diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-22 20:09:08 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-22 20:09:08 +0200 |
commit | b295a423e6e046c98ebb2a5c28c429e579c23e05 (patch) | |
tree | e735a02883a3dcbb27612c5b7ed5d9e14c25f6c4 /src | |
parent | ebb56017fb7592748d7f36dc87c8d5163cb89aad (diff) | |
download | gnutls-b295a423e6e046c98ebb2a5c28c429e579c23e05.tar.gz |
updates to allow the generation of an ECC private key.
Diffstat (limited to 'src')
-rw-r--r-- | src/certtool-gaa.c | 151 | ||||
-rw-r--r-- | src/certtool-gaa.h | 26 | ||||
-rw-r--r-- | src/certtool.c | 8 | ||||
-rw-r--r-- | src/certtool.gaa | 5 |
4 files changed, 104 insertions, 86 deletions
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index a92a694742..5a6f6b256b 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -167,6 +167,7 @@ void gaa_help(void) __gaa_helpsingle(0, "to-p8", "", "Generate a PKCS #8 key structure."); __gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys."); __gaa_helpsingle(0, "dsa", "", "Use DSA keys."); + __gaa_helpsingle(0, "ecc", "", "Use ECC (ECDSA) keys."); __gaa_helpsingle(0, "hash", "STR ", "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512)."); __gaa_helpsingle(0, "export-ciphers", "", "Use weak encryption algorithms."); __gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys."); @@ -197,30 +198,32 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 142 "certtool.gaa" +#line 145 "certtool.gaa" int debug; -#line 139 "certtool.gaa" +#line 142 "certtool.gaa" char *pkcs_cipher; -#line 136 "certtool.gaa" +#line 139 "certtool.gaa" char *template; -#line 133 "certtool.gaa" +#line 136 "certtool.gaa" char *infile; -#line 130 "certtool.gaa" +#line 133 "certtool.gaa" char *outfile; -#line 127 "certtool.gaa" +#line 130 "certtool.gaa" int quick_random; -#line 124 "certtool.gaa" +#line 127 "certtool.gaa" char* sec_param; -#line 121 "certtool.gaa" +#line 124 "certtool.gaa" int bits; -#line 117 "certtool.gaa" +#line 120 "certtool.gaa" int outcert_format; -#line 113 "certtool.gaa" +#line 116 "certtool.gaa" int incert_format; -#line 110 "certtool.gaa" +#line 113 "certtool.gaa" int export; -#line 107 "certtool.gaa" +#line 110 "certtool.gaa" char *hash; +#line 107 "certtool.gaa" + int ecc; #line 104 "certtool.gaa" int dsa; #line 101 "certtool.gaa" @@ -303,7 +306,7 @@ static int gaa_error = 0; #define GAA_MULTIPLE_OPTION 3 #define GAA_REST 0 -#define GAA_NB_OPTION 54 +#define GAA_NB_OPTION 55 #define GAAOPTID_version 1 #define GAAOPTID_help 2 #define GAAOPTID_debug 3 @@ -320,44 +323,45 @@ static int gaa_error = 0; #define GAAOPTID_inder 14 #define GAAOPTID_export_ciphers 15 #define GAAOPTID_hash 16 -#define GAAOPTID_dsa 17 -#define GAAOPTID_pkcs8 18 -#define GAAOPTID_to_p8 19 -#define GAAOPTID_to_p12 20 -#define GAAOPTID_v1 21 -#define GAAOPTID_fix_key 22 -#define GAAOPTID_pubkey_info 23 -#define GAAOPTID_pgp_key_info 24 -#define GAAOPTID_key_info 25 -#define GAAOPTID_smime_to_p7 26 -#define GAAOPTID_p7_info 27 -#define GAAOPTID_p12_info 28 -#define GAAOPTID_no_crq_extensions 29 -#define GAAOPTID_crq_info 30 -#define GAAOPTID_crl_info 31 -#define GAAOPTID_pgp_ring_info 32 -#define GAAOPTID_pgp_certificate_info 33 -#define GAAOPTID_certificate_pubkey 34 -#define GAAOPTID_certificate_info 35 -#define GAAOPTID_password 36 -#define GAAOPTID_load_ca_certificate 37 -#define GAAOPTID_load_ca_privkey 38 -#define GAAOPTID_load_certificate 39 -#define GAAOPTID_load_request 40 -#define GAAOPTID_load_pubkey 41 -#define GAAOPTID_load_privkey 42 -#define GAAOPTID_get_dh_params 43 -#define GAAOPTID_generate_dh_params 44 -#define GAAOPTID_verify_crl 45 -#define GAAOPTID_verify 46 -#define GAAOPTID_verify_chain 47 -#define GAAOPTID_generate_request 48 -#define GAAOPTID_generate_privkey 49 -#define GAAOPTID_update_certificate 50 -#define GAAOPTID_generate_crl 51 -#define GAAOPTID_generate_proxy 52 -#define GAAOPTID_generate_certificate 53 -#define GAAOPTID_generate_self_signed 54 +#define