From 5fab3a4ab1cb57c34940ab912cbf4dec44ffc5f5 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 2 Nov 2016 17:18:32 -0600 Subject: [PATCH 1/4] certgen example init --- .gitignore | 4 + certgen/Makefile | 24 +++++ certgen/README.md | 44 +++++++++ certgen/ca-cert.der | Bin 0 -> 1198 bytes certgen/ca-key.der | Bin 0 -> 121 bytes certgen/cleanup.sh | 3 + certgen/test.c | 218 ++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 293 insertions(+) create mode 100644 certgen/Makefile create mode 100644 certgen/README.md create mode 100644 certgen/ca-cert.der create mode 100644 certgen/ca-key.der create mode 100755 certgen/cleanup.sh create mode 100644 certgen/test.c diff --git a/.gitignore b/.gitignore index cc389d3e..e2b743a8 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,7 @@ crypto/keys/*.x963 signature/signature +#cergen +certgen/test.o +certgen/newCert* +certgen/run_certgen_example diff --git a/certgen/Makefile b/certgen/Makefile new file mode 100644 index 00000000..f7c8a638 --- /dev/null +++ b/certgen/Makefile @@ -0,0 +1,24 @@ +CC=gcc +#if you installed wolfssl to an alternate location use CFLAGS and LIBS to +#control your build: +#CFLAGS=-Wall -I/path/to/include +#LIBS=-L/path/to/lib -lwolfssl +# +#EXAMPLE: +#CFLAGS=-Wall -I/Users/khimes/work/testDir/wolf-install-dir-for-testing/include +#LIBS=-L/Users/khimes/work/testDir/wolf-install-dir-for-testing/lib -lwolfssl +#END EXAMPLE + +CFLAGS=-Wall +LIBS=-lwolfssl + + +all:run_certgen_example + +run_certgen_example:test.o + $(CC) -o $@ $^ $(CFLAGS) $(CPPFLAGS) $(LIBS) + +.PHONY: clean all + +clean: + rm -f *.o test.o run* diff --git a/certgen/README.md b/certgen/README.md new file mode 100644 index 00000000..2c72fd73 --- /dev/null +++ b/certgen/README.md @@ -0,0 +1,44 @@ +To build this example configure wolfssl with --enable-certgen + +If having issues building please check comments in the Makefile for setting +up your environment + +To run the test do: + +``` +make +./run_certgen_example +``` + +You should see the following output when the cert is converted to human +readable format. + +``` +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:68:de:48:eb:aa:76:e6 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Nov 2 00:07:29 2016 GMT + Not After : Mar 18 00:07:29 2018 GMT + Subject: + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + EC Public Key: + pub: + 04:f9:4b:dd:9e:b9:bc:5b:e4:ac:a3:a5:6f:60:96: + 3e:9d:d2:06:50:f8:34:5d:5b:c6:ce:52:7e:1d:ab: + 6b:51:06:6f:e5:c2:da:b6:09:9f:20:9f:82:01:90: + ca:33:13:22:38:23:9e:84:b3:b6:23:16:7a:8b:d2: + 13:97:9d:7a:de + ASN1 OID: prime256v1 + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:21:00:dd:8c:97:1f:e8:56:dc:f1:2a:fd:f6:86:bf: + a7:c6:11:fc:9b:3f:09:8c:c2:ad:0e:0a:f9:2c:97:40:c6:ff: + dc:02:20:61:0b:1b:d7:be:69:3a:dd:fe:77:ca:0d:74:b0:ba: + a2:0c:1a:7a:bf:2e:c5:e7:46:11:8b:04:9e:27:ba:7c:27 +``` + diff --git a/certgen/ca-cert.der b/certgen/ca-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..6a823ef9337192d6055caa0ba8692b2f0d213867 GIT binary patch literal 1198 zcmXqLVp(O-#5`#MGZP~d6DPy=Z4->sq_dR`c-c6$+C196^D;7WvoaVoPBG**;ACSC zWnmL$3Jo?CFyI4mIC$87^Ycm)^Aceq>^$sF`Bka8iFt;C2K*p3Ts$1XiRC5v`6U^K z!UlpMA#NTn=ls0l(wvgaymUhe12K>wGY@}xdAVMBeok6(agJVcey*Xsfh^n^oQz@u znR#jX4oC_NXfLu!hQv(Yqcd$CUiBSnTfEigCn41{+84Q{j zxtN+585#EToYEE9B-i2;ebz$W>yvM(z{hQ-^Y5RkWu9?)%{}I{cUm8BY^cp+58)P= zq3GLiT1esf8UK5(wI_?pjb5FausbtIfLVXV=cz|Ob|-~NzfaF!BH%c6E!XVFOAl$e>8Zz$d=mUhw&p7T%YPwna|Gy56$T54F+&t-{Nw6FZw zvo+&%Mtz}z_SXf;U&Hhlt6kcjzcEVuy2VV6f0HBf{~Z?g;#D*)p-{DHrOv5@=uaJX=LJim1ikLuyzwnUhxKyU&6oY=@B8em|0|g> zoVxL7n*H*NZ{_b*ZMfcVw%0LK?#j+K>vq*l(*%!ePok!rTlA~I!t6-v7H{Q$h4b`p zvmM_$NAZJQ&FhIjVmSY{I4{}k$HJpzSeWH;V)gD9=YFM&N?A3{a5mn`Cok9e!~CA~ zv#krhEb87aGhx?^+$oA24Y8m1r>#9%q*0aS@$P(breV*~zO-B36{#aqM8?L{FVjSX&cSUaFTu! RnV$IS_^iM=GNFsh%K*LwrGx+g literal 0 HcmV?d00001 diff --git a/certgen/ca-key.der b/certgen/ca-key.der new file mode 100644 index 0000000000000000000000000000000000000000..a88d141e08cceb829f2bc756ffcabd7d8e8c0b79 GIT binary patch literal 121 zcmV-<0EYiCcLD(c1RzDWX##VcY=xmXTXN{=$E?HyjZ-xQ`fMoNG>ze?35=i$1_&yK zNX|V20SBQ(13~}x++j1?