1 /* 2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <limits.h> 14 #include "apps.h" 15 #include "progs.h" 16 #include <openssl/bio.h> 17 #include <openssl/err.h> 18 #include <openssl/evp.h> 19 20 typedef enum OPTION_choice { 21 OPT_COMMON, 22 OPT_PROV_ENUM, 23 OPT_CIPHER, 24 OPT_SKEYOPT, 25 OPT_SKEYMGMT, 26 OPT_GENKEY 27 } OPTION_CHOICE; 28 29 const OPTIONS skeyutl_options[] = { 30 OPT_SECTION("General"), 31 { "help", OPT_HELP, '-', "Display this summary" }, 32 { "skeyopt", OPT_SKEYOPT, 's', "Key options as opt:value for opaque keys handling" }, 33 { "skeymgmt", OPT_SKEYMGMT, 's', "Symmetric key management name for opaque keys handling" }, 34 { "genkey", OPT_GENKEY, '-', "Generate an opaque symmetric key" }, 35 { "cipher", OPT_CIPHER, 's', "The cipher to generate key for" }, 36 OPT_PROV_OPTIONS, 37 { NULL } 38 }; 39 40 int skeyutl_main(int argc, char **argv) 41 { 42 EVP_CIPHER *cipher = NULL; 43 int ret = 1; 44 OPTION_CHOICE o; 45 int genkey = 0; 46 char *prog, *ciphername = NULL; 47 STACK_OF(OPENSSL_STRING) *skeyopts = NULL; 48 const char *skeymgmt = NULL; 49 EVP_SKEY *skey = NULL; 50 EVP_SKEYMGMT *mgmt = NULL; 51 52 prog = opt_init(argc, argv, skeyutl_options); 53 while ((o = opt_next()) != OPT_EOF) { 54 switch (o) { 55 case OPT_EOF: 56 case OPT_ERR: 57 opthelp: 58 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 59 goto end; 60 case OPT_HELP: 61 opt_help(skeyutl_options); 62 ret = 0; 63 goto end; 64 case OPT_GENKEY: 65 genkey = 1; 66 break; 67 case OPT_CIPHER: 68 ciphername = opt_arg(); 69 break; 70 case OPT_SKEYOPT: 71 if ((skeyopts == NULL && (skeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || sk_OPENSSL_STRING_push(skeyopts, opt_arg()) == 0) { 72 BIO_printf(bio_err, "%s: out of memory\n", prog); 73 goto end; 74 } 75 break; 76 case OPT_SKEYMGMT: 77 skeymgmt = opt_arg(); 78 break; 79 case OPT_PROV_CASES: 80 if (!opt_provider(o)) 81 goto end; 82 break; 83 } 84 } 85 86 /* Get the cipher name, either from progname (if set) or flag. */ 87 if (!opt_cipher_any(ciphername, &cipher)) 88 goto opthelp; 89 90 if (cipher == NULL && skeymgmt == NULL) { 91 BIO_printf(bio_err, "Either -skeymgmt -or -cipher option should be specified\n"); 92 goto end; 93 } 94 95 if (genkey) { 96 OSSL_PARAM *params = NULL; 97 98 mgmt = EVP_SKEYMGMT_fetch(app_get0_libctx(), 99 skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher), 100 app_get0_propq()); 101 if (mgmt == NULL) 102 goto end; 103 params = app_params_new_from_opts(skeyopts, 104 EVP_SKEYMGMT_get0_gen_settable_params(mgmt)); 105 106 skey = EVP_SKEY_generate(app_get0_libctx(), 107 skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher), 108 app_get0_propq(), params); 109 OSSL_PARAM_free(params); 110 if (skey == NULL) { 111 BIO_printf(bio_err, "Error creating opaque key for skeymgmt %s\n", 112 skeymgmt ? skeymgmt : EVP_CIPHER_name(cipher)); 113 ERR_print_errors(bio_err); 114 } else { 115 const char *key_name = EVP_SKEY_get0_key_id(skey); 116 117 BIO_printf(bio_out, "An opaque key identified by %s is created\n", 118 key_name ? key_name : "<unknown>"); 119 BIO_printf(bio_out, "Provider: %s\n", EVP_SKEY_get0_provider_name(skey)); 120 BIO_printf(bio_out, "Key management: %s\n", EVP_SKEY_get0_skeymgmt_name(skey)); 121 ret = 0; 122 } 123 goto end; 124 } else { 125 BIO_printf(bio_err, "Key generation is the only supported operation as of now\n"); 126 } 127 128 end: 129 ERR_print_errors(bio_err); 130 sk_OPENSSL_STRING_free(skeyopts); 131 EVP_SKEYMGMT_free(mgmt); 132 EVP_SKEY_free(skey); 133 EVP_CIPHER_free(cipher); 134 return ret; 135 } 136
Indexes created Mon Mar 02 05:31:46 UTC 2026