Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Arm Trusted Firmware
Commits
84f95bed
Commit
84f95bed
authored
Jun 25, 2015
by
danh-arm
Browse files
Merge pull request #315 from jcastillo-arm/jc/tbb_tmp9
Authentication Framework
parents
dba12894
d337aaaf
Changes
57
Show whitespace changes
Inline
Side-by-side
plat/arm/board/common/board_css.mk
View file @
84f95bed
...
...
@@ -28,20 +28,6 @@
# POSSIBILITY OF SUCH DAMAGE.
#
PLAT_
INCLUD
ES
+=
-Iinclude
/
plat/arm/board/common/
PLAT_
BL_COMMON_SOURC
ES
+=
plat/arm/board/common/
board_css_common.c
PLAT_BL_COMMON_SOURCES
+=
drivers/arm/pl011/pl011_console.S
\
plat/arm/board/common/aarch64/board_arm_helpers.S
\
plat/arm/board/common/board_css_common.c
#BL1_SOURCES +=
#BL2_SOURCES +=
#BL31_SOURCES +=
ifneq
(${TRUSTED_BOARD_BOOT},0)
BL1_SOURCES
+=
plat/arm/board/common/board_arm_trusted_boot.c
BL2_SOURCES
+=
plat/arm/board/common/board_arm_trusted_boot.c
endif
include
plat/arm/board/common/board_common.mk
plat/arm/board/common/rotpk/arm_rotpk_rsa.der
0 → 100644
View file @
84f95bed
File added
plat/arm/board/common/rotpk/arm_rotpk_rsa_sha256.bin
0 → 100644
View file @
84f95bed
:7zrG2s2IY^JJF"
\ No newline at end of file
plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
0 → 100644
View file @
84f95bed
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDLLGDVjWPUB3l+
xxaWvU0kTqyG5rdx48VUC+cUHL0pGsE/erYCqqs2xNk2aWziZcObsb89qFYmy/0E
AbqsPlQyynleu7IF6gZY8nS64fSHwBkKH2YHd4SDoRzv/yhZ58NofSYgQ+tWY/M5
MdgrUam8T9D23pXcX1vB7ZBv7CiRfhfteJD0YKfEx09Q7V0TOiErcMVhewghZTrN
glaMekesieilSEgx2R1G5YWGmKDlwKZqvQfkkldhB499Wk3Krja5VgQQ8my+9jts
gD6+DqNNx9R+p0nU8tK8zzCo53SPZN+8XEdozEBM+IPMy0A1BGDKs6QXnwPKHVr6
0a8hVxDTAgMBAAECggEAfwsc8ewbhDW4TwIGqfNtDUr0rtYN13VpqohW0ki2L8G/
HQaKUViO/wxQFqoNn/OqQO0AfHmKhXAAokTCiXngBHJ/OjF7vB7+IRhazZEE6u2/
uoivr/OYNQbFpXyTqsQ1eFzpPju6KKcPK7BzT4Mc89ek/vloFAi8w6LdMl8lbvOg
LBWqX+5A+UQoenPUTvYM4U22YNcEAWubkpsYAmViiWiac+a+uPRk39aKyfOedDNu
+ty9MtCwekivoUTfP/1+O+jFlDnPMJUOEkBmcBqxseYYAHu7blBpdHxYpAItC2pv
YwJJSvsE+HLBLPk177Jahg7sOUqcP0F/X+T65yuvIQKBgQDxdjXdJT5K8j7rG2fv
2bvF2H1GPaHaTYRk0EGI2Ql6Nn+ddfeCE6gaT7aPPgg87wAhNu93coFuYHw0p/sc
ZkXMJ+BmlstPV555cWXmwcxZLsni0fOXrt4YxwWkZwmh74m0NVM/cSFw56PU0oj1
yDNeq3fgmsJocmuNTe1eG9qA7QKBgQDXaAGrNA5Xel5mqqMYTHHQWI6l2uzdNtt7
eDn3K9+Eh3ywTqrwP845MAjKDU2Lq61I6t2H89dEifHq823VIcLCHd9BF04MrAH7
qDPzrmPP2iB9g+YFmGBKe+K0HFE1t1KrTlo9VV6ZAC6RJNLAgwD4kvfIVYNkCGwe
+hoZBdhgvwKBgBrOsPQ4ak4PzwRzKnrqhXpVqrLdrNZ7vLMkm+IBlpfG7SwiKLR8
UjF5oB8PGAML1cvaOYPdZplGhQOjkrF4eU9NLhC1tSS96Y46FMIlyfYsx6UzAgRZ
GbdOgUXbWqpr2bH0KaXlfXz3eqzqIuKGs41TJB//jo3iBibN/AhytzORAoGAeGov
5KDpE4XYl9Pz8HVremjG9Xh4yQENmOwQm1fvT4rd7UFM1ZkVk2qCv1DIdLe32vdQ
d9ucDzh+ADWsxGRnF1TTpPN+Mh9FzISu5h4qtdreJsxBHgecbIbsqHrb+wdMM29N
itPaWfV8Eq9fETcqp8qgsWD8XkNHDdoKFMrrtskCgYAoSt/Je1D3ZE/3HEjez7bq
fenS3J6KG2SEn2PNFn+R0R5vBo4DaV/cQysKh44GD2+sh0QDyh6nuWJufyhPzROP
DU6DCLbwNePj/yaGuzi36oLt6bBgfPWCiJY7jIdK8DmTLW25m7fRtCC5pxZlSzgl
KBf7R6cbaTvaFe05Y2FJXA==
-----END PRIVATE KEY-----
plat/arm/board/fvp/aarch64/fvp_common.c
View file @
84f95bed
...
...
@@ -55,6 +55,11 @@ arm_config_t arm_config;
DEVICE1_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
#define MAP_DEVICE2 MAP_REGION_FLAT(DEVICE2_BASE, \
DEVICE2_SIZE, \
MT_DEVICE | MT_RO | MT_SECURE)
/*
* Table of regions for various BL stages to map using the MMU.
