WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #95 from connerWolfSSL/wolfCLU_project 

wolfCLU self signed certificates
pull/41/head
Kaleb Himes 2018-05-11 16:02:06 -06:00 committed by GitHub
parent ab604727ab 5456436112
commit 31cbabc7eb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 762 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
wolfCLU/clu_include/certgen/clu_certgen.h 100644
View File

@ -0,0 +1,32 @@
#include <stdio.h>
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#endif
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#define HEAP_HINT NULL
#define FOURK_SZ 4096
enum {
SHA_HASH,
SHA_HASH224,
SHA_HASH256,
SHA_HASH384,
SHA_HASH512
};
int make_self_signed_ecc_certificate(char*, char*, int);
int make_self_signed_rsa_certificate(char*, char*, int);
int make_self_signed_ed25519_certificate(char*, char*);

6
wolfCLU/clu_include/clu_header_main.h
View File

@ -164,6 +164,12 @@ void wolfCLU_signHelp(int);
*/
void wolfCLU_verifyHelp(int);
/*
* certgen help function
*/
void wolfCLU_certgenHelp();
/* find algorithm for encryption/decryption
*
* @param name the whole line sent from user. Example: "aes-cbc-128"

16
wolfCLU/clu_include/clu_optargs.h
View File

@ -34,11 +34,18 @@ enum {
ECC,
ED25519,
CERT_SHA,
CERT_SHA224,
CERT_SHA256,
CERT_SHA384,
CERT_SHA512,
INFILE,
OUTFILE,
PASSWORD,
KEY,
IV,
NEW,
ALL,
SIZE,
EXPONENT,
@ -67,16 +74,23 @@ static struct option long_options[] = {
{"bench", no_argument, 0, BENCHMARK },
{"hash", required_argument, 0, HASH },
{"x509", no_argument, 0, X509 },
{"req", required_argument, 0, REQUEST },
{"req", no_argument, 0, REQUEST },
{"genkey", required_argument, 0, GEN_KEY },
{"rsa", no_argument, 0, RSA },
{"ecc", no_argument, 0, ECC },
{"ed25519", no_argument, 0, ED25519 },
{"sha", no_argument, 0, CERT_SHA },
{"sha224", no_argument, 0, CERT_SHA224},
{"sha256", no_argument, 0, CERT_SHA256},
{"sha384", no_argument, 0, CERT_SHA384},
{"sha512", no_argument, 0, CERT_SHA512},
{"in", required_argument, 0, INFILE },
{"out", required_argument, 0, OUTFILE },
{"pwd", required_argument, 0, PASSWORD },
{"key", required_argument, 0, KEY },
{"new", no_argument, 0, NEW },
{"iv", required_argument, 0, IV },
{"all", no_argument, 0, ALL },
{"size", required_argument, 0, SIZE },

3
wolfCLU/clu_include/include.am
View File

@ -12,5 +12,6 @@ nobase_include_HEADERS+=clu_include/clu_header_main.h \
clu_include/genkey/clu_genkey.h \
clu_include/sign-verify/clu_sign.h \
clu_include/sign-verify/clu_verify.h \
clu_include/sign-verify/clu_sign_verify_setup.h
clu_include/sign-verify/clu_sign_verify_setup.h \
clu_include/certgen/clu_certgen.h

