]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/pki/commands/gen.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / pki / commands / gen.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2014-2016 Andreas Steffen
4 *
5 * Copyright (C) secunet Security Networks AG
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include "pki.h"
19
20 /**
21 * Generate a private key
22 */
23 static int gen()
24 {
25 cred_encoding_type_t form = PRIVKEY_ASN1_DER;
26 key_type_t type = KEY_RSA;
27 u_int size = 0, shares = 0, threshold = 1;
28 private_key_t *key;
29 chunk_t encoding;
30 bool safe_primes = FALSE;
31 char *arg;
32
33 while (TRUE)
34 {
35 switch (command_getopt(&arg))
36 {
37 case 'h':
38 return command_usage(NULL);
39 case 't':
40 if (streq(arg, "rsa"))
41 {
42 type = KEY_RSA;
43 }
44 else if (streq(arg, "ecdsa"))
45 {
46 type = KEY_ECDSA;
47 }
48 else if (streq(arg, "ed25519"))
49 {
50 type = KEY_ED25519;
51 }
52 else if (streq(arg, "ed448"))
53 {
54 type = KEY_ED448;
55 }
56 else if (streq(arg, "bliss"))
57 {
58 type = KEY_BLISS;
59 }
60 else
61 {
62 return command_usage("invalid key type");
63 }
64 continue;
65 case 'f':
66 if (!get_form(arg, &form, CRED_PRIVATE_KEY))
67 {
68 return command_usage("invalid key output format");
69 }
70 continue;
71 case 's':
72 size = atoi(arg);
73 if (!size)
74 {
75 return command_usage("invalid key size");
76 }
77 continue;
78 case 'p':
79 safe_primes = TRUE;
80 continue;
81 case 'n':
82 shares = atoi(arg);
83 if (shares < 2)
84 {
85 return command_usage("invalid number of key shares");
86 }
87 continue;
88 case 'l':
89 threshold = atoi(arg);
90 if (threshold < 1)
91 {
92 return command_usage("invalid key share threshold");
93 }
94 continue;
95 case EOF:
96 break;
97 default:
98 return command_usage("invalid --gen option");
99 }
100 break;
101 }
102 /* default key sizes */
103 if (!size)
104 {
105 switch (type)
106 {
107 case KEY_RSA:
108 size = 2048;
109 break;
110 case KEY_ECDSA:
111 size = 384;
112 break;
113 case KEY_ED25519:
114 size = 256;
115 break;
116 case KEY_ED448:
117 size = 456;
118 break;
119 case KEY_BLISS:
120 size = 1;
121 break;
122 default:
123 break;
124 }
125 }
126 if (type == KEY_RSA && shares)
127 {
128 if (threshold > shares)
129 {
130 return command_usage("threshold is larger than number of shares");
131 }
132 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
133 BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES,
134 BUILD_SHARES, shares, BUILD_THRESHOLD, threshold,
135 BUILD_END);
136 }
137 else if (type == KEY_RSA && safe_primes)
138 {
139 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
140 BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES, BUILD_END);
141 }
142 else
143 {
144 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
145 BUILD_KEY_SIZE, size, BUILD_END);
146 }
147 if (!key)
148 {
149 fprintf(stderr, "private key generation failed\n");
150 return 1;
151 }
152 if (!key->get_encoding(key, form, &encoding))
153 {
154 fprintf(stderr, "private key encoding failed\n");
155 key->destroy(key);
156 return 1;
157 }
158 key->destroy(key);
159 set_file_mode(stdout, form);
160 if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1)
161 {
162 fprintf(stderr, "writing private key failed\n");
163 free(encoding.ptr);
164 return 1;
165 }
166 free(encoding.ptr);
167 return 0;
168 }
169
170 /**
171 * Register the command.
172 */
173 static void __attribute__ ((constructor))reg()
174 {
175 command_register((command_t) {
176 gen, 'g', "gen", "generate a new private key",
177 {"[--type rsa|ecdsa|ed25519|ed448|bliss] [--size bits] [--safe-primes]",
178 "[--shares n] [--threshold l] [--outform der|pem]"},
179 {
180 {"help", 'h', 0, "show usage information"},
181 {"type", 't', 1, "type of key, default: rsa"},
182 {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384, bliss 1"},
183 {"safe-primes", 'p', 0, "generate rsa safe primes"},
184 {"shares", 'n', 1, "number of private rsa key shares"},
185 {"threshold", 'l', 1, "minimum number of participating rsa key shares"},
186 {"outform", 'f', 1, "encoding of generated private key, default: der"},
187 }
188 });
189 }
Unnamed repository; edit this file 'description' to name the repository.