feat(cert-create): ecdsa p384 key support
Adding ECDSA P384 (secp384r1) key creation support through key_bits
obtained from KEY_SIZE.
Change-Id: I571251caef20222990bd927cdfb5f35bf2a185d0
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index 312575b..56f1c21 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -44,7 +44,7 @@
static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
{ 2048, 1024, 3072, 4096 }, /* KEY_ALG_RSA */
#ifndef OPENSSL_NO_EC
- {}, /* KEY_ALG_ECDSA_NIST */
+ { 256, 384 }, /* KEY_ALG_ECDSA_NIST */
{}, /* KEY_ALG_ECDSA_BRAINPOOL_R */
{} /* KEY_ALG_ECDSA_BRAINPOOL_T */
#endif /* OPENSSL_NO_EC */
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 32229d1..14c8e18 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -1,9 +1,10 @@
/*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <assert.h>
#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
@@ -112,7 +113,12 @@
static int key_create_ecdsa_nist(key_t *key, int key_bits)
{
- return key_create_ecdsa(key, key_bits, "prime256v1");
+ if (key_bits == 384) {
+ return key_create_ecdsa(key, key_bits, "secp384r1");
+ } else {
+ assert(key_bits == 256);
+ return key_create_ecdsa(key, key_bits, "prime256v1");
+ }
}
static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)
@@ -154,7 +160,12 @@
static int key_create_ecdsa_nist(key_t *key, int key_bits)
{
- return key_create_ecdsa(key, key_bits, NID_X9_62_prime256v1);
+ if (key_bits == 384) {
+ return key_create_ecdsa(key, key_bits, NID_secp384r1);
+ } else {
+ assert(key_bits == 256);
+ return key_create_ecdsa(key, key_bits, NID_X9_62_prime256v1);
+ }
}
static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)