From 9f5331c3b9255085d9531e173296c5ff342d4870 Mon Sep 17 00:00:00 2001 From: connerwolfssl Date: Wed, 9 May 2018 09:35:41 -0600 Subject: [PATCH] Code review changes with Kaleb, rsa keygen fixes, code cleanup --- wolfCLU/README.md | 4 ++-- wolfCLU/clu_include/clu_optargs.h | 4 ++-- wolfCLU/clu_src/clu_main.c | 2 +- wolfCLU/clu_src/genkey/clu_genkey.c | 2 +- wolfCLU/clu_src/genkey/clu_genkey_setup.c | 2 +- wolfCLU/clu_src/sign-verify/clu_sign.c | 5 ++++- .../sign-verify/clu_sign_verify_setup.c | 4 ++-- wolfCLU/clu_src/sign-verify/clu_verify.c | 10 +++++---- wolfCLU/clu_src/tools/clu_funcs.c | 22 +++++++++---------- wolfCLU/clu_src/x509/clu_parse.c | 1 + 10 files changed, 31 insertions(+), 25 deletions(-) diff --git a/wolfCLU/README.md b/wolfCLU/README.md index 1089d9c3..3667efbd 100644 --- a/wolfCLU/README.md +++ b/wolfCLU/README.md @@ -6,7 +6,8 @@ This is the wolfSSL: Command Line Utility (wolfCLU). To use this feature, please configure and install wolfssl with the following commands: - ./configure --enable-pwdbased --enable-opensslextra --enable-keygen && make && make check + ./configure --enable-pwdbased --enable-opensslextra --enable-keygen --enable-ed25519 + && make && make check If that succeeds, run: @@ -36,7 +37,6 @@ encryption or decryption are: Additional features that can be included when configuring wolfssl for key generation are: - --enable-ed25519 ##wolfCLU Install diff --git a/wolfCLU/clu_include/clu_optargs.h b/wolfCLU/clu_include/clu_optargs.h index 779adab9..a62bd6b6 100644 --- a/wolfCLU/clu_include/clu_optargs.h +++ b/wolfCLU/clu_include/clu_optargs.h @@ -48,7 +48,7 @@ enum { VERBOSE, INKEY, PUBIN, - SIGNATURE, + SIGFILE, INFORM, OUTFORM, NOOUT, @@ -89,7 +89,7 @@ static struct option long_options[] = { {"pubin", no_argument, 0, PUBIN }, {"inform", required_argument, 0, INFORM }, {"outform", required_argument, 0, OUTFORM }, - {"signature", required_argument, 0, SIGNATURE }, + {"sigfile", required_argument, 0, SIGFILE }, {"noout", no_argument, 0, NOOUT }, {"text", no_argument, 0, TEXT_OUT }, {"silent", no_argument, 0, SILENT }, diff --git a/wolfCLU/clu_src/clu_main.c b/wolfCLU/clu_src/clu_main.c index 24c8b8d9..7649381e 100644 --- a/wolfCLU/clu_src/clu_main.c +++ b/wolfCLU/clu_src/clu_main.c @@ -95,7 +95,7 @@ int main(int argc, char** argv) case INFILE: /* File passed in by user */ case OUTFILE: /* Output file */ case INKEY: - case SIGNATURE: + case SIGFILE: /* do nothing. */ diff --git a/wolfCLU/clu_src/genkey/clu_genkey.c b/wolfCLU/clu_src/genkey/clu_genkey.c index 88745b15..aa5b5bcf 100644 --- a/wolfCLU/clu_src/genkey/clu_genkey.c +++ b/wolfCLU/clu_src/genkey/clu_genkey.c @@ -32,7 +32,7 @@ #ifdef HAVE_ED25519 int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) { - int ret = -1; /* return value */ + int ret; /* return value */ int fOutNmSz = XSTRLEN(fOutNm); /* file name without append */ int fOutNmAppendSz = 6; /* # of bytes to append to file name */ int flag_outputPub = 0; /* set if outputting both priv/pub */ diff --git a/wolfCLU/clu_src/genkey/clu_genkey_setup.c b/wolfCLU/clu_src/genkey/clu_genkey_setup.c index d285d21b..8640ff8b 100644 --- a/wolfCLU/clu_src/genkey/clu_genkey_setup.c +++ b/wolfCLU/clu_src/genkey/clu_genkey_setup.c @@ -173,7 +173,7 @@ int wolfCLU_genKeySetup(int argc, char** argv) return NOT_COMPILED_IN; #endif /* HAVE_ECC */ } else if (XSTRNCMP(keyType, "rsa", 3) == 0) { - #if defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /* RSA flags */ int directiveArg; int sizeArg; diff --git a/wolfCLU/clu_src/sign-verify/clu_sign.c b/wolfCLU/clu_src/sign-verify/clu_sign.c index 1e7be791..3a6094f4 100644 --- a/wolfCLU/clu_src/sign-verify/clu_sign.c +++ b/wolfCLU/clu_src/sign-verify/clu_sign.c @@ -25,7 +25,7 @@ #include "clu_include/clu_header_main.h" int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType) { - int ret = -1; + int ret; int fSz; FILE* f = fopen(in,"rb"); @@ -52,6 +52,9 @@ int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType) { ret = wolfCLU_sign_data_ed25519(data, out, fSz, privKey); break; + default: + printf("No valid sign algorithm selected.\n"); + ret = -1; } return ret; diff --git a/wolfCLU/clu_src/sign-verify/clu_sign_verify_setup.c b/wolfCLU/clu_src/sign-verify/clu_sign_verify_setup.c index 5af29dfe..9baa5823 100644 --- a/wolfCLU/clu_src/sign-verify/clu_sign_verify_setup.c +++ b/wolfCLU/clu_src/sign-verify/clu_sign_verify_setup.c @@ -123,7 +123,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) inCheck = 1; } - ret = wolfCLU_checkForArg("-signature", 10, argc, argv); + ret = wolfCLU_checkForArg("-sigfile", 8, argc, argv); if (ret > 0) { sig = XMALLOC(strlen(argv[ret+1]), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { @@ -138,7 +138,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) sigCheck = 1; } else if (verifyCheck == 1) { - printf("Please specify -signature when verifying.\n"); + printf("Please specify -sigfile when verifying.\n"); wolfCLU_verifyHelp(algCheck); return ret; } diff --git a/wolfCLU/clu_src/sign-verify/clu_verify.c b/wolfCLU/clu_src/sign-verify/clu_verify.c index c7eca166..f7aa29bc 100644 --- a/wolfCLU/clu_src/sign-verify/clu_verify.c +++ b/wolfCLU/clu_src/sign-verify/clu_verify.c @@ -137,7 +137,7 @@ int wolfCLU_verify_signature(char* sig, char* hash, int hSz; int fSz; - int ret = -1; + int ret; FILE* h; FILE* f = fopen(sig,"rb"); @@ -158,7 +158,6 @@ int wolfCLU_verify_signature(char* sig, char* hash, break; case ECC_SIG_VER: - hSz; h = fopen(hash,"rb"); fseek(h, 0, SEEK_END); @@ -173,7 +172,6 @@ int wolfCLU_verify_signature(char* sig, char* hash, break; case ED25519_SIG_VER: - hSz; h = fopen(hash,"rb"); fseek(h, 0, SEEK_END); @@ -184,8 +182,12 @@ int wolfCLU_verify_signature(char* sig, char* hash, fseek(h, 0, SEEK_SET); fread(h_mssg, 1, hSz, h); fclose(h); - ret = wolfCLU_verify_signature_ed25519(data, ED25519_SIG_SIZE, h_mssg, hSz, keyPath, pubIn); + ret = wolfCLU_verify_signature_ed25519(data, fSz, h_mssg, hSz, keyPath, pubIn); break; + + default: + printf("No valid verify algorithm selected.