GAAOPTID_ecc 17 +#define GAAOPTID_dsa 18 +#define GAAOPTID_pkcs8 19 +#define GAAOPTID_to_p8 20 +#define GAAOPTID_to_p12 21 +#define GAAOPTID_v1 22 +#define GAAOPTID_fix_key 23 +#define GAAOPTID_pubkey_info 24 +#define GAAOPTID_pgp_key_info 25 +#define GAAOPTID_key_info 26 +#define GAAOPTID_smime_to_p7 27 +#define GAAOPTID_p7_info 28 +#define GAAOPTID_p12_info 29 +#define GAAOPTID_no_crq_extensions 30 +#define GAAOPTID_crq_info 31 +#define GAAOPTID_crl_info 32 +#define GAAOPTID_pgp_ring_info 33 +#define GAAOPTID_pgp_certificate_info 34 +#define GAAOPTID_certificate_pubkey 35 +#define GAAOPTID_certificate_info 36 +#define GAAOPTID_password 37 +#define GAAOPTID_load_ca_certificate 38 +#define GAAOPTID_load_ca_privkey 39 +#define GAAOPTID_load_certificate 40 +#define GAAOPTID_load_request 41 +#define GAAOPTID_load_pubkey 42 +#define GAAOPTID_load_privkey 43 +#define GAAOPTID_get_dh_params 44 +#define GAAOPTID_generate_dh_params 45 +#define GAAOPTID_verify_crl 46 +#define GAAOPTID_verify 47 +#define GAAOPTID_verify_chain 48 +#define GAAOPTID_generate_request 49 +#define GAAOPTID_generate_privkey 50 +#define GAAOPTID_update_certificate 51 +#define GAAOPTID_generate_crl 52 +#define GAAOPTID_generate_proxy 53 +#define GAAOPTID_generate_certificate 54 +#define GAAOPTID_generate_self_signed 55 #line 168 "gaa.skel" @@ -688,6 +692,7 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECK1STR("", GAAOPTID_inraw); GAA_CHECK1STR("", GAAOPTID_inder); GAA_CHECK1STR("", GAAOPTID_export_ciphers); + GAA_CHECK1STR("", GAAOPTID_ecc); GAA_CHECK1STR("", GAAOPTID_dsa); GAA_CHECK1STR("8", GAAOPTID_pkcs8); GAA_CHECK1STR("", GAAOPTID_to_p8); @@ -739,6 +744,7 @@ static int gaa_get_option_num(char *str, int status) GAA_CHECKSTR("inder", GAAOPTID_inder); GAA_CHECKSTR("export-ciphers", GAAOPTID_export_ciphers); GAA_CHECKSTR("hash", GAAOPTID_hash); + GAA_CHECKSTR("ecc", GAAOPTID_ecc); GAA_CHECKSTR("dsa", GAAOPTID_dsa); GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8); GAA_CHECKSTR("to-p8", GAAOPTID_to_p8); @@ -826,14 +832,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) { case GAAOPTID_version: OK = 0; -#line 147 "certtool.gaa" +#line 150 "certtool.gaa" { certtool_version(); exit(0); ;}; return GAA_OK; break; case GAAOPTID_help: OK = 0; -#line 145 "certtool.gaa" +#line 148 "certtool.gaa" { gaa_help(); exit(0); ;}; return GAA_OK; @@ -843,7 +849,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1); gaa_index++; -#line 143 "certtool.gaa" +#line 146 "certtool.gaa" { gaaval->debug = GAATMP_debug.arg1 ;}; return GAA_OK; @@ -853,7 +859,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr, GAATMP_pkcs_cipher.size1); gaa_index++; -#line 140 "certtool.gaa" +#line 143 "certtool.gaa" { gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;}; return GAA_OK; @@ -863,7 +869,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1); gaa_index++; -#line 137 "certtool.gaa" +#line 140 "certtool.gaa" { gaaval->template = GAATMP_template.arg1 ;}; return GAA_OK; @@ -873,7 +879,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1); gaa_index++; -#line 134 "certtool.gaa" +#line 137 "certtool.gaa" { gaaval->infile = GAATMP_infile.arg1 ;}; return GAA_OK; @@ -883,14 +889,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1); gaa_index++; -#line 131 "certtool.gaa" +#line 134 "certtool.gaa" { gaaval->outfile = GAATMP_outfile.arg1 ;}; return GAA_OK; break; case GAAOPTID_disable_quick_random: OK = 0; -#line 128 "certtool.gaa" +#line 131 "certtool.gaa" { gaaval->quick_random = 0; ;}; return GAA_OK; @@ -900,7 +906,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr, GAATMP_sec_param.size1); gaa_index++; -#line 125 "certtool.gaa" +#line 128 "certtool.gaa" { gaaval->sec_param = GAATMP_sec_param.arg1 ;}; return GAA_OK; @@ -910,42 +916,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1); gaa_index++; -#line 122 "certtool.gaa" +#line 125 "certtool.gaa" { gaaval->bits = GAATMP_bits.arg1 ;}; return GAA_OK; break; case GAAOPTID_outraw: