Merge pull request #26 from kaleb-himes/cert-gen-example

certgen example init

.gitignore

@@ -74,3 +74,7 @@ crypto/keys/*.x963
 
 signature/signature
 
+#cergen
+certgen/test.o
+certgen/newCert*
+certgen/run_certgen_example

certgen/Makefile

@@ -0,0 +1,24 @@
+CC=gcc
+#if you installed wolfssl to an alternate location use CFLAGS and LIBS to
+#control your build:
+#CFLAGS=-Wall -I/path/to/include
+#LIBS=-L/path/to/lib -lwolfssl
+#
+#EXAMPLE:
+#CFLAGS=-Wall -I/Users/khimes/work/testDir/wolf-install-dir-for-testing/include
+#LIBS=-L/Users/khimes/work/testDir/wolf-install-dir-for-testing/lib -lwolfssl
+#END EXAMPLE
+
+CFLAGS=-Wall
+LIBS=-lwolfssl
+
+
+all:run_certgen_example
+
+run_certgen_example:test.o
+	$(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS)
+
+.PHONY: clean all
+
+clean:
+	rm -f *.o test.o run*

certgen/README.md

@@ -0,0 +1,44 @@
+To build this example configure wolfssl with --enable-certgen
+
+If having issues building please check comments in the Makefile for setting
+up your environment
+
+To run the test do:
+
+```
+make
+./run_certgen_example
+```
+
+You should see the following output when the cert is converted to human
+readable format.
+
+```
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            01:68:de:48:eb:aa:76:e6
+        Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Nov  2 00:07:29 2016 GMT
+            Not After : Mar 18 00:07:29 2018 GMT
+        Subject: 
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:f9:4b:dd:9e:b9:bc:5b:e4:ac:a3:a5:6f:60:96:
+                    3e:9d:d2:06:50:f8:34:5d:5b:c6:ce:52:7e:1d:ab:
+                    6b:51:06:6f:e5:c2:da:b6:09:9f:20:9f:82:01:90:
+                    ca:33:13:22:38:23:9e:84:b3:b6:23:16:7a:8b:d2:
+                    13:97:9d:7a:de
+                ASN1 OID: prime256v1
+    Signature Algorithm: ecdsa-with-SHA256
+        30:45:02:21:00:dd:8c:97:1f:e8:56:dc:f1:2a:fd:f6:86:bf:
+        a7:c6:11:fc:9b:3f:09:8c:c2:ad:0e:0a:f9:2c:97:40:c6:ff:
+        dc:02:20:61:0b:1b:d7:be:69:3a:dd:fe:77:ca:0d:74:b0:ba:
+        a2:0c:1a:7a:bf:2e:c5:e7:46:11:8b:04:9e:27:ba:7c:27
+```
+

certgen/cleanup.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+rm newCert.*

