diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile
index 592d19663dbfd94baaf23f8b3c56f56a3f98036c..f4be6cb5ee6e3453d5c2f537b4c15ab877e90dda 100644
--- a/package/utils/px5g/Makefile
+++ b/package/utils/px5g/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g
-PKG_RELEASE:=8
+PKG_RELEASE:=9
PKG_LICENSE:=LGPL-2.1
PKG_USE_MIPS16:=0
@@ -52,7 +52,7 @@ ifeq ($(BUILD_VARIANT),standalone)
TARGET_LDFLAGS := -Wl,-Bstatic $(TARGET_LDFLAGS) -Wl,-Bdynamic
endif
-TARGET_CFLAGS += -Wl,--gc-sections
+TARGET_CFLAGS += -Wl,--gc-sections -Wall -Werror
define Build/Compile
$(TARGET_CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS)
diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c
index f0fe4dcfd39124bc83249cf32f9468652fedadb9..0b72154509a8c84577a877f6b13e4243b3dc58d1 100644
--- a/package/utils/px5g/px5g.c
+++ b/package/utils/px5g/px5g.c
@@ -32,6 +32,7 @@
#include <mbedtls/bignum.h>
#include <mbedtls/x509_crt.h>
+#include <mbedtls/ecp.h>
#include <mbedtls/rsa.h>
#include <mbedtls/pk.h>
@@ -73,6 +74,23 @@ static void write_file(const char *path, int len, bool pem)
fclose(f);
}
+static mbedtls_ecp_group_id ecp_curve(const char *name)
+{
+ const mbedtls_ecp_curve_info *curve_info;
+
+ if (!strcmp(name, "P-256"))
+ return MBEDTLS_ECP_DP_SECP256R1;
+ else if (!strcmp(name, "P-384"))
+ return MBEDTLS_ECP_DP_SECP384R1;
+ else if (!strcmp(name, "P-521"))
+ return MBEDTLS_ECP_DP_SECP521R1;
+ curve_info = mbedtls_ecp_curve_info_from_name(name);
+ if (curve_info == NULL)
+ return MBEDTLS_ECP_DP_NONE;
+ else
+ return curve_info->grp_id;
+}
+
static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
{
int len = 0;
@@ -89,24 +107,33 @@ static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
write_file(path, len, pem);
}
-static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
+static void gen_key(mbedtls_pk_context *key, bool rsa, int ksize, int exp,
+ mbedtls_ecp_group_id curve, bool pem)
{
mbedtls_pk_init(key);
- fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
- mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
- if (mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) {
- fprintf(stderr, "error: key generation failed\n");
- exit(1);
+ if (rsa) {
+ fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
+ mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
+ if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp))
+ return;
+ } else {
+ fprintf(stderr, "Generating EC private key\n");
+ mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
+ if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom, NULL))
+ return;
}
+ fprintf(stderr, "error: key generation failed\n");
+ exit(1);
}
-int rsakey(char **arg)
+int dokey(bool rsa, char **arg)
{
mbedtls_pk_context key;
unsigned int ksize = 512;
int exp = 65537;
char *path = NULL;
bool pem = true;
+ mbedtls_ecp_group_id curve = MBEDTLS_ECP_DP_SECP256R1;
while (*arg && **arg == '-') {
if (!strcmp(*arg, "-out") && arg[1]) {
@@ -120,10 +147,17 @@ int rsakey(char **arg)
arg++;
}
- if (*arg)
+ if (*arg && rsa) {
ksize = (unsigned int)atoi(*arg);
+ } else if (*arg) {
+ curve = ecp_curve((const char *)*arg);
+ if (curve == MBEDTLS_ECP_DP_NONE) {
+ fprintf(stderr, "error: invalid curve name: %s\n", *arg);
+ return 1;
+ }
+ }
- gen_key(&key, ksize, exp, pem);
+ gen_key(&key, rsa, ksize, exp, curve, pem);
write_key(&key, path, pem);
mbedtls_pk_free(&key);
@@ -146,20 +180,37 @@ int selfsigned(char **arg)
time_t from = time(NULL), to;
char fstr[20], tstr[20], sstr[17];
int len;
+ bool rsa = true;
+ mbedtls_ecp_group_id curve = MBEDTLS_ECP_DP_SECP256R1;
while (*arg && **arg == '-') {
if (!strcmp(*arg, "-der")) {
pem = false;
} else if (!strcmp(*arg, "-newkey") && arg[1]) {
- if (strncmp(arg[1], "rsa:", 4)) {
- fprintf(stderr, "error: invalid algorithm");
+ if (!strncmp(arg[1], "rsa:", 4)) {
+ rsa = true;
+ ksize = (unsigned int)atoi(arg[1] + 4);
+ } else if (!strcmp(arg[1], "ec")) {
+ rsa = false;
+ } else {
+ fprintf(stderr, "error: invalid algorithm\n");
return 1;
}
- ksize = (unsigned int)atoi(arg[1] + 4);
arg++;
} else if (!strcmp(*arg, "-days") && arg[1]) {
days = (unsigned int)atoi(arg[1]);
arg++;
+ } else if (!strcmp(*arg, "-pkeyopt") && arg[1]) {
+ if (strncmp(arg[1], "ec_paramgen_curve:", 18)) {
+ fprintf(stderr, "error: invalid pkey option: %s\n", arg[1]);
+ return 1;
+ }
+ curve = ecp_curve((const char *)(arg[1] + 18));
+ if (curve == MBEDTLS_ECP_DP_NONE) {
+ fprintf(stderr, "error: invalid curve name: %s\n", arg[1] + 18);
+ return 1;
+ }
+ arg++;
} else if (!strcmp(*arg, "-keyout") && arg[1]) {
keypath = arg[1];
arg++;
@@ -196,8 +247,7 @@ int selfsigned(char **arg)
}
arg++;
}
-
- gen_key(&key, ksize, exp, pem);
+ gen_key(&key, rsa, ksize, exp, curve, pem);
if (keypath)
write_key(&key, keypath, pem);
@@ -223,7 +273,7 @@ int selfsigned(char **arg)
mbedtls_x509write_crt_set_subject_key_identifier(&cert);
mbedtls_x509write_crt_set_authority_key_identifier(&cert);
- _urandom(NULL, buf, 8);
+ _urandom(NULL, (void *) buf, 8);
for (len = 0; len < 8; len++)
sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
@@ -260,8 +310,10 @@ int main(int argc, char *argv[])
if (!argv[1]) {
//Usage
+ } else if (!strcmp(argv[1], "eckey")) {
+ return dokey(false, argv+2);
} else if (!strcmp(argv[1], "rsakey")) {
- return rsakey(argv+2);
+ return dokey(true, argv+2);
} else if (!strcmp(argv[1], "selfsigned")) {
return selfsigned(argv+2);
}
@@ -269,6 +321,6 @@ int main(int argc, char *argv[])
fprintf(stderr,
"PX5G X.509 Certificate Generator Utility v" PX5G_VERSION "\n" PX5G_COPY
"\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n");
- fprintf(stderr, "Usage: %s [rsakey|selfsigned]\n", *argv);
+ fprintf(stderr, "Usage: %s [eckey|rsakey|selfsigned]\n", *argv);
return 1;
}