From: Paul Spooren Date: Sun, 30 Aug 2020 07:37:29 +0000 (-1000) Subject: px5g: rename to px5g-mbedtls X-Git-Tag: v21.02.0-rc1~1732 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=976d3e22349c9da607777ad364c8639b5c531e04;p=openwrt%2Fstaging%2Fchunkeey.git px5g: rename to px5g-mbedtls Two versions of `px5g` exists without sharing code. For clarification rename the previously existing MbedTLS based version to `px5g-mbedtls` to exists next to `px5g-wolfssl`. Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`. Signed-off-by: Paul Spooren --- diff --git a/package/utils/px5g-mbedtls/Makefile b/package/utils/px5g-mbedtls/Makefile new file mode 100644 index 0000000000..42ffd39ce3 --- /dev/null +++ b/package/utils/px5g-mbedtls/Makefile @@ -0,0 +1,69 @@ +# +# Copyright (C) 2010-2015 Jo-Philipp Wich +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=px5g-mbedtls +PKG_RELEASE:=9 +PKG_LICENSE:=LGPL-2.1 + +PKG_USE_MIPS16:=0 + +PKG_MAINTAINER:=Jo-Philipp Wich + +include $(INCLUDE_DIR)/package.mk + +define Package/px5g-mbedtls + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=Encryption + TITLE:=X.509 certificate generator (using mbedtls) + DEPENDS:=+libmbedtls + PROVIDES:=px5g + VARIANT:=mbedtls +endef + +define Package/px5g-mbedtls/description + Px5g is a tiny standalone X.509 certificate generator. + It suitable to create key files and certificates in DER + and PEM format for use with stunnel, uhttpd and others. +endef + +define Package/px5g-standalone + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=Encryption + TITLE:=X.509 certificate generator (standalone) + VARIANT:=standalone +endef +Package/px5g-standalone/description = $(Package/px5g-mbedtls/description) + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +TARGET_LDFLAGS += -lmbedtls -lmbedx509 -lmbedcrypto + +ifeq ($(BUILD_VARIANT),standalone) + TARGET_LDFLAGS := -Wl,-Bstatic $(TARGET_LDFLAGS) -Wl,-Bdynamic +endif + +TARGET_CFLAGS += -Wl,--gc-sections -Wall -Werror + +define Build/Compile + $(TARGET_CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g-mbedtls.c $(TARGET_LDFLAGS) +endef + +define Package/px5g-mbedtls/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g +endef + +Package/px5g-standalone/install = $(Package/px5g-mbedtls/install) + +$(eval $(call BuildPackage,px5g-mbedtls)) +$(eval $(call BuildPackage,px5g-standalone)) diff --git a/package/utils/px5g-mbedtls/px5g-mbedtls.c b/package/utils/px5g-mbedtls/px5g-mbedtls.c new file mode 100644 index 0000000000..0b72154509 --- /dev/null +++ b/package/utils/px5g-mbedtls/px5g-mbedtls.c @@ -0,0 +1,326 @@ +/* + * px5g - Embedded x509 key and certificate generator based on PolarSSL + * + * Copyright (C) 2009 Steven Barth + * Copyright (C) 2014 Felix Fietkau + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License, version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#define PX5G_VERSION "0.2" +#define PX5G_COPY "Copyright (c) 2009 Steven Barth " +#define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1" + +static int urandom_fd; +static char buf[16384]; + +static int _urandom(void *ctx, unsigned char *out, size_t len) +{ + read(urandom_fd, out, len); + return 0; +} + +static void write_file(const char *path, int len, bool pem) +{ + FILE *f = stdout; + const char *buf_start = buf; + + if (!pem) + buf_start += sizeof(buf) - len; + + if (!len) { + fprintf(stderr, "No data to write\n"); + exit(1); + } + + if (!f) { + fprintf(stderr, "error: I/O error\n"); + exit(1); + } + + if (path) + f = fopen(path, "w"); + + fwrite(buf_start, 1, len, f); + fclose(f); +} + +static mbedtls_ecp_group_id ecp_curve(const char *name) +{ + const mbedtls_ecp_curve_info *curve_info; + + if (!strcmp(name, "P-256")) + return MBEDTLS_ECP_DP_SECP256R1; + else if (!strcmp(name, "P-384")) + return MBEDTLS_ECP_DP_SECP384R1; + else if (!strcmp(name, "P-521")) + return MBEDTLS_ECP_DP_SECP521R1; + curve_info = mbedtls_ecp_curve_info_from_name(name); + if (curve_info == NULL) + return MBEDTLS_ECP_DP_NONE; + else + return curve_info->grp_id; +} + +static void write_key(mbedtls_pk_context *key, const char *path, bool pem) +{ + int len = 0; + + if (pem) { + if (mbedtls_pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0) + len = strlen(buf); + } else { + len = mbedtls_pk_write_key_der(key, (void *) buf, sizeof(buf)); + if (len < 0) + len = 0; + } + + write_file(path, len, pem); +} + +static void gen_key(mbedtls_pk_context *key, bool rsa, int ksize, int exp, + mbedtls_ecp_group_id curve, bool pem) +{ + mbedtls_pk_init(key); + if (rsa) { + fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); + mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); + if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) + return; + } else { + fprintf(stderr, "Generating EC private key\n"); + mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); + if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom, NULL)) + return; + } + fprintf(stderr, "error: key generation failed\n"); + exit(1); +} + +int dokey(bool rsa, char **arg) +{ + mbedtls_pk_context key; + unsigned int ksize = 512; + int exp = 65537; + char *path = NULL; + bool pem = true; + mbedtls_ecp_group_id curve = MBEDTLS_ECP_DP_SECP256R1; + + while (*arg && **arg == '-') { + if (!strcmp(*arg, "-out") && arg[1]) { + path = arg[1]; + arg++; + } else if (!strcmp(*arg, "-3")) { + exp = 3; + } else if (!strcmp(*arg, "-der")) { + pem = false; + } + arg++; + } + + if (*arg && rsa) { + ksize = (unsigned int)atoi(*arg); + } else if (*arg) { + curve = ecp_curve((const char *)*arg); + if (curve == MBEDTLS_ECP_DP_NONE) { + fprintf(stderr, "error: invalid curve name: %s\n", *arg); + return 1; + } + } + + gen_key(&key, rsa, ksize, exp, curve, pem); + write_key(&key, path, pem); + + mbedtls_pk_free(&key); + + return 0; +} + +int selfsigned(char **arg) +{ + mbedtls_pk_context key; + mbedtls_x509write_cert cert; + mbedtls_mpi serial; + + char *subject = ""; + unsigned int ksize = 512; + int exp = 65537; + unsigned int days = 30; + char *keypath = NULL, *certpath = NULL; + bool pem = true; + time_t from = time(NULL), to; + char fstr[20], tstr[20], sstr[17]; + int len; + bool rsa = true; + mbedtls_ecp_group_id curve = MBEDTLS_ECP_DP_SECP256R1; + + while (*arg && **arg == '-') { + if (!strcmp(*arg, "-der")) { + pem = false; + } else if (!strcmp(*arg, "-newkey") && arg[1]) { + if (!strncmp(arg[1], "rsa:", 4)) { + rsa = true; + ksize = (unsigned int)atoi(arg[1] + 4); + } else if (!strcmp(arg[1], "ec")) { + rsa = false; + } else { + fprintf(stderr, "error: invalid algorithm\n"); + return 1; + } + arg++; + } else if (!strcmp(*arg, "-days") && arg[1]) { + days = (unsigned