certgen/test.c

@@ -0,0 +1,235 @@
+#include <stdio.h>
+#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
+#include <wolfssl/wolfcrypt/asn.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#define HEAP_HINT NULL
+#define FOURK_SZ 4096
+
+void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
+                                                                     WC_RNG* f);
+
+int main(void) {
+
+    int ret = 0;
+
+    Cert newCert;
+
+    FILE* file;
+    char certToUse[] = "./ca-cert.der";
+    char caKeyFile[] = "./ca-key.der";
+    char newCertOutput[] = "./newCert.der";
+
+    int derBufSz;
+    int caKeySz;
+
+    byte* derBuf   = NULL;
+    byte* pemBuf   = NULL;
+    byte* caKeyBuf = NULL;
+
+    /* for MakeCert and SignCert */
+    WC_RNG rng;
+    ecc_key caKey;
+    ecc_key newKey;
+    word32 idx3 = 0;
+
+/*---------------------------------------------------------------------------*/
+/* open and read the der formatted certificate */
+/*---------------------------------------------------------------------------*/
+    printf("Open and read in der formatted certificate\n");
+
+    derBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (derBuf == NULL) goto fail;
+
+    XMEMSET(derBuf, 0, FOURK_SZ);
+
+    file = fopen(certToUse, "rb");
+    if (!file) {
+        printf("failed to find file: %s\n", certToUse);
+        goto fail;
+    }
+
+    derBufSz = fread(derBuf, 1, FOURK_SZ, file);
+
+    fclose(file);
+    printf("Successfully read %d bytes\n\n", derBufSz);
+/*---------------------------------------------------------------------------*/
+/* END */
+/*---------------------------------------------------------------------------*/
+
+/*---------------------------------------------------------------------------*/
+/* open caKey file and get the caKey */
+/*---------------------------------------------------------------------------*/
+    printf("Getting the caKey from %s\n", caKeyFile);
+
+    caKeyBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (caKeyBuf == NULL) goto fail;
+
+    file = fopen(caKeyFile, "rb");
+    if (!file) {
+        printf("failed to open file: %s\n", caKeyFile);
+        goto fail;
+    }
+
+    caKeySz = fread(caKeyBuf, 1, FOURK_SZ, file);
+    if (caKeySz <= 0) {
+        printf("Failed to read caKey from file\n");
+        goto fail;
+    }
+
+    fclose(file);
+    printf("Successfully read %d bytes\n", caKeySz);
+
+    printf("Init ecc Key\n");
+    wc_ecc_init(&caKey);
+
+    printf("Decode the private key\n");
+    ret = wc_EccPrivateKeyDecode(caKeyBuf, &idx3, &caKey, (word32)caKeySz);
+    if (ret != 0) goto fail;
+
+    printf("Successfully retrieved caKey\n\n");
+/*---------------------------------------------------------------------------*/
+/* END */
+/*---------------------------------------------------------------------------*/
+
+/*---------------------------------------------------------------------------*/
+/* Generate new ecc key */
+/*---------------------------------------------------------------------------*/
+    printf("initializing the rng\n");
+    ret = wc_InitRng(&rng);
+    if (ret != 0) goto fail;
+
+    printf("Generating a new ecc key\n");
+    ret = wc_ecc_init(&newKey);
+    if (ret != 0) goto fail;
+
+    ret = wc_ecc_make_key(&rng, 32, &newKey);
+    if (ret != 0) goto fail;
+
+    printf("Successfully created new ecc key\n\n");
+/*---------------------------------------------------------------------------*/
+/* END */
+/*---------------------------------------------------------------------------*/
+
+/*---------------------------------------------------------------------------*/
+/* Create a new certificate using header information from der cert */
+/*---------------------------------------------------------------------------*/
+    printf("Setting new cert issuer to subject of signer\n");
+
+    wc_InitCert(&newCert);
+
+    newCert.sigType = CTC_SHA256wECDSA;
+
+    ret = wc_SetIssuerBuffer(&newCert, derBuf, derBufSz);
+    if (ret != 0) goto fail;
+
+    ret = wc_MakeCert(&newCert, derBuf, FOURK_SZ, NULL, &newKey, &rng); //ecc certificate
+    if (ret < 0) goto fail;
+
+    printf("MakeCert returned %d\n", ret);
+
+    ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, FOURK_SZ, NULL,
+                                                              &caKey, &rng);
+    if (ret < 0) goto fail;
+    printf("SignCert returned %d\n", ret);
+
+    derBufSz = ret;
+
+    printf("Successfully created new certificate\n");
+/*---------------------------------------------------------------------------*/
+/* END */
+/*---------------------------------------------------------------------------*/
+
+/*---------------------------------------------------------------------------*/
+/* write the new cert to file in der format */
+/*---------------------------------------------------------------------------*/
+    printf("Writing newly generated certificate to file \"%s\"\n",
+                                                                 newCertOutput);
+    file = fopen(newCertOutput, "wb");
+    if (!file) {
+        printf("failed to open file: %s\n", newCertOutput);
+        goto fail;
+    }
+
+    ret = (int) fwrite(derBuf, 1, derBufSz, file);
+    fclose(file);
+    printf("Successfully output %d bytes\n", ret);
+/*---------------------------------------------------------------------------*/
+/* END */
+/*---------------------------------------------------------------------------*/
+
+/*---------------------------------------------------------------------------*/
+/* convert the der to a pem and write it to a file */
+/*---------------------------------------------------------------------------*/
+    {
+        char pemOutput[] = "./newCert.pem";
+        int pemBufSz;
+
+        printf("Convert the der cert to pem formatted cert\n");
+
+        pemBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        if (pemBuf == NULL) goto fail;
+
+        XMEMSET(pemBuf, 0, FOURK_SZ);
+
+        pemBufSz = wc_DerToPem(derBuf, derBufSz, pemBuf, FOURK_SZ, CERT_TYPE);
+        if (pemBufSz < 0) goto fail;
+
+        printf("Resulting pem buffer is %d bytes\n", pemBufSz);
+
+        file = fopen(pemOutput, "wb");
+        if (!file) {
+            printf("failed to open file: %s\n", pemOutput);
+            goto fail;
+        }
+        fwrite(pemBuf, 1, pemBufSz, file);
+        fclose(file);
+        printf("Successfully converted the der to pem. Result is in:  %s\n\n",
+                                                                     pemOutput);
+    }
+/*---------------------------------------------------------------------------*/
+/* END */
+/*---------------------------------------------------------------------------*/
+
+    goto success;
+
+fail:
+    free_things(&derBuf, &pemBuf, &caKeyBuf, &caKey, &newKey, &rng);
+    printf("Failure code was %d\n", ret);
+    return -1;
+
+success:
+    free_things(&derBuf, &pemBuf, &caKeyBuf, &caKey, &newKey, &rng);
+    printf("Tests passed\n");
+    return 0;
+}
+
+void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e,
+                                                                      WC_RNG* f)
+{
+    if (a != NULL) {
+        if (*a != NULL) {
+            XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            *a = NULL;
+        }
+    }
+    if (b != NULL) {
+        if (*b != NULL) {
+            XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            *b = NULL;
+        }
+    }
+    if (c != NULL) {
+        if (*c != NULL) {
+            XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            *c = NULL;
+        }
+    }
+
+    wc_ecc_free(d);
+    wc_ecc_free(e);
+    wc_FreeRng(f);
+
+}