WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

adding keygeneration framework and ed25519 der creation, update license

pull/45/head
kaleb-himes 2017-05-03 14:54:15 -06:00
parent f1b960876b
commit e36ee88cd1
25 changed files with 721 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wolfCLU/README.md
View File

@ -31,6 +31,12 @@ encryption or decryption are:
--enable-sha512
--enable-fortress
Additional features that can be included when configuring wolfssl for
key generation are:
--enable-ed25519
##wolfCLU Install
After wolfssl is installed, install wolfCLU. In the directory
@ -77,4 +83,4 @@ Please contact support@wolfssl.com with any questions or comments
## License
Copyright (c) 2006-2016 wolfSSL Inc.
Copyright (c) 2006-2017 wolfSSL Inc.

29
wolfCLU/clu_include/clu_error_codes.h
View File

@ -1,8 +1,35 @@
/* clu_error_codes.h
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef _WOLFSSL_CLU_ERROR_H_
#define _WOLFSSL_CLU_ERROR_H_
enum {
USER_INPUT_ERROR = -1001,
INPUT_FILE_ERROR = -1002,
PEM_TO_DER_ERROR = -1003, /* converting pem to der failed */
DER_TO_PEM_ERROR = -1004, /* converting der to pem failed */
OUTPUT_FILE_ERROR = -1005,
FEATURE_COMING_SOON = -1006, /* Feature not yet implemented */
};
#endif /* _WOLFSSL_CLU_ERROR_H_ */

62
wolfCLU/clu_include/clu_header_main.h
View File

@ -1,6 +1,6 @@
/* clu_header_main.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -67,12 +67,10 @@
#include <wolfssl/wolfcrypt/coding.h>
#ifndef UTIL_H_INCLUDED
#define UTIL_H_INCLUDED
#define BLOCK_SIZE 16384
#define MEGABYTE (1024*1024)
#define MAX_THREADS 64
#define MAX_FILENAME_SZ 256
#include <wolfssl/wolfcrypt/types.h>
@ -83,6 +81,8 @@
#define HEAP_HINT NULL
#endif
#include "clu_include/clu_error_codes.h"
/* @VERSION
* Update every time library change,
* functionality shift,
@ -142,6 +142,11 @@ void wolfCLU_hashHelp(void);
*/
void wolfCLU_benchHelp(void);
/*
* genkey help function
*/
void wolfCLU_genKeyHelp(void);
/* find algorithm for encryption/decryption
*
* @param name the whole line sent from user. Example: "aes-cbc-128"
@ -151,16 +156,6 @@ void wolfCLU_benchHelp(void);
*/
int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size);
/* generates key based on password provided
*
* @param rng the random number generator
* @param pwdKey the password based key as provided by the user
* @param size size as determined by wolfCLU_GetAlgo
* @param salt the buffer to store the resulting salt after it's generated
* @param pad a flag to let us know if there are padded bytes or not
*/
int wolfCLU_genKey(RNG* rng, byte* pwdKey, int size, byte* salt, int pad);
/* secure entry of password
*
* @param pwdKey the password provide by the user
@ -230,7 +225,8 @@ void wolfCLU_stats(double start, int blockSize, int64_t blocks);
* @param pwdKey this is the user provided password to be used as the key
* @param key if entered must be in hex, can be used to verify encryption with
* nist test vectors.
* @param size this is set by wolfCLU_GetAlgo and is used to stretch the password
* @param size this is set by wolfCLU_GetAlgo and is used to stretch the
* password
* @param in the filename or user input from command line
* @param out the filename to output following en/de cryption
* @param iv if entered must be in hex otherwise generated at run time
@ -251,7 +247,8 @@ int wolfCLU_encrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size,
* @param pwdKey this is the user provided password to be used as the key
* @param key if entered must be in hex, can be used to verify encryption with
* nist test vectors.
* @param size this is set by wolfCLU_GetAlgo and is used to stretch the password
* @param size this is set by wolfCLU_GetAlgo and is used to stretch the
* password
* @param in the filename or user input from command line
* @param out the filename to output following en/de cryption
* @param iv if entered must be in hex otherwise generated at run time
@ -278,10 +275,41 @@ int wolfCLU_benchmark(int timer, int* option);
* @param size
*/
int wolfCLU_hash(char* in, char* out, char* alg, int size);
/*
* get the current Version
*/
void wolfCLU_version(void);
#endif
/*
* generic function to check for a specific input argument. Return the
* argv[i] where argument was found. Useful for getting following value after
* arg.
* EXAMPLE:
* --------------------
* int ret;
* char myString[BIG_ENOUGH_FOR_INPUT];
* ret = wolfCLU_checkForArg("-somearg");
* if (ret > 0)
* XSTRNCPY(myString, argv[ret+1], XSTRLEN(argv[ret+1]));
* else {
* <ERROR LOGIC>
* }
* --------------------
*
*
*/
int wolfCLU_checkForArg(char* searchTerm, int length, int argc, char** argv);
/*
* Verify valid output format
*/
int wolfCLU_checkOutform(char* outform);
/*
* Verify valid input format
*/
int wolfCLU_checkInform(char* inform);
#endif /* _WOLFSSL_CLU_HEADER_ */

