Added example for creating Certificate Signing Request (CSR).

certgen/Makefile

@@ -13,12 +13,16 @@ CFLAGS=-Wall
 LIBS=-lwolfssl
 
 
-all:run_certgen_example
+all:certgen_example csr_example
 
-run_certgen_example:test.o
+certgen_example:certgen_example.o
+	$(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS)
+
+csr_example:csr_example.o
 	$(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS)
 
 .PHONY: clean all
 
 clean:
 	rm -f *.o test.o run*
+	rm newCert.*

certgen/README.md

@@ -1,20 +1,57 @@
-To build this example configure wolfssl with --enable-certgen
+# Certficate Generation and Signing examples
+
+To build this example configure wolfssl with `./configure --enable-certgen --enable-certreq` or add the defines:
+
+```
+#define WOLFSSL_CERT_REQ
+#define WOLFSSL_CERT_GEN
+```
+
+To build use `make`. To cleanup use `make clean`.
 
 If having issues building please check comments in the Makefile for setting
 up your environment
 
+
+## Certificate Generation Example
+
 To run the test do:
 
 ```
-make
-./run_certgen_example
+./certgen_example
+Open and read in der formatted certificate
+Successfully read 1198 bytes
+
+Getting the caKey from ./ca-key.der
+Successfully read 121 bytes
+Init ecc Key
+Decode the private key
+Successfully retrieved caKey
+
+initializing the rng
+Generating a new ecc key
+Successfully created new ecc key
+
+Setting new cert issuer to subject of signer
+MakeCert returned 479
+SignCert returned 570
+Successfully created new certificate
+Writing newly generated certificate to file "./newCert.der"
+Successfully output 570 bytes
+Convert the der cert to pem formatted cert
+Resulting pem buffer is 826 bytes
+Successfully converted the der to pem. Result is in:  ./newCert.pem
+
+Tests passed
 ```
 
 You should see the following output when the cert is converted to human
 readable format.
 
 ```
-ertificate:
+openssl x509 -inform pem -in newCert.pem -text
+
+Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 81179639550048334 (0x1206873ba5ff84e)
@@ -57,3 +94,23 @@ GV+4MAoGCCqGSM49BAMCA0gAMEUCIHURDOezcyCI0mdp8hpG+9JnMcfHWLSd4kiV
 
 ```
 
+
+## Certificate Signing Request (CSR) Example
+
+```
+./csr_example
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIMyXi4zh0EKTfZv2Mdyz9TR97aY8zmuP/Mt41Y8UczfsoAoGCCqGSM49
+AwEHoUQDQgAENfB16kF8KZuVQC0744AgiSY5bpuLRegTXJ4JTgCzSWaSHLXZC+CJ
+a/0yDzI6bQtDdzNZ0M+0/O+VolN10GaAZw==
+-----END EC PRIVATE KEY-----
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBSTCB8QIBAjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMREwDwYDVQQH
+DAhQb3J0bGFuZDEOMAwGA1UECgwFeWFTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50
+MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A
+d29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ18HXqQXwpm5VA
+LTvjgCCJJjlum4tF6BNcnglOALNJZpIctdkL4Ilr/TIPMjptC0N3M1nQz7T875Wi
+U3XQZoBnoAAwCgYIKoZIzj0EAwIDRwAwRAIgVh5iGYVmbwR4fhdjzCMI06wn2lGS
+SmRM6YTRfMWRoSICIAlMGjRJlBKB9dlmukCdlHH3GXNOiKw1+iP/kApE8tRm
+-----END CERTIFICATE REQUEST-----
+```

certgen/certgen_example.c

@@ -1,7 +1,7 @@
 #include <stdio.h>
 #include <wolfssl/options.h>
-#include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>

certgen/cleanup.sh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-rm newCert.*

certgen/csr_example.c

@@ -0,0 +1,91 @@
+#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+
+#define MAX_TEMP_SIZE 1024
+
+int main(void)
+{
+    int ret;
+    ecc_key key;
+    WC_RNG rng;
+    Cert req;
+    byte der[MAX_TEMP_SIZE], pem[MAX_TEMP_SIZE];
+    int  derSz, pemSz;
+
+    ret = wc_ecc_init(&key);
+    if (ret != 0) {
+        printf("ECC init key failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = wc_InitRng(&rng);
+    if (ret != 0) {
+        printf("Init rng failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = wc_ecc_make_key_ex(&rng, 32, &key, ECC_SECP256R1);
+    if (ret != 0) {
+        printf("ECC make key failed: %d\n", ret);
+        goto exit;
+    }
+
+    ret = wc_EccKeyToDer(&key, der, sizeof(der));
+    if (ret <= 0) {
+        printf("ECC Key To DER failed: %d\n", ret);
+        goto exit;
+    }
+    derSz = ret;
+
+    memset(pem, 0, sizeof(pem));
+    ret = wc_DerToPem(der, derSz, pem, sizeof(pem), ECC_PRIVATEKEY_TYPE);
+    if (ret <= 0) {
+        printf("DER to PEM failed: %d\n", ret);
+        goto exit;
+    }
+    pemSz = ret;
+    printf("%s", pem);
+
+    ret = wc_InitCert(&req);
+    if (ret != 0) {
+        printf("Init Cert failed: %d\n", ret);
+        goto exit;
+    }
+    strncpy(req.subject.country, "US", CTC_NAME_SIZE);
+    strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
+    strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
+    strncpy(req.subject.org, "wolfSSL", CTC_NAME_SIZE);
+    strncpy(req.subject.unit, "Development", CTC_NAME_SIZE);
+    strncpy(req.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE);
+    strncpy(req.subject.email, "info@wolfssl.com", CTC_NAME_SIZE);
+    ret = wc_MakeCertReq(&req, der, sizeof(der), NULL, &key);
+    if (ret <= 0) {
+        printf("Make Cert Req failed: %d\n", ret);
+        goto exit;
+    }
+    derSz = ret;
+
+    req.sigType = CTC_SHA256wECDSA;
+    ret = wc_SignCert(req.bodySz, req.sigType, der, sizeof(der), NULL, &key, &rng);
+    if (ret != 0) {
+        printf("Sign Cert failed: %d\n", ret);
+        goto exit;
+    }
+    derSz = ret;
+
+    ret = wc_DerToPem(der, derSz, pem, sizeof(pem), CERTREQ_TYPE);
+    if (ret <= 0) {
+        printf("DER to PEM failed: %d\n", ret);
+        goto exit;
+    }
+    pemSz = ret;
+    printf("%s", pem);
+
+exit:
+    wc_ecc_free(&key);
+    wc_FreeRng(&rng);
+
+    return ret;
+}