const char *opt; /* Command line option to pass filename */
const char *fn; /* Filename to save the certificate */
const char *cn; /* Subject CN (Company Name) */
+ const char *help_msg; /* Help message */
/* These fields must be defined statically */
int key; /* Key to be signed */
CMD_OPT_EXT
};
+/* Structure to define a command line option */
+typedef struct cmd_opt_s {
+ struct option long_opt;
+ const char *help_msg;
+} cmd_opt_t;
+
/* Exported API*/
-int cmd_opt_add(const char *name, int has_arg, int val);
+void cmd_opt_add(const cmd_opt_t *cmd_opt);
const struct option *cmd_opt_get_array(void);
const char *cmd_opt_get_name(int idx);
+const char *cmd_opt_get_help_msg(int idx);
#endif /* CMD_OPT_H_ */
const char *oid; /* OID of the extension */
const char *sn; /* Short name */
const char *ln; /* Long description */
+ const char *help_msg; /* Help message */
int asn1_type; /* OpenSSL ASN1 type of the extension data.
* Supported types are:
* - V_ASN1_INTEGER
typedef struct key_s {
int id; /* Key id */
const char *opt; /* Command line option to specify a key */
+ const char *help_msg; /* Help message */
const char *desc; /* Key description (debug purposes) */
char *fn; /* Filename to load/store the key */
EVP_PKEY *key; /* Key container */
int cert_init(void)
{
+ cmd_opt_t cmd_opt;
cert_t *cert;
- int rc = 0;
unsigned int i;
for (i = 0; i < num_certs; i++) {
cert = &certs[i];
- rc = cmd_opt_add(cert->opt, required_argument, CMD_OPT_CERT);
- if (rc != 0) {
- break;
- }
+ cmd_opt.long_opt.name = cert->opt;
+ cmd_opt.long_opt.has_arg = required_argument;
+ cmd_opt.long_opt.flag = NULL;
+ cmd_opt.long_opt.val = CMD_OPT_CERT;
+ cmd_opt.help_msg = cert->help_msg;
+ cmd_opt_add(&cmd_opt);
}
- return rc;
+ return 0;
}
cert_t *cert_get_by_opt(const char *opt)
* POSSIBILITY OF SUCH DAMAGE.
*/
+#include <assert.h>
#include <getopt.h>
#include <stddef.h>
+#include <stdlib.h>
#include <cmd_opt.h>
+#include "debug.h"
/* Command line options */
static struct option long_opt[CMD_OPT_MAX_NUM+1];
+static const char *help_msg[CMD_OPT_MAX_NUM+1];
static int num_reg_opt;
-int cmd_opt_add(const char *name, int has_arg, int val)
+void cmd_opt_add(const cmd_opt_t *cmd_opt)
{
+ assert(cmd_opt != NULL);
+
if (num_reg_opt >= CMD_OPT_MAX_NUM) {
- return -1;
+ ERROR("Out of memory. Please increase CMD_OPT_MAX_NUM\n");
+ exit(1);
}
- long_opt[num_reg_opt].name = name;
- long_opt[num_reg_opt].has_arg = has_arg;
+
+ long_opt[num_reg_opt].name = cmd_opt->long_opt.name;
+ long_opt[num_reg_opt].has_arg = cmd_opt->long_opt.has_arg;
long_opt[num_reg_opt].flag = 0;
- long_opt[num_reg_opt].val = val;
- num_reg_opt++;
+ long_opt[num_reg_opt].val = cmd_opt->long_opt.val;
- return 0;
+ help_msg[num_reg_opt] = cmd_opt->help_msg;
+
+ num_reg_opt++;
}
const struct option *cmd_opt_get_array(void)
return long_opt[idx].name;
}
+
+const char *cmd_opt_get_help_msg(int idx)
+{
+ if (idx >= num_reg_opt) {
+ return NULL;
+ }
+
+ return help_msg[idx];
+}
*/
int ext_init(void)
{
+ cmd_opt_t cmd_opt;
ext_t *ext;
X509V3_EXT_METHOD *m;
int nid, ret;
ext = &extensions[i];
/* Register command line option */
if (ext->opt) {
- if (cmd_opt_add(ext->opt, required_argument,
- CMD_OPT_EXT)) {
- return 1;
- }
+ cmd_opt.long_opt.name = ext->opt;
+ cmd_opt.long_opt.has_arg = required_argument;
+ cmd_opt.long_opt.flag = NULL;
+ cmd_opt.long_opt.val = CMD_OPT_EXT;
+ cmd_opt.help_msg = ext->help_msg;
+ cmd_opt_add(&cmd_opt);
}
/* Register the extension OID in OpenSSL */
if (ext->oid == NULL) {
int key_init(void)
{
+ cmd_opt_t cmd_opt;
key_t *key;
int rc = 0;
unsigned int i;
for (i = 0; i < num_keys; i++) {
key = &keys[i];
if (key->opt != NULL) {
- rc = cmd_opt_add(key->opt, required_argument,
- CMD_OPT_KEY);
- if (rc != 0) {
- break;
- }
+ cmd_opt.long_opt.name = key->opt;
+ cmd_opt.long_opt.has_arg = required_argument;
+ cmd_opt.long_opt.flag = NULL;
+ cmd_opt.long_opt.val = CMD_OPT_KEY;
+ cmd_opt.help_msg = key->help_msg;
+ cmd_opt_add(&cmd_opt);
}
}
* POSSIBILITY OF SUCH DAMAGE.
