From 3021ebe1eccbfe805b6129c7775a608368d7021d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 9 Aug 2017 10:41:58 +0200 Subject: p11tool: --generate-xxx options were replaced by generate-privkey Signed-off-by: Nikos Mavrogiannopoulos --- src/certtool-common.c | 18 ++++++++++++++++++ src/certtool-common.h | 2 ++ src/certtool.c | 25 +++++-------------------- src/p11tool-args.def | 13 ++++++++++++- src/p11tool.c | 12 ++++++++++-- 5 files changed, 47 insertions(+), 23 deletions(-) diff --git a/src/certtool-common.c b/src/certtool-common.c index 9fab3f54a6..413395926b 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -1538,3 +1538,21 @@ void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size) return; } + +gnutls_pk_algorithm_t figure_key_type(const char *key_type) +{ + if (strcasecmp(key_type, "rsa") == 0) + return GNUTLS_PK_RSA; + else if (strcasecmp(key_type, "rsa-pss") == 0) + return GNUTLS_PK_RSA_PSS; + else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0) + return GNUTLS_PK_EDDSA_ED25519; + else if (strcasecmp(key_type, "dsa") == 0) + return GNUTLS_PK_DSA; + else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0) + return GNUTLS_PK_ECDSA; + else { + fprintf(stderr, "unknown key type: %s\n", key_type); + return GNUTLS_PK_UNKNOWN; + } +} diff --git a/src/certtool-common.h b/src/certtool-common.h index 7c07f338b8..f1e9263288 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -172,4 +172,6 @@ void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size); #define GNUTLS_PK_IS_RSA(pk) ((pk) == GNUTLS_PK_RSA || (pk) == GNUTLS_PK_RSA_PSS) +gnutls_pk_algorithm_t figure_key_type(const char *key_type); + #endif diff --git a/src/certtool.c b/src/certtool.c index a57e324449..cba75dcdea 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1158,24 +1158,6 @@ void sign_params_to_flags(common_info_st *cinfo, const char *params) free(sp); } -static void figure_key_type(const char *key_type) -{ - if (strcasecmp(key_type, "rsa") == 0) - req_key_type = GNUTLS_PK_RSA; - else if (strcasecmp(key_type, "rsa-pss") == 0) - req_key_type = GNUTLS_PK_RSA_PSS; - else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0) - req_key_type = GNUTLS_PK_EDDSA_ED25519; - else if (strcasecmp(key_type, "dsa") == 0) - req_key_type = GNUTLS_PK_DSA; - else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0) - req_key_type = GNUTLS_PK_ECDSA; - else { - fprintf(stderr, "unknown key type: %s\n", key_type); - exit(1); - } -} - static void load_infile(const char *file) { struct stat st; @@ -1259,8 +1241,11 @@ static void cmd_parser(int argc, char **argv) req_key_type = GNUTLS_PK_ECDSA; } - if (HAVE_OPT(KEY_TYPE)) - figure_key_type(OPT_ARG(KEY_TYPE)); + if (HAVE_OPT(KEY_TYPE)) { + req_key_type = figure_key_type(OPT_ARG(KEY_TYPE)); + if (req_key_type == GNUTLS_PK_UNKNOWN) + app_exit(1); + } default_dig = GNUTLS_DIG_UNKNOWN; if (HAVE_OPT(HASH)) { diff --git a/src/p11tool-args.def b/src/p11tool-args.def index bd8b2e17fd..ded9f3e3e7 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -181,11 +181,20 @@ flag = { descrip = "Key generation"; }; +flag = { + name = generate-privkey; + arg-type = string; + descrip = "Generate private-public key pair of given type"; + doc = "Generates a private-public key pair in the specified token. +Acceptable types are RSA, ECDSA, and DSA. Should be combined with --sec-param or --bits."; +}; + flag = { name = generate-rsa; descrip = "Generate an RSA private-public key pair"; doc = "Generates an RSA private-public key pair on the specified token. Should be combined with --sec-param or --bits."; + deprecated; }; flag = { @@ -193,6 +202,7 @@ flag = { descrip = "Generate a DSA private-public key pair"; doc = "Generates a DSA private-public key pair on the specified token. Should be combined with --sec-param or --bits."; + deprecated; }; flag = { @@ -200,6 +210,7 @@ flag = { descrip = "Generate an ECDSA private-public key pair"; doc = "Generates an ECDSA private-public key pair on the specified token. Should be combined with --curve, --sec-param or --bits."; + deprecated; }; flag = { @@ -523,7 +534,7 @@ and its corresponding private key. To generate an RSA private key inside the token use: @example -$ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" \ +$ p11tool --login --generate-privkey rsa --bits 1024 --label "MyNewKey" \ --outfile MyNewKey.pub "pkcs11:TOKEN-URL" @end example The bits parameter in the above example is explicitly set because some diff --git a/src/p11tool.c b/src/p11tool.c index 6b9718e374..a149756281 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -320,9 +320,17 @@ static void cmd_parser(int argc, char **argv) pkcs11_set_pin(outfile, url, &cinfo, 0); } else if (HAVE_OPT(INITIALIZE_SO_PIN)) { pkcs11_set_pin(outfile, url, &cinfo, 1); - } else if (HAVE_OPT(DELETE)) + } else if (HAVE_OPT(DELETE)) { pkcs11_delete(outfile, url, flags, &cinfo); - else if (HAVE_OPT(GENERATE_ECC)) { + } else if (HAVE_OPT(GENERATE_PRIVKEY)) { + key_type = figure_key_type(OPT_ARG(GENERATE_PRIVKEY)); + if (key_type == GNUTLS_PK_UNKNOWN) + app_exit(1); + pkcs11_generate(outfile, url, key_type, + get_bits(key_type, bits, sec_param, 0), + label, id, detailed_url, + flags, &cinfo); + } else if (HAVE_OPT(GENERATE_ECC)) { key_type = GNUTLS_PK_EC; pkcs11_generate(outfile, url, key_type, get_bits(key_type, bits, sec_param, 0), -- cgit v1.2.1