blob: 9b4ef5af6d1f9e35a9c579b044b86a71749c273e [file] [log] [blame]
Juan Castillo11abdcd2014-10-21 11:30:42 +01001/*
Qixiang Xu76a5a9b2017-11-09 13:51:58 +08002 * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
Juan Castillo11abdcd2014-10-21 11:30:42 +01003 *
dp-armfa3cf0b2017-05-03 09:38:09 +01004 * SPDX-License-Identifier: BSD-3-Clause
Juan Castillo11abdcd2014-10-21 11:30:42 +01005 */
6
7#ifndef CERT_H_
8#define CERT_H_
9
10#include <openssl/ossl_typ.h>
11#include <openssl/x509.h>
Juan Castilloe6d30e92015-06-12 11:27:59 +010012#include "ext.h"
Juan Castillo11abdcd2014-10-21 11:30:42 +010013#include "key.h"
14
Juan Castilloe6d30e92015-06-12 11:27:59 +010015#define CERT_MAX_EXT 4
16
Juan Castillo11abdcd2014-10-21 11:30:42 +010017/*
18 * This structure contains information related to the generation of the
19 * certificates. All these fields must be known and specified at build time
20 * except for the file name, which is picked up from the command line at
21 * run time.
22 *
23 * One instance of this structure must be created for each of the certificates
24 * present in the chain of trust.
25 *
26 * If the issuer points to this same instance, the generated certificate will
27 * be self-signed.
28 */
29typedef struct cert_s cert_t;
30struct cert_s {
31 int id; /* Unique identifier */
32
Juan Castillo1218dd52015-07-03 16:23:16 +010033 const char *opt; /* Command line option to pass filename */
Juan Castillo11abdcd2014-10-21 11:30:42 +010034 const char *fn; /* Filename to save the certificate */
Juan Castillo11abdcd2014-10-21 11:30:42 +010035 const char *cn; /* Subject CN (Company Name) */
Juan Castillo212f7382015-12-15 16:37:57 +000036 const char *help_msg; /* Help message */
Juan Castillo11abdcd2014-10-21 11:30:42 +010037
Juan Castilloe6d30e92015-06-12 11:27:59 +010038 /* These fields must be defined statically */
39 int key; /* Key to be signed */
40 int issuer; /* Issuer certificate */
41 int ext[CERT_MAX_EXT]; /* Certificate extensions */
42 int num_ext; /* Number of extensions in the certificate */
Juan Castillo11abdcd2014-10-21 11:30:42 +010043
Juan Castilloe6d30e92015-06-12 11:27:59 +010044 X509 *x; /* X509 certificate container */
Juan Castillo11abdcd2014-10-21 11:30:42 +010045};
46
Juan Castilloe6d30e92015-06-12 11:27:59 +010047/* Exported API */
Juan Castillo1218dd52015-07-03 16:23:16 +010048int cert_init(void);
49cert_t *cert_get_by_opt(const char *opt);
Juan Castillo11abdcd2014-10-21 11:30:42 +010050int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
Qixiang Xu76a5a9b2017-11-09 13:51:58 +080051int cert_new(
52 int key_alg,
53 int md_alg,
54 cert_t *cert,
55 int days,
56 int ca,
57 STACK_OF(X509_EXTENSION) * sk);
Juan Castillo11abdcd2014-10-21 11:30:42 +010058
Juan Castilloe6d30e92015-06-12 11:27:59 +010059/* Macro to register the certificates used in the CoT */
60#define REGISTER_COT(_certs) \
61 cert_t *certs = &_certs[0]; \
Sandrine Bailleuxdf8de2d2016-01-04 15:49:23 +000062 const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0])
Juan Castilloe6d30e92015-06-12 11:27:59 +010063
64/* Exported variables */
65extern cert_t *certs;
66extern const unsigned int num_certs;
67
Juan Castillo11abdcd2014-10-21 11:30:42 +010068#endif /* CERT_H_ */