1 /*
2  * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef CERT_H
8 #define CERT_H
9 
10 #include <openssl/ossl_typ.h>
11 #include <openssl/x509.h>
12 #include "ext.h"
13 #include "key.h"
14 
15 #define CERT_MAX_EXT			9
16 
17 /*
18  * This structure contains information related to the generation of the
19  * certificates. All these fields must be known and specified at build time
20  * except for the file name, which is picked up from the command line at
21  * run time.
22  *
23  * One instance of this structure must be created for each of the certificates
24  * present in the chain of trust.
25  *
26  * If the issuer points to this same instance, the generated certificate will
27  * be self-signed.
28  */
29 typedef struct cert_s cert_t;
30 struct cert_s {
31 	int id;			/* Unique identifier */
32 
33 	const char *opt;	/* Command line option to pass filename */
34 	const char *fn;		/* Filename to save the certificate */
35 	const char *cn;		/* Subject CN (Company Name) */
36 	const char *help_msg;	/* Help message */
37 
38 	/* These fields must be defined statically */
39 	int key;		/* Key to be signed */
40 	int issuer;		/* Issuer certificate */
41 	int ext[CERT_MAX_EXT];	/* Certificate extensions */
42 	int num_ext;		/* Number of extensions in the certificate */
43 
44 	X509 *x;		/* X509 certificate container */
45 };
46 
47 /* Exported API */
48 int cert_init(void);
49 cert_t *cert_get_by_opt(const char *opt);
50 int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
51 int cert_new(
52 	int md_alg,
53 	cert_t *cert,
54 	int days,
55 	int ca,
56 	STACK_OF(X509_EXTENSION) * sk);
57 
58 /* Macro to register the certificates used in the CoT */
59 #define REGISTER_COT(_certs) \
60 	cert_t *def_certs = &_certs[0]; \
61 	const unsigned int num_def_certs = sizeof(_certs)/sizeof(_certs[0])
62 
63 /* Macro to register the platform defined certificates used in the CoT */
64 #define PLAT_REGISTER_COT(_pdef_certs) \
65 	cert_t *pdef_certs = &_pdef_certs[0]; \
66 	const unsigned int num_pdef_certs = sizeof(_pdef_certs)/sizeof(_pdef_certs[0])
67 
68 /* Exported variables */
69 extern cert_t *def_certs;
70 extern const unsigned int num_def_certs;
71 extern cert_t *pdef_certs;
72 extern const unsigned int num_pdef_certs;
73 
74 extern cert_t *certs;
75 extern unsigned int num_certs;
76 #endif /* CERT_H */
77