File: srk_helper.h

package info (click to toggle)
imx-code-signing-tool 3.4.1%2Bdfsg-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 4,912 kB
  • sloc: ansic: 10,258; sh: 2,558; python: 391; yacc: 245; makefile: 203; lex: 59
file content (143 lines) | stat: -rw-r--r-- 4,477 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
 
/* SPDX-License-Identifier: BSD-3-Clause */
/*
 * Copyright 2018-2019, 2023 NXP
 */

#ifndef SRK_HELPER_H
#define SRK_HELPER_H
/*===========================================================================*/
/**
    @file    srk_helper.h

    @brief   Provide helper functions to ease SRK tasks and also defines
             common struct that can used across different tools
 */

/*===========================================================================
                            INCLUDE FILES
=============================================================================*/
#include "arch_types.h"
#include "openssl_helper.h"

/*===========================================================================
                    STRUCTURES AND OTHER TYPEDEFS
=============================================================================*/

/* SRK table entry */
typedef struct srk_entry
{
    uint8_t *entry;      /**< Contains key data */
    size_t entry_bytes;  /**< Size of entry in bytes */
} srk_entry_t;

/*===========================================================================
                         FUNCTION PROTOTYPES
=============================================================================*/
#ifdef __cplusplus
extern "C" {
#endif

/** Generate SRK table key entry
 *
 * This function builds a PKCS#1 public key data structure as defined by
 * the HAB4 SIS from the given X.509 key data.
 *
 * @param[in] target Define which component is targeted, HAB4 or AHAB
 *
 * @param[in] pkey Pointer OpenSSL public key data structure
 *
 * @param[in] srk Pointer to a SRK table entry data structure
 *
 * @param[in] ca_flag If set this indicates key is from a CA certificate
 *
 * @param[in] sd_alg_str Define which signature hash algorithm will be used
 *                       in conjunction with the given key
 *
 * @pre @a pkey and @a srk must not be NULL
 *
 * @pre The data lacated at @a srk->entry follows the PKCS#1 key data
 *      format described in the HAB4 SIS.
 *
 * @post if successful, @a srk->entry contains the public key data and
 *       and srk->entry_bytes is updated.
 *
 * @returns #CST_SUCCESS if successful, #CST_FAILURE otherwise
 */
void
srk_entry_pkcs1(tgt_t target,
                EVP_PKEY *pkey,
                srk_entry_t *srk,
                bool ca_flag,
                const char *sd_alg_str);

/** Generate SRK table key entry
 *
 * This function builds an EC public key data structure as defined by
 * the AHAB SIS from the given X.509 key data.
 *
 * @param[in] target Define which component is targeted, HAB4 or AHAB
 *
 * @param[in] pkey Pointer OpenSSL public key data structure
 *
 * @param[in] srk Pointer to a SRK table entry data structure
 *
 * @param[in] ca_flag If set this indicates key is from a CA certificate
 *
 * @param[in] sd_alg_str Define which signature hash algorithm will be used
 *                       in conjunction with the given key
 *
 * @pre @a pkey and @a srk must not be NULL
 *
 * @pre The data lacated at @a srk->entry follows the EC key data
 *      format described in the AHAB SIS.
 *
 * @post if successful, @a srk->entry contains the public key data and
 *       and srk->entry_bytes is updated.
 *
 * @returns #CST_SUCCESS if successful, #CST_FAILURE otherwise
 */
void
srk_entry_ec(tgt_t target,
             EVP_PKEY *pkey,
             srk_entry_t *srk,
             bool ca_flag,
             const char *sd_alg_str);

/** Converts digest algorithm string to encoded tag value
 *
 * @param[in] digest_alg Case insensitive string containing "sha1", "sha256",
 *            "sha384" or "sha512"
 *
 * @pre @a digest_alg is not NULL
 *
 * @returns encoded digest value based on given @a digest_alg string,
 *          otherwise 0 is returned if @a digest_alg is not supported
 *
 */
uint32_t
digest_alg_tag(const char *digest_alg);

/** Checks for a valid signature digest command line argument and converts
 *  @a alg_str to a corresponding integer value.
 *
 * @param[in] alg_str Character string containing the digest algorithm
 *
 * @pre  @a alg_str is not NULL
 *
 * @remark If @a alg_str contains unknown algorithm string an error is
 *         displayed to STDOUT and the program exits.
 *
 * @retval #HAB_ALG_SHA256 if @a alg_str is "sha256",
 *
 * @retval #HAB_ALG_SHA384 if @a alg_str is "sha384",
 *
 * @retval #HAB_ALG_SHA512 if @a alg_str is "sha512".
 */
uint32_t
check_sign_digest_alg(const char *alg_str);

#ifdef __cplusplus
}
#endif

#endif /* SRK_HELPER_H */