cert_create: improve command line argument check

The certificate generation tool currently checks if all command
line options required to create all certificates in the CoT have
been specified. This prevents using the tool to create individual
certificates when the whole CoT is not required.

This patch improves the checking function so only those options
required by the certificates specified in the command line are
verified.

Change-Id: I2c426a8e2e2dec85b15f2d98fd4ba949c1aed385

tools/cert_create/src/main.c

@@ -116,8 +116,6 @@ static int key_alg;
 static int new_keys;
 static int save_keys;
 static int print_cert;
-static int bl30_present;
-static int bl32_present;
 
 /* Info messages created in the Makefile */
 extern const char build_msg[];
@@ -218,74 +216,55 @@ static int get_key_alg(const char *key_alg_str)
 
 static void check_cmd_params(void)
 {
+	cert_t *cert;
+	ext_t *ext;
+	key_t *key;
+	int i, j;
+
 	/* Only save new keys */
 	if (save_keys && !new_keys) {
 		ERROR("Only new keys can be saved to disk\n");
 		exit(1);
 	}
 
-	/* BL2, BL31 and BL33 are mandatory */
+	/* Check that all required options have been specified in the
-	if (extensions[BL2_HASH_EXT].data.fn == NULL) {
+	 * command line */
-		ERROR("BL2 image not specified\n");
+	for (i = 0; i < num_certs; i++) {
-		exit(1);
+		cert = &certs[i];
-	}
+		if (cert->fn == NULL) {
-
+			/* Certificate not requested. Skip to the next one */
-	if (extensions[BL31_HASH_EXT].data.fn == NULL) {
+			continue;
-		ERROR("BL31 image not specified\n");
-		exit(1);
-	}
-
-	if (extensions[BL33_HASH_EXT].data.fn == NULL) {
-		ERROR("BL33 image not specified\n");
-		exit(1);
-	}
-
-	/* BL30 and BL32 are optional */
-	if (extensions[BL30_HASH_EXT].data.fn != NULL) {
-		bl30_present = 1;
-	}
-
-	if (extensions[BL32_HASH_EXT].data.fn != NULL) {
-		bl32_present = 1;
-	}
-
-	/* TODO: Certificate filenames */
-
-	/* Filenames to store keys must be specified */
-	if (save_keys || !new_keys) {
-		if (keys[ROT_KEY].fn == NULL) {
-			ERROR("ROT key not specified\n");
-			exit(1);
 		}
 
-		if (keys[TRUSTED_WORLD_KEY].fn == NULL) {
+		/* Check that all parameters required to create this certificate
-			ERROR("Trusted World key not specified\n");
+		 * have been specified in the command line */
-			exit(1);
+		for (j = 0; j < cert->num_ext; j++) {
-		}
+			ext = &extensions[cert->ext[j]];
-
+			switch (ext->type) {
-		if (keys[NON_TRUSTED_WORLD_KEY].fn == NULL) {
+			case EXT_TYPE_PKEY:
-			ERROR("Non-trusted World key not specified\n");
+				/* Key filename must be specified */
-			exit(1);
+				key = &keys[ext->data.key];
-		}
+				if (!new_keys && key->fn == NULL) {
-
+					ERROR("Key '%s' required by '%s' not "
-		if (keys[BL31_KEY].fn == NULL) {
+					      "specified\n", key->desc,
-			ERROR("BL31 key not specified\n");
+					      cert->cn);
-			exit(1);
+					exit(1);
-		}
+				}
-
+				break;
-		if (keys[BL33_KEY].fn == NULL) {
+			case EXT_TYPE_HASH:
-			ERROR("BL33 key not specified\n");
+				/* Binary image must be specified */
-			exit(1);
+				if (ext->data.fn == NULL) {
-		}
+					ERROR("Image for '%s' not specified\n",
-
+					      ext->ln);
-		if (bl30_present && (keys[BL30_KEY].fn == NULL)) {
+					exit(1);
-			ERROR("BL30 key not specified\n");
+				}
-			exit(1);
+				break;
-		}
+			default:
-
+				ERROR("Unknown extension type in '%s'\n",
-		if (bl32_present && (keys[BL32_KEY].fn == NULL)) {
+				      ext->ln);
-			ERROR("BL32 key not specified\n");
+				exit(1);
-			exit(1);
+				break;
+			}
 		}
 	}
 }
@@ -518,7 +497,7 @@ int main(int argc, char *argv[])
 		}
 
 		/* Create certificate. Signed with ROT key */
-		if (!cert_new(cert, VAL_DAYS, 0, sk)) {
+		if (cert->fn && !cert_new(cert, VAL_DAYS, 0, sk)) {
 			ERROR("Cannot create %s\n", cert->cn);
 			exit(1);
 		}