TBB: rework cert_create tool to follow a data driven approach
This patch reworks the certificate generation tool to follow a data
driven approach. The user may specify at build time the certificates,
keys and extensions defined in the CoT, register them using the
appropiate macros and the tool will take care of creating the
certificates corresponding to the CoT specified.
Change-Id: I29950b39343c3e1b71718fce0e77dcf2a9a0be2f
diff --git a/tools/cert_create/include/cert.h b/tools/cert_create/include/cert.h
index 48a4146..18129a7 100644
--- a/tools/cert_create/include/cert.h
+++ b/tools/cert_create/include/cert.h
@@ -33,8 +33,11 @@
#include <openssl/ossl_typ.h>
#include <openssl/x509.h>
+#include "ext.h"
#include "key.h"
+#define CERT_MAX_EXT 4
+
/*
* This structure contains information related to the generation of the
* certificates. All these fields must be known and specified at build time
@@ -52,18 +55,28 @@
int id; /* Unique identifier */
const char *fn; /* Filename to save the certificate */
- const char *bin; /* Image associated to this certificate */
-
const char *cn; /* Subject CN (Company Name) */
- X509 *x; /* X509 certificate container */
- key_t *key; /* Key to be signed */
+ /* These fields must be defined statically */
+ int key; /* Key to be signed */
+ int issuer; /* Issuer certificate */
+ int ext[CERT_MAX_EXT]; /* Certificate extensions */
+ int num_ext; /* Number of extensions in the certificate */
- cert_t *issuer; /* Issuer certificate */
+ X509 *x; /* X509 certificate container */
};
+/* Exported API */
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
-
int cert_new(cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
+/* Macro to register the certificates used in the CoT */
+#define REGISTER_COT(_certs) \
+ cert_t *certs = &_certs[0]; \
+ const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0]);
+
+/* Exported variables */
+extern cert_t *certs;
+extern const unsigned int num_certs;
+
#endif /* CERT_H_ */