6
wolfCLU/clu_include/clu_optargs.h
View File

@ -1,6 +1,6 @@
/* clu_optargs.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -43,6 +43,8 @@ enum {
TEXT_OUT,
SILENT,
REQUEST,
GEN_KEY,
OUTPUT,
HELP1, /* "-help" */
HELP2, /* "-h" */
};
@ -71,6 +73,8 @@ static struct option long_options[] = {
{"text", 0, 0, TEXT_OUT },
{"silent", 0, 0, SILENT },
{"req", 0, 0, REQUEST },
{"genkey", 0, 0, GEN_KEY },
{"output", 0, 0, OUTPUT },
{"help", 0, 0, HELP1 },
{"h", 0, 0, HELP2 },
{"v", 0, 0, 'v' },

64
wolfCLU/clu_include/genkey/clu_genkey.h 100644
View File

@ -0,0 +1,64 @@
/* clu_genkey.h
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef CLU_GENKEY_H
#define CLU_GENKEY_H
#include <wolfssl/options.h>
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#define SALT_SIZE 8
enum {
PRIV_ONLY,
PUB_ONLY,
PRIV_AND_PUB
};
/* handles incoming arguments for certificate generation */
int wolfCLU_genKeySetup(int argc, char** argv);
#ifdef HAVE_ED25519
/* Generate an ED25519 key */
int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive,
int format);
#endif
/* Generate an ECC key */
int wolfCLU_genKey_ECC(void);
/* Generate an RSA key */
int wolfCLU_genKey_RSA(void);
/* generates key based on password provided
*
* @param rng the random number generator
* @param pwdKey the password based key as provided by the user
* @param size size as determined by wolfCLU_GetAlgo
* @param salt the buffer to store the resulting salt after it's generated
* @param pad a flag to let us know if there are padded bytes or not
*/
int wolfCLU_genKey_PWDBASED(RNG* rng, byte* pwdKey, int size, byte* salt,
int pad);
#endif /* CLU_GENKEY_H */

3
wolfCLU/clu_include/include.am
View File

@ -8,5 +8,6 @@ nobase_include_HEADERS+=clu_include/clu_header_main.h \
clu_include/clu_error_codes.h \
clu_include/x509/clu_cert.h \
clu_include/x509/clu_parse.h \
clu_include/x509/clu_request.h
clu_include/x509/clu_request.h \
clu_include/genkey/clu_genkey.h

7
wolfCLU/clu_include/x509/clu_cert.h
View File

@ -1,6 +1,6 @@
/* clu_cert.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -22,6 +22,11 @@
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
enum {
PEM_FORM,
DER_FORM,
};
/* handles incoming arguments for certificate generation */
int wolfCLU_certSetup(int argc, char** argv);

2
wolfCLU/clu_include/x509/clu_parse.h
View File

@ -1,6 +1,6 @@
/* clu_parse.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

2
wolfCLU/clu_include/x509/clu_request.h
View File

@ -1,6 +1,6 @@
/* clu_request.h
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

2
wolfCLU/clu_src/benchmark/clu_bench_setup.c
View File

@ -1,6 +1,6 @@
/* clu_bench_setup.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

2
wolfCLU/clu_src/benchmark/clu_benchmark.c
View File

@ -1,6 +1,6 @@
/* clu_benchmark.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

