implemented generation of safe primes

1 files changed, 20 insertions, 7 deletions

diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index 33d9cf35d..d6c4c2e10 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -25,6 +25,7 @@ static int gen()
 	u_int size = 0;
 	private_key_t *key;
 	chunk_t encoding;
+	bool safe_primes = FALSE;
 	char *arg;
 
 	while (TRUE)
@@ -60,6 +61,9 @@ static int gen()
 					return command_usage("invalid key size");
 				}
 				continue;
+			case 'p':
+				safe_primes = TRUE;
+				continue;
 			case EOF:
 				break;
 			default:
@@ -82,8 +86,16 @@ static int gen()
 				break;
 		}
 	}
-	key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-							 BUILD_KEY_SIZE, size, BUILD_END);
+	if (type == KEY_RSA && safe_primes)
+	{
+		key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+							BUILD_KEY_SIZE, size, BUILD_SAFE_PRIMES, BUILD_END);
+	}
+	else
+	{
+		key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
+							BUILD_KEY_SIZE, size, BUILD_END);
+	}
 	if (!key)
 	{
 		fprintf(stderr, "private key generation failed\n");
@@ -113,12 +125,13 @@ static void __attribute__ ((constructor))reg()
 {
 	command_register((command_t) {
 		gen, 'g', "gen", "generate a new private key",
-		{"[--type rsa|ecdsa] [--size bits] [--outform der|pem|pgp]"},
+		{"[--type rsa|ecdsa] [--size bits] [--safe-primes] [--outform der|pem|pgp]"},
 		{
-			{"help",	'h', 0, "show usage information"},
-			{"type",	't', 1, "type of key, default: rsa"},
-			{"size",	's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"},
-			{"outform",	'f', 1, "encoding of generated private key"},
+			{"help",		'h', 0, "show usage information"},
+			{"type",		't', 1, "type of key, default: rsa"},
+			{"size",		's', 1, "keylength in bits, default: rsa 2048, ecdsa 384"},
+			{"safe-primes", 'p', 0, "generate rsa safe primes"},
+			{"outform",		'f', 1, "encoding of generated private key"},
 		}
 	});
 }