key.h 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. /*
  2. * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
  3. *
  4. * SPDX-License-Identifier: BSD-3-Clause
  5. */
  6. #ifndef KEY_H
  7. #define KEY_H
  8. #include <openssl/ossl_typ.h>
  9. /* Error codes */
  10. enum {
  11. KEY_ERR_NONE,
  12. KEY_ERR_MALLOC,
  13. KEY_ERR_FILENAME,
  14. KEY_ERR_OPEN,
  15. KEY_ERR_LOAD
  16. };
  17. /* Supported key algorithms */
  18. enum {
  19. KEY_ALG_RSA, /* RSA PSS as defined by PKCS#1 v2.1 (default) */
  20. #ifndef OPENSSL_NO_EC
  21. KEY_ALG_ECDSA_NIST,
  22. KEY_ALG_ECDSA_BRAINPOOL_R,
  23. KEY_ALG_ECDSA_BRAINPOOL_T,
  24. #endif /* OPENSSL_NO_EC */
  25. KEY_ALG_MAX_NUM
  26. };
  27. /* Maximum number of valid key sizes per algorithm */
  28. #define KEY_SIZE_MAX_NUM 4
  29. /* Supported hash algorithms */
  30. enum{
  31. HASH_ALG_SHA256,
  32. HASH_ALG_SHA384,
  33. HASH_ALG_SHA512,
  34. };
  35. /* Supported key sizes */
  36. /* NOTE: the first item in each array is the default key size */
  37. static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
  38. { 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA */
  39. #ifndef OPENSSL_NO_EC
  40. { 256, 384 }, /* KEY_ALG_ECDSA_NIST */
  41. {}, /* KEY_ALG_ECDSA_BRAINPOOL_R */
  42. {} /* KEY_ALG_ECDSA_BRAINPOOL_T */
  43. #endif /* OPENSSL_NO_EC */
  44. };
  45. /*
  46. * This structure contains the relevant information to create the keys
  47. * required to sign the certificates.
  48. *
  49. * One instance of this structure must be created for each key, usually in an
  50. * array fashion. The filename is obtained at run time from the command line
  51. * parameters
  52. */
  53. typedef struct key_s {
  54. int id; /* Key id */
  55. const char *opt; /* Command line option to specify a key */
  56. const char *help_msg; /* Help message */
  57. const char *desc; /* Key description (debug purposes) */
  58. char *fn; /* Filename to load/store the key */
  59. EVP_PKEY *key; /* Key container */
  60. } cert_key_t;
  61. /* Exported API */
  62. int key_init(void);
  63. cert_key_t *key_get_by_opt(const char *opt);
  64. #if !USING_OPENSSL3
  65. int key_new(cert_key_t *key);
  66. #endif
  67. int key_create(cert_key_t *key, int type, int key_bits);
  68. unsigned int key_load(cert_key_t *key);
  69. int key_store(cert_key_t *key);
  70. void key_cleanup(void);
  71. /* Macro to register the keys used in the CoT */
  72. #define REGISTER_KEYS(_keys) \
  73. cert_key_t *def_keys = &_keys[0]; \
  74. const unsigned int num_def_keys = sizeof(_keys)/sizeof(_keys[0])
  75. /* Macro to register the platform defined keys used in the CoT */
  76. #define PLAT_REGISTER_KEYS(_pdef_keys) \
  77. cert_key_t *pdef_keys = &_pdef_keys[0]; \
  78. const unsigned int num_pdef_keys = sizeof(_pdef_keys)/sizeof(_pdef_keys[0])
  79. /* Exported variables */
  80. extern cert_key_t *def_keys;
  81. extern const unsigned int num_def_keys;
  82. extern cert_key_t *pdef_keys;
  83. extern const unsigned int num_pdef_keys;
  84. extern cert_key_t *keys;
  85. extern unsigned int num_keys;
  86. #endif /* KEY_H */