* This doesn't include TZRAM as the 'mem_layout' argument passed to
...
...
@@ -67,6 +72,7 @@ const mmap_region_t plat_arm_mmap[] = {
V2M_MAP_IOFPGA
,
MAP_DEVICE0
,
MAP_DEVICE1
,
MAP_DEVICE2
,
{
0
}
};
#endif
...
...
@@ -77,6 +83,7 @@ const mmap_region_t plat_arm_mmap[] = {
V2M_MAP_IOFPGA
,
MAP_DEVICE0
,
MAP_DEVICE1
,
MAP_DEVICE2
,
ARM_MAP_NS_DRAM1
,
ARM_MAP_TSP_SEC_MEM
,
{
0
}
...
...
plat/arm/board/fvp/fvp_def.h
View file @
84f95bed
...
...
@@ -58,13 +58,25 @@
#define DEVICE1_BASE 0x2f000000
#define DEVICE1_SIZE 0x200000
/* Devices in the second GB */
#define DEVICE2_BASE 0x7fe00000
#define DEVICE2_SIZE 0x00200000
#define NSRAM_BASE 0x2e000000
#define NSRAM_SIZE 0x10000
#define PCIE_EXP_BASE 0x40000000
#define TZRNG_BASE 0x7fe60000
#define TZNVCTR_BASE 0x7fe70000
#define TZROOTKEY_BASE 0x7fe80000
/* Keys */
#define SOC_KEYS_BASE 0x7fe80000
#define TZ_PUB_KEY_HASH_BASE (SOC_KEYS_BASE + 0x0000)
#define TZ_PUB_KEY_HASH_SIZE 32
#define HU_KEY_BASE (SOC_KEYS_BASE + 0x0020)
#define HU_KEY_SIZE 16
#define END_KEY_BASE (SOC_KEYS_BASE + 0x0044)
#define END_KEY_SIZE 32
/* Constants to distinguish FVP type */
#define HBI_BASE_FVP 0x020
...
...
plat/arm/board/fvp/fvp_io_storage.c
View file @
84f95bed
...
...
@@ -29,16 +29,88 @@
*/
#include <assert.h>
#include <common_def.h>
#include <debug.h>
#include <io_driver.h>
#include <io_storage.h>
#include <io_semihosting.h>
#include <plat_arm.h>
#include <semihosting.h>
/* For FOPEN_MODE_... */
/* Semihosting filenames */
#define BL2_IMAGE_NAME "bl2.bin"
#define BL31_IMAGE_NAME "bl31.bin"
#define BL32_IMAGE_NAME "bl32.bin"
#define BL33_IMAGE_NAME "bl33.bin"
#if TRUSTED_BOARD_BOOT
#define BL2_CERT_NAME "bl2.crt"
#define TRUSTED_KEY_CERT_NAME "trusted_key.crt"
#define BL31_KEY_CERT_NAME "bl31_key.crt"
#define BL32_KEY_CERT_NAME "bl32_key.crt"
#define BL33_KEY_CERT_NAME "bl33_key.crt"
#define BL31_CERT_NAME "bl31.crt"
#define BL32_CERT_NAME "bl32.crt"
#define BL33_CERT_NAME "bl33.crt"
#endif
/* TRUSTED_BOARD_BOOT */
/* IO devices */
static
const
io_dev_connector_t
*
sh_dev_con
;
static
uintptr_t
sh_dev_handle
;
static
const
io_file_spec_t
sh_file_spec
[]
=
{
[
BL2_IMAGE_ID
]
=
{
.
path
=
BL2_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL31_IMAGE_ID
]
=
{
.
path
=
BL31_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL32_IMAGE_ID
]
=
{
.
path
=
BL32_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL33_IMAGE_ID
]
=
{
.
path
=
BL33_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
},
#if TRUSTED_BOARD_BOOT
[
BL2_CERT_ID
]
=
{
.
path
=
BL2_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
TRUSTED_KEY_CERT_ID
]
=
{
.
path
=
TRUSTED_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL31_KEY_CERT_ID
]
=
{
.
path
=
BL31_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL32_KEY_CERT_ID
]
=
{
.
path
=
BL32_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL33_KEY_CERT_ID
]
=
{
.
path
=
BL33_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL31_CERT_ID
]
=
{
.
path
=
BL31_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL32_CERT_ID
]
=
{
.
path
=
BL32_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
[
BL33_CERT_ID
]
=
{
.
path
=
BL33_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
},
#endif
/* TRUSTED_BOARD_BOOT */
};
static
int
open_semihosting
(
const
uintptr_t
spec
)
{
...
...
@@ -75,13 +147,17 @@ void plat_arm_io_setup(void)
(
void
)
io_result
;
}
int
plat_arm_get_alt_image_source
(
const
uintptr_t
image_spec
,
uintptr_t
*
dev_handle
)
/*
* FVP provides semihosting as an alternative to load images
*/
int
plat_arm_get_alt_image_source
(
unsigned
int
image_id
,
uintptr_t
*
dev_handle
,
uintptr_t
*
image_spec
)
{
int
result
=
open_semihosting
(
image_spec
);
if
(
result
==
IO_SUCCESS
)
int
result
=
open_semihosting
(
(
const
uintptr_t
)
&
sh_file_spec
[
image_id
]
);
if
(
result
==
IO_SUCCESS
)
{
*
dev_handle
=
sh_dev_handle
;
*
image_spec
=
(
uintptr_t
)
&
sh_file_spec
[
image_id
];
}
return
result
;
}
plat/arm/board/fvp/platform.mk
View file @
84f95bed
...
...
@@ -29,12 +29,10 @@
#
PLAT_INCLUDES
:=
-Iinclude
/plat/arm/board/common
\
-Iplat
/arm/board/fvp/include
PLAT_INCLUDES
:=
-Iplat
/arm/board/fvp/include
PLAT_BL_COMMON_SOURCES
:=
drivers/arm/pl011/pl011_console.S
\
plat/arm/board/fvp/aarch64/fvp_common.c
PLAT_BL_COMMON_SOURCES
:=
plat/arm/board/fvp/aarch64/fvp_common.c
BL1_SOURCES
+=
drivers/io/io_semihosting.c
\
lib/cpus/aarch64/aem_generic.S
\
...
