px5g: Add Elliptic curve support

This renames the gen_key() function into gen_rsa_key() to indicate that
this only generates an RSA key and removes the unused parameter pem.
Then a new function called gen_ec_key() is added.

The application can now be called with "-newkey ec:secp256r1" like it is
possible for OpenSSL to generate a new elliptic curve key.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index f0fe4dcfd39124bc83249cf32f9468652fedadb9..2b9ce1d5d88736d4d8e10c423665674bb75f66e4 100644 (file)
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -89,7 +89,7 @@ static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
        write_file(path, len, pem);
 }
 
-static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
+static void gen_rsa_key(mbedtls_pk_context *key, int ksize, int exp)
 {
        mbedtls_pk_init(key);
        fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
@@ -100,6 +100,24 @@ static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
        }
 }
 
+static void gen_ec_key(mbedtls_pk_context *key, const char *curve_name)
+{
+       const mbedtls_ecp_curve_info *curve_info;
+
+       mbedtls_pk_init(key);
+       fprintf(stderr, "Generating EC private key on curve %s\n", curve_name);
+       mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
+       curve_info = mbedtls_ecp_curve_info_from_name(curve_name);
+       if (!curve_info) {
+               fprintf(stderr, "unkown curve name \"%s\" given\n", curve_name);
+               exit(1);
+       }
+       if (mbedtls_ecp_gen_key(curve_info->grp_id, mbedtls_pk_ec(*key), _urandom, NULL)) {
+               fprintf(stderr, "error: key generation failed\n");
+               exit(1);
+       }
+}
+
 int rsakey(char **arg)
 {
        mbedtls_pk_context key;
@@ -123,7 +141,7 @@ int rsakey(char **arg)
        if (*arg)
                ksize = (unsigned int)atoi(*arg);
 
-       gen_key(&key, ksize, exp, pem);
+       gen_rsa_key(&key, ksize, exp);
        write_key(&key, path, pem);
 
        mbedtls_pk_free(&key);
@@ -146,17 +164,26 @@ int selfsigned(char **arg)
        time_t from = time(NULL), to;
        char fstr[20], tstr[20], sstr[17];
        int len;
+       bool rsa = false;
+       bool ec = false;
+       char *ec_curve = NULL;
 
        while (*arg && **arg == '-') {
                if (!strcmp(*arg, "-der")) {
                        pem = false;
                } else if (!strcmp(*arg, "-newkey") && arg[1]) {
-                       if (strncmp(arg[1], "rsa:", 4)) {
+                       if (!strncmp(arg[1], "rsa:", 4)) {
+                               rsa = true;
+                               ksize = (unsigned int)atoi(arg[1] + 4);
+                               arg++;
+                       } else if (!strncmp(arg[1], "ec:", 3)) {
+                               ec = true;
+                               ec_curve = arg[1] + 3;
+                               arg++;
+                       } else {
                                fprintf(stderr, "error: invalid algorithm");
                                return 1;
                        }
-                       ksize = (unsigned int)atoi(arg[1] + 4);
-                       arg++;
                } else if (!strcmp(*arg, "-days") && arg[1]) {
                        days = (unsigned int)atoi(arg[1]);
                        arg++;
@@ -197,7 +224,12 @@ int selfsigned(char **arg)
                arg++;
        }
 
-       gen_key(&key, ksize, exp, pem);
+       if (rsa)
+               gen_rsa_key(&key, ksize, exp);
+       else if (ec)
+               gen_ec_key(&key, ec_curve);
+       else
+               exit(1);
 
        if (keypath)
                write_key(&key, keypath, pem);