199
wolfCLU/clu_src/certgen/clu_certgen_ecc.c 100644
View File

@ -0,0 +1,199 @@
#include "clu_include/certgen/clu_certgen.h"
void free_things_ecc(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
WC_RNG* f);
int make_self_signed_ecc_certificate(char* keyPath, char* certOut, int oid) {
int ret = 0;
word32 index = 0;
Cert newCert;
ecc_key key;
WC_RNG rng;
int keyFileSz;
FILE* keyFile = fopen(keyPath,"rb");
fseek(keyFile, 0, SEEK_END);
keyFileSz = ftell(keyFile);
byte keyBuf[keyFileSz];
fseek(keyFile, 0, SEEK_SET);
fread(keyBuf, 1, keyFileSz, keyFile);
fclose(keyFile);
ret = wc_ecc_init(&key);
if (ret != 0) {
printf("Failed to initialize ecc key\nRET: %d\n", ret);
return ret;
}
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Failed to initialize rng.\nRET: %d\n", ret);
return ret;
}
ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, keyFileSz);
if (ret != 0 ) {
printf("Failed to decode private key.\nRET: %d\n", ret);
return ret;
}
wc_InitCert(&newCert);
char country[3];
char province[CTC_NAME_SIZE];
char city[CTC_NAME_SIZE];
char org[CTC_NAME_SIZE];
char unit[CTC_NAME_SIZE];
char commonName[CTC_NAME_SIZE];
char email[CTC_NAME_SIZE];
char daysValid[CTC_NAME_SIZE];
printf("Enter your countries 2 digit code (ex: United States -> US): ");
fgets(country,CTC_NAME_SIZE,stdin);
country[sizeof(country)-1] = '\0';
printf("Enter the name of the province you are located at: ");
fgets(province,CTC_NAME_SIZE,stdin);
printf("Enter the name of the city you are located at: ");
fgets(city,CTC_NAME_SIZE,stdin);
printf("Enter the name of your orginization: ");
fgets(org,CTC_NAME_SIZE,stdin);
printf("Enter the name of your unit: ");
fgets(unit,CTC_NAME_SIZE,stdin);
printf("Enter the common name of your domain: ");
fgets(commonName,CTC_NAME_SIZE,stdin);
printf("Enter your email address: ");
fgets(email,CTC_NAME_SIZE,stdin);
printf("Enter the number of days this certificate should be valid: ");
fgets(daysValid,CTC_NAME_SIZE,stdin);
strncpy(newCert.subject.country, country, sizeof(country));
strncpy(newCert.subject.state, province, CTC_NAME_SIZE);
strncpy(newCert.subject.locality, city, CTC_NAME_SIZE);
strncpy(newCert.subject.org, org, CTC_NAME_SIZE);
strncpy(newCert.subject.unit, unit, CTC_NAME_SIZE);
strncpy(newCert.subject.commonName, commonName, CTC_NAME_SIZE);
strncpy(newCert.subject.email, email, CTC_NAME_SIZE);
newCert.daysValid = atoi(daysValid);
newCert.isCA = 0;
switch(oid) {
case SHA_HASH:
newCert.sigType = CTC_SHAwECDSA;
break;
case SHA_HASH224:
newCert.sigType = CTC_SHA224wECDSA;
break;
case SHA_HASH256:
newCert.sigType = CTC_SHA256wECDSA;
break;
case SHA_HASH384:
newCert.sigType = CTC_SHA384wECDSA;
break;
case SHA_HASH512:
newCert.sigType = CTC_SHA512wECDSA;
break;
}
byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (certBuf == NULL) {
printf("Failed to initialize buffer to store certificate.\n");
return -1;
}
XMEMSET(certBuf, 0, FOURK_SZ);
int certBufSz = FOURK_SZ;
ret = wc_MakeCert(&newCert, certBuf, FOURK_SZ, NULL, &key, &rng); //ecc certificate
if (ret < 0) {
printf("Failed to make certificate.\n");
return ret;
}
printf("MakeCert returned %d\n", ret);
ret = wc_SignCert(newCert.bodySz, newCert.sigType, certBuf, FOURK_SZ, NULL,
&key, &rng);
if (ret < 0) {
printf("Failed to sign certificate.\n");
return ret;
}
printf("SignCert returned %d\n", ret);
certBufSz = ret;
printf("Successfully created new certificate\n");
printf("Writing newly generated certificate to file \"%s\"\n",
certOut);
FILE* file = fopen(certOut, "wb");
if (!file) {
printf("failed to open file: %s\n", certOut);
return -1;
}
ret = (int) fwrite(certBuf, 1, certBufSz, file);
fclose(file);
printf("Successfully output %d bytes\n", ret);
/*---------------------------------------------------------------------------*/
/* convert the der to a pem and write it to a file */
/*---------------------------------------------------------------------------*/
int pemBufSz;
printf("Convert the der cert to pem formatted cert\n");
byte* pemBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pemBuf == NULL) {
printf("Failed to initialize pem buffer.\n");
return -1;
}
XMEMSET(pemBuf, 0, FOURK_SZ);
pemBufSz = wc_DerToPem(certBuf, certBufSz, pemBuf, FOURK_SZ, CERT_TYPE);
if (pemBufSz < 0) {
printf("Failed to convert from der to pem.\n");
return -1;
}
printf("Resulting pem buffer is %d bytes\n", pemBufSz);
FILE* pemFile = fopen(certOut, "wb");
if (!pemFile) {
printf("failed to open file: %s\n", certOut);
return -1;
}
fwrite(pemBuf, 1, pemBufSz, pemFile);
fclose(pemFile);
printf("Successfully converted the der to pem. Result is in: %s\n\n",
certOut);
free_things_ecc(&pemBuf, &certBuf, NULL, &key, NULL, &rng);
return 1;
}
void free_things_ecc(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
WC_RNG* f)
{
if (a != NULL) {
if (*a != NULL) {
XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*a = NULL;
}
}
if (b != NULL) {
if (*b != NULL) {
XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*b = NULL;
}
}
if (c != NULL) {
if (*c != NULL) {
XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*c = NULL;
}
}
wc_ecc_free(d);
wc_ecc_free(e);
wc_FreeRng(f);
}

