xref: /arm-trusted-firmware/tools/cert_create/include/key.h (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700Schasinglulu /*
2*91f16700Schasinglulu  * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3*91f16700Schasinglulu  *
4*91f16700Schasinglulu  * SPDX-License-Identifier: BSD-3-Clause
5*91f16700Schasinglulu  */
6*91f16700Schasinglulu 
7*91f16700Schasinglulu #ifndef KEY_H
8*91f16700Schasinglulu #define KEY_H
9*91f16700Schasinglulu 
10*91f16700Schasinglulu #include <openssl/ossl_typ.h>
11*91f16700Schasinglulu 
12*91f16700Schasinglulu /* Error codes */
13*91f16700Schasinglulu enum {
14*91f16700Schasinglulu 	KEY_ERR_NONE,
15*91f16700Schasinglulu 	KEY_ERR_MALLOC,
16*91f16700Schasinglulu 	KEY_ERR_FILENAME,
17*91f16700Schasinglulu 	KEY_ERR_OPEN,
18*91f16700Schasinglulu 	KEY_ERR_LOAD
19*91f16700Schasinglulu };
20*91f16700Schasinglulu 
21*91f16700Schasinglulu /* Supported key algorithms */
22*91f16700Schasinglulu enum {
23*91f16700Schasinglulu 	KEY_ALG_RSA,		/* RSA PSS as defined by PKCS#1 v2.1 (default) */
24*91f16700Schasinglulu #ifndef OPENSSL_NO_EC
25*91f16700Schasinglulu 	KEY_ALG_ECDSA_NIST,
26*91f16700Schasinglulu 	KEY_ALG_ECDSA_BRAINPOOL_R,
27*91f16700Schasinglulu 	KEY_ALG_ECDSA_BRAINPOOL_T,
28*91f16700Schasinglulu #endif /* OPENSSL_NO_EC */
29*91f16700Schasinglulu 	KEY_ALG_MAX_NUM
30*91f16700Schasinglulu };
31*91f16700Schasinglulu 
32*91f16700Schasinglulu /* Maximum number of valid key sizes per algorithm */
33*91f16700Schasinglulu #define KEY_SIZE_MAX_NUM	4
34*91f16700Schasinglulu 
35*91f16700Schasinglulu /* Supported hash algorithms */
36*91f16700Schasinglulu enum{
37*91f16700Schasinglulu 	HASH_ALG_SHA256,
38*91f16700Schasinglulu 	HASH_ALG_SHA384,
39*91f16700Schasinglulu 	HASH_ALG_SHA512,
40*91f16700Schasinglulu };
41*91f16700Schasinglulu 
42*91f16700Schasinglulu /* Supported key sizes */
43*91f16700Schasinglulu /* NOTE: the first item in each array is the default key size */
44*91f16700Schasinglulu static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
45*91f16700Schasinglulu 	{ 2048, 1024, 3072, 4096 },	/* KEY_ALG_RSA */
46*91f16700Schasinglulu #ifndef OPENSSL_NO_EC
47*91f16700Schasinglulu 	{ 256, 384 },			/* KEY_ALG_ECDSA_NIST */
48*91f16700Schasinglulu 	{},				/* KEY_ALG_ECDSA_BRAINPOOL_R */
49*91f16700Schasinglulu 	{}				/* KEY_ALG_ECDSA_BRAINPOOL_T */
50*91f16700Schasinglulu #endif /* OPENSSL_NO_EC */
51*91f16700Schasinglulu };
52*91f16700Schasinglulu 
53*91f16700Schasinglulu /*
54*91f16700Schasinglulu  * This structure contains the relevant information to create the keys
55*91f16700Schasinglulu  * required to sign the certificates.
56*91f16700Schasinglulu  *
57*91f16700Schasinglulu  * One instance of this structure must be created for each key, usually in an
58*91f16700Schasinglulu  * array fashion. The filename is obtained at run time from the command line
59*91f16700Schasinglulu  * parameters
60*91f16700Schasinglulu  */
61*91f16700Schasinglulu typedef struct key_s {
62*91f16700Schasinglulu 	int id;			/* Key id */
63*91f16700Schasinglulu 	const char *opt;	/* Command line option to specify a key */
64*91f16700Schasinglulu 	const char *help_msg;	/* Help message */
65*91f16700Schasinglulu 	const char *desc;	/* Key description (debug purposes) */
66*91f16700Schasinglulu 	char *fn;		/* Filename to load/store the key */
67*91f16700Schasinglulu 	EVP_PKEY *key;		/* Key container */
68*91f16700Schasinglulu } key_t;
69*91f16700Schasinglulu 
70*91f16700Schasinglulu /* Exported API */
71*91f16700Schasinglulu int key_init(void);
72*91f16700Schasinglulu key_t *key_get_by_opt(const char *opt);
73*91f16700Schasinglulu #if !USING_OPENSSL3
74*91f16700Schasinglulu int key_new(key_t *key);
75*91f16700Schasinglulu #endif
76*91f16700Schasinglulu int key_create(key_t *key, int type, int key_bits);
77*91f16700Schasinglulu unsigned int key_load(key_t *key);
78*91f16700Schasinglulu int key_store(key_t *key);
79*91f16700Schasinglulu void key_cleanup(void);
80*91f16700Schasinglulu 
81*91f16700Schasinglulu /* Macro to register the keys used in the CoT */
82*91f16700Schasinglulu #define REGISTER_KEYS(_keys) \
83*91f16700Schasinglulu 	key_t *def_keys = &_keys[0]; \
84*91f16700Schasinglulu 	const unsigned int num_def_keys = sizeof(_keys)/sizeof(_keys[0])
85*91f16700Schasinglulu 
86*91f16700Schasinglulu /* Macro to register the platform defined keys used in the CoT */
87*91f16700Schasinglulu #define PLAT_REGISTER_KEYS(_pdef_keys) \
88*91f16700Schasinglulu 	key_t *pdef_keys = &_pdef_keys[0]; \
89*91f16700Schasinglulu 	const unsigned int num_pdef_keys = sizeof(_pdef_keys)/sizeof(_pdef_keys[0])
90*91f16700Schasinglulu 
91*91f16700Schasinglulu /* Exported variables */
92*91f16700Schasinglulu extern key_t *def_keys;
93*91f16700Schasinglulu extern const unsigned int num_def_keys;
94*91f16700Schasinglulu extern key_t *pdef_keys;
95*91f16700Schasinglulu extern const unsigned int num_pdef_keys;
96*91f16700Schasinglulu 
97*91f16700Schasinglulu extern key_t *keys;
98*91f16700Schasinglulu extern unsigned int num_keys;
99*91f16700Schasinglulu #endif /* KEY_H */
100