...
@@ -65,10 +63,5 @@ BL31_SOURCES += lib/cpus/aarch64/aem_generic.S \
plat/arm/board/fvp/aarch64/fvp_helpers.S
\
plat/arm/board/fvp/drivers/pwrc/fvp_pwrc.c
ifneq
(${TRUSTED_BOARD_BOOT},0)
BL1_SOURCES
+=
plat/arm/board/common/board_arm_trusted_boot.c
BL2_SOURCES
+=
plat/arm/board/common/board_arm_trusted_boot.c
endif
include
plat/arm/board/common/board_common.mk
include
plat/arm/common/arm_common.mk
plat/arm/board/juno/platform.mk
View file @
84f95bed
...
...
@@ -40,7 +40,6 @@ BL2_SOURCES += plat/arm/board/juno/juno_security.c \
BL31_SOURCES
+=
lib/cpus/aarch64/cortex_a53.S
\
lib/cpus/aarch64/cortex_a57.S
# Enable workarounds for selected Cortex-A57 erratas.
ERRATA_A57_806969
:=
0
ERRATA_A57_813420
:=
1
...
...
@@ -53,3 +52,7 @@ include plat/arm/board/common/board_css.mk
include
plat/arm/common/arm_common.mk
include
plat/arm/soc/common/soc_css.mk
include
plat/arm/css/common/css_common.mk
ifeq
(${KEY_ALG},ecdsa)
$(error
"ECDSA key algorithm is not fully supported on Juno."
)
endif
plat/arm/common/arm_common.mk
View file @
84f95bed
...
...
@@ -46,7 +46,8 @@ endif
# Process flags
$(eval
$(call
add_define,ARM_TSP_RAM_LOCATION_ID))
PLAT_INCLUDES
+=
-Iinclude
/plat/arm/common
\
PLAT_INCLUDES
+=
-Iinclude
/common/tbbr
\
-Iinclude
/plat/arm/common
\
-Iinclude
/plat/arm/common/aarch64
...
...
@@ -83,3 +84,31 @@ BL31_SOURCES += drivers/arm/cci/cci.c \
plat/arm/common/arm_topology.c
\
plat/common/plat_gic.c
\
plat/common/aarch64/platform_mp_stack.S
ifneq
(${TRUSTED_BOARD_BOOT},0)
# By default, ARM platforms use RSA keys
KEY_ALG
:=
rsa
# Include common TBB sources
AUTH_SOURCES
:=
drivers/auth/auth_mod.c
\
drivers/auth/crypto_mod.c
\
drivers/auth/img_parser_mod.c
\
drivers/auth/tbbr/tbbr_cot.c
\
BL1_SOURCES
+=
${AUTH_SOURCES}
BL2_SOURCES
+=
${AUTH_SOURCES}
MBEDTLS_KEY_ALG
:=
${KEY_ALG}
# We expect to locate the *.mk files under the directories specified below
CRYPTO_LIB_MK
:=
drivers/auth/mbedtls/mbedtls_crypto.mk
IMG_PARSER_LIB_MK
:=
drivers/auth/mbedtls/mbedtls_x509.mk
$(info
Including
${CRYPTO_LIB_MK})
include
${CRYPTO_LIB_MK}
$(info
Including
${IMG_PARSER_LIB_MK})
include
${IMG_PARSER_LIB_MK}
endif
plat/arm/common/arm_io_storage.c
View file @
84f95bed
...
...
@@ -28,13 +28,14 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <assert.h>
#include <bl_common.h>
/* For ARRAY_SIZE */
#include <debug.h>
#include <firmware_image_package.h>
#include <io_driver.h>
#include <io_fip.h>
#include <io_memmap.h>
#include <io_storage.h>
#include <platform_def.h>
#include <semihosting.h>
/* For FOPEN_MODE_... */
#include <string.h>
/* IO devices */
...
...
@@ -48,179 +49,162 @@ static const io_block_spec_t fip_block_spec = {
.
length
=
PLAT_ARM_FIP_MAX_SIZE
};
static
const
io_file_spec_t
bl2_file_spec
=
{
.
path
=
BL2_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl2_uuid_spec
=
{
.
uuid
=
UUID_TRUSTED_BOOT_FIRMWARE_BL2
,
};
static
const
io_file_spec_t
bl30_file_spec
=
{
.
path
=
BL30_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl30_uuid_spec
=
{
.
uuid
=
UUID_SCP_FIRMWARE_BL30
,
};
static
const
io_file_spec_t
bl31_file_spec
=
{
.
path
=
BL31_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl31_uuid_spec
=
{
.
uuid
=
UUID_EL3_RUNTIME_FIRMWARE_BL31
,
};
static
const
io_file_spec_t
bl32_file_spec
=
{
.
path
=
BL32_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl32_uuid_spec
=
{
.
uuid
=
UUID_SECURE_PAYLOAD_BL32
,
};
static
const
io_file_spec_t
bl33_file_spec
=
{
.
path
=
BL33_IMAGE_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl33_uuid_spec
=
{
.
uuid
=
UUID_NON_TRUSTED_FIRMWARE_BL33
,
};
#if TRUSTED_BOARD_BOOT
static
const
io_file_spec_t
bl2_cert_file_spec
=
{
.
path
=
BL2_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl2_cert_uuid_spec
=
{
.
uuid
=
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT
,
};
static
const
io_file_spec_t
trusted_key_cert_file_spec
=
{
.
path
=
TRUSTED_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
trusted_key_cert_uuid_spec
=
{
.
uuid
=
UUID_TRUSTED_KEY_CERT
,
};
static
const
io_file_spec_t
bl30_key_cert_file_spec
=
{
.
path
=
BL30_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl30_key_cert_uuid_spec
=
{
.
