show possible rsa bits and ec curve flag values in cli

Signed-off-by: Marcel Guzik <[email protected]>

Author: Bravo555

crates/core/tedge/src/cli/certificate/cli.rs

@@ -7,7 +7,9 @@ use crate::certificate_is_self_signed;
 use crate::cli::certificate::c8y;
 use crate::cli::certificate::create_csr::Key;
 use crate::cli::certificate::create_key::CreateKeyCmd;
+use crate::cli::certificate::create_key::EcCurve;
 use crate::cli::certificate::create_key::KeyType;
+use crate::cli::certificate::create_key::RsaBits;
 use crate::cli::common::Cloud;
 use crate::cli::common::CloudArg;
 use crate::command::BuildCommand;
@@ -65,11 +67,11 @@ pub enum TEdgeCertCli {
         #[arg(long)]
         r#type: KeyType,
 
-        #[arg(long, default_value = "2048")]
-        bits: u16,
+        #[arg(long, default_value = "2048", group = "key_params")]
+        bits: RsaBits,
 
-        #[arg(long, default_value = "256")]
-        curve: u16,
+        #[arg(long, default_value = "p256", group = "key_params")]
+        curve: EcCurve,
 
         /// The device identifier to be used as the common name for the certificate
         #[clap(long = "device-id", global = true)]

crates/core/tedge/src/cli/certificate/create_key.rs

@@ -11,8 +11,8 @@ use crate::log::MaybeFancy;
 
 pub struct CreateKeyCmd {
     pub cryptoki_config: CryptokiConfig,
-    pub bits: u16,
-    pub curve: u16,
+    pub bits: RsaBits,
+    pub curve: EcCurve,
     pub label: String,
     pub r#type: KeyType,
     /// The device identifier to be used as the common name for the certificate
@@ -27,6 +27,41 @@ pub enum KeyType {
     Ec,
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq, ValueEnum)]
+pub enum RsaBits {
+    #[value(name = "2048")]
+    Bits2048,
+    #[value(name = "3072")]
+    Bits3072,
+    #[value(name = "4096")]
+    Bits4096,
+}
+
+impl From<RsaBits> for u16 {
+    fn from(value: RsaBits) -> Self {
+        match value {
+            RsaBits::Bits2048 => 2048,
+            RsaBits::Bits3072 => 3072,
+            RsaBits::Bits4096 => 4096,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, ValueEnum)]
+pub enum EcCurve {
+    P256,
+    P384,
+}
+
+impl From<EcCurve> for u16 {
+    fn from(value: EcCurve) -> Self {
+        match value {
+            EcCurve::P256 => 256,
+            EcCurve::P384 => 384,
+        }
+    }
+}
+
 #[async_trait::async_trait]
 impl Command for CreateKeyCmd {
     fn description(&self) -> String {
@@ -35,8 +70,12 @@ impl Command for CreateKeyCmd {
 
     async fn execute(&self, _config: TEdgeConfig) -> Result<(), MaybeFancy<anyhow::Error>> {
         let key = match self.r#type {
-            KeyType::Rsa => KeyTypeParams::Rsa { bits: self.bits },
-            KeyType::Ec => KeyTypeParams::Ec { curve: self.curve },
+            KeyType::Rsa => KeyTypeParams::Rsa {
+                bits: self.bits.into(),
+            },
+            KeyType::Ec => KeyTypeParams::Ec {
+                curve: self.curve.into(),
+            },
         };
         let params = CreateKeyParams {
             key,
@@ -54,13 +93,8 @@ impl Command for CreateKeyCmd {
         // use returned public key to create a CSR
         let sigalg = match (self.r#type, self.curve) {
             (KeyType::Rsa, _) => certificate::SignatureAlgorithm::RsaPkcs1Sha256,
-            (KeyType::Ec, 256) => certificate::SignatureAlgorithm::EcdsaP256Sha256,
-            (KeyType::Ec, 384) => certificate::SignatureAlgorithm::EcdsaP384Sha384,
-            _ => {
-                return Err(
-                    anyhow::anyhow!("invalid arguments: bad keytype/arg combination").into(),
-                )
-            }
+            (KeyType::Ec, EcCurve::P256) => certificate::SignatureAlgorithm::EcdsaP256Sha256,
+            (KeyType::Ec, EcCurve::P384) => certificate::SignatureAlgorithm::EcdsaP384Sha384,
         };
 
         let key = super::create_csr::Key::Cryptoki {

tests/RobotFramework/tests/pkcs11/private_key_storage.robot

@@ -146,14 +146,14 @@ Can create a private key on the PKCS11 token and download new cert from c8y
     ...    p11tool_keytype=RSA-4096
 
     Create private key and download cert from c8y
-    ...    label=ec-256
+    ...    label=ec-p256
     ...    type=ec
-    ...    curve=256
+    ...    curve=p256
     ...    p11tool_keytype=EC/ECDSA-SECP256R1
     Create private key and download cert from c8y
-    ...    label=ec-384
+    ...    label=ec-p384
     ...    type=ec
-    ...    curve=384
+    ...    curve=p384
     ...    p11tool_keytype=EC/ECDSA-SECP384R1
     # ECDSA P521 not supported by rcgen