*/
+#include <assert.h>
+#include <ctype.h>
#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
#define VAL_DAYS 7300
#define ID_TO_BIT_MASK(id) (1 << id)
#define NUM_ELEM(x) ((sizeof(x)) / (sizeof(x[0])))
-
-/* Files */
-enum {
- /* Image file names (inputs) */
- BL2_ID = 0,
- SCP_BL2_ID,
- BL31_ID,
- BL32_ID,
- BL33_ID,
- /* Certificate file names (outputs) */
- TRUSTED_BOOT_FW_CERT_ID,
- TRUSTED_KEY_CERT_ID,
- SCP_FW_KEY_CERT_ID,
- SCP_FW_CONTENT_CERT_ID,
- SOC_FW_KEY_CERT_ID,
- SOC_FW_CONTENT_CERT_ID,
- TRUSTED_OS_FW_KEY_CERT_ID,
- TRUSTED_OS_FW_CONTENT_CERT_ID,
- NON_TRUSTED_FW_KEY_CERT_ID,
- NON_TRUSTED_FW_CONTENT_CERT_ID,
- /* Key file names (input/output) */
- ROT_KEY_ID,
- TRUSTED_WORLD_KEY_ID,
- NON_TRUSTED_WORLD_KEY_ID,
- SCP_BL2_KEY_ID,
- BL31_KEY_ID,
- BL32_KEY_ID,
- BL33_KEY_ID,
- NUM_OPTS
-};
+#define HELP_OPT_MAX_LEN 128
/* Global options */
static int key_alg;
static void print_help(const char *cmd, const struct option *long_opt)
{
- int i = 0;
+ int rem, i = 0;
+ const struct option *opt;
+ char line[HELP_OPT_MAX_LEN];
+ char *p;
+
+ assert(cmd != NULL);
+ assert(long_opt != NULL);
+
printf("\n\n");
printf("The certificate generation tool loads the binary images and\n"
"optionally the RSA keys, and outputs the key and content\n"
"If keys are provided, they must be in PEM format.\n"
"Certificates are generated in DER format.\n");
printf("\n");
- printf("Usage:\n\n");
- printf(" %s [-hknp] \\\n", cmd);
- for (i = 0; i < NUM_OPTS; i++) {
- printf(" --%s <file> \\\n", long_opt[i].name);
+ printf("Usage:\n");
+ printf("\t%s [OPTIONS]\n\n", cmd);
+
+ printf("Available options:\n");
+ i = 0;
+ opt = long_opt;
+ while (opt->name) {
+ p = line;
+ rem = HELP_OPT_MAX_LEN;
+ if (isalpha(opt->val)) {
+ /* Short format */
+ sprintf(p, "-%c,", (char)opt->val);
+ p += 3;
+ rem -= 3;
+ }
+ snprintf(p, rem, "--%s %s", opt->name,
+ (opt->has_arg == required_argument) ? "<arg>" : "");
+ printf("\t%-32s %s\n", line, cmd_opt_get_help_msg(i));
+ opt++;
+ i++;
}
printf("\n");
- printf("-a Key algorithm: rsa (default), ecdsa\n");
- printf("-h Print help and exit\n");
- printf("-k Save key pairs into files. Filenames must be provided\n");
- printf("-n Generate new key pairs if no key files are provided\n");
- printf("-p Print the certificates in the standard output\n");
- printf("\n");
exit(0);
}
}
}
+/* Common command line options */
+static const cmd_opt_t common_cmd_opt[] = {
+ {
+ { "help", no_argument, NULL, 'h' },
+ "Print this message and exit"
+ },
+ {
+ { "key-alg", required_argument, NULL, 'a' },
+ "Key algorithm: 'rsa' (default), 'ecdsa'"
+ },
+ {
+ { "save-keys", no_argument, NULL, 'k' },
+ "Save key pairs into files. Filenames must be provided"
+ },
+ {
+ { "new-keys", no_argument, NULL, 'n' },
+ "Generate new key pairs if no key files are provided"
+ },
+ {
+ { "print-cert", no_argument, NULL, 'p' },
+ "Print the certificates in the standard output"
+ }
+};
+
int main(int argc, char *argv[])
{
STACK_OF(X509_EXTENSION) * sk = NULL;
key_alg = KEY_ALG_RSA;
/* Add common command line options */
- cmd_opt_add("key-alg", required_argument, 'a');
- cmd_opt_add("help", no_argument, 'h');