uuid
=
UUID_SCP_FIRMWARE_BL30_KEY_CERT
,
};
static
const
io_file_spec_t
bl31_key_cert_file_spec
=
{
.
path
=
BL31_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl31_key_cert_uuid_spec
=
{
.
uuid
=
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT
,
};
static
const
io_file_spec_t
bl32_key_cert_file_spec
=
{
.
path
=
BL32_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl32_key_cert_uuid_spec
=
{
.
uuid
=
UUID_SECURE_PAYLOAD_BL32_KEY_CERT
,
};
static
const
io_file_spec_t
bl33_key_cert_file_spec
=
{
.
path
=
BL33_KEY_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl33_key_cert_uuid_spec
=
{
.
uuid
=
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT
,
};
static
const
io_file_spec_t
bl30_cert_file_spec
=
{
.
path
=
BL30_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl30_cert_uuid_spec
=
{
.
uuid
=
UUID_SCP_FIRMWARE_BL30_CERT
,
};
static
const
io_file_spec_t
bl31_cert_file_spec
=
{
.
path
=
BL31_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl31_cert_uuid_spec
=
{
.
uuid
=
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT
,
};
static
const
io_file_spec_t
bl32_cert_file_spec
=
{
.
path
=
BL32_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl32_cert_uuid_spec
=
{
.
uuid
=
UUID_SECURE_PAYLOAD_BL32_CERT
,
};
static
const
io_file_spec_t
bl33_cert_file_spec
=
{
.
path
=
BL33_CERT_NAME
,
.
mode
=
FOPEN_MODE_RB
static
const
io_uuid_spec_t
bl33_cert_uuid_spec
=
{
.
uuid
=
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT
,
};
#endif
/* TRUSTED_BOARD_BOOT */
static
int
open_fip
(
const
uintptr_t
spec
);
static
int
open_memmap
(
const
uintptr_t
spec
);
struct
plat_io_policy
{
const
char
*
image_name
;
uintptr_t
*
dev_handle
;
uintptr_t
image_spec
;
int
(
*
check
)(
const
uintptr_t
spec
);
};
/* By default, ARM platforms load images from the FIP */
static
const
struct
plat_io_policy
policies
[]
=
{
{
FIP_IMAGE_NAME
,
[
FIP_IMAGE_ID
]
=
{
&
memmap_dev_handle
,
(
uintptr_t
)
&
fip_block_spec
,
open_memmap
},
{
BL2_IMAGE_
NAME
,
},
[
BL2_IMAGE_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl2_
file
_spec
,
(
uintptr_t
)
&
bl2_
uuid
_spec
,
open_fip
},
{
BL30_IMAGE_
NAME
,
},
[
BL30_IMAGE_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl30_
file
_spec
,
(
uintptr_t
)
&
bl30_
uuid
_spec
,
open_fip
},
{
BL31_IMAGE_
NAME
,
},
[
BL31_IMAGE_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl31_
file
_spec
,
(
uintptr_t
)
&
bl31_
uuid
_spec
,
open_fip
},
{
BL32_IMAGE_
NAME
,
},
[
BL32_IMAGE_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl32_
file
_spec
,
(
uintptr_t
)
&
bl32_
uuid
_spec
,
open_fip
},
{
BL33_IMAGE_
NAME
,
},
[
BL33_IMAGE_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl33_
file
_spec
,
(
uintptr_t
)
&
bl33_
uuid
_spec
,
open_fip
},
{
},
#if TRUSTED_BOARD_BOOT
BL2_CERT_
NAME
,
[
BL2_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl2_cert_
file
_spec
,
(
uintptr_t
)
&
bl2_cert_
uuid
_spec
,
open_fip
},
{
TRUSTED_KEY_CERT_
NAME
,
},
[
TRUSTED_KEY_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
trusted_key_cert_
file
_spec
,
(
uintptr_t
)
&
trusted_key_cert_
uuid
_spec
,
open_fip
},
{
BL30_KEY_CERT_
NAME
,
},
[
BL30_KEY_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl30_key_cert_
file
_spec
,
(
uintptr_t
)
&
bl30_key_cert_
uuid
_spec
,
open_fip
},
{
BL31_KEY_CERT_
NAME
,
},
[
BL31_KEY_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl31_key_cert_
file
_spec
,
(
uintptr_t
)
&
bl31_key_cert_
uuid
_spec
,
open_fip
},
{
BL32_KEY_CERT_
NAME
,
},
[
BL32_KEY_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl32_key_cert_
file
_spec
,
(
uintptr_t
)
&
bl32_key_cert_
uuid
_spec
,
open_fip
},
{
BL33_KEY_CERT_
NAME
,
},
[
BL33_KEY_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl33_key_cert_
file
_spec
,
(
uintptr_t
)
&
bl33_key_cert_
uuid
_spec
,
open_fip
},
{
BL30_CERT_
NAME
,
},
[
BL30_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl30_cert_
file
_spec
,
(
uintptr_t
)
&
bl30_cert_
uuid
_spec
,
open_fip
},
{
BL31_CERT_
NAME
,
},
[
BL31_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl31_cert_
file
_spec
,
(
uintptr_t
)
&
bl31_cert_
uuid
_spec
,
open_fip
},
{
BL32_CERT_
NAME
,
},
[
BL32_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl32_cert_
file
_spec
,
(
uintptr_t
)
&
bl32_cert_
uuid
_spec
,
open_fip
},
{
BL33_CERT_
NAME
,
},
[
BL33_CERT_
ID
]
=
{
&
fip_dev_handle
,
(
uintptr_t
)
&
bl33_cert_
file
_spec
,
(
uintptr_t
)
&
bl33_cert_
uuid
_spec
,
open_fip
},
{
},
#endif
/* TRUSTED_BOARD_BOOT */
0
,
0
,
0
}
};
...
...
