mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-12 02:45:33 +00:00
a8eb286ada
This patch enables choice of RSA version at run time to be used for generating signatures by the cert_tool. The RSA PSS as defined in PKCS#1 v2.1 becomes the default version and this patch enables to specify the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line -a option. Also, the build option `KEY_ALG` can be used to pass this option from the build system. Please note that RSA PSS is mandated by Trusted Board Boot requirements (TBBR) and legacy RSA support is being added for compatibility reasons. Fixes ARM-Software/tf-issues#499 Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73 Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
68 lines
1.6 KiB
C
68 lines
1.6 KiB
C
/*
|
|
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef KEY_H_
|
|
#define KEY_H_
|
|
|
|
#include <openssl/ossl_typ.h>
|
|
|
|
#define RSA_KEY_BITS 2048
|
|
|
|
/* Error codes */
|
|
enum {
|
|
KEY_ERR_NONE,
|
|
KEY_ERR_MALLOC,
|
|
KEY_ERR_FILENAME,
|
|
KEY_ERR_OPEN,
|
|
KEY_ERR_LOAD
|
|
};
|
|
|
|
/* Supported key algorithms */
|
|
enum {
|
|
KEY_ALG_RSA, /* RSA PSS as defined by PKCS#1 v2.1 (default) */
|
|
KEY_ALG_RSA_1_5, /* RSA as defined by PKCS#1 v1.5 */
|
|
#ifndef OPENSSL_NO_EC
|
|
KEY_ALG_ECDSA,
|
|
#endif /* OPENSSL_NO_EC */
|
|
KEY_ALG_MAX_NUM
|
|
};
|
|
|
|
/*
|
|
* This structure contains the relevant information to create the keys
|
|
* required to sign the certificates.
|
|
*
|
|
* One instance of this structure must be created for each key, usually in an
|
|
* array fashion. The filename is obtained at run time from the command line
|
|
* parameters
|
|
*/
|
|
typedef struct key_s {
|
|
int id; /* Key id */
|
|
const char *opt; /* Command line option to specify a key */
|
|
const char *help_msg; /* Help message */
|
|
const char *desc; /* Key description (debug purposes) */
|
|
char *fn; /* Filename to load/store the key */
|
|
EVP_PKEY *key; /* Key container */
|
|
} key_t;
|
|
|
|
/* Exported API */
|
|
int key_init(void);
|
|
key_t *key_get_by_opt(const char *opt);
|
|
int key_new(key_t *key);
|
|
int key_create(key_t *key, int type);
|
|
int key_load(key_t *key, unsigned int *err_code);
|
|
int key_store(key_t *key);
|
|
|
|
/* Macro to register the keys used in the CoT */
|
|
#define REGISTER_KEYS(_keys) \
|
|
key_t *keys = &_keys[0]; \
|
|
const unsigned int num_keys = sizeof(_keys)/sizeof(_keys[0])
|
|
|
|
/* Exported variables */
|
|
extern key_t *keys;
|
|
extern const unsigned int num_keys;
|
|
|
|
#endif /* KEY_H_ */
|