188
wolfCLU/clu_src/certgen/clu_certgen_ed25519.c 100644
View File

@ -0,0 +1,188 @@
#include "clu_include/clu_header_main.h"
#include "clu_include/certgen/clu_certgen.h"
void free_things_ed25519(byte** a, byte** b, byte** c, ed25519_key* d, ed25519_key* e,
WC_RNG* f);
int make_self_signed_ed25519_certificate(char* keyPath, char* certOut) {
int ret = 0;
word32 index = 0;
Cert newCert;
ed25519_key key;
WC_RNG rng;
int keyFileSz;
FILE* keyFile = fopen(keyPath,"rb");
fseek(keyFile, 0, SEEK_END);
keyFileSz = ftell(keyFile);
byte keyBuf[keyFileSz];
fseek(keyFile, 0, SEEK_SET);
fread(keyBuf, 1, keyFileSz, keyFile);
fclose(keyFile);
ret = wc_ed25519_init(&key);
if (ret != 0) {
printf("Failed to initialize ed25519 key\nRET: %d\n", ret);
return ret;
}
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Failed to initialize rng.\nRET: %d\n", ret);
return ret;
}
//ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, ED25519_KEY_SIZE);
ret = wc_ed25519_import_private_key(keyBuf,
ED25519_KEY_SIZE,
keyBuf + ED25519_KEY_SIZE,
ED25519_KEY_SIZE, &key);
if (ret != 0 ) {
printf("Failed to decode private key.\nRET: %d\n", ret);
return ret;
}
wc_InitCert(&newCert);
char country[3];
char province[CTC_NAME_SIZE];
char city[CTC_NAME_SIZE];
char org[CTC_NAME_SIZE];
char unit[CTC_NAME_SIZE];
char commonName[CTC_NAME_SIZE];
char email[CTC_NAME_SIZE];
char daysValid[CTC_NAME_SIZE];
printf("Enter your countries 2 digit code (ex: United States -> US): ");
fgets(country,CTC_NAME_SIZE,stdin);
country[sizeof(country)-1] = '\0';
printf("Enter the name of the province you are located at: ");
fgets(province,CTC_NAME_SIZE,stdin);
printf("Enter the name of the city you are located at: ");
fgets(city,CTC_NAME_SIZE,stdin);
printf("Enter the name of your orginization: ");
fgets(org,CTC_NAME_SIZE,stdin);
printf("Enter the name of your unit: ");
fgets(unit,CTC_NAME_SIZE,stdin);
printf("Enter the common name of your domain: ");
fgets(commonName,CTC_NAME_SIZE,stdin);
printf("Enter your email address: ");
fgets(email,CTC_NAME_SIZE,stdin);
printf("Enter the number of days this certificate should be valid: ");
fgets(daysValid,CTC_NAME_SIZE,stdin);
strncpy(newCert.subject.country, country, sizeof(country));
strncpy(newCert.subject.state, province, CTC_NAME_SIZE);
strncpy(newCert.subject.locality, city, CTC_NAME_SIZE);
strncpy(newCert.subject.org, org, CTC_NAME_SIZE);
strncpy(newCert.subject.unit, unit, CTC_NAME_SIZE);
strncpy(newCert.subject.commonName, commonName, CTC_NAME_SIZE);
strncpy(newCert.subject.email, email, CTC_NAME_SIZE);
newCert.daysValid = atoi(daysValid);
newCert.isCA = 0;
newCert.sigType = CTC_ED25519;
byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (certBuf == NULL) {
printf("Failed to initialize buffer to stort certificate.\n");
return -1;
}
XMEMSET(certBuf, 0, FOURK_SZ);
int certBufSz = FOURK_SZ;
ret = wc_MakeCert_ex(&newCert, certBuf, FOURK_SZ, ED25519_TYPE, &key, &rng); //ed25519 certificate
if (ret < 0) {
printf("Failed to make certificate.\n");
return ret;
}
printf("MakeCert returned %d\n", ret);
ret = wc_SignCert_ex(newCert.bodySz, newCert.sigType, certBuf, FOURK_SZ,
ED25519_TYPE, &key, &rng);
if (ret < 0) {
printf("Failed to sign certificate.\n");
return ret;
}
printf("SignCert returned %d\n", ret);
certBufSz = ret;
printf("Successfully created new certificate\n");
printf("Writing newly generated certificate to file \"%s\"\n",
certOut);
FILE* file = fopen(certOut, "wb");
if (!file) {
printf("failed to open file: %s\n", certOut);
return -1;
}
ret = (int) fwrite(certBuf, 1, certBufSz, file);
fclose(file);
printf("Successfully output %d bytes\n", ret);
/*---------------------------------------------------------------------------*/
/* convert the der to a pem and write it to a file */
/*---------------------------------------------------------------------------*/
int pemBufSz;
printf("Convert the der cert to pem formatted cert\n");
byte* pemBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pemBuf == NULL) {
printf("Failed to initialize pem buffer.\n");
return -1;
}
XMEMSET(pemBuf, 0, FOURK_SZ);
pemBufSz = wc_DerToPem(certBuf, certBufSz, pemBuf, FOURK_SZ, CERT_TYPE);
if (pemBufSz < 0) {
printf("Failed to convert from der to pem.\n");
return -1;
}
printf("Resulting pem buffer is %d bytes\n", pemBufSz);
FILE* pemFile = fopen(certOut, "wb");
if (!pemFile) {
printf("failed to open file: %s\n", certOut);
return -1;
}
fwrite(pemBuf, 1, pemBufSz, pemFile);
fclose(pemFile);
printf("Successfully converted the der to pem. Result is in: %s\n\n",
certOut);
free_things_ed25519(&pemBuf, &certBuf, NULL, &key, NULL, &rng);
return 1;
}
void free_things_ed25519(byte** a, byte** b, byte** c, ed25519_key* d, ed25519_key* e,
WC_RNG* f)
{
if (a != NULL) {
if (*a != NULL) {
XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*a = NULL;
}
}
if (b != NULL) {
if (*b != NULL) {
XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*b = NULL;
}
}
if (c != NULL) {
if (*c != NULL) {
XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*c = NULL;
}
}
wc_ed25519_free(d);
wc_ed25519_free(e);
wc_FreeRng(f);
}

