From 98356f64a84fb0e6eb8874b166d1736353023c16 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Thu, 19 Sep 2013 15:24:41 -0700
Subject: [PATCH] make_key: add EC key generation support

Add the ability to create EC keys for use in creating ECDSA signatures.

Change-Id: Ia1654b69056413d66275ea6c55d8273f5f09f5c6
---
 tools/make_key | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/tools/make_key b/tools/make_key
index 209d824f6..a1018177a 100755
--- a/tools/make_key
+++ b/tools/make_key
@@ -17,12 +17,12 @@
 # Generates a public/private key pair suitable for use in signing
 # android .apks and OTA update packages.
 
-if [ "$#" -ne 2 ]; then
+if [ "$#" -lt 2 -o "$#" -gt 3 ]; then
   cat <<EOF
-Usage: $0 <name> <subject>
+Usage: $0 <name> <subject> [<keytype>]
 
 Creates <name>.pk8 key and <name>.x509.pem cert.  Cert contains the
-given <subject>.
+given <subject>. A keytype of "rsa" or "ec" is accepted.
 EOF
   exit 2
 fi
@@ -49,9 +49,18 @@ chmod 0600 ${one} ${two}
 read -p "Enter password for '$1' (blank for none; password will be visible): " \
   password
 
-( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &
+if [ "${3}" = "rsa" -o "$#" -eq 2 ]; then
+  ( openssl genrsa -f4 2048 | tee ${one} > ${two} ) &
+  hash="-sha1"
+elif [ "${3}" = "ec" ]; then
+  ( openssl ecparam -name prime256v1 -genkey -noout | tee ${one} > ${two} ) &
+  hash="-sha256"
+else
+  echo "Only accepts RSA or EC keytypes."
+  exit 1
+fi
 
-openssl req -new -x509 -sha1 -key ${two} -out $1.x509.pem \
+openssl req -new -x509 ${hash} -key ${two} -out $1.x509.pem \
   -days 10000 -subj "$2" &
 
 if [ "${password}" == "" ]; then