1 /* 2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef CERT_H_ 8 #define CERT_H_ 9 10 #include <openssl/ossl_typ.h> 11 #include <openssl/x509.h> 12 #include "ext.h" 13 #include "key.h" 14 15 #define CERT_MAX_EXT 4 16 17 /* 18 * This structure contains information related to the generation of the 19 * certificates. All these fields must be known and specified at build time 20 * except for the file name, which is picked up from the command line at 21 * run time. 22 * 23 * One instance of this structure must be created for each of the certificates 24 * present in the chain of trust. 25 * 26 * If the issuer points to this same instance, the generated certificate will 27 * be self-signed. 28 */ 29 typedef struct cert_s cert_t; 30 struct cert_s { 31 int id; /* Unique identifier */ 32 33 const char *opt; /* Command line option to pass filename */ 34 const char *fn; /* Filename to save the certificate */ 35 const char *cn; /* Subject CN (Company Name) */ 36 const char *help_msg; /* Help message */ 37 38 /* These fields must be defined statically */ 39 int key; /* Key to be signed */ 40 int issuer; /* Issuer certificate */ 41 int ext[CERT_MAX_EXT]; /* Certificate extensions */ 42 int num_ext; /* Number of extensions in the certificate */ 43 44 X509 *x; /* X509 certificate container */ 45 }; 46 47 /* Exported API */ 48 int cert_init(void); 49 cert_t *cert_get_by_opt(const char *opt); 50 int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value); 51 int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk); 52 53 /* Macro to register the certificates used in the CoT */ 54 #define REGISTER_COT(_certs) \ 55 cert_t *certs = &_certs[0]; \ 56 const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0]) 57 58 /* Exported variables */ 59 extern cert_t *certs; 60 extern const unsigned int num_certs; 61 62 #endif /* CERT_H_ */ 63