blob: 6db9b579d3523129fc77ddf5e7282416f22e135f [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +01001/*
Justin Chadwell3168a202019-09-09 15:24:31 +01002 * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +01005 */
6
Antonio Nino Diaz5eb88372018-11-08 10:20:19 +00007#ifndef CERT_H
8#define CERT_H
Juan Castillo11abdcd2014-10-21 11:30:42 +01009
10#include <openssl/ossl_typ.h>
11#include <openssl/x509.h>
Juan Castilloe6d30e92015-06-12 11:27:59 +010012#include "ext.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +010013#include "key.h"
14
Soby Mathew2bb78d32018-03-29 14:29:55 +010015#define CERT_MAX_EXT 5
Juan Castilloe6d30e92015-06-12 11:27:59 +010016
Juan Castillo11abdcd2014-10-21 11:30:42 +010017/*
18 * This structure contains information related to the generation of the
19 * certificates. All these fields must be known and specified at build time
20 * except for the file name, which is picked up from the command line at
21 * run time.
22 *
23 * One instance of this structure must be created for each of the certificates
24 * present in the chain of trust.
25 *
26 * If the issuer points to this same instance, the generated certificate will
27 * be self-signed.
28 */
29typedef struct cert_s cert_t;
30struct cert_s {
31 int id; /* Unique identifier */
32
Juan Castillo1218dd52015-07-03 16:23:16 +010033 const char *opt; /* Command line option to pass filename */
Juan Castillo11abdcd2014-10-21 11:30:42 +010034 const char *fn; /* Filename to save the certificate */
Juan Castillo11abdcd2014-10-21 11:30:42 +010035 const char *cn; /* Subject CN (Company Name) */
Juan Castillo212f7382015-12-15 16:37:57 +000036 const char *help_msg; /* Help message */
Juan Castillo11abdcd2014-10-21 11:30:42 +010037
Juan Castilloe6d30e92015-06-12 11:27:59 +010038 /* These fields must be defined statically */
39 int key; /* Key to be signed */
40 int issuer; /* Issuer certificate */
41 int ext[CERT_MAX_EXT]; /* Certificate extensions */
42 int num_ext; /* Number of extensions in the certificate */
Juan Castillo11abdcd2014-10-21 11:30:42 +010043
Juan Castilloe6d30e92015-06-12 11:27:59 +010044 X509 *x; /* X509 certificate container */
Juan Castillo11abdcd2014-10-21 11:30:42 +010045};
46
Juan Castilloe6d30e92015-06-12 11:27:59 +010047/* Exported API */
Juan Castillo1218dd52015-07-03 16:23:16 +010048int cert_init(void);
49cert_t *cert_get_by_opt(const char *opt);
Juan Castillo11abdcd2014-10-21 11:30:42 +010050int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
Qixiang Xu76a5a9b2017-11-09 13:51:58 +080051int cert_new(
Qixiang Xu76a5a9b2017-11-09 13:51:58 +080052 int md_alg,
53 cert_t *cert,
54 int days,
55 int ca,
56 STACK_OF(X509_EXTENSION) * sk);
Juan Castillo11abdcd2014-10-21 11:30:42 +010057
Juan Castilloe6d30e92015-06-12 11:27:59 +010058/* Macro to register the certificates used in the CoT */
59#define REGISTER_COT(_certs) \
60 cert_t *certs = &_certs[0]; \
Sandrine Bailleuxdf8de2d2016-01-04 15:49:23 +000061 const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0])
Juan Castilloe6d30e92015-06-12 11:27:59 +010062
63/* Exported variables */
64extern cert_t *certs;
65extern const unsigned int num_certs;
66
Antonio Nino Diaz5eb88372018-11-08 10:20:19 +000067#endif /* CERT_H */