1 /* 2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef _UTIL_X509_PARSER_H_ 8 #define _UTIL_X509_PARSER_H_ 9 10 11 #ifdef __cplusplus 12 extern "C" 13 { 14 #endif 15 16 #include "cc_crypto_x509_defs.h" 17 #include "secureboot_defs.h" 18 #include "secureboot_parser_gen_defs.h" 19 20 21 #define X509_RSA_E_VAL_IN_BYTES {0x01,0x00,0x01} 22 23 /* TBS structure */ 24 #define CC_X509_CERT_SEQ_TAG_ID 0x30 25 #define CC_X509_CERT_INT_TAG_ID 0x02 26 #define CC_X509_CERT_OBJ_IDENTIFIER_TAG_ID 0x06 27 #define CC_X509_CERT_SET_OF_TAG_ID 0x31 28 #define CC_X509_CERT_PRNT_STR_TAG_ID 0x13 29 #define CC_X509_CERT_UTF8_TAG_ID 0x0C 30 #define CC_X509_CERT_BIT_STR_TAG_ID 0x03 31 #define CC_X509_CERT_BOOL_TAG_ID 0x01 32 #define CC_X509_CERT_CTX_SPEC_TAG_ID 0xA0 33 #define CC_X509_CERT_CTX_SPEC_TAG1_ID 0xA1 34 #define CC_X509_CERT_CTX_SPEC_TAG2_ID 0xA2 35 #define CC_X509_CERT_NULL_TAG_ID 0x05 36 #define CC_X509_CERT_CTX_EXT_TAG_ID 0xA3 37 #define CC_X509_CERT_OCT_STR_TAG_ID 0x04 38 39 #define CC_X509_CERT_UTC_TIME_TAG_ID 0x17 40 #define CC_X509_CERT_GENERALIZED_TIME_TAG_ID 0x18 41 42 /* x509 definitions */ 43 #define CC_X509_CERT_VERSION 0x02 44 #define CC_X509_CERT_RSASSAENC_ID {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01} // 1.2.840.113549.1.1.1 45 #define CC_X509_CERT_SHA256RSAENC_ID {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B} // 1.2.840.113549.1.1.11 46 #define CC_X509_CERT_SHA256RSAPSS_ID {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A} // 1.2.840.113549.1.1.10 47 #define CC_X509_CERT_SHA256_ID {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01} // 2.16.840.1.101.3.4.2.1 48 #define CC_X509_CERT_MGF1_ID {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08} // 1.2.840.113549.1.1.8 49 50 #define CC_X509_CERT_CNT_NUM_OF_OBJ_IN_EXT 5 51 #define CC_X509_CERT_KEY_NUM_OF_OBJ_IN_EXT 4 52 53 #define CC_X509_CERT_CTX_SPEC_TAG2_SIZE 0x3 54 55 /** 56 * @brief This function verifies certificate's issuer name according to predefined name 57 * 58 * 59 * @return CCError_t - On success the value CC_OK is returned, 60 * on failure - a value from bootimagesverifierx509_error.h 61 */ 62 CCError_t UTIL_X509VerifyIssuerName(uint8_t *pCert, uint32_t size); 63 64 /** 65 * @brief This function follows x509 string structure, should be called before 66 * reading the issuer name or the subject name 67 * 68 * 69 * @return CCError_t - On success the value CC_OK is returned, 70 * on failure - a value from bootimagesverifierx509_error.h 71 */ 72 CCError_t UTIL_X509VerifyStr(uint8_t **pCert, uint32_t *dataSize, unsigned long startAddress, unsigned long endAddress); 73 74 /** 75 * @brief This function verify the subject name according to fixed data 76 * 77 * 78 * @return CCError_t - On success the value CC_OK is returned, 79 * on failure - a value from bootimagesverifierx509_error.h 80 */ 81 CCError_t UTIL_X509VerifySubjectName(uint8_t *pCert, CCX509CertType_t certType, uint32_t subNameSize); 82 83 /** 84 * @brief This function gets the public key from the certificate and copy it to the external buffer 85 * 86 * 87 * @return CCError_t - On success the value CC_OK is returned, 88 * on failure - a value from bootimagesverifierx509_error.h 89 */ 90 CCError_t UTIL_X509VerifyPubKey(uint8_t **pCert, CCSbNParams_t *pParamsN, unsigned long startAddress, unsigned long endAddress); 91 92 /** 93 * @brief This function gets the signature from the certificate and copy it to the external buffer 94 * 95 * 96 * @return CCError_t - On success the value CC_OK is returned, 97 * on failure - a value from bootimagesverifierx509_error.h 98 */ 99 CCError_t UTIL_X509GetSignature(uint8_t **pCert, CCSbSignature_t *signatureP, unsigned long startAddress, unsigned long endAddress); 100 101 #ifdef __cplusplus 102 } 103 #endif 104 105 #endif 106 107 108 109