=l +#include +#include +#include +#include +#include + +#define HEAP_HINT NULL +#define FOURK_SZ 4096 + +void free_things(byte* a, byte* b, byte* c, ecc_key* d, ecc_key* e, WC_RNG* f); + +int main(void) { + + int ret = 0; + + Cert newCert; + + FILE* file; + char certToUse[] = "./ca-cert.der"; + char caKeyFile[] = "./ca-key.der"; + char newCertOutput[] = "./newCert.der"; + + int derBufSz; + int caKeySz; + + byte* derBuf = NULL; + byte* pemBuf = NULL; + byte* caKeyBuf = NULL; + + /* for MakeCert and SignCert */ + WC_RNG rng; + ecc_key caKey; + ecc_key newKey; + word32 idx3 = 0; + +/*---------------------------------------------------------------------------*/ +/* open and read the der formatted certificate */ +/*---------------------------------------------------------------------------*/ + printf("Open and read in der formatted certificate\n"); + derBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(derBuf, 0, FOURK_SZ); + + file = fopen(certToUse, "rb"); + if (!file) { + printf("failed to find file: %s\n", certToUse); + goto fail; + } + + derBufSz = fread(derBuf, 1, FOURK_SZ, file); + + fclose(file); + printf("Successfully read %d bytes\n\n", derBufSz); +/*---------------------------------------------------------------------------*/ +/* END */ +/*---------------------------------------------------------------------------*/ + + +/*---------------------------------------------------------------------------*/ +/* open caKey file and get the caKey */ +/*---------------------------------------------------------------------------*/ + printf("Getting the caKey\n"); + + caKeyBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + file = fopen(caKeyFile, "rb"); + if (!file) { + printf("failed to open file: %s\n", caKeyFile); + goto fail; + } + + caKeySz = fread(caKeyBuf, 1, FOURK_SZ, file); + fclose(file); + printf("Successfully read %d bytes\n", caKeySz); + + printf("InitRsaKey\n"); + wc_ecc_init(&caKey); + + printf("Decode the private key\n"); + ret = wc_EccPrivateKeyDecode(caKeyBuf, &idx3, &caKey, (word32)caKeySz); + if (ret != 0) goto fail; + + printf("Successfully retrieved caKey\n\n"); +/*---------------------------------------------------------------------------*/ +/* END */ +/*---------------------------------------------------------------------------*/ + +/*---------------------------------------------------------------------------*/ +/* Generate new ecc key */ +/*---------------------------------------------------------------------------*/ + printf("initializing the rng\n"); + ret = wc_InitRng(&rng); + if (ret != 0) goto fail; + + printf("Generating a new ecc key\n"); + wc_ecc_init(&newKey); + + ret = wc_ecc_make_key(&rng, 32, &newKey); + if (ret != 0) goto fail; + + printf("Successfully created new ecc key\n\n"); +/*---------------------------------------------------------------------------*/ +/* END */ +/*---------------------------------------------------------------------------*/ + +/*---------------------------------------------------------------------------*/ +/* Create a new certificate using header information from der cert */ +/*---------------------------------------------------------------------------*/ + printf("Setting new cert issuer to subject of signer\n"); + /* NameOrderingCACert.crt + *(refer to certificate which was attached in the previous mail) + */ + wc_InitCert(&newCert); + + newCert.sigType = CTC_SHA256wECDSA; + + ret = wc_SetIssuerBuffer(&newCert, derBuf, derBufSz); + if (ret != 0) goto fail; + + ret = wc_MakeCert(&newCert, derBuf, FOURK_SZ, NULL, &newKey, &rng); //ecc certificate + if (ret < 0) goto fail; + + derBufSz = ret; + printf("MakeCert returned %d\n", ret); + + ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, FOURK_SZ, NULL, + &caKey, &rng); + if (ret < 0) goto fail; + printf("SignCert returned %d\n", ret); + + derBufSz = ret; + + printf("Successfully created new certificate\n"); +/*---------------------------------------------------------------------------*/ +/* END */ +/*---------------------------------------------------------------------------*/ + +/*---------------------------------------------------------------------------*/ +/* write the new cert to file in der format */ +/*---------------------------------------------------------------------------*/ + printf("Writing newly generated certificate to file \"%s\"\n", + newCertOutput); + file = fopen(newCertOutput, "wb"); + if (!file) { + printf("failed to open file: %s\n", newCertOutput); + goto fail; + } + + ret = (int) fwrite(derBuf, 1, derBufSz, file); + fclose(file); + printf("Successfully output %d bytes\n", ret); +/*---------------------------------------------------------------------------*/ +/* END */ +/*---------------------------------------------------------------------------*/ + +/*---------------------------------------------------------------------------*/ +/* convert the der to a pem and write it to a file */ +/*---------------------------------------------------------------------------*/ + { + char pemOutput[] = "./newCert.pem"; + int pemBufSz; + + printf("Convert the der cert to pem formatted cert\n"); + pemBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XMEMSET(pemBuf, 0, FOURK_SZ); + + pemBufSz = wc_DerToPem(derBuf, derBufSz, pemBuf, FOURK_SZ, CERT_TYPE); + if (pemBufSz < 0) goto fail; + + printf("test #1 returned %d\n", pemBufSz); + + file = fopen(pemOutput, "wb"); + if (!file) { + printf("failed to open file: %s\n", pemOutput); + goto fail; + } + fwrite(pemBuf, 1, pemBufSz, file); + fclose(file); + printf("Successfully converted the der to pem. Result is in: %s\n\n", + pemOutput); + } +/*---------------------------------------------------------------------------*/ +/* END */ +/*---------------------------------------------------------------------------*/ + + goto success; + +fail: + free_things(derBuf, pemBuf, caKeyBuf, &caKey, &newKey, &rng); + printf("Failure code was %d\n", ret); + return -1; + +success: + free_things(derBuf, pemBuf, caKeyBuf, &caKey, &newKey, &rng); + printf("Tests passed\n"); + return 0; +} + +void free_things(byte* a, byte* b, byte* c, ecc_key* d, ecc_key* e, WC_RNG* f) +{ + if (a != NULL) { + XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + a = NULL; + } + if (b != NULL) { + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + b = NULL; + } + if (c != NULL) { + XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + c = NULL; + } + + wc_ecc_free(d); + wc_ecc_free(e); + wc_FreeRng(f); + +} From e3678ee8cdd23eca496be7ce0d6fdc290fdec84f Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 2 Nov 2016 18:21:43 -0600 Subject: [PATCH 2/4] minor fixes to debugging and whitespace minor fixes to debugging and whitespace --- certgen/test.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/certgen/test.c b/certgen/test.c index 286bc1fa..7c28b645 100644 --- a/certgen/test.c +++ b/certgen/test.c @@ -55,11 +55,10 @@ int main(void) { /* END */ /*---------------------------------------------------------------------------*/ - /*---------------------------------------------------------------------------*/ /* open caKey file and get the caKey */ /*---------------------------------------------------------------------------*/ - printf("Getting the caKey\n"); + printf("Getting the caKey from %s\n", caKeyFile); caKeyBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -73,7 +72,7 @@ int main(void) { fclose(file); printf("Successfully read %d bytes\n", caKeySz); - printf("InitRsaKey\n"); + printf("Init ecc Key\n"); wc_ecc_init(&caKey); printf("Decode the private key\n"); @@ -107,9 +106,7 @@ int main(void) { /* Create a new certificate using header information from der cert */ /*---------------------------------------------------------------------------*/ printf("Setting new cert issuer to subject of signer\n"); - /* NameOrderingCACert.crt - *(refer to certificate which was attached in the previous mail) - */ + wc_InitCert(&newCert); newCert.sigType = CTC_SHA256wECDSA; @@ -167,7 +164,7 @@ int main(void) { pemBufSz = wc_DerToPem(derBuf, derBufSz, pemBuf, FOURK_SZ, CERT_TYPE); if (pemBufSz < 0) goto fail; - printf("test #1 returned %d\n", pemBufSz); + printf("Resulting pem buffer is %d bytes\n", pemBufSz); file = fopen(pemOutput, "wb"); if (!file) { From d1e818dd48900f423834b00ee6c397e0c5154c20 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Thu, 3 Nov 2016 15:55:26 -0600 Subject: [PATCH 3/4] Modify arg passing to retain NULL assignment --- certgen/test.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/certgen/test.c b/certgen/test.c index 7c28b645..4588689d 100644 --- a/certgen/test.c +++ b/certgen/test.c @@ -8,7 +8,8 @@ #define HEAP_HINT NULL #define FOURK_SZ 4096 -void free_things(byte* a, byte* b, byte* c, ecc_key* d, ecc_key* e, WC_RNG* f); +void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e, + WC_RNG* f); int main(void) { @@ -183,29 +184,30 @@ int main(void) { goto success; fail: - free_things(derBuf, pemBuf, caKeyBuf, &caKey, &newKey, &rng); + free_things(&derBuf, &pemBuf, &caKeyBuf, &caKey, &newKey, &rng); printf("Failure code was %d\n", ret); return -1; success: - free_things(derBuf, pemBuf, caKeyBuf, &caKey, &newKey, &rng); + free_things(&derBuf, &pemBuf, &caKeyBuf, &caKey, &newKey, &rng); printf("Tests passed\n"); return 0; } -void free_things(byte* a, byte* b, byte* c, ecc_key* d, ecc_key* e, WC_RNG* f) +void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e, + WC_RNG* f) { - if (a != NULL) { - XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - a = NULL; + if (*a != NULL) { + XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *a = NULL; } - if (b != NULL) { - XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - b = NULL; + if (*b != NULL) { + XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *b = NULL; } - if (c != NULL) { - XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - c = NULL; + if (*c != NULL) { + XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *c = NULL; } wc_ecc_free(d); From f623315c4360cfe0f042abc6080048d730a54960 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Fri, 4 Nov 2016 17:11:04 -0600 Subject: [PATCH 4/4] Requested changes from Jacob implemented --- certgen/test.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/certgen/test.c b/certgen/test.c index 4588689d..9a68c783 100644 --- a/certgen/test.c +++ b/certgen/test.c @@ -39,7 +39,10 @@ int main(void) { /* open and read the der formatted certificate */ /*---------------------------------------------------------------------------*/ printf("Open and read in der formatted certificate\n"); + derBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) goto fail; + XMEMSET(derBuf, 0, FOURK_SZ); file = fopen(certToUse, "rb"); @@ -62,6 +65,7 @@ int main(void) { printf("Getting the caKey from %s\n", caKeyFile); caKeyBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (caKeyBuf == NULL) goto fail; file = fopen(caKeyFile, "rb"); if (!file) { @@ -70,6 +74,11 @@ int main(void) { } caKeySz = fread(caKeyBuf, 1, FOURK_SZ, file); + if (caKeySz <= 0) { + printf("Failed to read caKey from file\n"); + goto fail; + } + fclose(file); printf("Successfully read %d bytes\n", caKeySz); @@ -93,7 +102,8 @@ int main(void) { if (ret != 0) goto fail; printf("Generating a new ecc key\n"); - wc_ecc_init(&newKey); + ret = wc_ecc_init(&newKey); + if (ret != 0) goto fail; ret = wc_ecc_make_key(&rng, 32, &newKey); if (ret != 0) goto fail; @@ -118,7 +128,6 @@ int main(void) { ret = wc_MakeCert(&newCert, derBuf, FOURK_SZ, NULL, &newKey, &rng); //ecc certificate if (ret < 0) goto fail; - derBufSz = ret; printf("MakeCert returned %d\n", ret); ret = wc_SignCert(newCert.bodySz, newCert.sigType, derBuf, FOURK_SZ, NULL, @@ -159,7 +168,10 @@ int main(void) { int pemBufSz; printf("Convert the der cert to pem formatted cert\n"); + pemBuf = (byte*) XMALLOC(FOURK_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pemBuf == NULL) goto fail; + XMEMSET(pemBuf, 0, FOURK_SZ); pemBufSz = wc_DerToPem(derBuf, derBufSz, pemBuf, FOURK_SZ, CERT_TYPE); @@ -197,17 +209,23 @@ success: void free_things(byte** a, byte** b, byte** c, ecc_key* d, ecc_key* e, WC_RNG* f) { - if (*a != NULL) { - XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - *a = NULL; + if (a != NULL) { + if (*a != NULL) { + XFREE(*a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *a = NULL; + } } - if (*b != NULL) { - XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - *b = NULL; + if (b != NULL) { + if (*b != NULL) { + XFREE(*b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *b = NULL; + } } - if (*c != NULL) { - XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - *c = NULL; + if (c != NULL) { + if (*c != NULL) { + XFREE(*c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *c = NULL; + } } wc_ecc_free(d);