From e294a5dba8b30961ed26a165c32996f6afacf1e0 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Mon, 11 Mar 2019 14:20:01 -0600
Subject: [PATCH 1/5] add ed25519 certificate signing request example

---
 .gitignore                      |   6 +-
 certgen/Makefile                |  13 +++--
 certgen/README.md               |  13 ++++-
 certgen/certgen_example.c       |  10 +++-
 certgen/csr_example.c           |   6 ++
 certgen/csr_w_ed25519_example.c | 100 ++++++++++++++++++++++++++++++++
 6 files changed, 138 insertions(+), 10 deletions(-)
 create mode 100644 certgen/csr_w_ed25519_example.c

diff --git a/.gitignore b/.gitignore
index 9d040fa3..072f37cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -88,10 +88,10 @@ crypto/camellia/camellia-encrypt
 signature/signature
 
 #cergen
-certgen/test.o
 certgen/newCert*
-certgen/run_certgen_example
-
+certgen/certgen_example
+certgen/csr_example
+certgen/csr_w_ed25519_example
 
 btle/ecc-client
 btle/ecc-server
diff --git a/certgen/Makefile b/certgen/Makefile
index 1d6c50ba..609e4533 100644
--- a/certgen/Makefile
+++ b/certgen/Makefile
@@ -9,11 +9,13 @@ CC=gcc
 #LIBS=-L/Users/khimes/work/testDir/wolf-install-dir-for-testing/lib -lwolfssl
 #END EXAMPLE
 
-CFLAGS=-Wall
-LIBS=-lwolfssl
+#WOLF_INSTALL_DIR=/usr/local
+WOLF_INSTALL_DIR=/Users/kalebhimes/work/testDir/wolf-install-dir-for-testing
+CFLAGS=-I$(WOLF_INSTALL_DIR)/include -Wall
+LIBS=-L$(WOLF_INSTALL_DIR)/lib -lwolfssl
 
 
-all:certgen_example csr_example
+all:certgen_example csr_example csr_w_ed25519_example
 
 certgen_example:certgen_example.o
 	$(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS)
@@ -21,8 +23,11 @@ certgen_example:certgen_example.o
 csr_example:csr_example.o
 	$(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS)
 
+csr_w_ed25519_example:csr_w_ed25519_example.o
+	$(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS)
+
 .PHONY: clean all
 
 clean:
-	rm -f *.o test.o run*
+	rm -f *.o certgen_example csr_example csr_w_ed25519_example
 	rm newCert.*
diff --git a/certgen/README.md b/certgen/README.md
index bb7f1bb6..e50127ab 100644
--- a/certgen/README.md
+++ b/certgen/README.md
@@ -1,12 +1,23 @@
 # Certficate Generation and Signing examples
 
-To build this example configure wolfssl with `./configure --enable-certgen --enable-certreq` or add the defines:
+To test the certgen or csr_example example(s) configure wolfssl with
+`./configure --enable-certgen --enable-certreq` or add the defines:
 
 ```
 #define WOLFSSL_CERT_REQ
 #define WOLFSSL_CERT_GEN
 ```
 
+To test the cs_w_ed25519_example configure wolfssl with:
+`./configure --enable-certgen --enable-certreq --enable-ed25519` or add the
+defines:
+
+```
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+#define HAVE_ED25519
+```
+
 To build use `make`. To cleanup use `make clean`.
 
 If having issues building please check comments in the Makefile for setting
diff --git a/certgen/certgen_example.c b/certgen/certgen_example.c
index 2c109cff..4edda004 100644
--- a/certgen/certgen_example.c
+++ b/certgen/certgen_example.c
@@ -9,10 +9,16 @@
 #define HEAP_HINT NULL
 #define FOURK_SZ 4096
 
+#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN)
 void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
-                                                                     WC_RNG* f);
+                 WC_RNG* f);
+#endif
 
 int main(void) {
+#if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN)
+  printf("Please compile wolfSSL with --enable-certreq --enable-certgen\n");
+  return 0;
+#else
 
     int ret = 0;
 
