From 16c112db0075ba6cbb3f4aa2f792f6abc8d72a8b Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sat, 2 Jun 2018 22:26:35 +0200
Subject: [PATCH] px5g: Add Elliptic curve support

This renames the gen_key() function into gen_rsa_key() to indicate that
this only generates an RSA key and removes the unused parameter pem.
Then a new function called gen_ec_key() is added.

The application can now be called with "-newkey ec:secp256r1" like it is
possible for OpenSSL to generate a new elliptic curve key.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 package/utils/px5g/px5g.c | 44 +++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index f0fe4dcfd3..2b9ce1d5d8 100644
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -89,7 +89,7 @@ static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
 	write_file(path, len, pem);
 }
 
-static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
+static void gen_rsa_key(mbedtls_pk_context *key, int ksize, int exp)
 {
 	mbedtls_pk_init(key);
 	fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
@@ -100,6 +100,24 @@ static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
 	}
 }
 
+static void gen_ec_key(mbedtls_pk_context *key, const char *curve_name)
+{
+	const mbedtls_ecp_curve_info *curve_info;
+
+	mbedtls_pk_init(key);
+	fprintf(stderr, "Generating EC private key on curve %s\n", curve_name);
+	mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
+	curve_info = mbedtls_ecp_curve_info_from_name(curve_name);
+	if (!curve_info) {
+		fprintf(stderr, "unkown curve name \"%s\" given\n", curve_name);
+		exit(1);
+	}
+	if (mbedtls_ecp_gen_key(curve_info->grp_id, mbedtls_pk_ec(*key), _urandom, NULL)) {
+		fprintf(stderr, "error: key generation failed\n");
+		exit(1);
+	}
+}
+
 int rsakey(char **arg)
 {
 	mbedtls_pk_context key;
@@ -123,7 +141,7 @@ int rsakey(char **arg)
 	if (*arg)
 		ksize = (unsigned int)atoi(*arg);
 
-	gen_key(&key, ksize, exp, pem);
+	gen_rsa_key(&key, ksize, exp);
 	write_key(&key, path, pem);
 
 	mbedtls_pk_free(&key);
@@ -146,17 +164,26 @@ int selfsigned(char **arg)
 	time_t from = time(NULL), to;
 	char fstr[20], tstr[20], sstr[17];
 	int len;
+	bool rsa = false;
+	bool ec = false;
+	char *ec_curve = NULL;
 
 	while (*arg && **arg == '-') {
 		if (!strcmp(*arg, "-der")) {
 			pem = false;
 		} else if (!strcmp(*arg, "-newkey") && arg[1]) {
-			if (strncmp(arg[1], "rsa:", 4)) {
+			if (!strncmp(arg[1], "rsa:", 4)) {
+				rsa = true;
+				ksize = (unsigned int)atoi(arg[1] + 4);
+				arg++;
+			} else if (!strncmp(arg[1], "ec:", 3)) {
+				ec = true;
+				ec_curve = arg[1] + 3;
+				arg++;
+			} else {
 				fprintf(stderr, "error: invalid algorithm");
 				return 1;
 			}
-			ksize = (unsigned int)atoi(arg[1] + 4);
-			arg++;
 		} else if (!strcmp(*arg, "-days") && arg[1]) {
 			days = (unsigned int)atoi(arg[1]);
 			arg++;
@@ -197,7 +224,12 @@ int selfsigned(char **arg)
 		arg++;
 	}
 
-	gen_key(&key, ksize, exp, pem);
+	if (rsa)
+		gen_rsa_key(&key, ksize, exp);
+	else if (ec)
+		gen_ec_key(&key, ec_curve);
+	else
+		exit(1);
 
 	if (keypath)
 		write_key(&key, keypath, pem);
-- 
2.30.2