mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2026-01-11 10:25:20 +00:00
a8eb286ada
This patch enables choice of RSA version at run time to be used for generating signatures by the cert_tool. The RSA PSS as defined in PKCS#1 v2.1 becomes the default version and this patch enables to specify the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line -a option. Also, the build option `KEY_ALG` can be used to pass this option from the build system. Please note that RSA PSS is mandated by Trusted Board Boot requirements (TBBR) and legacy RSA support is being added for compatibility reasons. Fixes ARM-Software/tf-issues#499 Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73 Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com> Signed-off-by: Soby Mathew <soby.mathew@arm.com>
63 lines
1.8 KiB
C
63 lines
1.8 KiB
C
/*
|
|
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef CERT_H_
|
|
#define CERT_H_
|
|
|
|
#include <openssl/ossl_typ.h>
|
|
#include <openssl/x509.h>
|
|
#include "ext.h"
|
|
#include "key.h"
|
|
|
|
#define CERT_MAX_EXT 4
|
|
|
|
/*
|
|
* This structure contains information related to the generation of the
|
|
* certificates. All these fields must be known and specified at build time
|
|
* except for the file name, which is picked up from the command line at
|
|
* run time.
|
|
*
|
|
* One instance of this structure must be created for each of the certificates
|
|
* present in the chain of trust.
|
|
*
|
|
* If the issuer points to this same instance, the generated certificate will
|
|
* be self-signed.
|
|
*/
|
|
typedef struct cert_s cert_t;
|
|
struct cert_s {
|
|
int id; /* Unique identifier */
|
|
|
|
const char *opt; /* Command line option to pass filename */
|
|
const char *fn; /* Filename to save the certificate */
|
|
const char *cn; /* Subject CN (Company Name) */
|
|
const char *help_msg; /* Help message */
|
|
|
|
/* These fields must be defined statically */
|
|
int key; /* Key to be signed */
|
|
int issuer; /* Issuer certificate */
|
|
int ext[CERT_MAX_EXT]; /* Certificate extensions */
|
|
int num_ext; /* Number of extensions in the certificate */
|
|
|
|
X509 *x; /* X509 certificate container */
|
|
};
|
|
|
|
/* Exported API */
|
|
int cert_init(void);
|
|
cert_t *cert_get_by_opt(const char *opt);
|
|
int cert_add_ext(X509 *issuer, X509 *subject, int nid, char *value);
|
|
int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSION) * sk);
|
|
|
|
/* Macro to register the certificates used in the CoT */
|
|
#define REGISTER_COT(_certs) \
|
|
cert_t *certs = &_certs[0]; \
|
|
const unsigned int num_certs = sizeof(_certs)/sizeof(_certs[0])
|
|
|
|
/* Exported variables */
|
|
extern cert_t *certs;
|
|
extern const unsigned int num_certs;
|
|
|
|
#endif /* CERT_H_ */
|