6
wolfCLU/clu_src/clu_main.c
View File

@ -1,6 +1,6 @@
/* clu_main.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -24,6 +24,7 @@
#include "clu_include/clu_optargs.h"
#include "clu_include/clu_error_codes.h"
#include "clu_include/x509/clu_request.h"
#include "clu_include/genkey/clu_genkey.h"
/* enumerate optionals beyond ascii range to dis-allow use of alias IE we
* do not want "-e" to work for encrypt, user must use "encrypt"
*/
@ -67,6 +68,8 @@ int main(int argc, char** argv)
/* x509 Certificate request */
case REQUEST: ret = wolfCLU_requestSetup(argc, argv);
break;
case GEN_KEY: ret = wolfCLU_genKeySetup(argc, argv);
break;
/* Ignore the following arguments for now. Will be handled by their respective
* setups IE Crypto setup, Benchmark setup, or Hash Setup */
@ -91,6 +94,7 @@ int main(int argc, char** argv)
/* Certificate Stuff*/
case INFORM: break;
case OUTFORM: break;
case OUTPUT: break;
case NOOUT: break;
case TEXT_OUT: break;
case SILENT: break;

2
wolfCLU/clu_src/crypto/clu_crypto_setup.c
View File

@ -1,6 +1,6 @@
/* clu_crypto_setup.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

4
wolfCLU/clu_src/crypto/clu_decrypt.c
View File

@ -1,6 +1,6 @@
/* clu_decrypt.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -20,8 +20,8 @@
*/
#include "clu_include/clu_header_main.h"
#include "clu_include/genkey/clu_genkey.h"
#define SALT_SIZE 8
#define MAX 1024
int wolfCLU_decrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size,

6
wolfCLU/clu_src/crypto/clu_encrypt.c
View File

@ -1,6 +1,6 @@
/* clu_encrypt.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -20,8 +20,8 @@
*/
#include "clu_include/clu_header_main.h"
#include "clu_include/genkey/clu_genkey.h"
#define SALT_SIZE 8
#define MAX 1024
int wolfCLU_encrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size,
@ -123,7 +123,7 @@ int wolfCLU_encrypt(char* alg, char* mode, byte* pwdKey, byte* key, int size,
}
/* stretches pwdKey to fit size based on wolfCLU_getAlgo() */
ret = wolfCLU_genKey(&rng, pwdKey, size, salt, padCounter);
ret = wolfCLU_genKey_PWDBASED(&rng, pwdKey, size, salt, padCounter);
if (ret != 0) {
printf("failed to set pwdKey.\n");

