updates to allow the generation of an ECC private key.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-05-22 20:09:08 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-05-22 20:09:08 +0200
commit: b295a423e6e046c98ebb2a5c28c429e579c23e05 (patch)
tree: e735a02883a3dcbb27612c5b7ed5d9e14c25f6c4 /src
parent: ebb56017fb7592748d7f36dc87c8d5163cb89aad (diff)
download: gnutls-b295a423e6e046c98ebb2a5c28c429e579c23e05.tar.gz
4 files changed, 104 insertions, 86 deletions
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index a92a694742..5a6f6b256b 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -167,6 +167,7 @@ void gaa_help(void)
 	__gaa_helpsingle(0, "to-p8", "", "Generate a PKCS #8 key structure.");
 	__gaa_helpsingle('8', "pkcs8", "", "Use PKCS #8 format for private keys.");
 	__gaa_helpsingle(0, "dsa", "", "Use DSA keys.");
+	__gaa_helpsingle(0, "ecc", "", "Use ECC (ECDSA) keys.");
 	__gaa_helpsingle(0, "hash", "STR ", "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512).");
 	__gaa_helpsingle(0, "export-ciphers", "", "Use weak encryption algorithms.");
 	__gaa_helpsingle(0, "inder", "", "Use DER format for input certificates and private keys.");
@@ -197,30 +198,32 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 142 "certtool.gaa"
+#line 145 "certtool.gaa"
 	int debug;
-#line 139 "certtool.gaa"
+#line 142 "certtool.gaa"
 	char *pkcs_cipher;
-#line 136 "certtool.gaa"
+#line 139 "certtool.gaa"
 	char *template;
-#line 133 "certtool.gaa"
+#line 136 "certtool.gaa"
 	char *infile;
-#line 130 "certtool.gaa"
+#line 133 "certtool.gaa"
 	char *outfile;
-#line 127 "certtool.gaa"
+#line 130 "certtool.gaa"
 	int quick_random;
-#line 124 "certtool.gaa"
+#line 127 "certtool.gaa"
 	char* sec_param;
-#line 121 "certtool.gaa"
+#line 124 "certtool.gaa"
 	int bits;
-#line 117 "certtool.gaa"
+#line 120 "certtool.gaa"
 	int outcert_format;
-#line 113 "certtool.gaa"
+#line 116 "certtool.gaa"
 	int incert_format;
-#line 110 "certtool.gaa"
+#line 113 "certtool.gaa"
 	int export;
-#line 107 "certtool.gaa"
+#line 110 "certtool.gaa"
 	char *hash;
+#line 107 "certtool.gaa"
+	int ecc;
 #line 104 "certtool.gaa"
 	int dsa;
 #line 101 "certtool.gaa"
@@ -303,7 +306,7 @@ static int gaa_error = 0;
 #define GAA_MULTIPLE_OPTION     3
 