@@ -235,7 +219,7 @@ static int open_fip(const uintptr_t spec)
uintptr_t
local_image_handle
;
/* See if a Firmware Image Package is available */
result
=
io_dev_init
(
fip_dev_handle
,
(
uintptr_t
)
FIP_IMAGE_
NAME
);
result
=
io_dev_init
(
fip_dev_handle
,
(
uintptr_t
)
FIP_IMAGE_
ID
);
if
(
result
==
IO_SUCCESS
)
{
result
=
io_open
(
fip_dev_handle
,
spec
,
&
local_image_handle
);
if
(
result
==
IO_SUCCESS
)
{
...
...
@@ -293,8 +277,9 @@ void plat_arm_io_setup(void)
}
int
plat_arm_get_alt_image_source
(
const
uintptr_t
image_spec
__attribute__
((
unused
)),
uintptr_t
*
dev_handle
__attribute__
((
unused
)))
unsigned
int
image_id
__attribute__
((
unused
)),
uintptr_t
*
dev_handle
__attribute__
((
unused
)),
uintptr_t
*
image_spec
__attribute__
((
unused
)))
{
/* By default do not try an alternative */
return
IO_FAIL
;
...
...
@@ -302,36 +287,24 @@ int plat_arm_get_alt_image_source(
/* Return an IO device handle and specification which can be used to access
* an image. Use this to enforce platform load policy */
int
plat_get_image_source
(
const
char
*
image_
name
,
uintptr_t
*
dev_handle
,
int
plat_get_image_source
(
unsigned
int
image_
id
,
uintptr_t
*
dev_handle
,
uintptr_t
*
image_spec
)
{
int
result
=
IO_FAIL
;
const
struct
plat_io_policy
*
policy
;
if
((
image_name
!=
NULL
)
&&
(
dev_handle
!=
NULL
)
&&
(
image_spec
!=
NULL
))
{
policy
=
policies
;
while
(
policy
->
image_name
!=
NULL
)
{
if
(
strcmp
(
policy
->
image_name
,
image_name
)
==
0
)
{
assert
(
image_id
<
ARRAY_SIZE
(
policies
));
policy
=
&
policies
[
image_id
];
result
=
policy
->
check
(
policy
->
image_spec
);
if
(
result
==
IO_SUCCESS
)
{
*
image_spec
=
policy
->
image_spec
;
*
dev_handle
=
*
(
policy
->
dev_handle
);
break
;
}
VERBOSE
(
"Trying alternative IO
\n
"
);
result
=
plat_arm_get_alt_image_source
(
policy
->
image_spec
,
dev_handle
);
if
(
result
==
IO_SUCCESS
)
{
*
image_spec
=
policy
->
image_spec
;
break
;
}
}
policy
++
;
}
}
else
{
result
=
IO_FAIL
;
VERBOSE
(
"Trying alternative IO
\n
"
);
result
=
plat_arm_get_alt_image_source
(
image_id
,
dev_handle
,
image_spec
);
}
return
result
;
}
tools/cert_create/Makefile
View file @
84f95bed
...
...
@@ -33,6 +33,7 @@ PLAT := none
V
:=
0
DEBUG
:=
0
BINARY
:=
${PROJECT}
OPENSSL_DIR
:=
/usr
OBJECTS
:=
src/cert.o
\
src/ext.o
\
...
...
@@ -69,8 +70,8 @@ endif
# Make soft links and include from local directory otherwise wrong headers
# could get pulled in from firmware tree.
INC_DIR
:=
-I
./include
-I
${PLAT_INCLUDE}
LIB_DIR
:=
INC_DIR
:=
-I
./include
-I
${PLAT_INCLUDE}
-I
${OPENSSL_DIR}
/include
LIB_DIR
:=
-L
${OPENSSL_DIR}
/lib
LIB
:=
-lssl
-lcrypto
CC
:=
gcc
...
...
tools/cert_create/include/ext.h
View file @
84f95bed
...
...
@@ -63,7 +63,8 @@ enum {
};
int
ext_init
(
ext_t
*
tbb_ext
);
X509_EXTENSION
*
ext_new_hash
(
int
nid
,
int
crit
,
unsigned
char
*
buf
,
size_t
len
);
X509_EXTENSION
*
ext_new_hash
(
int
nid
,
int
crit
,
const
EVP_MD
*
md
,
unsigned
char
*
buf
,
size_t
len
);
X509_EXTENSION
*
ext_new_nvcounter
(
int
nid
,
int
crit
,
int
value
);
X509_EXTENSION
*
ext_new_key
(
int
nid
,
int
crit
,
EVP_PKEY
*
k
);
...
...
tools/cert_create/include/key.h
View file @
84f95bed
...
...
@@ -35,6 +35,21 @@
#define RSA_KEY_BITS 2048
/* Error codes */
enum
{
KEY_ERR_NONE
,
KEY_ERR_MALLOC
,
KEY_ERR_FILENAME
,
KEY_ERR_OPEN
,
KEY_ERR_LOAD
};
/* Supported key algorithms */
enum
{
KEY_ALG_RSA
,
KEY_ALG_ECDSA
};
/*
* This structure contains the relevant information to create the keys
* required to sign the certificates.
...
...
@@ -50,8 +65,8 @@ typedef struct key_s {
EVP_PKEY
*
key
;
/* Key container */
}
key_t
;
int
key_
new
(
key_t
*
key
);
int
key_load
(
key_t
*
key
);
int
key_
create
(
key_t
*
key
,
int
type
);
int
key_load
(
key_t
*
key
,
unsigned
int
*
err_code
);
int
key_store
(
key_t
*
key
);
#endif
/* KEY_H_ */
tools/cert_create/src/ext.c
View file @
84f95bed
...
...