- cmd_opt_add("save-keys", no_argument, 'k');
- cmd_opt_add("new-chain", no_argument, 'n');
- cmd_opt_add("print-cert", no_argument, 'p');
+ for (i = 0; i < NUM_ELEM(common_cmd_opt); i++) {
+ cmd_opt_add(&common_cmd_opt[i]);
+ }
/* Initialize the certificates */
if (cert_init() != 0) {
while (1) {
/* getopt_long stores the option index here. */
- c = getopt_long(argc, argv, "ahknp", cmd_opt, &opt_idx);
+ c = getopt_long(argc, argv, "a:hknp", cmd_opt, &opt_idx);
/* Detect the end of the options. */
if (c == -1) {
break;
case '?':
default:
- printf("%s\n", optarg);
+ print_help(argv[0], cmd_opt);
exit(1);
}
}
[TRUSTED_BOOT_FW_CERT] = {
.id = TRUSTED_BOOT_FW_CERT,
.opt = "tb-fw-cert",
+ .help_msg = "Trusted Boot FW Certificate (output file)",
.fn = NULL,
.cn = "Trusted Boot FW Certificate",
.key = ROT_KEY,
[TRUSTED_KEY_CERT] = {
.id = TRUSTED_KEY_CERT,
.opt = "trusted-key-cert",
+ .help_msg = "Trusted Key Certificate (output file)",
.fn = NULL,
.cn = "Trusted Key Certificate",
.key = ROT_KEY,
[SCP_FW_KEY_CERT] = {
.id = SCP_FW_KEY_CERT,
.opt = "scp-fw-key-cert",
+ .help_msg = "SCP Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "SCP Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
[SCP_FW_CONTENT_CERT] = {
.id = SCP_FW_CONTENT_CERT,
.opt = "scp-fw-cert",
+ .help_msg = "SCP Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "SCP Firmware Content Certificate",
.key = SCP_FW_CONTENT_CERT_KEY,
[SOC_FW_KEY_CERT] = {
.id = SOC_FW_KEY_CERT,
.opt = "soc-fw-key-cert",
+ .help_msg = "SoC Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "SoC Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
[SOC_FW_CONTENT_CERT] = {
.id = SOC_FW_CONTENT_CERT,
.opt = "soc-fw-cert",
+ .help_msg = "SoC Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "SoC Firmware Content Certificate",
.key = SOC_FW_CONTENT_CERT_KEY,
[TRUSTED_OS_FW_KEY_CERT] = {
.id = TRUSTED_OS_FW_KEY_CERT,
.opt = "tos-fw-key-cert",
+ .help_msg = "Trusted OS Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "Trusted OS Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
[TRUSTED_OS_FW_CONTENT_CERT] = {
.id = TRUSTED_OS_FW_CONTENT_CERT,
.opt = "tos-fw-cert",
+ .help_msg = "Trusted OS Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "Trusted OS Firmware Content Certificate",
.key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
[NON_TRUSTED_FW_KEY_CERT] = {
.id = NON_TRUSTED_FW_KEY_CERT,
.opt = "nt-fw-key-cert",
+ .help_msg = "Non-Trusted Firmware Key Certificate (output file)",
.fn = NULL,
.cn = "Non-Trusted Firmware Key Certificate",
.key = NON_TRUSTED_WORLD_KEY,
[NON_TRUSTED_FW_CONTENT_CERT] = {
.id = NON_TRUSTED_FW_CONTENT_CERT,
.opt = "nt-fw-cert",
+ .help_msg = "Non-Trusted Firmware Content Certificate (output file)",
.fn = NULL,
.cn = "Non-Trusted Firmware Content Certificate",
.key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
[FWU_CERT] = {
.id = FWU_CERT,
.opt = "fwu-cert",
+ .help_msg = "Firmware Update Certificate (output file)",
.fn = NULL,
- .cn = "FWU Certificate",
+ .cn = "Firmware Update Certificate",
.key = ROT_KEY,
.issuer = FWU_CERT,
.ext = {
[TRUSTED_BOOT_FW_HASH_EXT] = {