201
wolfCLU/clu_src/certgen/clu_certgen_rsa.c 100644
View File

@ -0,0 +1,201 @@
#include "clu_include/certgen/clu_certgen.h"
void free_things_rsa(byte** a, byte** b, byte** c, RsaKey* d, RsaKey* e,
WC_RNG* f);
int make_self_signed_rsa_certificate(char* keyPath, char* certOut, int oid) {
int ret = 0;
word32 index = 0;
Cert newCert;
RsaKey key;
WC_RNG rng;
int keyFileSz;
FILE* keyFile = fopen(keyPath,"rb");
fseek(keyFile, 0, SEEK_END);
keyFileSz = ftell(keyFile);
byte keyBuf[keyFileSz];
fseek(keyFile, 0, SEEK_SET);
fread(keyBuf, 1, keyFileSz, keyFile);
fclose(keyFile);
ret = wc_InitRsaKey(&key, NULL);
if (ret != 0) {
printf("Failed to initialize RsaKey\nRET: %d\n", ret);
return ret;
}
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Failed to initialize rng.\nRET: %d\n", ret);
return ret;
}
ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, keyFileSz);
if (ret != 0 ) {
printf("Failed to decode private key.\nRET: %d\n", ret);
return ret;
}
wc_InitCert(&newCert);
char country[3];
char province[CTC_NAME_SIZE];
char city[CTC_NAME_SIZE];
char org[CTC_NAME_SIZE];
char unit[CTC_NAME_SIZE];
char commonName[CTC_NAME_SIZE];
char email[CTC_NAME_SIZE];
char daysValid[CTC_NAME_SIZE];
printf("Enter your countries 2 digit code (ex: United States -> US): ");
fgets(country,CTC_NAME_SIZE,stdin);
country[sizeof(country)-1] = '\0';
printf("Enter the name of the province you are located at: ");
fgets(province,CTC_NAME_SIZE,stdin);
printf("Enter the name of the city you are located at: ");
fgets(city,CTC_NAME_SIZE,stdin);
printf("Enter the name of your orginization: ");
fgets(org,CTC_NAME_SIZE,stdin);
printf("Enter the name of your unit: ");
fgets(unit,CTC_NAME_SIZE,stdin);
printf("Enter the common name of your domain: ");
fgets(commonName,CTC_NAME_SIZE,stdin);
printf("Enter your email address: ");
fgets(email,CTC_NAME_SIZE,stdin);
printf("Enter the number of days this certificate should be valid: ");
fgets(daysValid,CTC_NAME_SIZE,stdin);
strncpy(newCert.subject.country, country, sizeof(country));
strncpy(newCert.subject.state, province, CTC_NAME_SIZE);
strncpy(newCert.subject.locality, city, CTC_NAME_SIZE);
strncpy(newCert.subject.org, org, CTC_NAME_SIZE);
strncpy(newCert.subject.unit, unit, CTC_NAME_SIZE);
strncpy(newCert.subject.commonName, commonName, CTC_NAME_SIZE);
strncpy(newCert.subject.email, email, CTC_NAME_SIZE);
newCert.daysValid = atoi(daysValid);
newCert.isCA = 0;
switch(oid) {
case SHA_HASH:
newCert.sigType = CTC_SHAwRSA;
break;
case SHA_HASH224:
newCert.sigType = CTC_SHA224wRSA;
break;
case SHA_HASH256:
