From e59e71f30748004d6251b6024e7f9ab22192bbad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 12 Jan 2007 22:01:58 +0000
Subject: [PATCH] Allow setting parameters to private key generation.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19871 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/crypto.c  | 87 ++++++++++++++++++++++++++++++++++++---------
 lib/hx509/hx_locl.h |  1 +
 lib/hx509/hxtool.c  | 20 ++++++++---
 3 files changed, 88 insertions(+), 20 deletions(-)

diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c
index b7cefa266..9146be6dc 100644
--- a/lib/hx509/crypto.c
+++ b/lib/hx509/crypto.c
@@ -42,6 +42,11 @@ enum crypto_op_type {
     COT_SIGN
 };
 
+struct hx509_generate_private_context {
+    const heim_oid *key_oid;
+    int isCA;
+    unsigned long num_bits;
+};
 
 struct hx509_private_key_ops {
     const char *pemtype;
@@ -56,8 +61,9 @@ struct hx509_private_key_ops {
 		  const void *data,
 		  size_t len,
 		  hx509_private_key private_key);
-    int (*generate_private_key)(hx509_context context,
-				hx509_private_key private_key);
+    int (*generate_private_key)(hx509_context,
+				struct hx509_generate_private_context *,
+				hx509_private_key);
     int (*handle_alg)(const hx509_private_key,
 		      const AlgorithmIdentifier *,
 		      enum crypto_op_type);
@@ -433,17 +439,13 @@ rsa_private_key2SPKI(hx509_context context,
 }
 
 static int
-cb_func(int a, int b, BN_GENCB *c)
+rsa_generate_private_key(hx509_context context, 
+			 struct hx509_generate_private_context *ctx,
+			 hx509_private_key private_key)
 {
-    return 1;
-}
-
-static int
-rsa_generate_private_key(hx509_context context, hx509_private_key private_key)
-{
-    BN_GENCB cb;
     BIGNUM *e;
     int ret;
+    unsigned long bits;
 
     static const int default_rsa_e = 65537;
     static const int default_rsa_bits = 1024;
@@ -458,9 +460,14 @@ rsa_generate_private_key(hx509_context context, hx509_private_key private_key)
     e = BN_new();
     BN_set_word(e, default_rsa_e);
 
-    BN_GENCB_set(&cb, cb_func, NULL);
-    ret = RSA_generate_key_ex(private_key->private_key.rsa, 
-			      default_rsa_bits, e, &cb);
+    bits = default_rsa_bits;
+
+    if (ctx->num_bits)
+	bits = ctx->num_bits;
+    else if (ctx->isCA)
+	bits *= 2;
+
+    ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
     BN_free(e);
     if (ret != 1) {
 	hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
@@ -1262,9 +1269,57 @@ _hx509_private_key2SPKI(hx509_context context,
     return (*ops->get_spki)(context, private_key, spki);
 }
 
+int
+_hx509_generate_private_key_init(hx509_context context,
+				 const heim_oid *oid,
+				 struct hx509_generate_private_context **ctx)
+{
+    *ctx = NULL;
+
+    if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
+	hx509_set_error_string(context, 0, EINVAL, 
+			       "private key not an RSA key");
+	return EINVAL;
+    }
+
+    *ctx = calloc(1, sizeof(**ctx));
+    if (*ctx == NULL) {
+	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
+	return ENOMEM;
+    }
+    (*ctx)->key_oid = oid;
+
+    return 0;
+}
+
+int
+_hx509_generate_private_key_is_ca(hx509_context context,
+				  struct hx509_generate_private_context *ctx)
+{
+    ctx->isCA = 1;
+    return 0;
+}
+
+int
+_hx509_generate_private_key_bits(hx509_context context,
+				 struct hx509_generate_private_context *ctx,
+				 unsigned long bits)
+{
+    ctx->num_bits = bits;
+    return 0;
+}
+
+
+void
+_hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
+{
+    free(*ctx);
+    *ctx = NULL;
+}
+
 int
 _hx509_generate_private_key(hx509_context context,
-			    const heim_oid *key_oid,
+			    struct hx509_generate_private_context *ctx,
 			    hx509_private_key *private_key)
 {
     struct hx509_private_key_ops *ops;
@@ -1272,7 +1327,7 @@ _hx509_generate_private_key(hx509_context context,
 
     *private_key = NULL;
 
-    ops = find_private_alg(key_oid);
+    ops = find_private_alg(ctx->key_oid);
     if (ops == NULL) {
 	hx509_clear_error_string(context);
 	return HX509_SIG_ALG_NO_SUPPORTED;
@@ -1284,7 +1339,7 @@ _hx509_generate_private_key(hx509_context context,
 	return ret;
     }
 
-    ret = (*ops->generate_private_key)(context, *private_key);
+    ret = (*ops->generate_private_key)(context, ctx, *private_key);
     if (ret)
 	_hx509_private_key_free(private_key);
 
diff --git a/lib/hx509/hx_locl.h b/lib/hx509/hx_locl.h
index efc4bbe25..d21fd5170 100644
--- a/lib/hx509/hx_locl.h
+++ b/lib/hx509/hx_locl.h
@@ -71,6 +71,7 @@
 
 struct hx509_keyset_ops;
 struct hx509_collector;
+struct hx509_generate_private_context;
 typedef struct hx509_path hx509_path;
 
 #include <hx509.h>
diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index 143495955..5c5feaa82 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -857,7 +857,7 @@ read_private_key(const char *fn, hx509_private_key *key)
 }
 
 static void
-get_key(const char *fn, const char *type, int optbits, 
+get_key(const char *fn, const char *type, int optbits,
 	hx509_private_key *signer)
 {
     int ret;
@@ -1413,13 +1413,25 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
     }
 
     if (opt->generate_key_string) {
-	
-	ret = _hx509_generate_private_key(context, 
-					  oid_id_pkcs1_rsaEncryption(),
+	struct hx509_generate_private_context *keyctx;
+
+	ret = _hx509_generate_private_key_init(context, 
+					       oid_id_pkcs1_rsaEncryption(),
+					       &keyctx);
+
+	if (opt->issue_ca_flag)
+	    _hx509_generate_private_key_is_ca(context, keyctx);
+
+	ret = _hx509_generate_private_key(context, keyctx,
 					  &cert_key);
+	_hx509_generate_private_key_free(&keyctx);
 	if (ret)
 	    hx509_err(context, ret, 1, "generate private key");
 	
+	if (opt->key_bits_integer)
+	    _hx509_generate_private_key_bits(context, keyctx,
+					     opt->key_bits_integer);
+
 	ret = _hx509_private_key2SPKI(context, cert_key, &spki);
 	if (ret)
 	    errx(1, "_hx509_private_key2SPKI: %d\n", ret);