Creating EC keys

Added options to create EC keys, however there remains a problem that
p11tool doesn't display curve names as it does with keys generated with
`p11tool --generate-privkey`.

Signed-off-by: Marcel Guzik <marcel.guzik@cumulocity.com>

Author: Bravo555

Cargo.lock

@@ -7,6 +7,7 @@ use crate::certificate_is_self_signed;
 use crate::cli::certificate::c8y;
 use crate::cli::certificate::create_csr::Key;
 use crate::cli::certificate::create_key::CreateKeyCmd;
+use crate::cli::certificate::create_key::KeyType;
 use crate::cli::common::Cloud;
 use crate::cli::common::CloudArg;
 use crate::command::BuildCommand;
@@ -54,11 +55,17 @@ pub enum TEdgeCertCli {
 
     /// Create a new keypair
     CreateKey {
+        #[arg(long)]
+        label: String,
+
+        #[arg(long)]
+        r#type: KeyType,
+
         #[arg(long, default_value = "2048")]
         bits: u16,
 
-        #[arg(long)]
-        label: String,
+        #[arg(long, default_value = "256")]
+        curve: u16,
     },
 
     /// Renew the device certificate
@@ -230,7 +237,18 @@ impl BuildCommand for TEdgeCertCli {
                 cmd.into_boxed()
             }
 
-            TEdgeCertCli::CreateKey { bits, label } => CreateKeyCmd { bits, label }.into_boxed(),
+            TEdgeCertCli::CreateKey {
+                bits,
+                label,
+                r#type,
+                curve,
+            } => CreateKeyCmd {
+                bits,
+                label,
+                r#type,
+                curve,
+            }
+            .into_boxed(),
 
             TEdgeCertCli::Show {
                 cloud,

crates/core/tedge/src/cli/certificate/cli.rs

@@ -1,3 +1,4 @@
+use clap::ValueEnum;
 use tedge_config::TEdgeConfig;
 use tedge_p11_server::pkcs11::{CreateKeyParams, KeyTypeParams};
 
@@ -6,7 +7,15 @@ use crate::log::MaybeFancy;
 
 pub struct CreateKeyCmd {
     pub bits: u16,
+    pub curve: u16,
     pub label: String,
+    pub r#type: KeyType,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, ValueEnum)]
+pub enum KeyType {
+    Rsa,
+    Ec,
 }
 
 #[async_trait::async_trait]
@@ -20,8 +29,12 @@ impl Command for CreateKeyCmd {
         let pkcs11client = tedge_p11_server::client::TedgeP11Client::with_ready_check(
             socket_path.as_std_path().into(),
         );
+        let key = match self.r#type {
+            KeyType::Rsa => KeyTypeParams::Rsa { bits: self.bits },
+            KeyType::Ec => KeyTypeParams::Ec { curve: self.curve },
+        };
         let params = CreateKeyParams {
-            key: KeyTypeParams::Rsa { bits: self.bits },
+            key,
             token: None,
             label: self.label.clone(),
         };

crates/core/tedge/src/cli/certificate/create_key.rs

@@ -16,8 +16,10 @@ camino.features = ["serde1"]
 camino.workspace = true
 clap.workspace = true
 cryptoki.workspace = true
+oid-registry = "0.8.1"
 percent-encoding.workspace = true
 postcard.workspace = true
+rand = "0.9.1"
 rustls.workspace = true
 sd-listen-fds.workspace = true
 serde.workspace = true