From 6a3e81f6d7b85f312f6fdf0b8d2e68e68f1b065c Mon Sep 17 00:00:00 2001 From: connerwolfssl Date: Fri, 11 May 2018 14:22:12 -0600 Subject: [PATCH] support added for requesting hashig algorithm when creating certificate --- wolfCLU/clu_include/certgen/clu_certgen.h | 12 ++++++++++-- wolfCLU/clu_include/clu_optargs.h | 14 +++++++++++++- wolfCLU/clu_src/certgen/clu_certgen_ecc.c | 22 +++++++++++++++++++--- wolfCLU/clu_src/certgen/clu_certgen_rsa.c | 21 +++++++++++++++++++-- wolfCLU/clu_src/clu_main.c | 5 +++++ wolfCLU/clu_src/tools/clu_funcs.c | 6 +++--- wolfCLU/clu_src/x509/clu_request_setup.c | 17 +++++++++++++++-- 7 files changed, 84 insertions(+), 13 deletions(-) diff --git a/wolfCLU/clu_include/certgen/clu_certgen.h b/wolfCLU/clu_include/certgen/clu_certgen.h index 18a2bb79..58862630 100644 --- a/wolfCLU/clu_include/certgen/clu_certgen.h +++ b/wolfCLU/clu_include/certgen/clu_certgen.h @@ -17,8 +17,16 @@ #define HEAP_HINT NULL #define FOURK_SZ 4096 -int make_self_signed_ecc_certificate(char*, char*); +enum { + SHA_HASH, + SHA_HASH224, + SHA_HASH256, + SHA_HASH384, + SHA_HASH512 +}; -int make_self_signed_rsa_certificate(char*, char*); +int make_self_signed_ecc_certificate(char*, char*, int); + +int make_self_signed_rsa_certificate(char*, char*, int); int make_self_signed_ed25519_certificate(char*, char*); diff --git a/wolfCLU/clu_include/clu_optargs.h b/wolfCLU/clu_include/clu_optargs.h index e4410ac4..265ea356 100644 --- a/wolfCLU/clu_include/clu_optargs.h +++ b/wolfCLU/clu_include/clu_optargs.h @@ -33,6 +33,12 @@ enum { RSA, ECC, ED25519, + + CERT_SHA, + CERT_SHA224, + CERT_SHA256, + CERT_SHA384, + CERT_SHA512, INFILE, OUTFILE, @@ -73,7 +79,13 @@ static struct option long_options[] = { {"rsa", no_argument, 0, RSA }, {"ecc", no_argument, 0, ECC }, {"ed25519", no_argument, 0, ED25519 }, - + + {"sha", no_argument, 0, CERT_SHA }, + {"sha224", no_argument, 0, CERT_SHA224}, + {"sha256", no_argument, 0, CERT_SHA256}, + {"sha384", no_argument, 0, CERT_SHA384}, + {"sha512", no_argument, 0, CERT_SHA512}, + {"in", required_argument, 0, INFILE }, {"out", required_argument, 0, OUTFILE }, {"pwd", required_argument, 0, PASSWORD }, diff --git a/wolfCLU/clu_src/certgen/clu_certgen_ecc.c b/wolfCLU/clu_src/certgen/clu_certgen_ecc.c index 36eb67b0..385d61ce 100644 --- a/wolfCLU/clu_src/certgen/clu_certgen_ecc.c +++ b/wolfCLU/clu_src/certgen/clu_certgen_ecc.c @@ -3,7 +3,7 @@ void free_things_ecc(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e, WC_RNG* f); -int make_self_signed_ecc_certificate(char* keyPath, char* certOut) { +int make_self_signed_ecc_certificate(char* keyPath, char* certOut, int oid) { int ret = 0; word32 index = 0; @@ -75,11 +75,27 @@ int make_self_signed_ecc_certificate(char* keyPath, char* certOut) { strncpy(newCert.subject.email, email, CTC_NAME_SIZE); newCert.daysValid = atoi(daysValid); newCert.isCA = 0; - newCert.sigType = key.dp->oidSum; + switch(oid) { + case SHA_HASH: + newCert.sigType = CTC_SHAwECDSA; + break; + case SHA_HASH224: + newCert.sigType = CTC_SHA224wECDSA; + break; + case SHA_HASH256: + newCert.sigType = CTC_SHA256wECDSA; + break; + case SHA_HASH384: + newCert.sigType = CTC_SHA384wECDSA; + break; + case SHA_HASH512: + newCert.sigType = CTC_SHA512wECDSA; + break; + } byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (certBuf == NULL) { - printf("Failed to initialize buffer to stort certificate.\n"); + printf("Failed to initialize buffer to store certificate.