newCert.sigType = CTC_SHA256wRSA;
break;
case SHA_HASH384:
newCert.sigType = CTC_SHA384wRSA;
break;
case SHA_HASH512:
newCert.sigType = CTC_SHA512wRSA;
break;
}
byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (certBuf == NULL) {
printf("Failed to initialize buffer to stort certificate.\n");
return -1;
}
XMEMSET(certBuf, 0, FOURK_SZ);
int certBufSz = FOURK_SZ;
ret = wc_MakeCert(&newCert, certBuf, FOURK_SZ, &key, NULL, &rng); //rsa certificate
if (ret < 0) {
printf("Failed to make certificate.\n");
return ret;
}
printf("MakeCert returned %d\n", ret);
ret = wc_SignCert(newCert.bodySz, newCert.sigType, certBuf, FOURK_SZ, &key,
NULL, &rng);
if (ret < 0) {
printf("Failed to sign certificate.\n");
return ret;
}
printf("SignCert returned %d\n", ret);
certBufSz = ret;
printf("Successfully created new certificate\n");
printf("Writing newly generated certificate to file \"%s\"\n",
certOut);
FILE* file = fopen(certOut, "wb");
if (!file) {
printf("failed to open file: %s\n", certOut);
return -1;
}
ret = (int) fwrite(certBuf, 1, certBufSz, file);
fclose(file);
printf("Successfully output %d bytes\n", ret);
/*---------------------------------------------------------------------------*/
/* convert the der to a pem and write it to a file */
/*---------------------------------------------------------------------------*/
int pemBufSz;
printf("Convert the der cert to pem formatted cert\n");
byte* pemBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pemBuf == NULL) {
printf("Failed to initialize pem buffer.\n");
return -1;
}
XMEMSET(pemBuf, 0, FOURK_SZ);
pemBufSz = wc_DerToPem(certBuf, certBufSz, pemBuf, FOURK_SZ, CERT_TYPE);
if (pemBufSz < 0) {
printf("Failed to convert from der to pem.\n");
return -1;
}
printf("Resulting pem buffer is %d bytes\n", pemBufSz);
FILE* pemFile = fopen(certOut, "wb");
if (!pemFile) {
printf("failed to open file: %s\n", certOut);
return -1;
}
fwrite(pemBuf, 1, pemBufSz, pemFile);
fclose(pemFile);
printf("Successfully converted the der to pem. Result is in: %s\n\n",
certOut);
free_things_rsa(&pemBuf, &certBuf, NULL, &key, NULL, &rng);
return 1;
}
void free_things_rsa(byte** a, byte** b, byte** c, RsaKey* d, RsaKey* e,
WC_RNG* f)
{
if (a != NULL) {
if (*a != NULL) {
XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*a = NULL;
}
}
if (b != NULL) {
if (*b != NULL) {
XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*b = NULL;
}
}
if (c != NULL) {
if (*c != NULL) {
XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
*c = NULL;
}
}
wc_FreeRsaKey(d);
wc_FreeRsaKey(e);
wc_FreeRng(f);
}

