16f971622SJuan Castillo /* 2*cf2dd17dSJuan Pablo Conde * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved. 36f971622SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 56f971622SJuan Castillo */ 66f971622SJuan Castillo 7c3cf06f1SAntonio Nino Diaz #ifndef CERT_H 8c3cf06f1SAntonio Nino Diaz #define CERT_H 96f971622SJuan Castillo 106f971622SJuan Castillo #include <openssl/ossl_typ.h> 116f971622SJuan Castillo #include <openssl/x509.h> 1255e291a4SJuan Castillo #include "ext.h" 136f971622SJuan Castillo #include "key.h" 146f971622SJuan Castillo 150792dd7dSManish Pandey #define CERT_MAX_EXT 9 1655e291a4SJuan Castillo 176f971622SJuan Castillo /* 186f971622SJuan Castillo * This structure contains information related to the generation of the 196f971622SJuan Castillo * certificates. All these fields must be known and specified at build time 206f971622SJuan Castillo * except for the file name, which is picked up from the command line at 216f971622SJuan Castillo * run time. 226f971622SJuan Castillo * 236f971622SJuan Castillo * One instance of this structure must be created for each of the certificates 246f971622SJuan Castillo * present in the chain of trust. 256f971622SJuan Castillo * 266f971622SJuan Castillo * If the issuer points to this same instance, the generated certificate will 276f971622SJuan Castillo * be self-signed. 286f971622SJuan Castillo */ 296f971622SJuan Castillo typedef struct cert_s cert_t; 306f971622SJuan Castillo struct cert_s { 316f971622SJuan Castillo int id; /* Unique identifier */ 326f971622SJuan Castillo 33ad2c1a9aSJuan Castillo const char *opt; /* Command line option to pass filename */ 346f971622SJuan Castillo const char *fn; /* Filename to save the certificate */ 356f971622SJuan Castillo const char *cn; /* Subject CN (Company Name) */ 36159807e2SJuan Castillo const char *help_msg; /* Help message */ 376f971622SJuan Castillo 3855e291a4SJuan Castillo /* These fields must be defined statically */ 3955e291a4SJuan Castillo int key; /* Key to be signed */ 4055e291a4SJuan Castillo int issuer; /* Issuer certificate */ 4155e291a4SJuan Castillo int ext[CERT_MAX_EXT]; /* Certificate extensions */ 4255e291a4SJuan Castillo int num_ext; /* Number of extensions in the certificate */ 436f971622SJuan Castillo 4455e291a4SJuan Castillo X509 *x; /* X509 certificate container */ 456f971622SJuan Castillo }; 466f971622SJuan Castillo 4755e291a4SJuan Castillo /* Exported API */ 48ad2c1a9aSJuan Castillo int cert_init(void); 49ad2c1a9aSJuan Castillo cert_t *cert_get_by_opt(const char *opt); 506f971622SJuan Castillo int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); 512972247cSQixiang Xu int cert_new( 522972247cSQixiang Xu int md_alg, 532972247cSQixiang Xu cert_t *cert, 542972247cSQixiang Xu int days, 552972247cSQixiang Xu int ca, 562972247cSQixiang Xu STACK_OF(X509_EXTENSION) * sk); 57*cf2dd17dSJuan Pablo Conde void cert_cleanup(void); 586f971622SJuan Castillo 5955e291a4SJuan Castillo /* Macro to register the certificates used in the CoT */ 6055e291a4SJuan Castillo #define REGISTER_COT(_certs) \ 61b94bf967SPankaj Gupta cert_t *def_certs = &_certs[0]; \ 62b94bf967SPankaj Gupta const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0]) 63b94bf967SPankaj Gupta 64b94bf967SPankaj Gupta /* Macro to register the platform defined certificates used in the CoT */ 65b94bf967SPankaj Gupta #define PLAT_REGISTER_COT(_pdef_certs) \ 66b94bf967SPankaj Gupta cert_t *pdef_certs = &_pdef_certs[0]; \ 67b94bf967SPankaj Gupta const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0]) 6855e291a4SJuan Castillo 6955e291a4SJuan Castillo /* Exported variables */ 70b94bf967SPankaj Gupta extern cert_t *def_certs; 71b94bf967SPankaj Gupta extern const unsigned int num_def_certs; 72b94bf967SPankaj Gupta extern cert_t *pdef_certs; 73b94bf967SPankaj Gupta extern const unsigned int num_pdef_certs; 7455e291a4SJuan Castillo 75b94bf967SPankaj Gupta extern cert_t *certs; 76b94bf967SPankaj Gupta extern unsigned int num_certs; 77c3cf06f1SAntonio Nino Diaz #endif /* CERT_H */ 78