@@ -31,13 +31,29 @@
#include <stddef.h>
#include <stdio.h>
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
#include "ext.h"
DECLARE_ASN1_ITEM
(
ASN1_INTEGER
)
DECLARE_ASN1_ITEM
(
X509_ALGOR
)
DECLARE_ASN1_ITEM
(
ASN1_OCTET_STRING
)
typedef
struct
{
X509_ALGOR
*
hashAlgorithm
;
ASN1_OCTET_STRING
*
dataHash
;
}
HASH
;
ASN1_SEQUENCE
(
HASH
)
=
{
ASN1_SIMPLE
(
HASH
,
hashAlgorithm
,
X509_ALGOR
),
ASN1_SIMPLE
(
HASH
,
dataHash
,
ASN1_OCTET_STRING
),
}
ASN1_SEQUENCE_END
(
HASH
)
DECLARE_ASN1_FUNCTIONS
(
HASH
)
IMPLEMENT_ASN1_FUNCTIONS
(
HASH
)
/*
* This function adds the TBB extensions to the internal extension list
* maintained by OpenSSL so they can be used later.
...
...
@@ -123,37 +139,85 @@ X509_EXTENSION *ext_new(int nid, int crit, unsigned char *data, int len)
}
/*
* Creates a x509v3 extension containing a hash encapsulated in an ASN1 Octet
* String
* Creates a x509v3 extension containing a hash
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* Parameters:
* pex: OpenSSL extension pointer (output parameter)
* nid: extension identifier
* crit: extension critical (EXT_NON_CRIT, EXT_CRIT)
* md: hash algorithm
* buf: pointer to the buffer that contains the hash
* len: size of the hash in bytes
*
* Return: Extension address, NULL if error
*/
X509_EXTENSION
*
ext_new_hash
(
int
nid
,
int
crit
,
unsigned
char
*
buf
,
size_t
len
)
X509_EXTENSION
*
ext_new_hash
(
int
nid
,
int
crit
,
const
EVP_MD
*
md
,
unsigned
char
*
buf
,
size_t
len
)
{
X509_EXTENSION
*
ex
=
NULL
;
ASN1_OCTET_STRING
*
hash
=
NULL
;
ASN1_OCTET_STRING
*
octet
=
NULL
;
HASH
*
hash
=
NULL
;
ASN1_OBJECT
*
algorithm
=
NULL
;
X509_ALGOR
*
x509_algor
=
NULL
;
unsigned
char
*
p
=
NULL
;
int
sz
=
-
1
;
/* Encode Hash */
hash
=
ASN1_OCTET_STRING_new
();
ASN1_OCTET_STRING_set
(
hash
,
buf
,
len
);
sz
=
i2d_ASN1_OCTET_STRING
(
hash
,
NULL
);
i2d_ASN1_OCTET_STRING
(
hash
,
&
p
);
/* OBJECT_IDENTIFIER with hash algorithm */
algorithm
=
OBJ_nid2obj
(
md
->
type
);
if
(
algorithm
==
NULL
)
{
return
NULL
;
}
/* Create X509_ALGOR */
x509_algor
=
X509_ALGOR_new
();
if
(
x509_algor
==
NULL
)
{
return
NULL
;
}
x509_algor
->
algorithm
=
algorithm
;
x509_algor
->
parameter
=
ASN1_TYPE_new
();
ASN1_TYPE_set
(
x509_algor
->
parameter
,
V_ASN1_NULL
,
NULL
);
/* OCTET_STRING with the actual hash */
octet
=
ASN1_OCTET_STRING_new
();
if
(
octet
==
NULL
)
{
X509_ALGOR_free
(
x509_algor
);
return
NULL
;
}
ASN1_OCTET_STRING_set
(
octet
,
buf
,
len
);
/* HASH structure containing algorithm + hash */
hash
=
HASH_new
();
if
(
hash
==
NULL
)
{
ASN1_OCTET_STRING_free
(
octet
);
X509_ALGOR_free
(
x509_algor
);
return
NULL
;
}
hash
->
hashAlgorithm
=
x509_algor
;
hash
->
dataHash
=
octet
;
/* DER encoded HASH */
sz
=
i2d_HASH
(
hash
,
&
p
);
if
((
sz
<=
0
)
||
(
p
==
NULL
))
{
HASH_free
(
hash
);
X509_ALGOR_free
(
x509_algor
);
return
NULL
;
}
/* Create the extension */
ex
=
ext_new
(
nid
,
crit
,
p
,
sz
);
/* Clean up */
OPENSSL_free
(
p
);
AS
N1_OCTET_STRING
_free
(
hash
);
H
AS
H
_free
(
hash
);
return
ex
;
}
...
...
tools/cert_create/src/key.c
View file @
84f95bed
...
...
@@ -46,41 +46,81 @@
#define MAX_FILENAME_LEN 1024
/*
* Create a new key
* Create a new key
container
*/
int
key_new
(
key_t
*
key
)
static
int
key_new
(
key_t
*
key
)
{
RSA
*
rsa
=
NULL
;
EVP_PKEY
*
k
=
NULL
;
/* Create key pair container */
k
=
EVP_PKEY_new
();
if
(
k
==
NULL
)
{
k
ey
->
key
=
EVP_PKEY_new
();
if
(
k
ey
->
key
==
NULL
)
{
return
0
;
}
return
1
;
}
int
key_create
(
key_t
*
key
,
int
type
)
{
RSA
*
rsa
=
NULL
;
EC_KEY
*
ec
=
NULL
;
/* Create OpenSSL key container */
if
(
!
key_new
(
key
))
{
goto
err
;
}
switch
(
type
)
{
case
KEY_ALG_RSA
:
/* Generate a new RSA key */
rsa
=
RSA_generate_key
(
RSA_KEY_BITS
,
RSA_F4
,
NULL
,
NULL
);
if
(
EVP_PKEY_assign_RSA
(
k
,
rsa
))
{
key
->
key
=
k
;
return
1
;
}
else
{
if
(
rsa
==
NULL
)
{
printf
(
"Cannot create RSA key
\n
"
);
goto
err
;
}
if
(
!
EVP_PKEY_assign_RSA
(
key
->
key
,
rsa
))
{
printf
(
"Cannot assign RSA key
\n
"
);
goto
err
;
}
break
;
case
KEY_ALG_ECDSA
:
/* Generate a new ECDSA key */
ec
=
EC_KEY_new_by_curve_name
(
NID_X9_62_prime256v1
);
if
(
ec
==
NULL
)
{
printf
(
"Cannot create EC key
\n
"
);
goto
err
;
}
if
(
!
