diff options
Diffstat (limited to 'src/pki/commands/gen.c')
| -rw-r--r-- | src/pki/commands/gen.c | 57 |
1 files changed, 49 insertions, 8 deletions
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index 33d9cf35d..e3602f0c3 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -22,9 +22,10 @@ static int gen() { cred_encoding_type_t form = PRIVKEY_ASN1_DER; key_type_t type = KEY_RSA; - u_int size = 0; + u_int size = 0, shares = 0, threshold = 1; private_key_t *key; chunk_t encoding; + bool safe_primes = FALSE; char *arg; while (TRUE) @@ -60,6 +61,23 @@ static int gen() return command_usage("invalid key size"); } continue; + case 'p': + safe_primes = TRUE; + continue; + case 'n': + shares = atoi(arg); + if (shares < 2) + { + return command_usage("invalid number of key shares"); + } + continue; + case 'l': + threshold = atoi(arg); + if (threshold < 1) + { + return command_usage("invalid key share threshold"); + } + continue; case EOF: break; default: @@ -82,8 +100,27 @@ static int gen() break; } } - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_KEY_SIZE, size, BUILD_END); + if (type == KEY_RSA && shares) + { + if (threshold > shares) + { + return command_usage("threshold is larger than number of shares"); + } + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES, + BUILD_SHARES, shares, BUILD_THRESHOLD, threshold, + BUILD_END); + } + else if (type == KEY_RSA && safe_primes) + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES, BUILD_END); + } + else + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_KEY_SIZE, size, BUILD_END); + } if (!key) { fprintf(stderr, "private key generation failed\n"); @@ -113,12 +150,16 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { gen, 'g', "gen", "generate a new private key", - {"[--type rsa|ecdsa] [--size bits] [--outform der|pem|pgp]"}, + {" [--type rsa|ecdsa] [--size bits] [--safe-primes]", + "[--shares n] [--threshold l] [--outform der|pem|pgp]"}, { - {"help", 'h', 0, "show usage information"}, - {"type", 't', 1, "type of key, default: rsa"}, - {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"}, - {"outform", 'f', 1, "encoding of generated private key"}, + {"help", 'h', 0, "show usage information"}, + {"type", 't', 1, "type of key, default: rsa"}, + {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"}, + {"safe-primes", 'p', 0, "generate rsa safe primes"}, + {"shares", 'n', 1, "number of private rsa key shares"}, + {"threshold", 'l', 1, "minimum number of participating rsa key shares"}, + {"outform", 'f', 1, "encoding of generated private key"}, } }); } |