Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 6c56095d8f66733fa795bb64b3f4e47dc1041a55 / . / tools / cert_create / src / key.c
blob: c1bde5dea3b998ee80c7805327c76b5b7cf17dab [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]1/*
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]5 */
6
7#include <getopt.h>
8#include <stdio.h>
9#include <stdlib.h>
10#include <string.h>
11
12#include <openssl/conf.h>
13#include <openssl/evp.h>
14#include <openssl/pem.h>
15
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]16#if USE_TBBR_DEFS
17#include <tbbr_oid.h>
18#else
19#include <platform_oid.h>
20#endif
21
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]22#include "cert.h"
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]23#include "cmd_opt.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]24#include "debug.h"
25#include "key.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]26#include "sha.h"
27
28#define MAX_FILENAME_LEN 1024
29
30/*
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]31 * Create a new key container
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]32 */
Masahiro Yamadabccb1092017-02-06 21:15:01 +0900[diff] [blame]33int key_new(key_t *key)
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]34{
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]35 /* Create key pair container */
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]36 key->key = EVP_PKEY_new();
37 if (key->key == NULL) {
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]38 return 0;
39 }
40
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]41 return 1;
42}
43
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]44static int key_create_rsa(key_t *key)
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]45{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]46 RSA *rsa;
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]47
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]48 rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
49 if (rsa == NULL) {
50 printf("Cannot create RSA key\n");
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]51 goto err;
52 }
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]53 if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
54 printf("Cannot assign RSA key\n");
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]55 goto err;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]56 }
57
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]58 return 1;
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]59err:
60 RSA_free(rsa);
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]61 return 0;
62}
63
64#ifndef OPENSSL_NO_EC
65static int key_create_ecdsa(key_t *key)
66{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]67 EC_KEY *ec;
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]68
69 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
70 if (ec == NULL) {
71 printf("Cannot create EC key\n");
72 goto err;
73 }
74 if (!EC_KEY_generate_key(ec)) {
75 printf("Cannot generate EC key\n");
76 goto err;
77 }
78 EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
79 EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
80 if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
81 printf("Cannot assign EC key\n");
82 goto err;
83 }
84
85 return 1;
86err:
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]87 EC_KEY_free(ec);
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]88 return 0;
89}
90#endif /* OPENSSL_NO_EC */
91
92typedef int (*key_create_fn_t)(key_t *key);
93static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
94 key_create_rsa,
95#ifndef OPENSSL_NO_EC
96 key_create_ecdsa,
97#endif /* OPENSSL_NO_EC */
98};
99
100int key_create(key_t *key, int type)
101{
102 if (type >= KEY_ALG_MAX_NUM) {
103 printf("Invalid key type\n");
104 return 0;
105 }
106
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]107 if (key_create_fn[type]) {
108 return key_create_fn[type](key);
109 }
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]110
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]111 return 0;
112}
113
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]114int key_load(key_t *key, unsigned int *err_code)
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]115{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]116 FILE *fp;
117 EVP_PKEY *k;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]118
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]119 if (key->fn) {
120 /* Load key from file */
121 fp = fopen(key->fn, "r");
122 if (fp) {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]123 k = PEM_read_PrivateKey(fp, &key->key, NULL, NULL);
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]124 fclose(fp);
125 if (k) {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]126 *err_code = KEY_ERR_NONE;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]127 return 1;
128 } else {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]129 ERROR("Cannot load key from %s\n", key->fn);
130 *err_code = KEY_ERR_LOAD;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]131 }
132 } else {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]133 WARN("Cannot open file %s\n", key->fn);
134 *err_code = KEY_ERR_OPEN;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]135 }
136 } else {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]137 WARN("Key filename not specified\n");
138 *err_code = KEY_ERR_FILENAME;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]139 }
140
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]141 return 0;
142}
143
144int key_store(key_t *key)
145{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]146 FILE *fp;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]147
148 if (key->fn) {
149 fp = fopen(key->fn, "w");
150 if (fp) {
151 PEM_write_PrivateKey(fp, key->key,
152 NULL, NULL, 0, NULL, NULL);
153 fclose(fp);
154 return 1;
155 } else {
156 ERROR("Cannot create file %s\n", key->fn);
157 }
158 } else {
159 ERROR("Key filename not specified\n");
160 }
161
162 return 0;
163}
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]164
165int key_init(void)
166{
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]167 cmd_opt_t cmd_opt;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]168 key_t *key;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]169 unsigned int i;
170
171 for (i = 0; i < num_keys; i++) {
172 key = &keys[i];
173 if (key->opt != NULL) {
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]174 cmd_opt.long_opt.name = key->opt;
175 cmd_opt.long_opt.has_arg = required_argument;
176 cmd_opt.long_opt.flag = NULL;
177 cmd_opt.long_opt.val = CMD_OPT_KEY;
178 cmd_opt.help_msg = key->help_msg;
179 cmd_opt_add(&cmd_opt);
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]180 }
181 }
182
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]183 return 0;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]184}
185
186key_t *key_get_by_opt(const char *opt)
187{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]188 key_t *key;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]189 unsigned int i;
190
191 /* Sequential search. This is not a performance concern since the number
192 * of keys is bounded and the code runs on a host machine */
193 for (i = 0; i < num_keys; i++) {
194 key = &keys[i];
195 if (0 == strcmp(key->opt, opt)) {
196 return key;
197 }
198 }
199
200 return NULL;
201}