xref: /arm-trusted-firmware/tools/cert_create/include/ext.h (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700Schasinglulu /*
2*91f16700Schasinglulu  * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3*91f16700Schasinglulu  *
4*91f16700Schasinglulu  * SPDX-License-Identifier: BSD-3-Clause
5*91f16700Schasinglulu  */
6*91f16700Schasinglulu 
7*91f16700Schasinglulu #ifndef EXT_H
8*91f16700Schasinglulu #define EXT_H
9*91f16700Schasinglulu 
10*91f16700Schasinglulu #include <openssl/x509v3.h>
11*91f16700Schasinglulu #include "key.h"
12*91f16700Schasinglulu 
13*91f16700Schasinglulu /* Extension types supported */
14*91f16700Schasinglulu enum ext_type_e {
15*91f16700Schasinglulu 	EXT_TYPE_NVCOUNTER,
16*91f16700Schasinglulu 	EXT_TYPE_PKEY,
17*91f16700Schasinglulu 	EXT_TYPE_HASH
18*91f16700Schasinglulu };
19*91f16700Schasinglulu 
20*91f16700Schasinglulu /* NV-Counter types */
21*91f16700Schasinglulu enum nvctr_type_e {
22*91f16700Schasinglulu 	NVCTR_TYPE_TFW,
23*91f16700Schasinglulu 	NVCTR_TYPE_NTFW,
24*91f16700Schasinglulu 	NVCTR_TYPE_CCAFW
25*91f16700Schasinglulu };
26*91f16700Schasinglulu 
27*91f16700Schasinglulu /*
28*91f16700Schasinglulu  * This structure contains the relevant information to create the extensions
29*91f16700Schasinglulu  * to be included in the certificates. This extensions will be used to
30*91f16700Schasinglulu  * establish the chain of trust.
31*91f16700Schasinglulu  */
32*91f16700Schasinglulu typedef struct ext_s {
33*91f16700Schasinglulu 	const char *oid;	/* OID of the extension */
34*91f16700Schasinglulu 	const char *sn;		/* Short name */
35*91f16700Schasinglulu 	const char *ln;		/* Long description */
36*91f16700Schasinglulu 	const char *opt;	/* Command line option to specify data */
37*91f16700Schasinglulu 	const char *help_msg;	/* Help message */
38*91f16700Schasinglulu 	const char *arg;	/* Argument passed from command line */
39*91f16700Schasinglulu 	int asn1_type;		/* OpenSSL ASN1 type of the extension data.
40*91f16700Schasinglulu 				 * Supported types are:
41*91f16700Schasinglulu 				 *   - V_ASN1_INTEGER
42*91f16700Schasinglulu 				 *   - V_ASN1_OCTET_STRING
43*91f16700Schasinglulu 				 */
44*91f16700Schasinglulu 	int type;		/* See ext_type_e */
45*91f16700Schasinglulu 
46*91f16700Schasinglulu 	/* Extension attributes (depends on extension type) */
47*91f16700Schasinglulu 	union {
48*91f16700Schasinglulu 		int nvctr_type;	/* See nvctr_type_e */
49*91f16700Schasinglulu 		int key;	/* Index into array of registered public keys */
50*91f16700Schasinglulu 	} attr;
51*91f16700Schasinglulu 
52*91f16700Schasinglulu 	int alias;		/* In case OpenSSL provides an standard
53*91f16700Schasinglulu 				 * extension of the same type, add the new
54*91f16700Schasinglulu 				 * extension as an alias of this one
55*91f16700Schasinglulu 				 */
56*91f16700Schasinglulu 
57*91f16700Schasinglulu 	X509V3_EXT_METHOD method; /* This field may be used to define a custom
58*91f16700Schasinglulu 				   * function to print the contents of the
59*91f16700Schasinglulu 				   * extension */
60*91f16700Schasinglulu 
61*91f16700Schasinglulu 	int optional;	/* This field may be used optionally to exclude an image */
62*91f16700Schasinglulu } ext_t;
63*91f16700Schasinglulu 
64*91f16700Schasinglulu enum {
65*91f16700Schasinglulu 	EXT_NON_CRIT = 0,
66*91f16700Schasinglulu 	EXT_CRIT = !EXT_NON_CRIT,
67*91f16700Schasinglulu };
68*91f16700Schasinglulu 
69*91f16700Schasinglulu /* Exported API */
70*91f16700Schasinglulu int ext_init(void);
71*91f16700Schasinglulu ext_t *ext_get_by_opt(const char *opt);
72*91f16700Schasinglulu X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
73*91f16700Schasinglulu 		unsigned char *buf, size_t len);
74*91f16700Schasinglulu X509_EXTENSION *ext_new_nvcounter(int nid, int crit, int value);
75*91f16700Schasinglulu X509_EXTENSION *ext_new_key(int nid, int crit, EVP_PKEY *k);
76*91f16700Schasinglulu void ext_cleanup(void);
77*91f16700Schasinglulu 
78*91f16700Schasinglulu /* Macro to register the extensions used in the CoT */
79*91f16700Schasinglulu #define REGISTER_EXTENSIONS(_ext) \
80*91f16700Schasinglulu 	ext_t *def_extensions = &_ext[0]; \
81*91f16700Schasinglulu 	const unsigned int num_def_extensions = sizeof(_ext)/sizeof(_ext[0])
82*91f16700Schasinglulu 
83*91f16700Schasinglulu /* Macro to register the platform defined extensions used in the CoT */
84*91f16700Schasinglulu #define PLAT_REGISTER_EXTENSIONS(_pdef_ext) \
85*91f16700Schasinglulu 	ext_t *pdef_extensions = &_pdef_ext[0]; \
86*91f16700Schasinglulu 	const unsigned int num_pdef_extensions = sizeof(_pdef_ext)/sizeof(_pdef_ext[0])
87*91f16700Schasinglulu 
88*91f16700Schasinglulu /* Exported variables */
89*91f16700Schasinglulu extern ext_t *def_extensions;
90*91f16700Schasinglulu extern const unsigned int num_def_extensions;
91*91f16700Schasinglulu extern ext_t *pdef_extensions;
92*91f16700Schasinglulu extern const unsigned int num_pdef_extensions;
93*91f16700Schasinglulu 
94*91f16700Schasinglulu extern ext_t *extensions;
95*91f16700Schasinglulu extern unsigned int num_extensions;
96*91f16700Schasinglulu #endif /* EXT_H */
97