189
wolfCLU/clu_src/genkey/clu_genkey.c 100644
View File

@ -0,0 +1,189 @@
/* clu_genkey.c
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#include "clu_include/clu_header_main.h"
#include "clu_include/genkey/clu_genkey.h"
#include "clu_include/x509/clu_cert.h" /* PER_FORM/DER_FORM */
#include <wolfssl/wolfcrypt/asn_public.h> /* wc_DerToPem */
#ifdef HAVE_ED25519
int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format)
{
int ret = -1; /* return value */
int fOutNmSz = XSTRLEN(fOutNm); /* file name without append */
int fOutNmAppendSz = 6; /* # of bytes to append to file name */
int flag_outputPub = 0; /* set if outputting both priv/pub */
char privAppend[6] = ".priv\0"; /* last part of the priv file name */
char pubAppend[6] = ".pub\0\0"; /* last part of the pub file name*/
byte privKeyBuf[ED25519_KEY_SIZE*2]; /* will hold public & private parts */
byte pubKeyBuf[ED25519_KEY_SIZE]; /* holds just the public key part */
word32 privKeySz; /* size of private key */
word32 pubKeySz; /* size of public key */
ed25519_key edKeyOut; /* the ed25519 key structure */
char* finalOutFNm; /* file name + append */
FILE* file; /* file stream */
printf("fOutNm = %s\n", fOutNm);
/*--------------- INIT ---------------------*/
ret = wc_ed25519_init(&edKeyOut);
if (ret != 0)
return ret;
/*--------------- MAKE KEY ---------------------*/
ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &edKeyOut);
if (ret != 0)
return ret;
/*--------------- GET KEY SIZES ---------------------*/
privKeySz = wc_ed25519_priv_size(&edKeyOut);
if (privKeySz <= 0)
return WC_KEY_SIZE_E;
pubKeySz = wc_ed25519_pub_size(&edKeyOut);
if (pubKeySz <= 0)
return WC_KEY_SIZE_E;
/*--------------- EXPORT KEYS TO BUFFERS ---------------------*/
ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz, pubKeyBuf,
&pubKeySz);
/*--------------- CONVERT TO PEM IF APPLICABLE ---------------------*/
if (format == PEM_FORM) {
printf("Der to Pem for ed25519 key not yet implemented\n");
printf("FEATURE COMING SOON!\n");
return FEATURE_COMING_SOON;
}
/*--------------- OUTPUT KEYS TO FILE(S) ---------------------*/
finalOutFNm = (char*) XMALLOC( (fOutNmSz + fOutNmAppendSz), HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (finalOutFNm == NULL)
return MEMORY_E;
/* get the first part of the file name setup */
XMEMSET(finalOutFNm, 0, fOutNmSz + fOutNmAppendSz);
XMEMCPY(finalOutFNm, fOutNm, fOutNmSz);
switch(directive) {
case PRIV_AND_PUB:
flag_outputPub = 1;
/* Fall through to PRIV_ONLY */
case PRIV_ONLY:
/* add on the final part of the file name ".priv" */
XMEMCPY(finalOutFNm+fOutNmSz, privAppend, fOutNmAppendSz);
printf("finalOutFNm = %s\n", finalOutFNm);
file = fopen(finalOutFNm, "wb");
if (!file) {
XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return OUTPUT_FILE_ERROR;
}
ret = (int) fwrite(privKeyBuf, 1, privKeySz, file);
if (ret <= 0) {
fclose(file);
XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return OUTPUT_FILE_ERROR;
}
fclose(file);
if (flag_outputPub == 0) {
break;
} /* else fall through to PUB_ONLY if flag_outputPub == 1*/
case PUB_ONLY:
/* add on the final part of the file name ".pub" */
XMEMCPY(finalOutFNm+fOutNmSz, pubAppend, fOutNmAppendSz);
printf("finalOutFNm = %s\n", finalOutFNm);
file = fopen(finalOutFNm, "wb");
if (!file) {
XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return OUTPUT_FILE_ERROR;
}
ret = (int) fwrite(pubKeyBuf, 1, pubKeySz, file);
if (ret <= 0) {
fclose(file);
XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return OUTPUT_FILE_ERROR;
}
fclose(file);
break;
default:
printf("Invalid directive\n");
XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return BAD_FUNC_ARG;
}
XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ret > 0) {
/* ret > 0 indicates a successful file write, set to zero for return */
ret = 0;
}
return ret;
}
#endif /* HAVE_ED25519 */
int wolfCLU_genKey_ECC()
{
int ret = FEATURE_COMING_SOON;
printf("Creating a ECC key: FEATURE COMING SOON\n");
return ret;
}
int wolfCLU_genKey_RSA()
{
int ret = FEATURE_COMING_SOON;
printf("Creating a RSA key: FEATURE COMING SOON\n");
return ret;
}
/*
* makes a cyptographically secure key by stretching a user entered pwdKey
*/
int wolfCLU_genKey_PWDBASED(RNG* rng, byte* pwdKey, int size, byte* salt, int pad)
{
int ret; /* return variable */
/* randomly generates salt */
ret = wc_RNG_GenerateBlock(rng, salt, SALT_SIZE-1);
if (ret != 0)
return ret;
/* set first value of salt to let us know
* if message has padding or not
*/
if (pad == 0)
salt[0] = 0;
/* stretches pwdKey */
ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) strlen((const char*)pwdKey), salt, SALT_SIZE,
4096, size, SHA256);
if (ret != 0)
return ret;
return 0;
}

