diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-11-22 00:34:26 +0100 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-11-22 00:34:42 +0100 |
commit | 48b23d06a8c701d6d48666dbe927f5454dfea7a4 (patch) | |
tree | e18017cf50af167e14cc27299ec8fd09643c982f /src/pki/commands/gen.c | |
parent | 2cb9a014df3e60902a4448e73d0928007bf68956 (diff) | |
download | strongswan-48b23d06a8c701d6d48666dbe927f5454dfea7a4.tar.bz2 strongswan-48b23d06a8c701d6d48666dbe927f5454dfea7a4.tar.xz |
allow the optional sharing if RSA private keys
Diffstat (limited to 'src/pki/commands/gen.c')
-rw-r--r-- | src/pki/commands/gen.c | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index d6c4c2e10..e3602f0c3 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -22,7 +22,7 @@ static int gen() { cred_encoding_type_t form = PRIVKEY_ASN1_DER; key_type_t type = KEY_RSA; - u_int size = 0; + u_int size = 0, shares = 0, threshold = 1; private_key_t *key; chunk_t encoding; bool safe_primes = FALSE; @@ -64,6 +64,20 @@ static int gen() case 'p': safe_primes = TRUE; continue; + case 'n': + shares = atoi(arg); + if (shares < 2) + { + return command_usage("invalid number of key shares"); + } + continue; + case 'l': + threshold = atoi(arg); + if (threshold < 1) + { + return command_usage("invalid key share threshold"); + } + continue; case EOF: break; default: @@ -86,7 +100,18 @@ static int gen() break; } } - if (type == KEY_RSA && safe_primes) + if (type == KEY_RSA && shares) + { + if (threshold > shares) + { + return command_usage("threshold is larger than number of shares"); + } + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES, + BUILD_SHARES, shares, BUILD_THRESHOLD, threshold, + BUILD_END); + } + else if (type == KEY_RSA && safe_primes) { key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES, BUILD_END); @@ -125,12 +150,15 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { gen, 'g', "gen", "generate a new private key", - {"[--type rsa|ecdsa] [--size bits] [--safe-primes] [--outform der|pem|pgp]"}, + {" [--type rsa|ecdsa] [--size bits] [--safe-primes]", + "[--shares n] [--threshold l] [--outform der|pem|pgp]"}, { {"help", 'h', 0, "show usage information"}, {"type", 't', 1, "type of key, default: rsa"}, {"size", 's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"}, {"safe-primes", 'p', 0, "generate rsa safe primes"}, + {"shares", 'n', 1, "number of private rsa key shares"}, + {"threshold", 'l', 1, "minimum number of participating rsa key shares"}, {"outform", 'f', 1, "encoding of generated private key"}, } }); |