 #define GAA_REST                0
-#define GAA_NB_OPTION           54
+#define GAA_NB_OPTION           55
 #define GAAOPTID_version	1
 #define GAAOPTID_help	2
 #define GAAOPTID_debug	3
@@ -320,44 +323,45 @@ static int gaa_error = 0;
 #define GAAOPTID_inder	14
 #define GAAOPTID_export_ciphers	15
 #define GAAOPTID_hash	16
-#define GAAOPTID_dsa	17
-#define GAAOPTID_pkcs8	18
-#define GAAOPTID_to_p8	19
-#define GAAOPTID_to_p12	20
-#define GAAOPTID_v1	21
-#define GAAOPTID_fix_key	22
-#define GAAOPTID_pubkey_info	23
-#define GAAOPTID_pgp_key_info	24
-#define GAAOPTID_key_info	25
-#define GAAOPTID_smime_to_p7	26
-#define GAAOPTID_p7_info	27
-#define GAAOPTID_p12_info	28
-#define GAAOPTID_no_crq_extensions	29
-#define GAAOPTID_crq_info	30
-#define GAAOPTID_crl_info	31
-#define GAAOPTID_pgp_ring_info	32
-#define GAAOPTID_pgp_certificate_info	33
-#define GAAOPTID_certificate_pubkey	34
-#define GAAOPTID_certificate_info	35
-#define GAAOPTID_password	36
-#define GAAOPTID_load_ca_certificate	37
-#define GAAOPTID_load_ca_privkey	38
-#define GAAOPTID_load_certificate	39
-#define GAAOPTID_load_request	40
-#define GAAOPTID_load_pubkey	41
-#define GAAOPTID_load_privkey	42
-#define GAAOPTID_get_dh_params	43
-#define GAAOPTID_generate_dh_params	44
-#define GAAOPTID_verify_crl	45
-#define GAAOPTID_verify	46
-#define GAAOPTID_verify_chain	47
-#define GAAOPTID_generate_request	48
-#define GAAOPTID_generate_privkey	49
-#define GAAOPTID_update_certificate	50
-#define GAAOPTID_generate_crl	51
-#define GAAOPTID_generate_proxy	52
-#define GAAOPTID_generate_certificate	53
-#define GAAOPTID_generate_self_signed	54
+#define GAAOPTID_ecc	17
+#define GAAOPTID_dsa	18
+#define GAAOPTID_pkcs8	19
+#define GAAOPTID_to_p8	20
+#define GAAOPTID_to_p12	21
+#define GAAOPTID_v1	22
+#define GAAOPTID_fix_key	23
+#define GAAOPTID_pubkey_info	24
+#define GAAOPTID_pgp_key_info	25
+#define GAAOPTID_key_info	26
+#define GAAOPTID_smime_to_p7	27
+#define GAAOPTID_p7_info	28
+#define GAAOPTID_p12_info	29
+#define GAAOPTID_no_crq_extensions	30
+#define GAAOPTID_crq_info	31
+#define GAAOPTID_crl_info	32
+#define GAAOPTID_pgp_ring_info	33
+#define GAAOPTID_pgp_certificate_info	34
+#define GAAOPTID_certificate_pubkey	35
+#define GAAOPTID_certificate_info	36
+#define GAAOPTID_password	37
+#define GAAOPTID_load_ca_certificate	38
+#define GAAOPTID_load_ca_privkey	39
+#define GAAOPTID_load_certificate	40
+#define GAAOPTID_load_request	41
+#define GAAOPTID_load_pubkey	42
+#define GAAOPTID_load_privkey	43
+#define GAAOPTID_get_dh_params	44
+#define GAAOPTID_generate_dh_params	45
+#define GAAOPTID_verify_crl	46
+#define GAAOPTID_verify	47
+#define GAAOPTID_verify_chain	48
+#define GAAOPTID_generate_request	49
+#define GAAOPTID_generate_privkey	50
+#define GAAOPTID_update_certificate	51
+#define GAAOPTID_generate_crl	52
+#define GAAOPTID_generate_proxy	53
+#define GAAOPTID_generate_certificate	54
+#define GAAOPTID_generate_self_signed	55
 
 #line 168 "gaa.skel"
 
@@ -688,6 +692,7 @@ static int gaa_get_option_num(char *str, int status)
 			GAA_CHECK1STR("", GAAOPTID_inraw);
 			GAA_CHECK1STR("", GAAOPTID_inder);
 			GAA_CHECK1STR("", GAAOPTID_export_ciphers);
+			GAA_CHECK1STR("", GAAOPTID_ecc);
 			GAA_CHECK1STR("", GAAOPTID_dsa);
 			GAA_CHECK1STR("8", GAAOPTID_pkcs8);
 			GAA_CHECK1STR("", GAAOPTID_to_p8);
@@ -739,6 +744,7 @@ static int gaa_get_option_num(char *str, int status)
 			GAA_CHECKSTR("inder", GAAOPTID_inder);
 			GAA_CHECKSTR("export-ciphers", GAAOPTID_export_ciphers);
 			GAA_CHECKSTR("hash", GAAOPTID_hash);
+			GAA_CHECKSTR("ecc", GAAOPTID_ecc);
 			GAA_CHECKSTR("dsa", GAAOPTID_dsa);
 			GAA_CHECKSTR("pkcs8", GAAOPTID_pkcs8);
 			GAA_CHECKSTR("to-p8", GAAOPTID_to_p8);
@@ -826,14 +832,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
     {
 	case GAAOPTID_version:
 	OK = 0;
-#line 147 "certtool.gaa"
+#line 150 "certtool.gaa"
 { certtool_version(); exit(0); ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_help:
 	OK = 0;
-#line 145 "certtool.gaa"
+#line 148 "certtool.gaa"
 { gaa_help(); exit(0); ;};
 