142
wolfCLU/clu_src/genkey/clu_genkey_setup.c 100644
View File

@ -0,0 +1,142 @@
/* clu_genkey_setup.c
*
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#include "clu_include/clu_header_main.h"
#include "clu_include/genkey/clu_genkey.h"
#include "clu_include/x509/clu_cert.h" /* argument checking */
int wolfCLU_genKeySetup(int argc, char** argv)
{
char keyOutFName[MAX_FILENAME_SZ]; /* default outFile for genKey */
char defaultFormat[4] = "der\0";
FILE* fStream;
WC_RNG rng;
char* keyType = NULL; /* keyType */
char* format = defaultFormat;
int formatArg = DER_FORM;
int size = 0; /* keysize */
int ret = 0; /* return variable */
int i = 0; /* loop counter */
ret = wolfCLU_checkForArg("-h", 2, argc, argv);
if (ret > 0) {
wolfCLU_genKeyHelp();
return 0;
}
XMEMSET(keyOutFName, 0, MAX_FILENAME_SZ);
keyType = argv[2];
ret = wc_InitRng(&rng);
ret = wolfCLU_checkForArg("-out", 4, argc, argv);
if (ret > 0) {
if (argv[ret+1] != NULL) {
XSTRNCPY(keyOutFName, argv[ret+1], XSTRLEN(argv[ret+1]));
} else {
printf("ERROR: No output file name specified\n");
wolfCLU_genKeyHelp();
return USER_INPUT_ERROR;
}
} else {
printf("ERROR: Please specify an output file name\n");
wolfCLU_genKeyHelp();
return USER_INPUT_ERROR;
}
ret = wolfCLU_checkForArg("-outform", 8, argc, argv);
if (ret > 0) {
format = argv[ret+1];
}
ret = wolfCLU_checkOutform(format);
if (ret == PEM_FORM || ret == DER_FORM) {
printf("OUTPUT A PEM FILE\n");
formatArg = ret;
} else {
printf("ERROR: \"%s\" is not a valid file format\n", format);
return ret;
}
/* type of key to generate */
if (0) {
/* force fail w/ check on condition "false" */
} else if (XSTRNCMP(keyType, "ed25519", 7) == 0) {
#ifdef HAVE_ED25519
ret = wolfCLU_checkForArg("-output", 7, argc, argv);
if (ret > 0) {
if (argv[ret+1] != NULL) {
if (XSTRNCMP(argv[ret+1], "pub", 3) == 0)
ret = wolfCLU_genKey_ED25519(&rng, keyOutFName, PUB_ONLY,
formatArg);
else if (XSTRNCMP(argv[ret+1], "priv", 4) == 0)
ret = wolfCLU_genKey_ED25519(&rng, keyOutFName, PRIV_ONLY,
formatArg);
else if (XSTRNCMP(argv[ret+1], "keypair", 7) == 0)
ret = wolfCLU_genKey_ED25519(&rng, keyOutFName,
PRIV_AND_PUB, formatArg);
}
} else {
printf("No -output <PUB/PRIV/KEYPAIR>\n");
printf("DEFAULT: output public and private key pair\n");
ret = wolfCLU_genKey_ED25519(&rng, keyOutFName, PRIV_AND_PUB,
formatArg);
}
#else
printf("Invalid option, ED25519 not enabled.\n");
printf("Please re-configure wolfSSL with --enable-ed25519 and "
"try again\n");
return NOT_COMPILED_IN;
#endif /* HAVE_ED25519 */
} else if (XSTRNCMP(keyType, "ecc", 3) == 0) {
#ifdef HAVE_ECC
printf("generate ECC key\n");
ret = wolfCLU_genKey_ECC();
#else
printf("Invalid option, ECC not enabled.\n");
printf("Please re-configure wolfSSL with --enable-ecc and "
"try again\n");
return NOT_COMPILED_IN;
#endif /* HAVE_ECC */
} else if (XSTRNCMP(keyType, "rsa", 3) == 0) {
#ifndef NO_RSA
printf("generate RSA key\n");
ret = wolfCLU_genKey_RSA();
#else
printf("Invalid option, RSA not enabled.\n");
printf("Please re-configure wolfSSL with --enable-rsa and "
"try again\n");
return NOT_COMPILED_IN;
#endif /* NO_RSA */
} else {
printf("\"%s\" is an invalid key type, or not compiled in\n", keyType);
return USER_INPUT_ERROR;
}
return ret;
}

2
wolfCLU/clu_src/hash/clu_hash.c
View File

@ -1,6 +1,6 @@
/* clu_hash.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

2
wolfCLU/clu_src/hash/clu_hash_setup.c
View File

@ -1,6 +1,6 @@
/* clu_hash_setup.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

