wolfSSL · levirak · Aug 18, 2017 · Aug 18, 2017
diff --git a/wolfCLU/clu_include/clu_optargs.h b/wolfCLU/clu_include/clu_optargs.h
@@ -39,6 +39,8 @@ enum {
     ALL,
     SIZE,
     EXPONENT,
+    CURVE,
+    LIST_CURVES,
     TIME,
     VERIFY,
     VERBOSE,
@@ -71,6 +73,8 @@ static struct option long_options[] = {
     {"all",     no_argument,       0, ALL       },
     {"size",    required_argument, 0, SIZE      },
     {"exponent",required_argument, 0, EXPONENT  },
+    {"curve",   required_argument, 0, CURVE     },
+    {"list_curves", no_argument,   0, LIST_CURVES },
     {"time",    required_argument, 0, TIME      },
     {"verify",  no_argument,       0, VERIFY    },
     {"verbose", no_argument,       0, VERBOSE   },

diff --git a/wolfCLU/clu_include/genkey/clu_genkey.h b/wolfCLU/clu_include/genkey/clu_genkey.h
@@ -62,7 +62,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive,
  * return   0 on success, non-zero on error
  */
 int wolfCLU_genKey_ECC(RNG* rng, char* fName, int directive, int fmt,
-                       int keySz);
+                       int keySz, int curveId);
 
 /**
  * generates an RSA key

diff --git a/wolfCLU/clu_src/clu_main.c b/wolfCLU/clu_src/clu_main.c
@@ -73,6 +73,8 @@ int main(int argc, char** argv)
         case ALL:      /* Opt to benchmark all available algorithms */
         case SIZE:     /* size for hash or key to output            */
         case EXPONENT: /* exponent for generating RSA key           */
+        case CURVE:    /* curve for generating ECC key              */
+        case LIST_CURVES: /* list curves for generating ECC keys    */
         case TIME:     /* Time to benchmark for                     */
         case VERIFY:   /* Verify results, used with -iv and -key    */
         case INFORM:   /* Certificate Stuff                         */

diff --git a/wolfCLU/clu_src/genkey/clu_genkey.c b/wolfCLU/clu_src/genkey/clu_genkey.c
@@ -147,7 +147,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format)
 #endif /* HAVE_ED25519 */
 
 int wolfCLU_genKey_ECC(RNG* rng, char* fName, int directive, int fmt,
-                       int keySz)
+                       int keySz, int curveId)
 {
 #ifdef HAVE_ECC
     ecc_key key;
@@ -176,7 +176,7 @@ int wolfCLU_genKey_ECC(RNG* rng, char* fName, int directive, int fmt,
     ret = wc_ecc_init_ex(&key, HEAP_HINT, INVALID_DEVID);
     if (ret != 0)
         return ret;
-    ret = wc_ecc_make_key(rng, keySz, &key);
+    ret = wc_ecc_make_key_ex(rng, keySz, &key, curveId);
 #if defined(WOLFSSL_ASYNC_CRYPT)
     /* @Audit: is this all correct? */
     ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);

diff --git a/wolfCLU/clu_src/genkey/clu_genkey_setup.c b/wolfCLU/clu_src/genkey/clu_genkey_setup.c
@@ -23,27 +23,75 @@
 #include "clu_include/genkey/clu_genkey.h"
 #include "clu_include/x509/clu_cert.h"  /* argument checking */
 