\n"); return -1; } diff --git a/wolfCLU/clu_src/certgen/clu_certgen_rsa.c b/wolfCLU/clu_src/certgen/clu_certgen_rsa.c index 8fb117f6..a8440a11 100644 --- a/wolfCLU/clu_src/certgen/clu_certgen_rsa.c +++ b/wolfCLU/clu_src/certgen/clu_certgen_rsa.c @@ -3,7 +3,7 @@ void free_things_rsa(byte** a, byte** b, byte** c, RsaKey* d, RsaKey* e, WC_RNG* f); -int make_self_signed_rsa_certificate(char* keyPath, char* certOut) { +int make_self_signed_rsa_certificate(char* keyPath, char* certOut, int oid) { int ret = 0; word32 index = 0; @@ -75,7 +75,24 @@ int make_self_signed_rsa_certificate(char* keyPath, char* certOut) { strncpy(newCert.subject.email, email, CTC_NAME_SIZE); newCert.daysValid = atoi(daysValid); newCert.isCA = 0; - newCert.sigType = CTC_SHA256wRSA; /*@TODO request sig type from user*/ + + switch(oid) { + case SHA_HASH: + newCert.sigType = CTC_SHAwRSA; + break; + case SHA_HASH224: + newCert.sigType = CTC_SHA224wRSA; + break; + case SHA_HASH256: + newCert.sigType = CTC_SHA256wRSA; + break; + case SHA_HASH384: + newCert.sigType = CTC_SHA384wRSA; + break; + case SHA_HASH512: + newCert.sigType = CTC_SHA512wRSA; + break; + } byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (certBuf == NULL) { diff --git a/wolfCLU/clu_src/clu_main.c b/wolfCLU/clu_src/clu_main.c index 7649381e..ac8c52ed 100644 --- a/wolfCLU/clu_src/clu_main.c +++ b/wolfCLU/clu_src/clu_main.c @@ -62,6 +62,11 @@ int main(int argc, char** argv) case RSA: case ECC: case ED25519: + case CERT_SHA: + case CERT_SHA224: + case CERT_SHA256: + case CERT_SHA384: + case CERT_SHA512: if (!flag) flag = option; diff --git a/wolfCLU/clu_src/tools/clu_funcs.c b/wolfCLU/clu_src/tools/clu_funcs.c index 023c6269..f60e9f1a 100644 --- a/wolfCLU/clu_src/tools/clu_funcs.c +++ b/wolfCLU/clu_src/tools/clu_funcs.c @@ -495,10 +495,10 @@ void wolfCLU_certgenHelp() { printf("\n\n"); printf("***************************************************************\n"); printf("\ncertgen USAGE:\nwolfssl -req -ecc/-rsa/-ed25519 -in -out" - " \n\n"); + " -sha/sha224/sha256/sha384/sha512\n\n"); printf("***************************************************************\n"); - printf("\nEXAMPLE: \n\nwolfssl -req ecc -in mykey -out cert.pem " - "\n\nThe above command would output the file: cert.pem"); + printf("\nEXAMPLE: \n\nwolfssl -req ecc -in mykey -out cert.pem -sha256 " + "\n\nThe above command would output the file: cert.pem\n"); } /* diff --git a/wolfCLU/clu_src/x509/clu_request_setup.c b/wolfCLU/clu_src/x509/clu_request_setup.c index 76c3dbe7..c950191f 100644 --- a/wolfCLU/clu_src/x509/clu_request_setup.c +++ b/wolfCLU/clu_src/x509/clu_request_setup.c @@ -35,6 +35,7 @@ int wolfCLU_requestSetup(int argc, char** argv) char* alg; /* algorithm being used */ int keyCheck = 0; /* input check */ int algCheck = 0; /* algorithm type */ + int oid; /* help checking */ ret = wolfCLU_checkForArg("-help", 5, argc, argv); @@ -88,6 +89,18 @@ int wolfCLU_requestSetup(int argc, char** argv) wolfCLU_certgenHelp(); return ret; } + + if (wolfCLU_checkForArg("-sha224", 7, argc, argv) != 0) { + oid = SHA_HASH224; + } else if (wolfCLU_checkForArg("-sha256", 7, argc, argv) != 0) { + oid = SHA_HASH256; + } else if (wolfCLU_checkForArg("-sha384", 7, argc, argv) != 0) { + oid = SHA_HASH384; + } else if (wolfCLU_checkForArg("-sha512", 7, argc, argv) != 0) { + oid = SHA_HASH512; + } else { + oid = SHA_HASH; + } if (keyCheck == 0) { printf("Must have input as either a file or standard I/O\n"); @@ -96,11 +109,11 @@ int wolfCLU_requestSetup(int argc, char** argv) // TODO remove hard coded values if (algCheck == 1) { - ret = make_self_signed_rsa_certificate(in, out); + ret = make_self_signed_rsa_certificate(in, out, oid); } else if (algCheck == 2) { ret = make_self_signed_ed25519_certificate(in, out); } else if (algCheck == 3) { - ret = make_self_signed_ecc_certificate(in, out); + ret = make_self_signed_ecc_certificate(in, out, oid); } XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);