Add cert_create tool support for RSA key sizes
cert_tool is now able to accept a command line option for specifying the
key size. It now supports the following options: 1024, 2048 (default),
3072 and 4096. This is also modifiable by TFA using the build flag
KEY_SIZE.
Change-Id: Ifadecf84ade3763249ee8cc7123a8178f606f0e5
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index fece770..93d31f7 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -41,7 +41,7 @@
return 1;
}
-static int key_create_rsa(key_t *key)
+static int key_create_rsa(key_t *key, int key_bits)
{
BIGNUM *e;
RSA *rsa = NULL;
@@ -63,7 +63,7 @@
goto err;
}
- if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
+ if (!RSA_generate_key_ex(rsa, key_bits, e, NULL)) {
printf("Cannot generate RSA key\n");
goto err;
}
@@ -82,7 +82,7 @@
}
#ifndef OPENSSL_NO_EC
-static int key_create_ecdsa(key_t *key)
+static int key_create_ecdsa(key_t *key, int key_bits)
{
EC_KEY *ec;
@@ -109,7 +109,7 @@
}
#endif /* OPENSSL_NO_EC */
-typedef int (*key_create_fn_t)(key_t *key);
+typedef int (*key_create_fn_t)(key_t *key, int key_bits);
static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
key_create_rsa, /* KEY_ALG_RSA */
key_create_rsa, /* KEY_ALG_RSA_1_5 */
@@ -118,7 +118,7 @@
#endif /* OPENSSL_NO_EC */
};
-int key_create(key_t *key, int type)
+int key_create(key_t *key, int type, int key_bits)
{
if (type >= KEY_ALG_MAX_NUM) {
printf("Invalid key type\n");
@@ -126,7 +126,7 @@
}
if (key_create_fn[type]) {
- return key_create_fn[type](key);
+ return key_create_fn[type](key, key_bits);
}
return 0;