diff --git a/.gitignore b/.gitignore index 274434c5..05cd1026 100644 --- a/.gitignore +++ b/.gitignore @@ -99,10 +99,10 @@ crypto/camellia/camellia-encrypt signature/signature #cergen -certgen/test.o certgen/newCert* -certgen/run_certgen_example - +certgen/certgen_example +certgen/csr_example +certgen/csr_w_ed25519_example btle/ecc-client btle/ecc-server diff --git a/certgen/Makefile b/certgen/Makefile index 1d6c50ba..3ede287d 100644 --- a/certgen/Makefile +++ b/certgen/Makefile @@ -9,11 +9,12 @@ CC=gcc #LIBS=-L/Users/khimes/work/testDir/wolf-install-dir-for-testing/lib -lwolfssl #END EXAMPLE -CFLAGS=-Wall -LIBS=-lwolfssl +WOLF_INSTALL_DIR=/usr/local +CFLAGS=-I$(WOLF_INSTALL_DIR)/include -Wall +LIBS=-L$(WOLF_INSTALL_DIR)/lib -lwolfssl -all:certgen_example csr_example +all:certgen_example csr_example csr_w_ed25519_example certgen_example:certgen_example.o $(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS) @@ -21,8 +22,11 @@ certgen_example:certgen_example.o csr_example:csr_example.o $(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS) +csr_w_ed25519_example:csr_w_ed25519_example.o + $(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS) + .PHONY: clean all clean: - rm -f *.o test.o run* + rm -f *.o certgen_example csr_example csr_w_ed25519_example rm newCert.* diff --git a/certgen/README.md b/certgen/README.md index 6df58b80..8819c38a 100644 --- a/certgen/README.md +++ b/certgen/README.md @@ -1,12 +1,24 @@ # Certificate Generation and Signing examples -To build this example configure wolfssl with `./configure --enable-certgen --enable-certreq` or add the defines: +To test the certgen or csr_example example(s) configure wolfssl with +`./configure --enable-certgen --enable-certreq` or add the defines: ``` #define WOLFSSL_CERT_REQ #define WOLFSSL_CERT_GEN ``` +To test the csr_w_ed25519_example configure wolfssl with: +`./configure --enable-certgen --enable-certreq --enable-ed25519 --enable-keygen` +or add the defines: + +``` +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define HAVE_ED25519 +#define WOLFSSL_KEY_GEN +``` + To build use `make`. To cleanup use `make clean`. If having issues building please check comments in the Makefile for setting diff --git a/certgen/certgen_example.c b/certgen/certgen_example.c index 2c109cff..4edda004 100644 --- a/certgen/certgen_example.c +++ b/certgen/certgen_example.c @@ -9,10 +9,16 @@ #define HEAP_HINT NULL #define FOURK_SZ 4096 +#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e, - WC_RNG* f); + WC_RNG* f); +#endif int main(void) { +#if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN) + printf("Please compile wolfSSL with --enable-certreq --enable-certgen\n"); + return 0; +#else int ret = 0; @@ -240,5 +246,5 @@ void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e, wc_ecc_free(d); wc_ecc_free(e); wc_FreeRng(f); - +#endif } diff --git a/certgen/csr_example.c b/certgen/csr_example.c index b8c13cbf..b854c110 100644 --- a/certgen/csr_example.c +++ b/certgen/csr_example.c @@ -34,6 +34,11 @@ int main(void) { +#if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN) + printf("ERROR: Please compile wolfSSL with --enable-certreq" + " --enable-certgen\n"); + return 0; +#else int ret; ecc_key key; WC_RNG rng; @@ -115,4 +120,5 @@ exit: wc_FreeRng(&rng); return ret; +#endif } diff --git a/certgen/csr_w_ed25519_example.c b/certgen/csr_w_ed25519_example.c new file mode 100644 index 00000000..c4f3e65f --- /dev/null +++ b/certgen/csr_w_ed25519_example.c @@ -0,0 +1,104 @@ +#include +#include +#include +#include + +#define MAX_TEMP_SIZE 1024 + +int main(void) +{ +#if !defined(HAVE_ED25519) || !defined(WOLFSSL_CERT_REQ) || \ + !defined(WOLFSSL_CERT_GEN) + printf("The csr_w_ed25519_example will not work unless wolfSSL is\n" + "configured with the following settings:\n" + "--enable-ed25519 --enable-certreq --enable-certgen --enable-keygen" + "\n"); + return 0; +#else + int ret; + ed25519_key key; + WC_RNG rng; + Cert req; + byte der[MAX_TEMP_SIZE], pem[MAX_TEMP_SIZE]; + int derSz, pemSz; + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); + + ret = wc_ed25519_init(&key); + if (ret != 0) { + printf("ECC init key failed: %d\n", ret); + goto exit; + } + + ret = wc_InitRng(&rng); + if (ret != 0) { + printf("Init rng failed: %d\n", ret); + goto exit; + } + + ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); + if (ret != 0) { + printf("ECC make key failed: %d\n", ret); + goto exit; + } + + ret = wc_Ed25519KeyToDer(&key, der, sizeof(der)); + if (ret <= 0) { + printf("ECC Key To DER failed: %d\n", ret); + goto exit; + } + derSz = ret; + + memset(pem, 0, sizeof(pem)); + ret = wc_DerToPem(der, derSz, pem, sizeof(pem), ECC_PRIVATEKEY_TYPE); + if (ret <= 0) { + printf("DER to PEM failed: %d\n", ret); + goto exit; + } + pemSz = ret; + printf("%s", pem); + + ret = wc_InitCert(&req); + if (ret != 0) { + printf("Init Cert failed: %d\n", ret); + goto exit; + } + strncpy(req.subject.country, "US", CTC_NAME_SIZE); + strncpy(req.subject.state, "OR", CTC_NAME_SIZE); + strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE); + strncpy(req.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(req.subject.unit, "Development", CTC_NAME_SIZE); + strncpy(req.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(req.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); + ret = wc_MakeCertReq_ex(&req, der, sizeof(der), ED25519_TYPE, &key); + if (ret <= 0) { + printf("Make Cert Req failed: %d\n", ret); + goto exit; + } + derSz = ret; + + req.sigType = CTC_ED25519; + ret = wc_SignCert_ex(req.bodySz, req.sigType, der, sizeof(der), + ED25519_TYPE, &key, &rng); + if (ret <= 0) { + printf("Sign Cert failed: %d\n", ret); + goto exit; + } + derSz = ret; + + ret = wc_DerToPem(der, derSz, pem, sizeof(pem), CERTREQ_TYPE); + if (ret <= 0) { + printf("DER to PEM failed: %d\n", ret); + goto exit; + } + pemSz = ret; + printf("%s", pem); + +exit: + wc_ed25519_free(&key); + wc_FreeRng(&rng); + + return ret; +#endif +}