feat(cert-create): update for ECDSA brainpoolP256r/t1 support
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index fe386b7..2ab6bcf 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -84,7 +84,9 @@
static const char *key_algs_str[] = {
[KEY_ALG_RSA] = "rsa",
#ifndef OPENSSL_NO_EC
- [KEY_ALG_ECDSA] = "ecdsa"
+ [KEY_ALG_ECDSA_NIST] = "ecdsa",
+ [KEY_ALG_ECDSA_BRAINPOOL_R] = "ecdsa-brainpool-regular",
+ [KEY_ALG_ECDSA_BRAINPOOL_T] = "ecdsa-brainpool-twisted",
#endif /* OPENSSL_NO_EC */
};
@@ -106,7 +108,7 @@
printf("\n\n");
printf("The certificate generation tool loads the binary images and\n"
- "optionally the RSA keys, and outputs the key and content\n"
+ "optionally the RSA or ECC keys, and outputs the key and content\n"
"certificates properly signed to implement the chain of trust.\n"
"If keys are provided, they must be in PEM format.\n"
"Certificates are generated in DER format.\n");
@@ -267,7 +269,8 @@
},
{
{ "key-alg", required_argument, NULL, 'a' },
- "Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, 'ecdsa'"
+ "Key algorithm: 'rsa' (default)- RSAPSS scheme as per PKCS#1 v2.1, " \
+ "'ecdsa', 'ecdsa-brainpool-regular', 'ecdsa-brainpool-twisted'"
},
{
{ "key-size", required_argument, NULL, 'b' },