ot_certs

Module template

Source
Expand description

OpenTitan certificate template deserialization.

This module contains structs defining certificate templates.

These structs are defined in Hjson files and deserialized to here. Any extra conversion required (beyond simple renaming) is done in the hjson module.

The format for a template in Hjson looks something like:

{
  variables: {
    SomeVariableName: {
      type: "byte-array",
      size: 20,
    },
    // ...
  },

  certificate: {
    // Certificate keys, some making use of variables, others not.
    serial_number: { var: "SomeVariableName" },
    layer: 0,
    // ...
  }
}

Modules§

subst
This module defines substitution data that can be used to replace the variables in a template by actual values.
testgen
This module provides functionality to generate substitute data for template to test corner cases of the certificate generator.

Structs§

BasicConstraints
Certificate
Certificate specification.
DiceTcbInfoExtension
DICE TCB extension.
DiceTcbInfoFlags
Flags that can be set for a certificate.
EcPublicKey
Representation of an elliptic curve public key in uncompressed form.
EcPublicKeyInfo
Representation of an elliptic curve public key information.
EcdsaSignature
Representation of an ECDSA signature.
FirmwareId
Firmware ID (fwid) field.
KeyUsage
Template
Full template file, including variable declarations and certificate spec.
Variable
Value which may either be a variable name or literal.

Enums§

AttributeType
CertificateExtension
Conversion
Conversion to apply to a variable when inserting it into the certificate.
EcCurve
List of EC named curves.
HashAlgorithm
Possible algorithms for computing hashes.
Signature
Representation of the signature of the certificate.
SizeRange
SizeRange sets the range of the variable it represented.
SubjectPublicKeyInfo
Representation of the SubjectPublicKeyInfo field.
Value
Value which may either be a variable name or literal.
VariableType
Declaration of a variable that can be filled into the template.

Type Aliases§

Name
An X501 Name (or DistinguishedName, aka DN): a DN consists of a sequence of RelativeDistinguishedName (RDN). An RDN is an ordered set of attribute type and value pairs. Within an RDN, each attribute type can only appear once. Therefore, we represent a name as a vector of RDN, and each RDN is represented by a map. The order of the vector is important: changing the order changes the name. The order within the map is not important but we use an IndexMap to make the consumers of this template use a deterministic order.