@@ -240,5 +246,5 @@ void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
     wc_ecc_free(d);
     wc_ecc_free(e);
     wc_FreeRng(f);
-
+#endif
 }
diff --git a/certgen/csr_example.c b/certgen/csr_example.c
index 44e49f25..3b0c8c2c 100644
--- a/certgen/csr_example.c
+++ b/certgen/csr_example.c
@@ -7,6 +7,11 @@
 
 int main(void)
 {
+#if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN)
+  printf("ERROR: Please compile wolfSSL with --enable-certreq"
+         " --enable-certgen\n");
+  return 0;
+#else
     int ret;
     ecc_key key;
     WC_RNG rng;
@@ -88,4 +93,5 @@ exit:
     wc_FreeRng(&rng);
 
     return ret;
+#endif
 }
diff --git a/certgen/csr_w_ed25519_example.c b/certgen/csr_w_ed25519_example.c
new file mode 100644
index 00000000..5c0cb5fb
--- /dev/null
+++ b/certgen/csr_w_ed25519_example.c
@@ -0,0 +1,100 @@
+#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/ed25519.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+
+#define MAX_TEMP_SIZE 1024
+
+int main(void)
+{
+#if !defined(HAVE_ED25519) || !defined(WOLFSSL_CERT_REQ) || \
+    !defined(WOLFSSL_CERT_GEN)
+  printf("The csr_w_ed25519_example will not work unless wolfSSL is\n"
+         "configured with the following settings:\n"
+         "--enable-ed25519 --enable-certreq --enable-certgen\n");
+  return 0;
+#else
+    int ret;
+    ed25519_key key;
+    WC_RNG rng;
+    Cert req;
+    byte der[MAX_TEMP_SIZE], pem[MAX_TEMP_SIZE];
+    int  derSz, pemSz;
+
+    ret = wc_ed25519_init(&key);
+    if (ret != 0) {
+        printf("ECC init key failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = wc_InitRng(&rng);
+    if (ret != 0) {
+        printf("Init rng failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
+    if (ret != 0) {
+        printf("ECC make key failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = wc_Ed25519KeyToDer(&key, der, sizeof(der));
+    if (ret <= 0) {
+        printf("ECC Key To DER failed: %d\n", ret);
+        goto exit;
+    }
+    derSz = ret;
+
+    memset(pem, 0, sizeof(pem));
+    ret = wc_DerToPem(der, derSz, pem, sizeof(pem), ECC_PRIVATEKEY_TYPE);
+    if (ret <= 0) {
+        printf("DER to PEM failed: %d\n", ret);
+        goto exit;
+    }
+    pemSz = ret;
+    printf("%s", pem);
+
+    ret = wc_InitCert(&req);
+    if (ret != 0) {
+        printf("Init Cert failed: %d\n", ret);
+        goto exit;
+    }
+    strncpy(req.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
+    strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
+    strncpy(req.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(req.subject.unit, "Development", CTC_NAME_SIZE);
+    strncpy(req.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(req.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
+    ret = wc_MakeCertReq_ex(&req, der, sizeof(der), ED25519_TYPE, &key);
+    if (ret <= 0) {
+        printf("Make Cert Req failed: %d\n", ret);
+        goto exit;
+    }
+    derSz = ret;
+
+    req.sigType = CTC_ED25519;
+    ret = wc_SignCert_ex(req.bodySz, req.sigType, der, sizeof(der),
+                         ED25519_TYPE, &key, &rng);
+    if (ret <= 0) {
+        printf("Sign Cert failed: %d\n", ret);
+        goto exit;
+    }
+    derSz = ret;
+
+    ret = wc_DerToPem(der, derSz, pem, sizeof(pem), CERTREQ_TYPE);
+    if (ret <= 0) {
+        printf("DER to PEM failed: %d\n", ret);
+        goto exit;
+    }
+    pemSz = ret;
+    printf("%s", pem);
+
+exit:
+    wc_ed25519_free(&key);
+    wc_FreeRng(&rng);
+
+    return ret;
+#endif
+}

From 2bd2ddabacaf2ade7ea6d8ef2a1033eb499c0a56 Mon Sep 17 00:00:00 2001
From: Kaleb Himes <kaleb@wolfssl.com>
Date: Mon, 11 Mar 2019 14:22:20 -0600
Subject: [PATCH 2/5] Change WOLF_INSTALL_DIR in Makefile to default

---
 certgen/Makefile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/certgen/Makefile b/certgen/Makefile
index 609e4533..3ede287d 100644
--- a/certgen/Makefile
+++ b/certgen/Makefile
@@ -9,8 +9,7 @@ CC=gcc
 #LIBS=-L/Users/khimes/work/testDir/wolf-install-dir-for-testing/lib -lwolfssl
 #END EXAMPLE
 
-#WOLF_INSTALL_DIR=/usr/local
-WOLF_INSTALL_DIR=/Users/kalebhimes/work/testDir/wolf-install-dir-for-testing
+WOLF_INSTALL_DIR=/usr/local
 CFLAGS=-I$(WOLF_INSTALL_DIR)/include -Wall
 LIBS=-L$(WOLF_INSTALL_DIR)/lib -lwolfssl
 

