WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

support added for requesting hashig algorithm when creating certificate

pull/95/head
connerwolfssl 2018-05-11 14:22:12 -06:00
parent f6a5a3eb49
commit 6a3e81f6d7
7 changed files with 84 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
wolfCLU/clu_include/certgen/clu_certgen.h
View File

@ -17,8 +17,16 @@
#define HEAP_HINT NULL
#define FOURK_SZ 4096
int make_self_signed_ecc_certificate(char*, char*);
enum {
SHA_HASH,
SHA_HASH224,
SHA_HASH256,
SHA_HASH384,
SHA_HASH512
};
int make_self_signed_rsa_certificate(char*, char*);
int make_self_signed_ecc_certificate(char*, char*, int);
int make_self_signed_rsa_certificate(char*, char*, int);
int make_self_signed_ed25519_certificate(char*, char*);

14
wolfCLU/clu_include/clu_optargs.h
View File

@ -33,6 +33,12 @@ enum {
RSA,
ECC,
ED25519,
CERT_SHA,
CERT_SHA224,
CERT_SHA256,
CERT_SHA384,
CERT_SHA512,
INFILE,
OUTFILE,
@ -73,7 +79,13 @@ static struct option long_options[] = {
{"rsa", no_argument, 0, RSA },
{"ecc", no_argument, 0, ECC },
{"ed25519", no_argument, 0, ED25519 },
{"sha", no_argument, 0, CERT_SHA },
{"sha224", no_argument, 0, CERT_SHA224},
{"sha256", no_argument, 0, CERT_SHA256},
{"sha384", no_argument, 0, CERT_SHA384},
{"sha512", no_argument, 0, CERT_SHA512},
{"in", required_argument, 0, INFILE },
{"out", required_argument, 0, OUTFILE },
{"pwd", required_argument, 0, PASSWORD },

22
wolfCLU/clu_src/certgen/clu_certgen_ecc.c
View File

@ -3,7 +3,7 @@
void free_things_ecc(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
WC_RNG* f);
int make_self_signed_ecc_certificate(char* keyPath, char* certOut) {
int make_self_signed_ecc_certificate(char* keyPath, char* certOut, int oid) {
int ret = 0;
word32 index = 0;
@ -75,11 +75,27 @@ int make_self_signed_ecc_certificate(char* keyPath, char* certOut) {
strncpy(newCert.subject.email, email, CTC_NAME_SIZE);
newCert.daysValid = atoi(daysValid);
newCert.isCA = 0;
newCert.sigType = key.dp->oidSum;
switch(oid) {
case SHA_HASH:
newCert.sigType = CTC_SHAwECDSA;
break;
case SHA_HASH224:
newCert.sigType = CTC_SHA224wECDSA;
break;
case SHA_HASH256:
newCert.sigType = CTC_SHA256wECDSA;
break;
case SHA_HASH384:
newCert.sigType = CTC_SHA384wECDSA;
break;
case SHA_HASH512:
newCert.sigType = CTC_SHA512wECDSA;
break;
}
byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (certBuf == NULL) {
printf("Failed to initialize buffer to stort certificate.\n");
printf("Failed to initialize buffer to store certificate.\n");
return -1;
}

21
wolfCLU/clu_src/certgen/clu_certgen_rsa.c
View File

@ -3,7 +3,7 @@
void free_things_rsa(byte** a, byte** b, byte** c, RsaKey* d, RsaKey* e,
WC_RNG* f);
int make_self_signed_rsa_certificate(char* keyPath, char* certOut) {
int make_self_signed_rsa_certificate(char* keyPath, char* certOut, int oid) {
int ret = 0;
word32 index = 0;
@ -75,7 +75,24 @@ int make_self_signed_rsa_certificate(char* keyPath, char* certOut) {
strncpy(newCert.subject.email, email, CTC_NAME_SIZE);
newCert.daysValid = atoi(daysValid);
newCert.isCA = 0;
newCert.sigType = CTC_SHA256wRSA; /*@TODO request sig type from user*/
switch(oid) {
case SHA_HASH:
newCert.sigType = CTC_SHAwRSA;
break;
case SHA_HASH224:
newCert.sigType = CTC_SHA224wRSA;
break;
case SHA_HASH256:
newCert.sigType = CTC_SHA256wRSA;
break;
case SHA_HASH384:
newCert.sigType = CTC_SHA384wRSA;
break;
case SHA_HASH512:
newCert.sigType = CTC_SHA512wRSA;
break;
}
byte* certBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (certBuf == NULL) {

5
wolfCLU/clu_src/clu_main.c
View File

@ -62,6 +62,11 @@ int main(int argc, char** argv)
case RSA:
case ECC:
case ED25519:
case CERT_SHA:
case CERT_SHA224:
case CERT_SHA256:
case CERT_SHA384:
case CERT_SHA512:
if (!flag) flag = option;

6
wolfCLU/clu_src/tools/clu_funcs.c
View File

@ -495,10 +495,10 @@ void wolfCLU_certgenHelp() {
printf("\n\n");
printf("***************************************************************\n");
printf("\ncertgen USAGE:\nwolfssl -req -ecc/-rsa/-ed25519 -in <filename> -out"
" <filename> \n\n");
" <filename> -sha/sha224/sha256/sha384/sha512\n\n");
printf("***************************************************************\n");
printf("\nEXAMPLE: \n\nwolfssl -req ecc -in mykey -out cert.pem "
"\n\nThe above command would output the file: cert.pem");
printf("\nEXAMPLE: \n\nwolfssl -req ecc -in mykey -out cert.pem -sha256 "
"\n\nThe above command would output the file: cert.pem\n");
}
/*

17
wolfCLU/clu_src/x509/clu_request_setup.c
View File

@ -35,6 +35,7 @@ int wolfCLU_requestSetup(int argc, char** argv)
char* alg; /* algorithm being used */
int keyCheck = 0; /* input check */
int algCheck = 0; /* algorithm type */
int oid;
/* help checking */
ret = wolfCLU_checkForArg("-help", 5, argc, argv);
@ -88,6 +89,18 @@ int wolfCLU_requestSetup(int argc, char** argv)
wolfCLU_certgenHelp();
return ret;
}
if (wolfCLU_checkForArg("-sha224", 7, argc, argv) != 0) {
oid = SHA_HASH224;
} else if (wolfCLU_checkForArg("-sha256", 7, argc, argv) != 0) {
oid = SHA_HASH256;
} else if (wolfCLU_checkForArg("-sha384", 7, argc, argv) != 0) {
oid = SHA_HASH384;
} else if (wolfCLU_checkForArg("-sha512", 7, argc, argv) != 0) {
oid = SHA_HASH512;
} else {
oid = SHA_HASH;
}
if (keyCheck == 0) {
printf("Must have input as either a file or standard I/O\n");
@ -96,11 +109,11 @@ int wolfCLU_requestSetup(int argc, char** argv)
// TODO remove hard coded values
if (algCheck == 1) {
ret = make_self_signed_rsa_certificate(in, out);
ret = make_self_signed_rsa_certificate(in, out, oid);
} else if (algCheck == 2) {
ret = make_self_signed_ed25519_certificate(in, out);
} else if (algCheck == 3) {
ret = make_self_signed_ecc_certificate(in, out);
ret = make_self_signed_ecc_certificate(in, out, oid);
}
XFREE(in, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);