Skip to content

Commit

Permalink
efikeygen: Add support for RSA3072 and RSA4096
Browse files Browse the repository at this point in the history
This adds a "--algorithm" flag to which you can pass rsa2048, rsa3072,
and rsa4096.

Signed-off-by: Peter Jones <pjones@redhat.com>
  • Loading branch information
vathpela committed Nov 13, 2023
1 parent 1ee1aaa commit 213b695
Showing 1 changed file with 52 additions and 0 deletions.
52 changes: 52 additions & 0 deletions src/efikeygen.c
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,31 @@ long verbosity(void)
return verbose;
}

struct algorithm {
char name[16];
int key_bits;
unsigned long exponent;
};

struct algorithm algorithms[] = {
{.name = "rsa2048",
.key_bits = 2048,
.exponent = 0x010001ul,
},
{.name = "rsa3072",
.key_bits = 3072,
.exponent = 0x010001ul,
},
{.name = "rsa4096",
.key_bits = 4096,
.exponent = 0x010001ul,
},
{.name = "",
.key_bits = 0,
.exponent = 0,
}
};

int main(int argc, char *argv[])
{
int is_ca = 0;
Expand Down Expand Up @@ -718,6 +743,8 @@ int main(int argc, char *argv[])
int nfrees = 0;
int key_bits = 2048;
unsigned long exponent = 0x010001ul;
char *orig_algo = "rsa2048";
char *algo = orig_algo;

cms_context *cms = NULL;

Expand Down Expand Up @@ -760,6 +787,12 @@ int main(int argc, char *argv[])
.descrip = "Generate a self-signed certificate" },

/* stuff about the generated key */
{.longName = "algorithm",
.shortName = 'a',
.argInfo = POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
.arg = &algo,
.descrip = "Algorithm for keys",
.argDescrip = "<algorithm>" },
{.longName = "kek",
.shortName = 'K',
.argInfo = POPT_ARG_VAL|POPT_ARGFLAG_OR|POPT_ARGFLAG_DOC_HIDDEN,
Expand Down Expand Up @@ -917,6 +950,7 @@ int main(int argc, char *argv[])

while ((rc = poptGetNextOpt(optCon)) > 0) {
switch (rc) {
case 'a': frees[nfrees++] = algo; break;
case 'c': frees[nfrees++] = cn; break;
case 'D': frees[nfrees++] = db_path; break;
case 'd': frees[nfrees++] = dbdir; break;
Expand All @@ -943,6 +977,14 @@ int main(int argc, char *argv[])

poptFreeContext(optCon);

if (strcmp(algo, "help") == 0) {
printf("Supported algorithms:");
for (int i = 0; algorithms[i].name[0] != '\0'; i++)
printf(" %s", algorithms[i].name);
printf("\n");
exit(0);
}

/*
* Scenarios that are okay (x == valid combination)
*
Expand Down Expand Up @@ -971,6 +1013,16 @@ int main(int argc, char *argv[])
if (!is_self_signed && !signer)
errx(1, "signing certificate is required");

for (int i=0; true; i++) {
if (strcmp(algorithms[i].name, "") == 0)
errx(1, "invalid algorithm: \"%s\"", algo);
if (strcmp(algorithms[i].name, algo) == 0) {
key_bits = algorithms[i].key_bits;
exponent = algorithms[i].exponent;
break;
}
}

cms->tokenname = tokenname;
cms->certname = signer;

Expand Down

0 comments on commit 213b695

Please sign in to comment.