 		return GAA_OK;
@@ -843,7 +849,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
 		gaa_index++;
-#line 143 "certtool.gaa"
+#line 146 "certtool.gaa"
 { gaaval->debug = GAATMP_debug.arg1 ;};
 
 		return GAA_OK;
@@ -853,7 +859,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr, GAATMP_pkcs_cipher.size1);
 		gaa_index++;
-#line 140 "certtool.gaa"
+#line 143 "certtool.gaa"
 { gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;};
 
 		return GAA_OK;
@@ -863,7 +869,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_template.arg1, gaa_getstr, GAATMP_template.size1);
 		gaa_index++;
-#line 137 "certtool.gaa"
+#line 140 "certtool.gaa"
 { gaaval->template = GAATMP_template.arg1 ;};
 
 		return GAA_OK;
@@ -873,7 +879,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
 		gaa_index++;
-#line 134 "certtool.gaa"
+#line 137 "certtool.gaa"
 { gaaval->infile = GAATMP_infile.arg1 ;};
 
 		return GAA_OK;
@@ -883,14 +889,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
 		gaa_index++;
-#line 131 "certtool.gaa"
+#line 134 "certtool.gaa"
 { gaaval->outfile = GAATMP_outfile.arg1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_disable_quick_random:
 	OK = 0;
-#line 128 "certtool.gaa"
+#line 131 "certtool.gaa"
 { gaaval->quick_random = 0; ;};
 
 		return GAA_OK;
@@ -900,7 +906,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr, GAATMP_sec_param.size1);
 		gaa_index++;
-#line 125 "certtool.gaa"
+#line 128 "certtool.gaa"
 { gaaval->sec_param = GAATMP_sec_param.arg1 ;};
 
 		return GAA_OK;
@@ -910,42 +916,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
 		gaa_index++;
-#line 122 "certtool.gaa"
+#line 125 "certtool.gaa"
 { gaaval->bits = GAATMP_bits.arg1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_outraw:
 	OK = 0;
-#line 119 "certtool.gaa"
+#line 122 "certtool.gaa"
 { gaaval->outcert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_outder:
 	OK = 0;
-#line 118 "certtool.gaa"
+#line 121 "certtool.gaa"
 { gaaval->outcert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_inraw:
 	OK = 0;
-#line 115 "certtool.gaa"
+#line 118 "certtool.gaa"
 { gaaval->incert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_inder:
 	OK = 0;
-#line 114 "certtool.gaa"
+#line 117 "certtool.gaa"
 { gaaval->incert_format=1 ;};
 
 		return GAA_OK;
 		break;
 	case GAAOPTID_export_ciphers:
 	OK = 0;
-#line 111 "certtool.gaa"
+#line 114 "certtool.gaa"
 { gaaval->export=1 ;};
 
 		return GAA_OK;
@@ -955,11 +961,18 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo *gaaval, char *opt_list)
 		GAA_TESTMOREARGS;
 		GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
 		gaa_index++;
-#line 108 "certtool.gaa"
+#line 111 "certtool.gaa"
 { gaaval->hash = GAATMP_hash.arg1 ;};
 
 		return GAA_OK;
 		break;
+	case GAAOPTID_ecc:
+	OK = 0;
+#line 108 "certtool.gaa"
+{ gaaval->ecc=1 ;};
+
+		return GAA_OK;
+		break;
 	case GAAOPTID_dsa:
 	OK = 0;
 #line 105 "certtool.gaa"
@@ -1271,12 +1284,12 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
     if(inited == 0)
     {
 