From e0108ed42f5ab89a72b4845917557584f4e8f133 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 30 Apr 2019 13:19:53 -0600
Subject: [PATCH 3/5] address review items

---
 certgen/Makefile                | 5 ++---
 certgen/csr_w_ed25519_example.c | 6 +++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/certgen/Makefile b/certgen/Makefile
index 609e4533..ce03df7e 100644
--- a/certgen/Makefile
+++ b/certgen/Makefile
@@ -1,4 +1,4 @@
-CC=gcc
+CC=gcc -fsanitize=address
 #if you installed wolfssl to an alternate location use CFLAGS and LIBS to
 #control your build:
 #CFLAGS=-Wall -I/path/to/include
@@ -9,8 +9,7 @@ CC=gcc
 #LIBS=-L/Users/khimes/work/testDir/wolf-install-dir-for-testing/lib -lwolfssl
 #END EXAMPLE
 
-#WOLF_INSTALL_DIR=/usr/local
-WOLF_INSTALL_DIR=/Users/kalebhimes/work/testDir/wolf-install-dir-for-testing
+WOLF_INSTALL_DIR=/usr/local
 CFLAGS=-I$(WOLF_INSTALL_DIR)/include -Wall
 LIBS=-L$(WOLF_INSTALL_DIR)/lib -lwolfssl
 
diff --git a/certgen/csr_w_ed25519_example.c b/certgen/csr_w_ed25519_example.c
index 5c0cb5fb..c4f3e65f 100644
--- a/certgen/csr_w_ed25519_example.c
+++ b/certgen/csr_w_ed25519_example.c
@@ -11,7 +11,8 @@ int main(void)
     !defined(WOLFSSL_CERT_GEN)
   printf("The csr_w_ed25519_example will not work unless wolfSSL is\n"
          "configured with the following settings:\n"
-         "--enable-ed25519 --enable-certreq --enable-certgen\n");
+         "--enable-ed25519 --enable-certreq --enable-certgen --enable-keygen"
+         "\n");
   return 0;
 #else
     int ret;
@@ -21,6 +22,9 @@ int main(void)
     byte der[MAX_TEMP_SIZE], pem[MAX_TEMP_SIZE];
     int  derSz, pemSz;
 
+    XMEMSET(&rng, 0, sizeof(rng));
+    XMEMSET(&key, 0, sizeof(key));
+
     ret = wc_ed25519_init(&key);
     if (ret != 0) {
         printf("ECC init key failed: %d\n", ret);

From 746104bd379a367a7326b88f8e31861c2f217c77 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 30 Apr 2019 13:24:16 -0600
Subject: [PATCH 4/5] Last review item, add keygen to build instructions

---
 certgen/README.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/certgen/README.md b/certgen/README.md
index e50127ab..9fccd374 100644
--- a/certgen/README.md
+++ b/certgen/README.md
@@ -8,14 +8,15 @@ To test the certgen or csr_example example(s) configure wolfssl with
 #define WOLFSSL_CERT_GEN
 ```
 
-To test the cs_w_ed25519_example configure wolfssl with:
-`./configure --enable-certgen --enable-certreq --enable-ed25519` or add the
-defines:
+To test the csr_w_ed25519_example configure wolfssl with:
+`./configure --enable-certgen --enable-certreq --enable-ed25519 --enable-keygen`
+or add the defines:
 
 ```
 #define WOLFSSL_CERT_REQ
 #define WOLFSSL_CERT_GEN
 #define HAVE_ED25519
+#define WOLFSSL_KEY_GEN
 ```
 
 To build use `make`. To cleanup use `make clean`.

From 8c52551a7a25804ee4749476db2d02bff0643339 Mon Sep 17 00:00:00 2001
From: Kaleb Himes <kaleb@wolfssl.com>
Date: Tue, 30 Apr 2019 13:49:38 -0600
Subject: [PATCH 5/5] Update Makefile

---
 certgen/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/certgen/Makefile b/certgen/Makefile
index ce03df7e..3ede287d 100644
--- a/certgen/Makefile
+++ b/certgen/Makefile
@@ -1,4 +1,4 @@
-CC=gcc -fsanitize=address
+CC=gcc
 #if you installed wolfssl to an alternate location use CFLAGS and LIBS to
 #control your build:
 #CFLAGS=-Wall -I/path/to/include