\n"); + ret = -1; } return ret; } diff --git a/wolfCLU/clu_src/tools/clu_funcs.c b/wolfCLU/clu_src/tools/clu_funcs.c index ec12d52e..69779356 100644 --- a/wolfCLU/clu_src/tools/clu_funcs.c +++ b/wolfCLU/clu_src/tools/clu_funcs.c @@ -372,10 +372,10 @@ void wolfCLU_genKeyHelp() { } printf("\n\n"); printf("***************************************************************\n"); - printf("\ngenkey USAGE:\nwolfssl -genkey -out -outform" - " -output \n\n"); + printf("\ngenkey USAGE:\nwolfssl -genkey -size(optional) " + "-out -outform -output \n\n"); printf("***************************************************************\n"); - printf("\nEXAMPLE: \n\nwolfssl -genkey ed25519 -out mykey -outform der " + printf("\nEXAMPLE: \n\nwolfssl -genkey rsa -size 2048 -out mykey -outform der " " -output KEYPAIR" "\n\nThe above command would output the files: mykey.priv " " and mykey.pub\nChanging the -output option to just PRIV would only" @@ -455,11 +455,11 @@ void wolfCLU_verifyHelp(int keyType) { case RSA_SIG_VER: printf("RSA Verify with Private Key:\n" "wolfssl -rsa -verify -inkey " - " -signature -out \n\n"); + " -sigfile -out \n\n"); printf("***************************************************************\n"); printf("RSA Verify with Public Key\n" "wolfssl -rsa -verify -inkey " - " -signature -out -pubin\n\n"); + " -sigfile -out -pubin\n\n"); printf("***************************************************************\n"); break; #endif @@ -467,12 +467,12 @@ void wolfCLU_verifyHelp(int keyType) { case ED25519_SIG_VER: printf("ED25519 Verifiy with Private Key\n" "wolfssl -ed25519 -verify -inkey " - " -signature -in " + " -sigfile -in " "\n\n"); printf("***************************************************************\n"); printf("ED25519 Verifiy with Public Key\n" "wolfssl -ed25519 -verify -inkey " - " -signature -in -pubin" + " -sigfile -in -pubin" "\n\n"); printf("***************************************************************\n"); break; @@ -481,7 +481,7 @@ void wolfCLU_verifyHelp(int keyType) { case ECC_SIG_VER: printf("ECC Verify with Public Key\n" "wolfssl -ecc -verify -inkey " - " -signature -in \n\n"); + " -sigfile -in \n\n"); break; #endif default: @@ -543,7 +543,7 @@ int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size) *size = atoi(sz); /* checks key sizes for acceptability */ - if (strcmp(*alg, "aes") == 0) { + if (XSTRNCMP(*alg, "aes", 3) == 0) { #ifdef NO_AES printf("AES not compiled in.\n"); return NOT_COMPILED_IN; @@ -556,7 +556,7 @@ int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size) #endif } - else if (strcmp(*alg, "3des") == 0) { + else if (XSTRNCMP(*alg, "3des", 4) == 0) { #ifdef NO_DES3 printf("3DES not compiled in.\n"); return NOT_COMPILED_IN; @@ -569,7 +569,7 @@ int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size) #endif } - else if (strcmp(*alg, "camellia") == 0) { + else if (XSTRNCMP(*alg, "camellia", 8) == 0) { #ifndef HAVE_CAMELIA printf("CAMELIA not compiled in.\n"); return NOT_COMPILED_IN; diff --git a/wolfCLU/clu_src/x509/clu_parse.c b/wolfCLU/clu_src/x509/clu_parse.c index 263f6e11..1b2db5ca 100644 --- a/wolfCLU/clu_src/x509/clu_parse.c +++ b/wolfCLU/clu_src/x509/clu_parse.c @@ -65,6 +65,7 @@ int wolfCLU_inderOutder(char* infile, char* outfile, int silent_flag) int wolfCLU_inpemOuttext(char* infile, char* outfile, int silent_flag) { int ret; ret = wolfCLU_parseFile(infile, PEM, outfile, TEXT, silent_flag); + return ret; } int wolfCLU_parseFile(char* infile, int inform, char* outfile, int outform,