Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 00185ea7d6ac4a0bfbfe415ee936fcfa113174f8^! / .
commit00185ea7d6ac4a0bfbfe415ee936fcfa113174f8[log] [tgz]
authorlaurenw-arm <lauren.wehrmeister@arm.com>Tue Aug 15 14:53:59 2023 -0500
committerlaurenw-arm <lauren.wehrmeister@arm.com>Fri Oct 13 09:59:25 2023 -0500
tree72738a9a9d979e3f88376198192a16052f23e0e7
parent9cd2e1431b799da3a53d66ed96de8b29ef897dfa [diff]
feat(cert-create): ecdsa p384 key support

Adding ECDSA P384 (secp384r1) key creation support through key_bits
obtained from KEY_SIZE.

Change-Id: I571251caef20222990bd927cdfb5f35bf2a185d0
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

diff --git a/tools/cert_create/include/key.h b/tools/cert_create/include/key.h
index 312575b..56f1c21 100644
--- a/tools/cert_create/include/key.h
+++ b/tools/cert_create/include/key.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -44,7 +44,7 @@
 static const unsigned int KEY_SIZES[KEY_ALG_MAX_NUM][KEY_SIZE_MAX_NUM] = {
 	{ 2048, 1024, 3072, 4096 },	/* KEY_ALG_RSA */
 #ifndef OPENSSL_NO_EC
-	{},				/* KEY_ALG_ECDSA_NIST */
+	{ 256, 384 },			/* KEY_ALG_ECDSA_NIST */
 	{},				/* KEY_ALG_ECDSA_BRAINPOOL_R */
 	{}				/* KEY_ALG_ECDSA_BRAINPOOL_T */
 #endif /* OPENSSL_NO_EC */

diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index 32229d1..14c8e18 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c

@@ -1,9 +1,10 @@
 /*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
+#include <assert.h>
 #include <getopt.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -112,7 +113,12 @@
 
 static int key_create_ecdsa_nist(key_t *key, int key_bits)
 {
-	return key_create_ecdsa(key, key_bits, "prime256v1");
+	if (key_bits == 384) {
+		return key_create_ecdsa(key, key_bits, "secp384r1");
+	} else {
+		assert(key_bits == 256);
+		return key_create_ecdsa(key, key_bits, "prime256v1");
+	}
 }
 
 static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)
@@ -154,7 +160,12 @@
 
 static int key_create_ecdsa_nist(key_t *key, int key_bits)
 {
-	return key_create_ecdsa(key, key_bits, NID_X9_62_prime256v1);
+	if (key_bits == 384) {
+		return key_create_ecdsa(key, key_bits, NID_secp384r1);
+	} else {
+		assert(key_bits == 256);
+		return key_create_ecdsa(key, key_bits, NID_X9_62_prime256v1);
+	}
 }
 
 static int key_create_ecdsa_brainpool_r(key_t *key, int key_bits)