7
wolfCLU/clu_src/clu_main.c
View File

@ -62,6 +62,11 @@ int main(int argc, char** argv)
case RSA:
case ECC:
case ED25519:
case CERT_SHA:
case CERT_SHA224:
case CERT_SHA256:
case CERT_SHA384:
case CERT_SHA512:
if (!flag) flag = option;
@ -178,7 +183,7 @@ int main(int argc, char** argv)
}
if (ret != 0)
if (ret <= 0)
printf("Error returned: %d.\n", ret);
return ret;

5
wolfCLU/clu_src/include.am
View File

@ -21,6 +21,9 @@ wolfssl_SOURCES = clu_src/clu_main.c \
clu_src/genkey/clu_genkey.c \
clu_src/sign-verify/clu_sign.c \
clu_src/sign-verify/clu_verify.c \
clu_src/sign-verify/clu_sign_verify_setup.c
clu_src/sign-verify/clu_sign_verify_setup.c \
clu_src/certgen/clu_certgen_ecc.c \
clu_src/certgen/clu_certgen_ed25519.c \
clu_src/certgen/clu_certgen_rsa.c

12
wolfCLU/clu_src/tools/clu_funcs.c
View File

@ -46,6 +46,7 @@ int i = 0; /* loop variable */
printf("-hash Hash a file or input\n");
printf("-bench Benchmark one of the algorithms\n");
printf("-x509 X509 certificate processing\n");
printf("-req Request for certificate generation\n");
printf("-rsa Rsa signing and signature verification\n");
printf("-ecc Ecc signing and signature verification\n");
printf("-ed25519 Ed25519 signing and signature verification\n");
@ -73,6 +74,7 @@ int i = 0; /* loop variable */
printf("For benchmarking: wolfssl -bench -help\n");
printf("For x509: wolfssl -x509 -help\n");
printf("For key creation: wolfssl -genkey -help\n");
printf("For certificate creation: wolfssl -req -help\n");
printf("For RSA sign/ver: wolfssl -rsa -help\n");
printf("For ECC sign/ver: wolfssl -ecc -help\n");
printf("For ED25519 sign/ver: wolfssl -ed25519 -help\n");
@ -489,6 +491,16 @@ void wolfCLU_verifyHelp(int keyType) {
}
}
void wolfCLU_certgenHelp() {
printf("\n\n");
printf("***************************************************************\n");
printf("\ncertgen USAGE:\nwolfssl -req -ecc/-rsa/-ed25519 -in <filename> -out"
" <filename> -sha/sha224/sha256/sha384/sha512\n\n");
printf("***************************************************************\n");
printf("\nEXAMPLE: \n\nwolfssl -req ecc -in mykey -out cert.pem -sha256 "
"\n\nThe above command would output the file: cert.pem\n");
}
/*
* finds algorithm for encryption/decryption
*/

