1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #ifndef CERT_H 8*91f16700Schasinglulu #define CERT_H 9*91f16700Schasinglulu 10*91f16700Schasinglulu #include <openssl/ossl_typ.h> 11*91f16700Schasinglulu #include <openssl/x509.h> 12*91f16700Schasinglulu #include "ext.h" 13*91f16700Schasinglulu #include "key.h" 14*91f16700Schasinglulu 15*91f16700Schasinglulu #define CERT_MAX_EXT 9 16*91f16700Schasinglulu 17*91f16700Schasinglulu /* 18*91f16700Schasinglulu * This structure contains information related to the generation of the 19*91f16700Schasinglulu * certificates. All these fields must be known and specified at build time 20*91f16700Schasinglulu * except for the file name, which is picked up from the command line at 21*91f16700Schasinglulu * run time. 22*91f16700Schasinglulu * 23*91f16700Schasinglulu * One instance of this structure must be created for each of the certificates 24*91f16700Schasinglulu * present in the chain of trust. 25*91f16700Schasinglulu * 26*91f16700Schasinglulu * If the issuer points to this same instance, the generated certificate will 27*91f16700Schasinglulu * be self-signed. 28*91f16700Schasinglulu */ 29*91f16700Schasinglulu typedef struct cert_s cert_t; 30*91f16700Schasinglulu struct cert_s { 31*91f16700Schasinglulu int id; /* Unique identifier */ 32*91f16700Schasinglulu 33*91f16700Schasinglulu const char *opt; /* Command line option to pass filename */ 34*91f16700Schasinglulu const char *fn; /* Filename to save the certificate */ 35*91f16700Schasinglulu const char *cn; /* Subject CN (Company Name) */ 36*91f16700Schasinglulu const char *help_msg; /* Help message */ 37*91f16700Schasinglulu 38*91f16700Schasinglulu /* These fields must be defined statically */ 39*91f16700Schasinglulu int key; /* Key to be signed */ 40*91f16700Schasinglulu int issuer; /* Issuer certificate */ 41*91f16700Schasinglulu int ext[CERT_MAX_EXT]; /* Certificate extensions */ 42*91f16700Schasinglulu int num_ext; /* Number of extensions in the certificate */ 43*91f16700Schasinglulu 44*91f16700Schasinglulu X509 *x; /* X509 certificate container */ 45*91f16700Schasinglulu }; 46*91f16700Schasinglulu 47*91f16700Schasinglulu /* Exported API */ 48*91f16700Schasinglulu int cert_init(void); 49*91f16700Schasinglulu cert_t *cert_get_by_opt(const char *opt); 50*91f16700Schasinglulu int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); 51*91f16700Schasinglulu int cert_new( 52*91f16700Schasinglulu int md_alg, 53*91f16700Schasinglulu cert_t *cert, 54*91f16700Schasinglulu int days, 55*91f16700Schasinglulu int ca, 56*91f16700Schasinglulu STACK_OF(X509_EXTENSION) * sk); 57*91f16700Schasinglulu void cert_cleanup(void); 58*91f16700Schasinglulu 59*91f16700Schasinglulu /* Macro to register the certificates used in the CoT */ 60*91f16700Schasinglulu #define REGISTER_COT(_certs) \ 61*91f16700Schasinglulu cert_t *def_certs = &_certs[0]; \ 62*91f16700Schasinglulu const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0]) 63*91f16700Schasinglulu 64*91f16700Schasinglulu /* Macro to register the platform defined certificates used in the CoT */ 65*91f16700Schasinglulu #define PLAT_REGISTER_COT(_pdef_certs) \ 66*91f16700Schasinglulu cert_t *pdef_certs = &_pdef_certs[0]; \ 67*91f16700Schasinglulu const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0]) 68*91f16700Schasinglulu 69*91f16700Schasinglulu /* Exported variables */ 70*91f16700Schasinglulu extern cert_t *def_certs; 71*91f16700Schasinglulu extern const unsigned int num_def_certs; 72*91f16700Schasinglulu extern cert_t *pdef_certs; 73*91f16700Schasinglulu extern const unsigned int num_pdef_certs; 74*91f16700Schasinglulu 75*91f16700Schasinglulu extern cert_t *certs; 76*91f16700Schasinglulu extern unsigned int num_certs; 77*91f16700Schasinglulu #endif /* CERT_H */ 78