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
71*e7be843bSPierre Pronchery sk_OPENSSL_STRING_push(skeyopts, opt_arg()) == 0) {
72*e7be843bSPierre Pronchery BIO_printf(bio_err, "%s: out of memory\n", prog);
73*e7be843bSPierre Pronchery goto end;
74*e7be843bSPierre Pronchery }
75*e7be843bSPierre Pronchery break;
76*e7be843bSPierre Pronchery case OPT_SKEYMGMT:
77*e7be843bSPierre Pronchery skeymgmt = opt_arg();
78*e7be843bSPierre Pronchery break;
79*e7be843bSPierre Pronchery case OPT_PROV_CASES:
80*e7be843bSPierre Pronchery if (!opt_provider(o))
81*e7be843bSPierre Pronchery goto end;
82*e7be843bSPierre Pronchery break;
83*e7be843bSPierre Pronchery }
84*e7be843bSPierre Pronchery }
85*e7be843bSPierre Pronchery
86*e7be843bSPierre Pronchery /* Get the cipher name, either from progname (if set) or flag. */
87*e7be843bSPierre Pronchery if (!opt_cipher_any(ciphername, &cipher))
88*e7be843bSPierre Pronchery goto opthelp;
89*e7be843bSPierre Pronchery
90*e7be843bSPierre Pronchery if (cipher == NULL && skeymgmt == NULL) {
91*e7be843bSPierre Pronchery BIO_printf(bio_err, "Either -skeymgmt -or -cipher option should be specified\n");
92*e7be843bSPierre Pronchery goto end;
93*e7be843bSPierre Pronchery }
94*e7be843bSPierre Pronchery
95*e7be843bSPierre Pronchery if (genkey) {
96*e7be843bSPierre Pronchery OSSL_PARAM *params = NULL;
97*e7be843bSPierre Pronchery
98*e7be843bSPierre Pronchery mgmt = EVP_SKEYMGMT_fetch(app_get0_libctx(),
99*e7be843bSPierre Pronchery skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher),
100*e7be843bSPierre Pronchery app_get0_propq());
101*e7be843bSPierre Pronchery if (mgmt == NULL)
102*e7be843bSPierre Pronchery goto end;
103*e7be843bSPierre Pronchery params = app_params_new_from_opts(skeyopts,
104*e7be843bSPierre Pronchery EVP_SKEYMGMT_get0_gen_settable_params(mgmt));
105*e7be843bSPierre Pronchery
106*e7be843bSPierre Pronchery skey = EVP_SKEY_generate(app_get0_libctx(),
107*e7be843bSPierre Pronchery skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher),
108*e7be843bSPierre Pronchery app_get0_propq(), params);
109*e7be843bSPierre Pronchery OSSL_PARAM_free(params);
110*e7be843bSPierre Pronchery if (skey == NULL) {
111*e7be843bSPierre Pronchery BIO_printf(bio_err, "Error creating opaque key for skeymgmt %s\n",
112*e7be843bSPierre Pronchery skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher));
113*e7be843bSPierre Pronchery ERR_print_errors(bio_err);
114*e7be843bSPierre Pronchery } else {
115*e7be843bSPierre Pronchery const char *key_name = EVP_SKEY_get0_key_id(skey);
116*e7be843bSPierre Pronchery
117*e7be843bSPierre Pronchery BIO_printf(bio_out, "An opaque key identified by %s is created\n",
118*e7be843bSPierre Pronchery key_name ? key_name : "<unknown>");
119*e7be843bSPierre Pronchery BIO_printf(bio_out, "Provider: %s\n", EVP_SKEY_get0_provider_name(skey));
120*e7be843bSPierre Pronchery BIO_printf(bio_out, "Key management: %s\n", EVP_SKEY_get0_skeymgmt_name(skey));
121*e7be843bSPierre Pronchery ret = 0;
122*e7be843bSPierre Pronchery }
123*e7be843bSPierre Pronchery goto end;
124*e7be843bSPierre Pronchery } else {
125*e7be843bSPierre Pronchery BIO_printf(bio_err, "Key generation is the only supported operation as of now\n");
126*e7be843bSPierre Pronchery }
127*e7be843bSPierre Pronchery
128*e7be843bSPierre Pronchery end:
129*e7be843bSPierre Pronchery ERR_print_errors(bio_err);
130*e7be843bSPierre Pronchery sk_OPENSSL_STRING_free(skeyopts);
131*e7be843bSPierre Pronchery EVP_SKEYMGMT_free(mgmt);
132*e7be843bSPierre Pronchery EVP_SKEY_free(skey);
133*e7be843bSPierre Pronchery EVP_CIPHER_free(cipher);
134*e7be843bSPierre Pronchery return ret;
135*e7be843bSPierre Pronchery }
136