EC_KEY_generate_key
(
ec
))
{
printf
(
"Cannot generate EC key
\n
"
);
goto
err
;
}
EC_KEY_set_flags
(
ec
,
EC_PKEY_NO_PARAMETERS
);
EC_KEY_set_asn1_flag
(
ec
,
OPENSSL_EC_NAMED_CURVE
);
if
(
!
EVP_PKEY_assign_EC_KEY
(
key
->
key
,
ec
))
{
printf
(
"Cannot assign EC key
\n
"
);
goto
err
;
}
break
;
default:
goto
err
;
}
if
(
k
)
EVP_PKEY_free
(
k
);
return
1
;
err:
RSA_free
(
rsa
);
EC_KEY_free
(
ec
);
return
0
;
}
int
key_load
(
key_t
*
key
)
int
key_load
(
key_t
*
key
,
unsigned
int
*
err_code
)
{
FILE
*
fp
=
NULL
;
EVP_PKEY
*
k
=
NULL
;
/* Create
key pair
container */
k
=
EVP_PKEY_new
();
if
(
k
==
NULL
)
{
/* Create
OpenSSL key
container */
if
(
!
key_new
(
key
))
{
*
err_code
=
KEY_ERR_MALLOC
;
return
0
;
}
...
...
@@ -88,24 +128,24 @@ int key_load(key_t *key)
/* Load key from file */
fp
=
fopen
(
key
->
fn
,
"r"
);
if
(
fp
)
{
k
=
PEM_read_PrivateKey
(
fp
,
&
k
,
NULL
,
NULL
);
k
=
PEM_read_PrivateKey
(
fp
,
&
k
ey
->
key
,
NULL
,
NULL
);
fclose
(
fp
);
if
(
k
)
{
key
->
key
=
k
;
*
err_code
=
KEY_ERR_NONE
;
return
1
;
}
else
{
ERROR
(
"Cannot read key from %s
\n
"
,
key
->
fn
);
ERROR
(
"Cannot load key from %s
\n
"
,
key
->
fn
);
*
err_code
=
KEY_ERR_LOAD
;
}
}
else
{
ERROR
(
"Cannot open file %s
\n
"
,
key
->
fn
);
WARN
(
"Cannot open file %s
\n
"
,
key
->
fn
);
*
err_code
=
KEY_ERR_OPEN
;
}
}
else
{
ERROR
(
"Key filename not specified
\n
"
);
WARN
(
"Key filename not specified
\n
"
);
*
err_code
=
KEY_ERR_FILENAME
;
}
if
(
k
)
EVP_PKEY_free
(
k
);
return
0
;
}
...
...
tools/cert_create/src/main.c
View file @
84f95bed
...
...
@@ -80,6 +80,7 @@
#define VAL_DAYS 7300
#define ID_TO_BIT_MASK(id) (1 << id)
#define NVCOUNTER_VALUE 0
#define NUM_ELEM(x) ((sizeof(x)) / (sizeof(x[0])))
/* Files */
enum
{
...
...
@@ -112,6 +113,7 @@ enum {
};
/* Global options */
static
int
key_alg
;
static
int
new_keys
;
static
int
save_keys
;
static
int
print_cert
;
...
...
@@ -138,6 +140,11 @@ static char *strdup(const char *str)
return
dup
;
}
static
const
char
*
key_algs_str
[]
=
{
[
KEY_ALG_RSA
]
=
"rsa"
,
[
KEY_ALG_ECDSA
]
=
"ecdsa"
};
/* Command line options */
static
const
struct
option
long_opt
[]
=
{
/* Binary images */
...
...
@@ -166,6 +173,7 @@ static const struct option long_opt[] = {
{
"bl32-key"
,
required_argument
,
0
,
BL32_KEY_ID
},
{
"bl33-key"
,
required_argument
,
0
,
BL33_KEY_ID
},
/* Common options */
{
"key-alg"
,
required_argument
,
0
,
'a'
},
{
"help"
,
no_argument
,
0
,
'h'
},
{
"save-keys"
,
no_argument
,
0
,
'k'
},
{
"new-chain"
,
no_argument
,
0
,
'n'
},
...
...
@@ -189,6 +197,7 @@ static void print_help(const char *cmd)
printf
(
" --%s <file>
\\\n
"
,
long_opt
[
i
].
name
);
}
printf
(
"
\n
"
);
printf
(
"-a Key algorithm: rsa (default), ecdsa
\n
"
);
printf
(
"-h Print help and exit
\n
"
);
printf
(
"-k Save key pairs into files. Filenames must be provided
\n
"
);
printf
(
"-n Generate new key pairs if no key files are provided
\n
"
);
...
...
@@ -198,8 +207,27 @@ static void print_help(const char *cmd)
exit
(
0
);
}
static
int
get_key_alg
(
const
char
*
key_alg_str
)
{
int
i
;
for
(
i
=
0
;
i
<
NUM_ELEM
(
key_algs_str
)
;
i
++
)
{
if
(
0
==
strcmp
(
key_alg_str
,
key_algs_str
[
i
]))
{
return
i
;
}
}
return
-
1
;
}
static
void
check_cmd_params
(
void
)
{
/* Only save new keys */
if
(
save_keys
&&
!
new_keys
)
{
ERROR
(
"Only new keys can be saved to disk
\n
"
);
exit
(
1
);
}
/* BL2, BL31 and BL33 are mandatory */
if
(
certs
[
BL2_CERT
].
bin
==
NULL
)
{
ERROR
(
"BL2 image not specified
\n
"
);
...
...