int)atoi(arg[1]); + arg++; + } else if (!strcmp(*arg, "-pkeyopt") && arg[1]) { + if (strncmp(arg[1], "ec_paramgen_curve:", 18)) { + fprintf(stderr, "error: invalid pkey option: %s\n", arg[1]); + return 1; + } + curve = ecp_curve((const char *)(arg[1] + 18)); + if (curve == MBEDTLS_ECP_DP_NONE) { + fprintf(stderr, "error: invalid curve name: %s\n", arg[1] + 18); + return 1; + } + arg++; + } else if (!strcmp(*arg, "-keyout") && arg[1]) { + keypath = arg[1]; + arg++; + } else if (!strcmp(*arg, "-out") && arg[1]) { + certpath = arg[1]; + arg++; + } else if (!strcmp(*arg, "-subj") && arg[1]) { + if (arg[1][0] != '/' || strchr(arg[1], ';')) { + fprintf(stderr, "error: invalid subject"); + return 1; + } + subject = calloc(strlen(arg[1]) + 1, 1); + char *oldc = arg[1] + 1, *newc = subject, *delim; + do { + delim = strchr(oldc, '='); + if (!delim) { + fprintf(stderr, "error: invalid subject"); + return 1; + } + memcpy(newc, oldc, delim - oldc + 1); + newc += delim - oldc + 1; + oldc = delim + 1; + + delim = strchr(oldc, '/'); + if (!delim) { + delim = arg[1] + strlen(arg[1]); + } + memcpy(newc, oldc, delim - oldc); + newc += delim - oldc; + *newc++ = ','; + oldc = delim + 1; + } while(*delim); + arg++; + } + arg++; + } + gen_key(&key, rsa, ksize, exp, curve, pem); + + if (keypath) + write_key(&key, keypath, pem); + + from = (from < 1000000000) ? 1000000000 : from; + strftime(fstr, sizeof(fstr), "%Y%m%d%H%M%S", gmtime(&from)); + to = from + 60 * 60 * 24 * days; + if (to < from) + to = INT_MAX; + strftime(tstr, sizeof(tstr), "%Y%m%d%H%M%S", gmtime(&to)); + + fprintf(stderr, "Generating selfsigned certificate with subject '%s'" + " and validity %s-%s\n", subject, fstr, tstr); + + mbedtls_x509write_crt_init(&cert); + mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA256); + mbedtls_x509write_crt_set_issuer_key(&cert, &key); + mbedtls_x509write_crt_set_subject_key(&cert, &key); + mbedtls_x509write_crt_set_subject_name(&cert, subject); + mbedtls_x509write_crt_set_issuer_name(&cert, subject); + mbedtls_x509write_crt_set_validity(&cert, fstr, tstr); + mbedtls_x509write_crt_set_basic_constraints(&cert, 0, -1); + mbedtls_x509write_crt_set_subject_key_identifier(&cert); + mbedtls_x509write_crt_set_authority_key_identifier(&cert); + + _urandom(NULL, (void *) buf, 8); + for (len = 0; len < 8; len++) + sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); + + mbedtls_mpi_init(&serial); + mbedtls_mpi_read_string(&serial, 16, sstr); + mbedtls_x509write_crt_set_serial(&cert, &serial); + + if (pem) { + if (mbedtls_x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0) { + fprintf(stderr, "Failed to generate certificate\n"); + return 1; + } + + len = strlen(buf); + } else { + len = mbedtls_x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL); + if (len < 0) { + fprintf(stderr, "Failed to generate certificate: %d\n", len); + return 1; + } + } + write_file(certpath, len, pem); + + mbedtls_x509write_crt_free(&cert); + mbedtls_mpi_free(&serial); + mbedtls_pk_free(&key); + + return 0; +} + +int main(int argc, char *argv[]) +{ + urandom_fd = open("/dev/urandom", O_RDONLY); + + if (!argv[1]) { + //Usage + } else if (!strcmp(argv[1], "eckey")) { + return dokey(false, argv+2); + } else if (!strcmp(argv[1], "rsakey")) { + return dokey(true, argv+2); + } else if (!strcmp(argv[1], "selfsigned")) { + return selfsigned(argv+2); + } + + fprintf(stderr, + "PX5G X.509 Certificate Generator Utility v" PX5G_VERSION "\n" PX5G_COPY + "\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n"); + fprintf(stderr, "Usage: %s [eckey|rsakey|selfsigned]\n", *argv); + return 1; +} diff --git a/package/utils/px5g/Makefile b/package/utils/px5g/Makefile deleted file mode 100644 index f4be6cb5ee..0000000000 --- a/package/utils/px5g/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2010-2015 Jo-Philipp Wich -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=px5g -PKG_RELEASE:=9 -PKG_LICENSE:=LGPL-2.1 - -PKG_USE_MIPS16:=0 - -PKG_MAINTAINER:=Jo-Philipp Wich - -include $(INCLUDE_DIR)/package.mk - -define Package/px5g-mbedtls - SECTION:=utils - CATEGORY:=Utilities - SUBMENU:=Encryption - TITLE:=X.509 certificate generator (using mbedtls) - DEPENDS:=+libmbedtls - PROVIDES:=px5g - VARIANT:=mbedtls -endef - -define Package/px5g-mbedtls/description - Px5g is a tiny standalone X.509 certificate generator. - It suitable to create key files and certificates in DER - and PEM format for use with stunnel, uhttpd and others. -endef - -define Package/px5g-standalone - SECTION:=utils - CATEGORY:=Utilities - SUBMENU:=Encryption - TITLE:=X.509 certificate generator (standalone) - VARIANT:=standalone -endef -Package/px5g-standalone/description = $(Package/px5g-mbedtls/description) - -define Build/Prepare - mkdir -p $(PKG_BUILD_DIR) -endef - -TARGET_LDFLAGS += -lmbedtls -lmbedx509 -lmbedcrypto - -ifeq ($(BUILD_VARIANT),standalone) - TARGET_LDFLAGS := -Wl,-Bstatic $(TARGET_LDFLAGS) -Wl,-Bdynamic -endif - -TARGET_CFLAGS += -Wl,--gc-sections -Wall -Werror - -define Build/Compile - $(TARGET_CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS) -endef - -define Package/px5g-mbedtls/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g -endef - -Package/px5g-standalone/install = $(Package/px5g-mbedtls/install) - -$(eval $(call BuildPackage,px5g-mbedtls)) -$(eval $(call BuildPackage,px5g-standalone)) diff --git a/package/utils/px5g/px5g.c b/package/utils/px5g/px5g.c deleted file mode 100644 index 0b72154509..0000000000 --- a/package/utils/px5g/px5g.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * px5g - Embedded x509 key and certificate generator based on PolarSSL - * - * Copyright (C) 2009 Steven Barth - * Copyright (C) 2014 Felix Fietkau - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License, version 2.1 as published by the Free Software Foundation. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#define PX5G_VERSION "0.2" -#define PX5G_COPY "Copyright (c) 2009 Steven Barth " -#define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1" - -static int urandom_fd; -static char buf[16384]; - -static int _urandom(void *ctx, unsigned char *out, size_t len) -{ - read(urandom_fd, out, len); - return 0; -} - -static void write_file(const char *path, int len, bool pem) -{ - FILE *f = stdout; - const char *buf_start = buf; - - if (!pem) - buf_start += sizeof(buf) - len; - - if (!len) { - fprintf(stderr, "No data to write\n"); - exit(1); - } - - if (!f) { - fprintf(stderr, "error: I/O error\n"); - exit(1); - } - - if (path) - f = fopen(path, "w"); - - fwrite(buf_start, 1, len, f); - fclose(f); -} - -static mbedtls_ecp_group_id ecp_curve(const char *name) -{ - const mbedtls_ecp_curve_info *curve_info; - - if (!strcmp(name, "P-256")) - return MBEDTLS_ECP_DP_SECP256R1; - else if (!strcmp(name, "P-384")) - return MBEDTLS_ECP_DP_SECP384R1; - else if (!strcmp(name, "P-521")) - return MBEDTLS_ECP_DP_SECP521R1; - curve_info = mbedtls_ecp_curve_info_from_name(name); - if (curve_info == NULL) - return MBEDTLS_ECP_DP_NONE; - else - return curve_info->grp_id; -} - -static void write_key(mbedtls_pk_context *key, const char *path, bool pem) -{ - int len = 0; - - if (pem) { - if (mbedtls_pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0) - len = strlen(buf); - } else { - len = mbedtls_pk_write_key_der(key, (void *) buf, sizeof(buf)); - if (len < 0) - len = 0; - } - - write_file(path, len, pem); -} - -static void gen_key(mbedtls_pk_context *key, bool rsa, int ksize, int exp, - mbedtls_ecp_group_id curve, bool pem) -{ - mbedtls_pk_init(key); - if (rsa) { - fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); - mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); - if (!mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) - return; - } else { - fprintf(stderr, "Generating EC private key\n"); - mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); - if (!mbedtls_ecp_gen_key(curve, mbedtls_pk_ec(*key), _urandom, NULL)) - return; - } - fprintf(stderr, "error: key generation failed\n"); - exit(1); -} - -int dokey(bool rsa, char **arg) -{ - mbedtls_pk_context key; - unsigned int ksize = 512; - int exp = 65537; - char *path = NULL; - bool pem = true; - mbedtls_ecp_group_id curve = MBEDTLS_ECP_DP_SECP256R1; - - while (*arg && **arg == '-') { - if (!strcmp(*arg, "-out") && arg[1]) { - path = arg[1]; - arg++; - } else if (!strcmp(*arg, "-3")) { - exp = 3; - } else if (!strcmp(*arg, "-der")) { - pem = false; - } - arg++; - } - - if (*arg && rsa) { - ksize = (unsigned int)atoi(*arg); - } else if (*arg) { - curve = ecp_curve((const char *)*arg); - if (curve == MBEDTLS_ECP_DP_NONE) { - fprintf(stderr, "error: invalid curve name: %s\n", *arg); - return 1; - } - } - - gen_key(&key, rsa, ksize, exp, curve, pem); - write_key(&key, path, pem); - - mbedtls_pk_free(&key); - - return 0; -} - -int selfsigned(char **arg) -{ - mbedtls_pk_context key; - mbedtls_x509write_cert cert; - mbedtls_mpi serial; - - char *subject = ""; - unsigned int ksize = 512; - int exp = 65537; - unsigned int days = 30; - char *keypath = NULL, *certpath = NULL; - bool pem = true; - time_t from = time(NULL), to; - char fstr[20], tstr[20], sstr[17]; - int len; - bool rsa = true; - mbedtls_ecp_group_id curve = MBEDTLS_ECP_DP_SECP256R1; - - while (*arg && **arg == '-') { - if (!strcmp(*arg, "-der")) { - pem = false; - } else if (!strcmp(*arg, "-newkey") && arg[1]) { - if (!strncmp(arg[1], "rsa:", 4)) { - rsa = true; - ksize = (unsigned int)atoi(arg[1] + 4); - } else if (!strcmp(arg[1], "ec")) { - rsa = false; - } else { - fprintf(stderr, "error: invalid algorithm\n"); - return 1; - } - arg++; - } else if (!strcmp(*arg, "-days") && arg[1]) { - days = (unsigned int)atoi(arg[1]); - arg++; - } else if (!strcmp(*arg, "-pkeyopt") && arg[1]) { - if (strncmp(arg[1], "ec_paramgen_curve:", 18)) { - fprintf(stderr, "error: invalid pkey option: %s\n", arg[1]); - return 1; - } - curve = ecp_curve((const char *)(arg[1] + 18)); - if (curve == MBEDTLS_ECP_DP_NONE) { - fprintf(stderr, "error: invalid curve name: %s\n", arg[1] + 18); - return 1; - } - arg++; - } else if (!strcmp(*arg, "-keyout") && arg[1]) { - keypath = arg[1]; - arg++; - } else if (!strcmp(*arg, "-out") && arg[1]) { - certpath = arg[1]; - arg++; - } else if (!strcmp(*arg, "-subj") && arg[1]) { - if (arg[1][0] != '/' || strchr(arg[1], ';')) { - fprintf(stderr, "error: invalid subject"); - return 1; - } - subject = calloc(strlen(arg[1]) + 1, 1); - char *oldc = arg[1] + 1, *newc = subject, *delim; - do { - delim = strchr(oldc, '='); - if (!delim) { - fprintf(stderr, "error: invalid subject"); - return 1; - } - memcpy(newc, oldc, delim - oldc + 1); - newc += delim - oldc + 1; - oldc = delim + 1; - - delim = strchr(oldc, '/'); - if (!delim) { - delim = arg[1] + strlen(arg[1]); - } - memcpy(newc, oldc, delim - oldc); - newc += delim - oldc; - *newc++ = ','; - oldc = delim + 1; - } while(*delim); - arg++; - } - arg++; - } - gen_key(&key, rsa, ksize, exp, curve, pem); - - if (keypath) - write_key(&key, keypath, pem); - - from = (from < 1000000000) ? 1000000000 : from; - strftime(fstr, sizeof(fstr), "%Y%m%d%H%M%S", gmtime(&from)); - to = from + 60 * 60 * 24 * days; - if (to < from) - to = INT_MAX; - strftime(tstr, sizeof(tstr), "%Y%m%d%H%M%S", gmtime(&to)); - - fprintf(stderr, "Generating selfsigned certificate with subject '%s'" - " and validity %s-%s\n", subject, fstr, tstr); - - mbedtls_x509write_crt_init(&cert); - mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA256); - mbedtls_x509write_crt_set_issuer_key(&cert, &key); - mbedtls_x509write_crt_set_subject_key(&cert, &key); - mbedtls_x509write_crt_set_subject_name(&cert, subject); - mbedtls_x509write_crt_set_issuer_name(&cert, subject); - mbedtls_x509write_crt_set_validity(&cert, fstr, tstr); - mbedtls_x509write_crt_set_basic_constraints(&cert, 0, -1); - mbedtls_x509write_crt_set_subject_key_identifier(&cert); - mbedtls_x509write_crt_set_authority_key_identifier(&cert); - - _urandom(NULL, (void *) buf, 8); - for (len = 0; len < 8; len++) - sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); - - mbedtls_mpi_init(&serial); - mbedtls_mpi_read_string(&serial, 16, sstr); - mbedtls_x509write_crt_set_serial(&cert, &serial); - - if (pem) { - if (mbedtls_x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0) { - fprintf(stderr, "Failed to generate certificate\n"); - return 1; - } - - len = strlen(buf); - } else { - len = mbedtls_x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL); - if (len < 0) { - fprintf(stderr, "Failed to generate certificate: %d\n", len); - return 1; - } - } - write_file(certpath, len, pem); - - mbedtls_x509write_crt_free(&cert); - mbedtls_mpi_free(&serial); - mbedtls_pk_free(&key); - - return 0; -} - -int main(int argc, char *argv[]) -{ - urandom_fd = open("/dev/urandom", O_RDONLY); - - if (!argv[1]) { - //Usage - } else if (!strcmp(argv[1], "eckey")) { - return dokey(false, argv+2); - } else if (!strcmp(argv[1], "rsakey")) { - return dokey(true, argv+2); - } else if (!strcmp(argv[1], "selfsigned")) { - return selfsigned(argv+2); - } - - fprintf(stderr, - "PX5G X.509 Certificate Generator Utility v" PX5G_VERSION "\n" PX5G_COPY - "\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n"); - fprintf(stderr, "Usage: %s [eckey|rsakey|selfsigned]\n", *argv); - return 1; -}