Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / b76da307426714ca3242f47025a23da3ace24aa6 / . / tools / cert_create / src / key.c
blob: e8257e94cb7f25c97ae1c72d15a6ccb3c01e225b [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]1/*
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]2 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]5 */
6
7#include <getopt.h>
8#include <stdio.h>
9#include <stdlib.h>
10#include <string.h>
11
12#include <openssl/conf.h>
13#include <openssl/evp.h>
14#include <openssl/pem.h>
15
Masahiro Yamadaa27c1662017-05-22 12:11:24 +0900[diff] [blame]16#if USE_TBBR_DEFS
17#include <tbbr_oid.h>
18#else
19#include <platform_oid.h>
20#endif
21
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]22#include "cert.h"
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]23#include "cmd_opt.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]24#include "debug.h"
25#include "key.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]26#include "sha.h"
27
28#define MAX_FILENAME_LEN 1024
29
30/*
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]31 * Create a new key container
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]32 */
Masahiro Yamadabccb1092017-02-06 21:15:01 +0900[diff] [blame]33int key_new(key_t *key)
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]34{
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]35 /* Create key pair container */
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]36 key->key = EVP_PKEY_new();
37 if (key->key == NULL) {
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]38 return 0;
39 }
40
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]41 return 1;
42}
43
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]44static int key_create_rsa(key_t *key)
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]45{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]46 RSA *rsa;
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]47
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]48 rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
49 if (rsa == NULL) {
50 printf("Cannot create RSA key\n");
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]51 goto err;
52 }
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]53 if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
54 printf("Cannot assign RSA key\n");
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]55 goto err;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]56 }
57
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]58 return 1;
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]59err:
60 RSA_free(rsa);
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]61 return 0;
62}
63
64#ifndef OPENSSL_NO_EC
65static int key_create_ecdsa(key_t *key)
66{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]67 EC_KEY *ec;
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]68
69 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
70 if (ec == NULL) {
71 printf("Cannot create EC key\n");
72 goto err;
73 }
74 if (!EC_KEY_generate_key(ec)) {
75 printf("Cannot generate EC key\n");
76 goto err;
77 }
78 EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
79 EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
80 if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
81 printf("Cannot assign EC key\n");
82 goto err;
83 }
84
85 return 1;
86err:
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]87 EC_KEY_free(ec);
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]88 return 0;
89}
90#endif /* OPENSSL_NO_EC */
91
92typedef int (*key_create_fn_t)(key_t *key);
93static const key_create_fn_t key_create_fn[KEY_ALG_MAX_NUM] = {
Qixiang Xu31f3bb92017-09-22 16:21:41 +0800[diff] [blame]94 key_create_rsa, /* KEY_ALG_RSA */
95 key_create_rsa, /* KEY_ALG_RSA_1_5 */
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]96#ifndef OPENSSL_NO_EC
Qixiang Xu31f3bb92017-09-22 16:21:41 +0800[diff] [blame]97 key_create_ecdsa, /* KEY_ALG_ECDSA */
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]98#endif /* OPENSSL_NO_EC */
99};
100
101int key_create(key_t *key, int type)
102{
103 if (type >= KEY_ALG_MAX_NUM) {
104 printf("Invalid key type\n");
105 return 0;
106 }
107
Juan Castilloa2224ab2015-06-30 13:36:57 +0100[diff] [blame]108 if (key_create_fn[type]) {
109 return key_create_fn[type](key);
110 }
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]111
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]112 return 0;
113}
114
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]115int key_load(key_t *key, unsigned int *err_code)
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]116{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]117 FILE *fp;
118 EVP_PKEY *k;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]119
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]120 if (key->fn) {
121 /* Load key from file */
122 fp = fopen(key->fn, "r");
123 if (fp) {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]124 k = PEM_read_PrivateKey(fp, &key->key, NULL, NULL);
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]125 fclose(fp);
126 if (k) {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]127 *err_code = KEY_ERR_NONE;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]128 return 1;
129 } else {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]130 ERROR("Cannot load key from %s\n", key->fn);
131 *err_code = KEY_ERR_LOAD;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]132 }
133 } else {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]134 WARN("Cannot open file %s\n", key->fn);
135 *err_code = KEY_ERR_OPEN;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]136 }
137 } else {
Juan Castillof9f39c32015-06-01 16:34:23 +0100[diff] [blame]138 WARN("Key filename not specified\n");
139 *err_code = KEY_ERR_FILENAME;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]140 }
141
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]142 return 0;
143}
144
145int key_store(key_t *key)
146{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]147 FILE *fp;
Juan Castillo11abdcd2014-10-21 11:30:42 +0100[diff] [blame]148
149 if (key->fn) {
150 fp = fopen(key->fn, "w");
151 if (fp) {
152 PEM_write_PrivateKey(fp, key->key,
153 NULL, NULL, 0, NULL, NULL);
154 fclose(fp);
155 return 1;
156 } else {
157 ERROR("Cannot create file %s\n", key->fn);
158 }
159 } else {
160 ERROR("Key filename not specified\n");
161 }
162
163 return 0;
164}
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]165
166int key_init(void)
167{
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]168 cmd_opt_t cmd_opt;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]169 key_t *key;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]170 unsigned int i;
171
172 for (i = 0; i < num_keys; i++) {
173 key = &keys[i];
174 if (key->opt != NULL) {
Juan Castillo212f7382015-12-15 16:37:57 +0000[diff] [blame]175 cmd_opt.long_opt.name = key->opt;
176 cmd_opt.long_opt.has_arg = required_argument;
177 cmd_opt.long_opt.flag = NULL;
178 cmd_opt.long_opt.val = CMD_OPT_KEY;
179 cmd_opt.help_msg = key->help_msg;
180 cmd_opt_add(&cmd_opt);
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]181 }
182 }
183
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]184 return 0;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]185}
186
187key_t *key_get_by_opt(const char *opt)
188{
Masahiro Yamada48cb5e52017-02-06 19:47:44 +0900[diff] [blame]189 key_t *key;
Juan Castillo1218dd52015-07-03 16:23:16 +0100[diff] [blame]190 unsigned int i;
191
192 /* Sequential search. This is not a performance concern since the number
193 * of keys is bounded and the code runs on a host machine */
194 for (i = 0; i < num_keys; i++) {
195 key = &keys[i];
196 if (0 == strcmp(key->opt, opt)) {
197 return key;
198 }
199 }
200
201 return NULL;
202}