diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-09 10:41:58 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-09 10:42:35 +0200 |
| commit | 3021ebe1eccbfe805b6129c7775a608368d7021d (patch) | |
| tree | 724035b833cd43b1245fe2900f1348a5fb377ff8 | |
| parent | 950fced8febacb419d15bc2f84d02eefcb4f2046 (diff) | |
| download | gnutls-3021ebe1eccbfe805b6129c7775a608368d7021d.tar.gz | |
p11tool: --generate-xxx options were replaced by generate-privkey
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | src/certtool-common.c | 18 | ||||
| -rw-r--r-- | src/certtool-common.h | 2 | ||||
| -rw-r--r-- | src/certtool.c | 25 | ||||
| -rw-r--r-- | src/p11tool-args.def | 13 | ||||
| -rw-r--r-- | src/p11tool.c | 12 |
5 files changed, 47 insertions, 23 deletions
diff --git a/src/certtool-common.c b/src/certtool-common.c index 9fab3f54a6..413395926b 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -1538,3 +1538,21 @@ void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size) return; } + +gnutls_pk_algorithm_t figure_key_type(const char *key_type) +{ + if (strcasecmp(key_type, "rsa") == 0) + return GNUTLS_PK_RSA; + else if (strcasecmp(key_type, "rsa-pss") == 0) + return GNUTLS_PK_RSA_PSS; + else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0) + return GNUTLS_PK_EDDSA_ED25519; + else if (strcasecmp(key_type, "dsa") == 0) + return GNUTLS_PK_DSA; + else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0) + return GNUTLS_PK_ECDSA; + else { + fprintf(stderr, "unknown key type: %s\n", key_type); + return GNUTLS_PK_UNKNOWN; + } +} diff --git a/src/certtool-common.h b/src/certtool-common.h index 7c07f338b8..f1e9263288 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -172,4 +172,6 @@ void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size); #define GNUTLS_PK_IS_RSA(pk) ((pk) == GNUTLS_PK_RSA || (pk) == GNUTLS_PK_RSA_PSS) +gnutls_pk_algorithm_t figure_key_type(const char *key_type); + #endif diff --git a/src/certtool.c b/src/certtool.c index a57e324449..cba75dcdea 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1158,24 +1158,6 @@ void sign_params_to_flags(common_info_st *cinfo, const char *params) free(sp); } -static void figure_key_type(const char *key_type) -{ - if (strcasecmp(key_type, "rsa") == 0) - req_key_type = GNUTLS_PK_RSA; - else if (strcasecmp(key_type, "rsa-pss") == 0) - req_key_type = GNUTLS_PK_RSA_PSS; - else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0) - req_key_type = GNUTLS_PK_EDDSA_ED25519; - else if (strcasecmp(key_type, "dsa") == 0) - req_key_type = GNUTLS_PK_DSA; - else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0) - req_key_type = GNUTLS_PK_ECDSA; - else { - fprintf(stderr, "unknown key type: %s\n", key_type); - exit(1); - } -} - static void load_infile(const char *file) { struct stat st; @@ -1259,8 +1241,11 @@ static void cmd_parser(int argc, char **argv) req_key_type = GNUTLS_PK_ECDSA; } - if (HAVE_OPT(KEY_TYPE)) - figure_key_type(OPT_ARG(KEY_TYPE)); + if (HAVE_OPT(KEY_TYPE)) { + req_key_type = figure_key_type(OPT_ARG(KEY_TYPE)); + if (req_key_type == GNUTLS_PK_UNKNOWN) + app_exit(1); + } default_dig = GNUTLS_DIG_UNKNOWN; if (HAVE_OPT(HASH)) { diff --git a/src/p11tool-args.def b/src/p11tool-args.def index bd8b2e17fd..ded9f3e3e7 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -182,10 +182,19 @@ flag = { }; flag = { + name = generate-privkey; + arg-type = string; + descrip = "Generate private-public key pair of given type"; + doc = "Generates a private-public key pair in the specified token. +Acceptable types are RSA, ECDSA, and DSA. Should be combined with --sec-param or --bits."; +}; + +flag = { name = generate-rsa; descrip = "Generate an RSA private-public key pair"; doc = "Generates an RSA private-public key pair on the specified token. Should be combined with --sec-param or --bits."; + deprecated; }; flag = { @@ -193,6 +202,7 @@ flag = { descrip = "Generate a DSA private-public key pair"; doc = "Generates a DSA private-public key pair on the specified token. Should be combined with --sec-param or --bits."; + deprecated; }; flag = { @@ -200,6 +210,7 @@ flag = { descrip = "Generate an ECDSA private-public key pair"; doc = "Generates an ECDSA private-public key pair on the specified token. Should be combined with --curve, --sec-param or --bits."; + deprecated; }; flag = { @@ -523,7 +534,7 @@ and its corresponding private key. To generate an RSA private key inside the token use: @example -$ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" \ +$ p11tool --login --generate-privkey rsa --bits 1024 --label "MyNewKey" \ --outfile MyNewKey.pub "pkcs11:TOKEN-URL" @end example The bits parameter in the above example is explicitly set because some diff --git a/src/p11tool.c b/src/p11tool.c index 6b9718e374..a149756281 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -320,9 +320,17 @@ static void cmd_parser(int argc, char **argv) pkcs11_set_pin(outfile, url, &cinfo, 0); } else if (HAVE_OPT(INITIALIZE_SO_PIN)) { pkcs11_set_pin(outfile, url, &cinfo, 1); - } else if (HAVE_OPT(DELETE)) + } else if (HAVE_OPT(DELETE)) { pkcs11_delete(outfile, url, flags, &cinfo); - else if (HAVE_OPT(GENERATE_ECC)) { + } else if (HAVE_OPT(GENERATE_PRIVKEY)) { + key_type = figure_key_type(OPT_ARG(GENERATE_PRIVKEY)); + if (key_type == GNUTLS_PK_UNKNOWN) + app_exit(1); + pkcs11_generate(outfile, url, key_type, + get_bits(key_type, bits, sec_param, 0), + label, id, detailed_url, + flags, &cinfo); + } else if (HAVE_OPT(GENERATE_ECC)) { key_type = GNUTLS_PK_EC; pkcs11_generate(outfile, url, key_type, get_bits(key_type, bits, sec_param, 0), |