Add cert_create tool support for RSA key sizes
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.
Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index 310a77f..c08beb8 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,8 +9,6 @@
#include <openssl/ossl_typ.h>
-#define RSA_KEY_BITS 2048
-
/* Error codes */
enum {
KEY_ERR_NONE,
@@ -30,6 +28,9 @@
KEY_ALG_MAX_NUM
};
+/* Maximum number of valid key sizes per algorithm */
+#define KEY_SIZE_MAX_NUM 4
+
/* Supported hash algorithms */
enum{
HASH_ALG_SHA256,
@@ -37,6 +38,16 @@
HASH_ALG_SHA512,
};
+/* Supported key sizes */
+/* NOTE: the first item in each array is the default key size */
+static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
+ { 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA */
+ { 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA_1_5 */
+#ifndef OPENSSL_NO_EC
+ {} /* KEY_ALG_ECDSA */
+#endif /* OPENSSL_NO_EC */
+};
+
/*
* This structure contains the relevant information to create the keys
* required to sign the certificates.
@@ -58,7 +69,7 @@
int key_init(void);
key_t *key_get_by_opt(const char *opt);
int key_new(key_t *key);
-int key_create(key_t *key, int type);
+int key_create(key_t *key, int type, int key_bits);
int key_load(key_t *key, unsigned int *err_code);
int key_store(key_t *key);