diff --git a/certgen/Makefile b/certgen/Makefile index f7c8a638..1d6c50ba 100644 --- a/certgen/Makefile +++ b/certgen/Makefile @@ -13,12 +13,16 @@ CFLAGS=-Wall LIBS=-lwolfssl -all:run_certgen_example +all:certgen_example csr_example -run_certgen_example:test.o +certgen_example:certgen_example.o + $(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS) + +csr_example:csr_example.o $(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS) .PHONY: clean all clean: rm -f *.o test.o run* + rm newCert.* diff --git a/certgen/README.md b/certgen/README.md index 8bd28ffc..bb7f1bb6 100644 --- a/certgen/README.md +++ b/certgen/README.md @@ -1,20 +1,57 @@ -To build this example configure wolfssl with --enable-certgen +# Certficate Generation and Signing examples + +To build this example configure wolfssl with `./configure --enable-certgen --enable-certreq` or add the defines: + +``` +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +``` + +To build use `make`. To cleanup use `make clean`. If having issues building please check comments in the Makefile for setting up your environment + +## Certificate Generation Example + To run the test do: ``` -make -./run_certgen_example +./certgen_example +Open and read in der formatted certificate +Successfully read 1198 bytes + +Getting the caKey from ./ca-key.der +Successfully read 121 bytes +Init ecc Key +Decode the private key +Successfully retrieved caKey + +initializing the rng +Generating a new ecc key +Successfully created new ecc key + +Setting new cert issuer to subject of signer +MakeCert returned 479 +SignCert returned 570 +Successfully created new certificate +Writing newly generated certificate to file "./newCert.der" +Successfully output 570 bytes +Convert the der cert to pem formatted cert +Resulting pem buffer is 826 bytes +Successfully converted the der to pem. Result is in: ./newCert.pem + +Tests passed ``` You should see the following output when the cert is converted to human readable format. ``` -ertificate: +openssl x509 -inform pem -in newCert.pem -text + +Certificate: Data: Version: 3 (0x2) Serial Number: 81179639550048334 (0x1206873ba5ff84e) @@ -57,3 +94,23 @@ GV+4MAoGCCqGSM49BAMCA0gAMEUCIHURDOezcyCI0mdp8hpG+9JnMcfHWLSd4kiV ``` + +## Certificate Signing Request (CSR) Example + +``` +./csr_example +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMyXi4zh0EKTfZv2Mdyz9TR97aY8zmuP/Mt41Y8UczfsoAoGCCqGSM49 +AwEHoUQDQgAENfB16kF8KZuVQC0744AgiSY5bpuLRegTXJ4JTgCzSWaSHLXZC+CJ +a/0yDzI6bQtDdzNZ0M+0/O+VolN10GaAZw== +-----END EC PRIVATE KEY----- +-----BEGIN CERTIFICATE REQUEST----- +MIIBSTCB8QIBAjCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk9SMREwDwYDVQQH +DAhQb3J0bGFuZDEOMAwGA1UECgwFeWFTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50 +MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9A +d29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ18HXqQXwpm5VA +LTvjgCCJJjlum4tF6BNcnglOALNJZpIctdkL4Ilr/TIPMjptC0N3M1nQz7T875Wi +U3XQZoBnoAAwCgYIKoZIzj0EAwIDRwAwRAIgVh5iGYVmbwR4fhdjzCMI06wn2lGS +SmRM6YTRfMWRoSICIAlMGjRJlBKB9dlmukCdlHH3GXNOiKw1+iP/kApE8tRm +-----END CERTIFICATE REQUEST----- +``` diff --git a/certgen/test.c b/certgen/certgen_example.c similarity index 97% rename from certgen/test.c rename to certgen/certgen_example.c index 2252f03f..2c109cff 100644 --- a/certgen/test.c +++ b/certgen/certgen_example.c @@ -1,7 +1,7 @@ #include #include -#include #include +#include #include #include #include diff --git a/certgen/cleanup.sh b/certgen/cleanup.sh deleted file mode 100755 index 88e98f73..00000000 --- a/certgen/cleanup.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -rm newCert.* diff --git a/certgen/csr_example.c b/certgen/csr_example.c new file mode 100644 index 00000000..7e53b85c --- /dev/null +++ b/certgen/csr_example.c @@ -0,0 +1,91 @@ +#include +#include +#include +#include + +#define MAX_TEMP_SIZE 1024 + +int main(void) +{ + int ret; + ecc_key key; + WC_RNG rng; + Cert req; + byte der[MAX_TEMP_SIZE], pem[MAX_TEMP_SIZE]; + int derSz, pemSz; + + ret = wc_ecc_init(&key); + if (ret != 0) { + printf("ECC init key failed: %d\n", ret); + goto exit; + } + + ret = wc_InitRng(&rng); + if (ret != 0) { + printf("Init rng failed: %d\n", ret); + goto exit; + } + + ret = wc_ecc_make_key_ex(&rng, 32, &key, ECC_SECP256R1); + if (ret != 0) { + printf("ECC make key failed: %d\n", ret); + goto exit; + } + + ret = wc_EccKeyToDer(&key, der, sizeof(der)); + if (ret <= 0) { + printf("ECC Key To DER failed: %d\n", ret); + goto exit; + } + derSz = ret; + + memset(pem, 0, sizeof(pem)); + ret = wc_DerToPem(der, derSz, pem, sizeof(pem), ECC_PRIVATEKEY_TYPE); + if (ret <= 0) { + printf("DER to PEM failed: %d\n", ret); + goto exit; + } + pemSz = ret; + printf("%s", pem); + + ret = wc_InitCert(&req); + if (ret != 0) { + printf("Init Cert failed: %d\n", ret); + goto exit; + } + strncpy(req.subject.country, "US", CTC_NAME_SIZE); + strncpy(req.subject.state, "OR", CTC_NAME_SIZE); + strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE); + strncpy(req.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(req.subject.unit, "Development", CTC_NAME_SIZE); + strncpy(req.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(req.subject.email, "info@wolfssl.com", CTC_NAME_SIZE); + ret = wc_MakeCertReq(&req, der, sizeof(der), NULL, &key); + if (ret <= 0) { + printf("Make Cert Req failed: %d\n", ret); + goto exit; + } + derSz = ret; + + req.sigType = CTC_SHA256wECDSA; + ret = wc_SignCert(req.bodySz, req.sigType, der, sizeof(der), NULL, &key, &rng); + if (ret != 0) { + printf("Sign Cert failed: %d\n", ret); + goto exit; + } + derSz = ret; + + ret = wc_DerToPem(der, derSz, pem, sizeof(pem), CERTREQ_TYPE); + if (ret <= 0) { + printf("DER to PEM failed: %d\n", ret); + goto exit; + } + pemSz = ret; + printf("%s", pem); + +exit: + wc_ecc_free(&key); + wc_FreeRng(&rng); + + return ret; +}