94
wolfCLU/clu_src/x509/clu_request_setup.c
View File

@ -19,12 +19,106 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#include "clu_include/clu_header_main.h"
#include "clu_include/x509/clu_request.h"
#include "clu_include/certgen/clu_certgen.h"
int wolfCLU_requestSetup(int argc, char** argv)
{
int ret = 0; /* return variable, counter */
int i = 0; /* loop variable */
char* in; /* input variable */
char* out; /* output variable */
char* alg; /* algorithm being used */
int keyCheck = 0; /* input check */
int algCheck = 0; /* algorithm type */
int oid;
/* help checking */
ret = wolfCLU_checkForArg("-help", 5, argc, argv);
if (ret > 0) {
wolfCLU_certgenHelp();
return 0;
}
// TODO remove hard coded
if (wolfCLU_checkForArg("-rsa", 3, argc, argv) > 0) {
algCheck = 1;
} else if (wolfCLU_checkForArg("-ed25519", 7, argc, argv) > 0) {
algCheck = 2;
} else if (wolfCLU_checkForArg("-ecc", 3, argc, argv) > 0) {
algCheck = 3;
} else {
wolfCLU_certgenHelp();
return FATAL_ERROR;
}
ret = wolfCLU_checkForArg("-in", 3, argc, argv);
if (ret > 0) {
in = XMALLOC(strlen(argv[ret+1]), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (in == NULL) {
return MEMORY_E;
} else if (access(argv[ret+1], F_OK) == -1) {
printf("Access: %s\n",argv[ret+1]);
printf("In: %s\n", in);
printf("Key file did not exist. Please check your options.\n");
return MEMORY_E;
}
XSTRNCPY(in, &argv[ret+1][0], XSTRLEN(argv[ret+1]));
in[XSTRLEN(argv[ret+1])] = '\0';
keyCheck = 1;
}
else {
printf("Please specify a -key <key> option when "
"generating a certificate.\n");
wolfCLU_certgenHelp();
return ret;
}
ret = wolfCLU_checkForArg("-out", 4, argc, argv);
if (ret > 0) {
/* output file */
out = argv[ret+1];
} else {
printf("Please specify an output file path when generating a "
"certificate.\n");
wolfCLU_certgenHelp();
return ret;
}
if (wolfCLU_checkForArg("-sha224", 7, argc, argv) != 0) {
oid = SHA_HASH224;
} else if (wolfCLU_checkForArg("-sha256", 7, argc, argv) != 0) {
oid = SHA_HASH256;
} else if (wolfCLU_checkForArg("-sha384", 7, argc, argv) != 0) {
oid = SHA_HASH384;
} else if (wolfCLU_checkForArg("-sha512", 7, argc, argv) != 0) {
oid = SHA_HASH512;
} else {
oid = SHA_HASH;
}
if (keyCheck == 0) {
printf("Must have input as either a file or standard I/O\n");
return FATAL_ERROR;
}
// TODO remove hard coded values
if (algCheck == 1) {
ret = make_self_signed_rsa_certificate(in, out, oid);
} else if (algCheck == 2) {
ret = make_self_signed_ed25519_certificate(in, out);
} else if (algCheck == 3) {
ret = make_self_signed_ecc_certificate(in, out, oid);
}
XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}