-#line 149 "certtool.gaa"
+#line 152 "certtool.gaa"
 { gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL;
 	gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; 
 	gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
 	gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=1; 
-	gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; ;};
+	gaaval->privkey_op = 0; gaaval->pkcs_cipher = "aes-128"; gaaval->crq_extensions=1; gaaval->ecc=0; ;};
 
     }
     inited = 1;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index 238d2331f1..f661e3692f 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,30 +8,32 @@ typedef struct _gaainfo gaainfo;
 
 struct _gaainfo
 {
-#line 142 "certtool.gaa"
+#line 145 "certtool.gaa"
 	int debug;
-#line 139 "certtool.gaa"
+#line 142 "certtool.gaa"
 	char *pkcs_cipher;
-#line 136 "certtool.gaa"
+#line 139 "certtool.gaa"
 	char *template;
-#line 133 "certtool.gaa"
+#line 136 "certtool.gaa"
 	char *infile;
-#line 130 "certtool.gaa"
+#line 133 "certtool.gaa"
 	char *outfile;
-#line 127 "certtool.gaa"
+#line 130 "certtool.gaa"
 	int quick_random;
-#line 124 "certtool.gaa"
+#line 127 "certtool.gaa"
 	char* sec_param;
-#line 121 "certtool.gaa"
+#line 124 "certtool.gaa"
 	int bits;
-#line 117 "certtool.gaa"
+#line 120 "certtool.gaa"
 	int outcert_format;
-#line 113 "certtool.gaa"
+#line 116 "certtool.gaa"
 	int incert_format;
-#line 110 "certtool.gaa"
+#line 113 "certtool.gaa"
 	int export;
-#line 107 "certtool.gaa"
+#line 110 "certtool.gaa"
 	char *hash;
+#line 107 "certtool.gaa"
+	int ecc;
 #line 104 "certtool.gaa"
 	int dsa;
 #line 101 "certtool.gaa"
diff --git a/src/certtool.c b/src/certtool.c
index 17443cfb83..d8b3b759dc 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -255,9 +255,9 @@ generate_private_key_int (void)
   int ret, key_type, bits;
 
   if (info.dsa)
-    {
-      key_type = GNUTLS_PK_DSA;
-    }
+    key_type = GNUTLS_PK_DSA;
+  else if (info.ecc)
+    key_type = GNUTLS_PK_ECC;
   else
     key_type = GNUTLS_PK_RSA;
 
@@ -279,7 +279,7 @@ generate_private_key_int (void)
     fprintf (stderr,
              "Note that DSA keys with size over 1024 can only be used with TLS 1.2 or later.\n\n");
 
-  ret = gnutls_x509_privkey_generate (key, key_type,bits, 0);
+  ret = gnutls_x509_privkey_generate (key, key_type, bits, 0);
   if (ret < 0)
     error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
 
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 13141a4f62..f51fc9b490 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -104,6 +104,9 @@ option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
 #int dsa;
 option (dsa) { $dsa=1 } "Use DSA keys."
 
+#int ecc;
+option (ecc) { $ecc=1 } "Use ECC (ECDSA) keys."
+
 #char *hash;
 option (hash) STR "STR" { $hash = $1 } "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512)."
 
@@ -150,4 +153,4 @@ init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL;
 	$debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; 
 	$incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0;
 	$export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; 
-	$privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; }
+	$privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $ecc=0; }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-05-22 20:09:08 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-05-22 20:09:08 +0200
commit	b295a423e6e046c98ebb2a5c28c429e579c23e05 (patch)
tree	e735a02883a3dcbb27612c5b7ed5d9e14c25f6c4 /src
parent	ebb56017fb7592748d7f36dc87c8d5163cb89aad (diff)
download	gnutls-b295a423e6e046c98ebb2a5c28c429e579c23e05.tar.gz