.oid = TRUSTED_BOOT_FW_HASH_OID,
.opt = "tb-fw",
+ .help_msg = "Trusted Boot Firmware image file",
.sn = "TrustedBootFirmwareHash",
.ln = "Trusted Boot Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[SCP_FW_HASH_EXT] = {
.oid = SCP_FW_HASH_OID,
.opt = "scp-fw",
+ .help_msg = "SCP Firmware image file",
.sn = "SCPFirmwareHash",
.ln = "SCP Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[SOC_AP_FW_HASH_EXT] = {
.oid = SOC_AP_FW_HASH_OID,
.opt = "soc-fw",
+ .help_msg = "SoC AP Firmware image file",
.sn = "SoCAPFirmwareHash",
.ln = "SoC AP Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[TRUSTED_OS_FW_HASH_EXT] = {
.oid = TRUSTED_OS_FW_HASH_OID,
.opt = "tos-fw",
+ .help_msg = "Trusted OS image file",
.sn = "TrustedOSHash",
.ln = "Trusted OS hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
.opt = "nt-fw",
+ .help_msg = "Non-Trusted World Bootloader image file",
.sn = "NonTrustedWorldBootloaderHash",
.ln = "Non-Trusted World hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[SCP_FWU_CFG_HASH_EXT] = {
.oid = SCP_FWU_CFG_HASH_OID,
.opt = "scp-fwu-cfg",
+ .help_msg = "SCP Firmware Update Config image file",
.sn = "SCPFWUpdateConfig",
.ln = "SCP Firmware Update Config hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[AP_FWU_CFG_HASH_EXT] = {
.oid = AP_FWU_CFG_HASH_OID,
.opt = "ap-fwu-cfg",
+ .help_msg = "AP Firmware Update Config image file",
.sn = "APFWUpdateConfig",
.ln = "AP Firmware Update Config hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[FWU_HASH_EXT] = {
.oid = FWU_HASH_OID,
.opt = "fwu",
+ .help_msg = "Firmware Updater image file",
.sn = "FWUpdaterHash",
.ln = "Firmware Updater hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
[ROT_KEY] = {
.id = ROT_KEY,
.opt = "rot-key",
+ .help_msg = "Root Of Trust key (input/output file)",
.desc = "Root Of Trust key"
},
[TRUSTED_WORLD_KEY] = {
.id = TRUSTED_WORLD_KEY,
.opt = "trusted-world-key",
+ .help_msg = "Trusted World key (input/output file)",
.desc = "Trusted World key"
},
[NON_TRUSTED_WORLD_KEY] = {
.id = NON_TRUSTED_WORLD_KEY,
.opt = "non-trusted-world-key",
+ .help_msg = "Non Trusted World key (input/output file)",
.desc = "Non Trusted World key"
},
[SCP_FW_CONTENT_CERT_KEY] = {
.id = SCP_FW_CONTENT_CERT_KEY,
.opt = "scp-fw-key",
+ .help_msg = "SCP Firmware Content Certificate key (input/output file)",
.desc = "SCP Firmware Content Certificate key"
},
[SOC_FW_CONTENT_CERT_KEY] = {
.id = SOC_FW_CONTENT_CERT_KEY,
.opt = "soc-fw-key",
+ .help_msg = "SoC Firmware Content Certificate key (input/output file)",
.desc = "SoC Firmware Content Certificate key"
},
[TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
.id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
.opt = "tos-fw-key",
+ .help_msg = "Trusted OS Firmware Content Certificate key (input/output file)",
.desc = "Trusted OS Firmware Content Certificate key"
},
[NON_TRUSTED_FW_CONTENT_CERT_KEY] = {
.id = NON_TRUSTED_FW_CONTENT_CERT_KEY,
.opt = "nt-fw-key",
+ .help_msg = "Non Trusted Firmware Content Certificate key (input/output file)",
.desc = "Non Trusted Firmware Content Certificate key"
}
};
projects / project / bcm63xx / atf.git / commitdiff