12
wolfCLU/clu_src/include.am
View File

@ -4,18 +4,20 @@
#/ kaleb /#
bin_PROGRAMS = wolfssl
wolfssl_SOURCES = clu_src/tools/clu_funcs.c \
wolfssl_SOURCES = clu_src/clu_main.c \
clu_src/tools/clu_funcs.c \
clu_src/tools/clu_hex_to_bin.c \
clu_src/crypto/clu_crypto_setup.c \
clu_src/crypto/clu_encrypt.c \
clu_src/crypto/clu_decrypt.c \
clu_src/crypto/clu_crypto_setup.c \
clu_src/hash/clu_hash_setup.c \
clu_src/hash/clu_hash.c \
clu_src/benchmark/clu_bench_setup.c \
clu_src/benchmark/clu_benchmark.c \
clu_src/clu_main.c \
clu_src/x509/clu_parse.c \
clu_src/x509/clu_request_setup.c \
clu_src/x509/clu_cert_setup.c
clu_src/x509/clu_cert_setup.c \
clu_src/x509/clu_parse.c \
clu_src/genkey/clu_genkey_setup.c \
clu_src/genkey/clu_genkey.c

123
wolfCLU/clu_src/tools/clu_funcs.c
View File

@ -1,6 +1,6 @@
/* clu_funcs.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as wolfSSL)
*
@ -21,6 +21,7 @@
#include "clu_include/clu_header_main.h"
#include "clu_include/version.h"
#include "clu_include/x509/clu_cert.h" /* for PEM_FORM and DER_FORM */
#define SALT_SIZE 8
#define DES3_BLOCK_SIZE 24
@ -58,12 +59,15 @@ int i = 0; /* loop variable */
printf("-verbose display a more verbose help menu\n");
printf("-inform input format of the certificate file [PEM/DER]\n");
printf("-outform format to output [PEM/DER]\n");
printf("-output used with -genkey option to specify which keys to\n"
" output [PUB/PRIV/KEYPAIR]\n");
printf("\nFor encryption: wolfssl -encrypt -help\n");
printf("For decryption: wolfssl -decrypt -help\n");
printf("For hashing: wolfssl -hash -help\n");
printf("For benchmarking: wolfssl -bench -help\n");
printf("For x509: wolfssl -x509 -help\n\n");
printf("For x509: wolfssl -x509 -help\n");
printf("For key creation: wolfssl -genkey -help\n\n");
}
/*
@ -335,6 +339,19 @@ void wolfCLU_certHelp()
"\n\n");
}
void wolfCLU_genKeyHelp() {
printf("\n\n");
printf("***************************************************************\n");
printf("\ngenkey USAGE:\nwolfssl -genkey <keytype> -out <filename> -outform"
" <PEM or DER> -output <PUB/PRIV/KEYPAIR> \n\n");
printf("***************************************************************\n");
printf("\nEXAMPLE: \n\nwolfssl -genkey ed25519 -out mykey -outform der "
" -output KEYPAIR"
"\n\nThe above command would output the files: mykey.priv "
" and mykey.pub\nChanging the -output option to just PRIV would only"
"\noutput the mykey.priv and using just PUB would only output"
"\nmykey.pub\n\n");
}
/*
* finds algorithm for encryption/decryption
@ -424,35 +441,6 @@ int wolfCLU_getAlgo(char* name, char** alg, char** mode, int* size)
