aboutsummaryrefslogtreecommitdiff
path: root/tools/cert_create/src/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'tools/cert_create/src/main.c')
-rw-r--r--tools/cert_create/src/main.c62
1 files changed, 56 insertions, 6 deletions
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 0f588cc8c..0cbd2196b 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <stdbool.h>
#include <openssl/conf.h>
#include <openssl/engine.h>
@@ -69,6 +70,7 @@
/* Global options */
static int key_alg;
static int hash_alg;
+static int key_size;
static int new_keys;
static int save_keys;
static int print_cert;
@@ -90,7 +92,6 @@ static char *strdup(const char *str)
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
- [KEY_ALG_RSA_1_5] = "rsa_1_5",
#ifndef OPENSSL_NO_EC
[KEY_ALG_ECDSA] = "ecdsa"
#endif /* OPENSSL_NO_EC */
@@ -155,6 +156,18 @@ static int get_key_alg(const char *key_alg_str)
return -1;
}
+static int get_key_size(const char *key_size_str)
+{
+ char *end;
+ long key_size;
+
+ key_size = strtol(key_size_str, &end, 10);
+ if (*end != '\0')
+ return -1;
+
+ return key_size;
+}
+
static int get_hash_alg(const char *hash_alg_str)
{
int i;
@@ -174,6 +187,7 @@ static void check_cmd_params(void)
ext_t *ext;
key_t *key;
int i, j;
+ bool valid_size;
/* Only save new keys */
if (save_keys && !new_keys) {
@@ -181,6 +195,26 @@ static void check_cmd_params(void)
exit(1);
}
+ /* Validate key-size */
+ valid_size = false;
+ for (i = 0; i < KEY_SIZE_MAX_NUM; i++) {
+ if (key_size == KEY_SIZES[key_alg][i]) {
+ valid_size = true;
+ break;
+ }
+ }
+ if (!valid_size) {
+ ERROR("'%d' is not a valid key size for '%s'\n",
+ key_size, key_algs_str[key_alg]);
+ NOTICE("Valid sizes are: ");
+ for (i = 0; i < KEY_SIZE_MAX_NUM &&
+ KEY_SIZES[key_alg][i] != 0; i++) {
+ printf("%d ", KEY_SIZES[key_alg][i]);
+ }
+ printf("\n");
+ exit(1);
+ }
+
/* Check that all required options have been specified in the
* command line */
for (i = 0; i < num_certs; i++) {
@@ -242,8 +276,11 @@ static const cmd_opt_t common_cmd_opt[] = {
},
{
{ "key-alg", required_argument, NULL, 'a' },
- "Key algorithm: 'rsa' (default) - RSAPSS scheme as per \
-PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'"
+ "Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, 'ecdsa'"
+ },
+ {
+ { "key-size", required_argument, NULL, 'b' },
+ "Key size (for supported algorithms)."
},
{
{ "hash-alg", required_argument, NULL, 's' },
@@ -286,6 +323,7 @@ int main(int argc, char *argv[])
/* Set default options */
key_alg = KEY_ALG_RSA;
hash_alg = HASH_ALG_SHA256;
+ key_size = -1;
/* Add common command line options */
for (i = 0; i < NUM_ELEM(common_cmd_opt); i++) {
@@ -315,7 +353,7 @@ int main(int argc, char *argv[])
while (1) {
/* getopt_long stores the option index here. */
- c = getopt_long(argc, argv, "a:hknps:", cmd_opt, &opt_idx);
+ c = getopt_long(argc, argv, "a:b:hknps:", cmd_opt, &opt_idx);
/* Detect the end of the options. */
if (c == -1) {
@@ -330,6 +368,13 @@ int main(int argc, char *argv[])
exit(1);
}
break;
+ case 'b':
+ key_size = get_key_size(optarg);
+ if (key_size <= 0) {
+ ERROR("Invalid key size '%s'\n", optarg);
+ exit(1);
+ }
+ break;
case 'h':
print_help(argv[0], cmd_opt);
exit(0);
@@ -371,6 +416,11 @@ int main(int argc, char *argv[])
}
}
+ /* Select a reasonable default key-size */
+ if (key_size == -1) {
+ key_size = KEY_SIZES[key_alg][0];
+ }
+
/* Check command line arguments */
check_cmd_params();
@@ -413,7 +463,7 @@ int main(int argc, char *argv[])
if (new_keys) {
/* Try to create a new key */
NOTICE("Creating new key for '%s'\n", keys[i].desc);
- if (!key_create(&keys[i], key_alg)) {
+ if (!key_create(&keys[i], key_alg, key_size)) {
ERROR("Error creating key '%s'\n", keys[i].desc);
exit(1);
}
@@ -493,7 +543,7 @@ int main(int argc, char *argv[])
}
/* Create certificate. Signed with corresponding key */
- if (cert->fn && !cert_new(key_alg, hash_alg, cert, VAL_DAYS, 0, sk)) {
+ if (cert->fn && !cert_new(hash_alg, cert, VAL_DAYS, 0, sk)) {
ERROR("Cannot create %s\n", cert->cn);
exit(1);
}