certtool: add x448 and x25519 for --key-type

This is a simple extension of the certtool command-line interface.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

2 files changed, 5 insertions, 1 deletions

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 5eef8e7110..61dcb712a5 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -200,7 +200,7 @@ flag = {
     arg-type  = string;
     descrip   = "Specify the key type to use on key generation";
     doc = "This option can be combined with --generate-privkey, to specify
-the key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'dsa', 'ecdsa', 'ed25519, and 'ed448'.'.
+the key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'dsa', 'ecdsa', 'ed25519, 'ed448', 'x25519', and 'x448'.'.
 When combined with certificate generation it can be used to specify an
 RSA-PSS certificate when an RSA key is given.";
 };
diff --git a/src/certtool-common.c b/src/certtool-common.c
index dba89df9a0..3fd63ab7aa 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -1647,6 +1647,10 @@ gnutls_pk_algorithm_t figure_key_type(const char *key_type)
 		return GNUTLS_PK_EDDSA_ED25519;
 	else if (strcasecmp(key_type, "ed448") == 0)
 		return GNUTLS_PK_EDDSA_ED448;
+	else if (strcasecmp(key_type, "x25519") == 0)
+		return GNUTLS_PK_ECDH_X25519;
+	else if (strcasecmp(key_type, "x448") == 0)
+		return GNUTLS_PK_ECDH_X448;
 	else if (strcasecmp(key_type, "dsa") == 0)
 		return GNUTLS_PK_DSA;
 	else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0)