efikeygen: move knowledge of key size and exponents up a level

We need to be able to generate keys other than just RSA2048 now.  As a
result, we need to have the key generation data determined outside of
generate_keys() itself.

This makes those parameters part of the generate_keys() call, and moves
the default values into efikeygen itself.

Signed-off-by: Peter Jones <[email protected]>

src/cms_common.c

@@ -1779,11 +1779,12 @@ generate_auth_info(cms_context *cms, SECItem *der, char *url)
 
 int
 generate_keys(cms_context *cms, PK11SlotInfo *slot,
-		SECKEYPrivateKey **privkey, SECKEYPublicKey **pubkey)
+		SECKEYPrivateKey **privkey, SECKEYPublicKey **pubkey,
+		int key_bits, unsigned long exponent)
 {
 	PK11RSAGenParams rsaparams = {
-		.keySizeInBits = 2048,
-		.pe = 0x010001,
+		.keySizeInBits = key_bits,
+		.pe = exponent,
 	};
 
 	SECStatus rv;

src/cms_common.h

@@ -222,7 +222,8 @@ extern int generate_signature(cms_context *ctx);
 extern int unlock_nss_token(cms_context *ctx);
 extern int find_certificate(cms_context *ctx, int needs_private_key);
 extern int generate_keys(cms_context *cms, PK11SlotInfo *slot,
-		SECKEYPrivateKey **privkey, SECKEYPublicKey **pubkey);
+		SECKEYPrivateKey **privkey, SECKEYPublicKey **pubkey,
+		int key_bits, unsigned long exponent);
 extern int is_issuer_of(CERTCertificate *c0, CERTCertificate *c1);
 
 typedef int (find_cert_match_t)(CERTCertificate *cert, void *cbdata);

src/efikeygen.c

@@ -716,6 +716,8 @@ int main(int argc, char *argv[])
 	PRStatus prstatus;
 	void *frees[50] = { NULL, };
 	int nfrees = 0;
+	int key_bits = 2048;
+	unsigned long exponent = 0x010001ul;
 
 	cms_context *cms = NULL;
 
@@ -1017,7 +1019,8 @@ int main(int argc, char *argv[])
 			nsserr(1, "could not find NSS slot for token \"%s\"",
 				cms->tokenname);
 
-		rc = generate_keys(cms, slot, &privkey, &pubkey);
+		rc = generate_keys(cms, slot, &privkey, &pubkey, key_bits,
+				   exponent);
 	}
 	if (rc < 0)
 		exit(1);