+const struct { char *name; int len; int id; } ecc_curves[] = {
+    { "default",         7,  ECC_CURVE_DEF       },
+    { "secp192r1",       9,  ECC_SECP192R1       },
+    { "prime192v2",      10, ECC_PRIME192V2      },
+    { "prime192v3",      10, ECC_PRIME192V3      },
+    { "prime239v1",      10, ECC_PRIME239V1      },
+    { "prime239v2",      10, ECC_PRIME239V2      },
+    { "prime239v3",      10, ECC_PRIME239V3      },
+    { "secp256r1",       9,  ECC_SECP256R1       },
+    { "prime256v1",      10, ECC_SECP256R1       },
+    { "secp112r1",       9,  ECC_SECP112R1       },
+    { "secp112r2",       9,  ECC_SECP112R2       },
+    { "secp128r1",       9,  ECC_SECP128R1       },
+    { "secp128r2",       9,  ECC_SECP128R2       },
+    { "secp160r1",       9,  ECC_SECP160R1       },
+    { "secp160r2",       9,  ECC_SECP160R2       },
+    { "secp224r1",       9,  ECC_SECP224R1       },
+    { "secp384r1",       9,  ECC_SECP384R1       },
+    { "secp521r1",       9,  ECC_SECP521R1       },
+    { "secp160k1",       9,  ECC_SECP160K1       },
+    { "secp192k1",       9,  ECC_SECP192K1       },
+    { "secp224k1",       9,  ECC_SECP224K1       },
+    { "secp256k1",       9,  ECC_SECP256K1       },
+    { "brainpoolp160r1", 15, ECC_BRAINPOOLP160R1 },
+    { "brainpoolp192r1", 15, ECC_BRAINPOOLP192R1 },
+    { "brainpoolp224r1", 15, ECC_BRAINPOOLP224R1 },
+    { "brainpoolp256r1", 15, ECC_BRAINPOOLP256R1 },
+    { "brainpoolp320r1", 15, ECC_BRAINPOOLP320R1 },
+    { "brainpoolp384r1", 15, ECC_BRAINPOOLP384R1 },
+    { "brainpoolp512r1", 15, ECC_BRAINPOOLP512R1 },
+#ifdef HAVE_CURVE25519
+    { "x25519",          6,  ECC_X25519          },
+#endif
+#ifdef HAVE_X448
+    { "x448",            4,  ECC_X448            },
+#endif
+#ifdef WOLFSSL_CUSTOM_CURVES
+    { "custom",          6,  ECC_CURVE_CUSTOM    },
+#endif
+};
+int num_ecc_curves = sizeof(ecc_curves) / sizeof(ecc_curves[0]);
+
 int wolfCLU_genKeySetup(int argc, char** argv)
 {
     char     keyOutFName[MAX_FILENAME_SZ];  /* default outFile for genKey */
     char     defaultFormat[4] = "der\0";
-    FILE*    fStream;
     WC_RNG   rng;
 
     char*    keyType = NULL;       /* keyType */
     char*    format  = defaultFormat;
 
     int      formatArg  =   DER_FORM;
-    int      size       =   0;  /* keysize */
     int      ret        =   0;  /* return variable */
     int      i          =   0;  /* loop counter */
 
-    ret = wolfCLU_checkForArg("-h", 2, argc, argv);
+    ret = wolfCLU_checkForArg("-help", 5, argc, argv);
     if (ret > 0) {
         wolfCLU_genKeyHelp();
         return 0;
     }
 
+    ret = wolfCLU_checkForArg("-list_curves", 12, argc, argv);
+    if (ret > 0) {
+        for (i = 0; i < num_ecc_curves; ++i) {
+            printf("  %s\n", ecc_curves[i].name);
+        }
+        return 0;
+    }
+
     XMEMSET(keyOutFName, 0, MAX_FILENAME_SZ);
 
     keyType = argv[2];
@@ -116,6 +164,7 @@ int wolfCLU_genKeySetup(int argc, char** argv)
         /* ECC flags */
         int directiveArg;
         int sizeArg;
+        int curveId;
 
         printf("generate ECC key\n");
 
@@ -164,8 +213,26 @@ int wolfCLU_genKeySetup(int argc, char** argv)
             sizeArg = 32;
         }
 
+        /* get the directive argument */
+        ret = wolfCLU_checkForArg("-curve", 6, argc, argv);
+        if (ret > 0) {
+            for (i = 0; i < num_ecc_curves; ++i) {
+                if (XSTRNCMP(argv[ret+1], ecc_curves[i].name,
+                             ecc_curves[i].len) == 0) {
+                    printf("DEBUG: got '%s' (id %d)\n", ecc_curves[i].name,
+                           ecc_curves[i].id);
+                    curveId = ecc_curves[i].id;
+                    break;
+                }
+            }
+        } else {
+            printf("No -curve <ID>\n");
+            printf("DEFAULT: using \"default\" for default curve.\n");
+            curveId = ECC_CURVE_DEF;
+        }
+
         ret = wolfCLU_genKey_ECC(&rng, keyOutFName, directiveArg,
-                                 formatArg, sizeArg);
+                                 formatArg, sizeArg, curveId);
     #else
         printf("Invalid option, ECC not enabled.\n");
         printf("Please re-configure wolfSSL with --enable-ecc and "