return ret;
}
/*
* makes a cyptographically secure key by stretching a user entered pwdKey
*/
int wolfCLU_genKey(RNG* rng, byte* pwdKey, int size, byte* salt, int pad)
{
int ret; /* return variable */
/* randomly generates salt */
ret = wc_RNG_GenerateBlock(rng, salt, SALT_SIZE-1);
if (ret != 0)
return ret;
/* set first value of salt to let us know
* if message has padding or not
*/
if (pad == 0)
salt[0] = 0;
/* stretches pwdKey */
ret = (int) wc_PBKDF2(pwdKey, pwdKey, (int) strlen((const char*)pwdKey), salt, SALT_SIZE,
4096, size, SHA256);
if (ret != 0)
return ret;
return 0;
}
/*
* secure data entry by turning off key echoing in the terminal
*/
@ -548,3 +536,76 @@ void wolfCLU_version()
printf("\nYou are using version %s of the wolfssl Command Line Utility.\n\n"
, LIBWOLFSSL_VERSION_STRING);
}
int wolfCLU_checkForArg(char* searchTerm, int length, int argc, char** argv)
{
int i;
int ret = 0;
int argFound = 0;
for (i = 0; i < argc; i++) {
if (argv[i] == NULL) {
ret = 0;
break; /* stop checking if no more args*/
} else if (XSTRNCMP(argv[i], searchTerm, length) == 0) {
/* EXCEPTIONS: */
if (XSTRNCMP(searchTerm, "-in", 3) == 0 &&
XSTRNCMP(searchTerm, "-inform", 7) != 0) {
if (XSTRNCMP(argv[i], "-inform", 7) == 0) {
continue;
}
}
if (XSTRNCMP(searchTerm, "-out", 3) == 0 &&
XSTRNCMP(searchTerm, "-outform", 8) != 0 &&
XSTRNCMP(searchTerm, "-output", 7) != 0) {
if (XSTRNCMP(argv[i], "-outform", 8) == 0 ||
XSTRNCMP(argv[i], "-output", 7) == 0) {
continue;
}
}
/* END EXCEPTIONS */
ret = i;
if (argFound == 1) {
printf("ERROR: argument found twice: \"%s\"\n", searchTerm);
return USER_INPUT_ERROR;
}
argFound = 1;
}
}
return ret;
}
int wolfCLU_checkOutform(char* outform)
{
if (outform == NULL) {
printf("Usage: -outform [PEM/DER]\n");
printf("missing outform required argument\n");
return USER_INPUT_ERROR;
} else if (XSTRNCMP(outform, "pem", 3) == 0) {
return PEM_FORM;
} else if (XSTRNCMP(outform, "der", 3) == 0) {
return DER_FORM;
} else {
printf("Usage: -outform [PEM/DER]\n");
printf("\"%s\" is not a valid output format\n", outform);
}
return USER_INPUT_ERROR;
}
int wolfCLU_checkInform(char* inform)
{
if (inform == NULL) {
printf("Usage: -inform [PEM/DER]\n");
printf("missing inform required argument\n");
return USER_INPUT_ERROR;
} else if (XSTRNCMP(inform, "pem", 3) == 0) {
return PEM_FORM;
} else if (XSTRNCMP(inform, "der", 3) == 0) {
return DER_FORM;
} else {
printf("Usage: -inform [PEM/DER]\n");
printf("\"%s\" is not a valid input format\n", inform);
}
return USER_INPUT_ERROR;
}