@@ -276,14 +304,19 @@ int main(int argc, char *argv[])
FILE
*
file
=
NULL
;
int
i
,
tz_nvctr_nid
,
ntz_nvctr_nid
,
hash_nid
,
pk_nid
;
int
c
,
opt_idx
=
0
;
unsigned
int
err_code
;
unsigned
char
md
[
SHA256_DIGEST_LENGTH
];
const
EVP_MD
*
md_info
;
NOTICE
(
"CoT Generation Tool: %s
\n
"
,
build_msg
);
NOTICE
(
"Target platform: %s
\n
"
,
platform_msg
);
/* Set default options */
key_alg
=
KEY_ALG_RSA
;
while
(
1
)
{
/* getopt_long stores the option index here. */
c
=
getopt_long
(
argc
,
argv
,
"hknp"
,
long_opt
,
&
opt_idx
);
c
=
getopt_long
(
argc
,
argv
,
"
a
hknp"
,
long_opt
,
&
opt_idx
);
/* Detect the end of the options. */
if
(
c
==
-
1
)
{
...
...
@@ -291,6 +324,13 @@ int main(int argc, char *argv[])
}
switch
(
c
)
{
case
'a'
:
key_alg
=
get_key_alg
(
optarg
);
if
(
key_alg
<
0
)
{
ERROR
(
"Invalid key algorithm '%s'
\n
"
,
optarg
);
exit
(
1
);
}
break
;
case
'h'
:
print_help
(
argv
[
0
]);
break
;
...
...
@@ -389,24 +429,50 @@ int main(int argc, char *argv[])
exit
(
1
);
}
/* Indicate SHA256 as image hash algorithm in the certificate
* extension */
md_info
=
EVP_sha256
();
/* Get non-volatile counters NIDs */
CHECK_OID
(
tz_nvctr_nid
,
TZ_FW_NVCOUNTER_OID
);
CHECK_OID
(
ntz_nvctr_nid
,
NTZ_FW_NVCOUNTER_OID
);
/* Load private keys from files (or generate new ones) */
if
(
new_keys
)
{
for
(
i
=
0
;
i
<
NUM_KEYS
;
i
++
)
{
if
(
!
key_new
(
&
keys
[
i
]))
{
ERROR
(
"Error creating %s
\n
"
,
keys
[
i
].
desc
);
/* First try to load the key from disk */
if
(
key_load
(
&
keys
[
i
],
&
err_code
))
{
/* Key loaded successfully */
continue
;
}
/* Key not loaded. Check the error code */
if
(
err_code
==
KEY_ERR_MALLOC
)
{
/* Cannot allocate memory. Abort. */
ERROR
(
"Malloc error while loading '%s'
\n
"
,
keys
[
i
].
fn
);
exit
(
1
);
}
else
if
(
err_code
==
KEY_ERR_LOAD
)
{
/* File exists, but it does not contain a valid private
* key. Abort. */
ERROR
(
"Error loading '%s'
\n
"
,
keys
[
i
].
fn
);
exit
(
1
);
}
/* File does not exist, could not be opened or no filename was
* given */
if
(
new_keys
)
{
/* Try to create a new key */
NOTICE
(
"Creating new key for '%s'
\n
"
,
keys
[
i
].
desc
);
if
(
!
key_create
(
&
keys
[
i
],
key_alg
))
{
ERROR
(
"Error creating key '%s'
\n
"
,
keys
[
i
].
desc
);
exit
(
1
);
}
}
else
{
for
(
i
=
0
;
i
<
NUM_KEYS
;
i
++
)
{
if
(
!
key_load
(
&
keys
[
i
]
))
{
ERROR
(
"Error loading %s
\n
"
,
keys
[
i
].
desc
);
exit
(
1
);
if
(
err_code
==
KEY_ERR_OPEN
)
{
ERROR
(
"Error opening '%s'
\n
"
,
keys
[
i
]
.
fn
);
}
else
{
ERROR
(
"Key '%s' not specified
\n
"
,
keys
[
i
].
desc
);
}
exit
(
1
);
}
}
...
...
@@ -430,7 +496,7 @@ int main(int argc, char *argv[])
exit
(
1
);
}
CHECK_OID
(
hash_nid
,
BL2_HASH_OID
);
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
,
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md_info
,
md
,
SHA256_DIGEST_LENGTH
));
sk_X509_EXTENSION_push
(
sk
,
hash_ext
);
...
...
@@ -509,8 +575,8 @@ int main(int argc, char *argv[])
exit
(
1
);
}
CHECK_OID
(
hash_nid
,
BL30_HASH_OID
);
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
,
SHA256_DIGEST_LENGTH
));
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
_info
,
md
,
SHA256_DIGEST_LENGTH
));
sk_X509_EXTENSION_push
(
sk
,
hash_ext
);
if
(
!
cert_new
(
&
certs
[
BL30_CERT
],
VAL_DAYS
,
0
,
sk
))
{
...
...
@@ -559,7 +625,7 @@ int main(int argc, char *argv[])
exit
(
1
);
}
CHECK_OID
(
hash_nid
,
BL31_HASH_OID
);
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
,
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md_info
,
md
,
SHA256_DIGEST_LENGTH
));
sk_X509_EXTENSION_push
(
sk
,
hash_ext
);
...
...
@@ -612,8 +678,8 @@ int main(int argc, char *argv[])
exit
(
1
);
}
CHECK_OID
(
hash_nid
,
BL32_HASH_OID
);
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
,
SHA256_DIGEST_LENGTH
));
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
_info
,
md
,
SHA256_DIGEST_LENGTH
));
sk_X509_EXTENSION_push
(
sk
,
hash_ext
);
if
(
!
cert_new
(
&
certs
[
BL32_CERT
],
VAL_DAYS
,
0
,
sk
))
{
...
...
@@ -662,7 +728,7 @@ int main(int argc, char *argv[])
exit
(
1
);
}
CHECK_OID
(
hash_nid
,
BL33_HASH_OID
);
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md
,
CHECK_NULL
(
hash_ext
,
ext_new_hash
(
hash_nid
,
EXT_CRIT
,
md_info
,
md
,
SHA256_DIGEST_LENGTH
));
sk_X509_EXTENSION_push
(
sk
,
hash_ext
);
...
...
Prev
1
2
3
Next
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment