1*54fd6939SJiyong Park /* 2*54fd6939SJiyong Park * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved. 3*54fd6939SJiyong Park * 4*54fd6939SJiyong Park * SPDX-License-Identifier: BSD-3-Clause 5*54fd6939SJiyong Park */ 6*54fd6939SJiyong Park 7*54fd6939SJiyong Park #ifndef CERT_H 8*54fd6939SJiyong Park #define CERT_H 9*54fd6939SJiyong Park 10*54fd6939SJiyong Park #include <openssl/ossl_typ.h> 11*54fd6939SJiyong Park #include <openssl/x509.h> 12*54fd6939SJiyong Park #include "ext.h" 13*54fd6939SJiyong Park #include "key.h" 14*54fd6939SJiyong Park 15*54fd6939SJiyong Park #define CERT_MAX_EXT 9 16*54fd6939SJiyong Park 17*54fd6939SJiyong Park /* 18*54fd6939SJiyong Park * This structure contains information related to the generation of the 19*54fd6939SJiyong Park * certificates. All these fields must be known and specified at build time 20*54fd6939SJiyong Park * except for the file name, which is picked up from the command line at 21*54fd6939SJiyong Park * run time. 22*54fd6939SJiyong Park * 23*54fd6939SJiyong Park * One instance of this structure must be created for each of the certificates 24*54fd6939SJiyong Park * present in the chain of trust. 25*54fd6939SJiyong Park * 26*54fd6939SJiyong Park * If the issuer points to this same instance, the generated certificate will 27*54fd6939SJiyong Park * be self-signed. 28*54fd6939SJiyong Park */ 29*54fd6939SJiyong Park typedef struct cert_s cert_t; 30*54fd6939SJiyong Park struct cert_s { 31*54fd6939SJiyong Park int id; /* Unique identifier */ 32*54fd6939SJiyong Park 33*54fd6939SJiyong Park const char *opt; /* Command line option to pass filename */ 34*54fd6939SJiyong Park const char *fn; /* Filename to save the certificate */ 35*54fd6939SJiyong Park const char *cn; /* Subject CN (Company Name) */ 36*54fd6939SJiyong Park const char *help_msg; /* Help message */ 37*54fd6939SJiyong Park 38*54fd6939SJiyong Park /* These fields must be defined statically */ 39*54fd6939SJiyong Park int key; /* Key to be signed */ 40*54fd6939SJiyong Park int issuer; /* Issuer certificate */ 41*54fd6939SJiyong Park int ext[CERT_MAX_EXT]; /* Certificate extensions */ 42*54fd6939SJiyong Park int num_ext; /* Number of extensions in the certificate */ 43*54fd6939SJiyong Park 44*54fd6939SJiyong Park X509 *x; /* X509 certificate container */ 45*54fd6939SJiyong Park }; 46*54fd6939SJiyong Park 47*54fd6939SJiyong Park /* Exported API */ 48*54fd6939SJiyong Park int cert_init(void); 49*54fd6939SJiyong Park cert_t *cert_get_by_opt(const char *opt); 50*54fd6939SJiyong Park int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); 51*54fd6939SJiyong Park int cert_new( 52*54fd6939SJiyong Park int md_alg, 53*54fd6939SJiyong Park cert_t *cert, 54*54fd6939SJiyong Park int days, 55*54fd6939SJiyong Park int ca, 56*54fd6939SJiyong Park STACK_OF(X509_EXTENSION) * sk); 57*54fd6939SJiyong Park 58*54fd6939SJiyong Park /* Macro to register the certificates used in the CoT */ 59*54fd6939SJiyong Park #define REGISTER_COT(_certs) \ 60*54fd6939SJiyong Park cert_t *def_certs = &_certs[0]; \ 61*54fd6939SJiyong Park const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0]) 62*54fd6939SJiyong Park 63*54fd6939SJiyong Park /* Macro to register the platform defined certificates used in the CoT */ 64*54fd6939SJiyong Park #define PLAT_REGISTER_COT(_pdef_certs) \ 65*54fd6939SJiyong Park cert_t *pdef_certs = &_pdef_certs[0]; \ 66*54fd6939SJiyong Park const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0]) 67*54fd6939SJiyong Park 68*54fd6939SJiyong Park /* Exported variables */ 69*54fd6939SJiyong Park extern cert_t *def_certs; 70*54fd6939SJiyong Park extern const unsigned int num_def_certs; 71*54fd6939SJiyong Park extern cert_t *pdef_certs; 72*54fd6939SJiyong Park extern const unsigned int num_pdef_certs; 73*54fd6939SJiyong Park 74*54fd6939SJiyong Park extern cert_t *certs; 75*54fd6939SJiyong Park extern unsigned int num_certs; 76*54fd6939SJiyong Park #endif /* CERT_H */ 77