2
wolfCLU/clu_src/tools/clu_hex_to_bin.c
View File

@ -1,6 +1,6 @@
/* clu_hex_to_bin.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

125
wolfCLU/clu_src/x509/clu_cert_setup.c
View File

@ -1,6 +1,6 @@
/* clu_cert_setup.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
@ -22,6 +22,7 @@
#include <stdio.h>
#include <unistd.h>
#include <wolfssl/wolfcrypt/types.h>
#include "clu_include/clu_header_main.h"
#include "clu_include/clu_error_codes.h"
#include "clu_include/x509/clu_cert.h"
#include "clu_include/x509/clu_parse.h"
@ -53,77 +54,64 @@ int wolfCLU_certSetup(int argc, char** argv)
char* outform; /* the output format */
for (i = 2; i < argc; i++) {
/*---------------------------------------------------------------------------*/
/* help */
/*---------------------------------------------------------------------------*/
if (XSTRNCMP(argv[i], "-help", 5) == 0) {
wolfCLU_certHelp();
return 0;
} else if (XSTRNCMP(argv[i], "-h", 2) == 0) {
ret = wolfCLU_checkForArg("-h", 2, argc, argv);
if (ret > 0) {
wolfCLU_certHelp();
return 0;
}
/*---------------------------------------------------------------------------*/
/* inform pem/der/??OTHER?? */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-inform", 7) == 0) {
inform = argv[i+1];
if (inform == NULL) {
printf("Usage: -inform [PEM/DER]\n");
printf("missing inform required argument\n");
return USER_INPUT_ERROR;
ret = wolfCLU_checkForArg("-inform", 7, argc, argv);
if (ret > 0) {
inform = argv[ret+1];
} else {
return ret;
}
if (inpem_flag || inder_flag) {
printf("ERROR: inform set more than once.\n");
return USER_INPUT_ERROR;
}
else if (XSTRNCMP(inform, "pem", 3) == 0)
ret = wolfCLU_checkInform(inform);
if (ret == PEM_FORM) {
inpem_flag = 1;
else if (XSTRNCMP(inform, "der", 3) == 0)
} else if (ret == DER_FORM) {
inder_flag = 1;
else {
printf("Usage: -inform [PEM/DER]\n");
printf("missing inform required argument\n");
return USER_INPUT_ERROR;
} else {
return ret;
}
i++;
continue;
/*---------------------------------------------------------------------------*/
/* outform pem/der/??OTHER?? */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-outform", 8) == 0) {
outform = argv[i+1];
ret = wolfCLU_checkForArg("-outform", 8, argc, argv);
if (ret > 0) {
outform = argv[ret+1];
} else {
return ret;
}
if (outform == NULL) {
printf("Usage: -outform [PEM/DER]\n");
printf("missing outform required argument\n");
return USER_INPUT_ERROR;
}
if (outpem_flag || outder_flag) {
printf("ERROR: outform set more than once.\n");
}
else if (XSTRNCMP(outform, "pem", 3) == 0)
ret = wolfCLU_checkOutform(outform);
if (ret == PEM_FORM) {
outpem_flag = 1;
else if (XSTRNCMP(outform, "der", 3) == 0)
} else if (ret == DER_FORM) {
outder_flag = 1;
else {
printf("Usage: -outform [PEM/DER]\n");
printf("missing outform required argument\n");
return USER_INPUT_ERROR;
} else {
return ret;
}
i++;
continue;
/*---------------------------------------------------------------------------*/
/* in file */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-in", 3) == 0) {
ret = wolfCLU_checkForArg("-in", 3, argc, argv);
if (ret > 0) {
/* set flag for in file and flag for input file OK if exists
* check for error case below. If no error then read in file */
infile = argv[i+1];
if (infile_flag) {
printf("ERROR: input file set more than once\n");
return USER_INPUT_ERROR;
infile = argv[ret+1];
} else {
return ret;
}
if (access(infile, F_OK) != -1) {
printf("input file is \"%s\"\n", infile);
infile_flag = 1;
@ -131,57 +119,56 @@ int wolfCLU_certSetup(int argc, char** argv)
printf("ERROR: input file \"%s\" does not exist\n", infile);
return INPUT_FILE_ERROR;
}
i++;
continue;
/*---------------------------------------------------------------------------*/
/* out file */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-out", 4) == 0) {
ret = wolfCLU_checkForArg("-out", 4, argc, argv);
if (ret > 0) {
/* set flag for out file, check for error case below. If no error
* then write outfile */
if (outfile_flag) {
printf("ERROR: output file set more than once\n");
return USER_INPUT_ERROR;
}
outfile_flag = 1;
outfile = argv[i+1];
outfile = argv[ret+1];
} else {
return ret;
}
if (access(outfile, F_OK) != -1) {
printf("output file set: \"%s\"\n", outfile);
} else {
printf("output file \"%s\"did not exist, it will be created.\n",
outfile);
}
i++;
continue;
/*---------------------------------------------------------------------------*/
/* noout */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-noout", 6) == 0) {
ret = wolfCLU_checkForArg("-noout", 6, argc, argv);
if (ret > 0) {
/* set flag for no output file */
noout_flag = 1;
continue;
} /* Optional flag do not return error */
/*---------------------------------------------------------------------------*/
/* text */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-text", 5) == 0) {
ret = wolfCLU_checkForArg("-text", 5, argc, argv);
if (ret > 0) {
/* set flag for converting to human readable.
* return NOT_YET_IMPLEMENTED error */
* return NOT_YET_IMPLEMENTED error
*/
text_flag = 1;
continue;
} /* Optional flag do not return error */
/*---------------------------------------------------------------------------*/
/* silent */
/*---------------------------------------------------------------------------*/
} else if (XSTRNCMP(argv[i], "-silent", 7) == 0) {
ret = wolfCLU_checkForArg("-silent", 7, argc, argv);
if (ret > 0) {
/* set flag for converting to human readable.
* return NOT_YET_IMPLEMENTED error */
* return NOT_YET_IMPLEMENTED error
*/
silent_flag = 1;
continue;
} /* Optional flag do not return error */
/*---------------------------------------------------------------------------*/
/* END */
/* END ARG PROCESSING */
/*---------------------------------------------------------------------------*/
}
}
ret = error_check(inpem_flag, inder_flag, outpem_flag, outder_flag,
noout_flag);

2
wolfCLU/clu_src/x509/clu_parse.c
View File

@ -1,6 +1,6 @@
/* clu_parse.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*

2
wolfCLU/clu_src/x509/clu_request_setup.c
View File

@ -1,6 +1,6 @@
/* clu_request_setup.c
*
* Copyright (C) 2006-2016 wolfSSL Inc.
* Copyright (C) 2006-2017 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*