OK = 0; -#line 119 "certtool.gaa" +#line 122 "certtool.gaa" { gaaval->outcert_format=1 ;}; return GAA_OK; break; case GAAOPTID_outder: OK = 0; -#line 118 "certtool.gaa" +#line 121 "certtool.gaa" { gaaval->outcert_format=1 ;}; return GAA_OK; break; case GAAOPTID_inraw: OK = 0; -#line 115 "certtool.gaa" +#line 118 "certtool.gaa" { gaaval->incert_format=1 ;}; return GAA_OK; break; case GAAOPTID_inder: OK = 0; -#line 114 "certtool.gaa" +#line 117 "certtool.gaa" { gaaval->incert_format=1 ;}; return GAA_OK; break; case GAAOPTID_export_ciphers: OK = 0; -#line 111 "certtool.gaa" +#line 114 "certtool.gaa" { gaaval->export=1 ;}; return GAA_OK; @@ -955,11 +961,18 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list) GAA_TESTMOREARGS; GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1); gaa_index++; -#line 108 "certtool.gaa" +#line 111 "certtool.gaa" { gaaval->hash = GAATMP_hash.arg1 ;}; return GAA_OK; break; + case GAAOPTID_ecc: + OK = 0; +#line 108 "certtool.gaa" +{ gaaval->ecc=1 ;}; + + return GAA_OK; + break; case GAAOPTID_dsa: OK = 0; #line 105 "certtool.gaa" @@ -1271,12 +1284,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval) if(inited == 0) { -#line 149 "certtool.gaa" +#line 152 "certtool.gaa" { gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0; gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; - gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; ;}; + gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->ecc=0; ;}; } inited = 1; diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h index 238d2331f1..f661e3692f 100644 --- a/src/certtool-gaa.h +++ b/src/certtool-gaa.h @@ -8,30 +8,32 @@ typedef struct _gaainfo gaainfo; struct _gaainfo { -#line 142 "certtool.gaa" +#line 145 "certtool.gaa" int debug; -#line 139 "certtool.gaa" +#line 142 "certtool.gaa" char *pkcs_cipher; -#line 136 "certtool.gaa" +#line 139 "certtool.gaa" char *template; -#line 133 "certtool.gaa" +#line 136 "certtool.gaa" char *infile; -#line 130 "certtool.gaa" +#line 133 "certtool.gaa" char *outfile; -#line 127 "certtool.gaa" +#line 130 "certtool.gaa" int quick_random; -#line 124 "certtool.gaa" +#line 127 "certtool.gaa" char* sec_param; -#line 121 "certtool.gaa" +#line 124 "certtool.gaa" int bits; -#line 117 "certtool.gaa" +#line 120 "certtool.gaa" int outcert_format; -#line 113 "certtool.gaa" +#line 116 "certtool.gaa" int incert_format; -#line 110 "certtool.gaa" +#line 113 "certtool.gaa" int export; -#line 107 "certtool.gaa" +#line 110 "certtool.gaa" char *hash; +#line 107 "certtool.gaa" + int ecc; #line 104 "certtool.gaa" int dsa; #line 101 "certtool.gaa" diff --git a/src/certtool.c b/src/certtool.c index 17443cfb83..d8b3b759dc 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -255,9 +255,9 @@ generate_private_key_int (void) int ret, key_type, bits; if (info.dsa) - { - key_type = GNUTLS_PK_DSA; - } + key_type = GNUTLS_PK_DSA; + else if (info.ecc) + key_type = GNUTLS_PK_ECC; else key_type = GNUTLS_PK_RSA; @@ -279,7 +279,7 @@ generate_private_key_int (void) fprintf (stderr, "Note that DSA keys with size over 1024 can only be used with TLS 1.2 or later.\n\n"); - ret = gnutls_x509_privkey_generate (key, key_type,bits, 0); + ret = gnutls_x509_privkey_generate (key, key_type, bits, 0); if (ret < 0) error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret)); diff --git a/src/certtool.gaa b/src/certtool.gaa index 13141a4f62..f51fc9b490 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -104,6 +104,9 @@ option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys." #int dsa; option (dsa) { $dsa=1 } "Use DSA keys." +#int ecc; +option (ecc) { $ecc=1 } "Use ECC (ECDSA) keys." + #char *hash; option (hash) STR "STR" { $hash = $1 } "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512)." @@ -150,4 +153,4 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; - $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; } + $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $ecc=0; } |