|  | @@ -0,0 +1,199 @@
 | 
	
		
			
				|  |  | +/********************************* (C) РОТЕК ***********************************
 | 
	
		
			
				|  |  | + * @module  cert_req
 | 
	
		
			
				|  |  | + * @file    cert_req.c
 | 
	
		
			
				|  |  | + * @version 1.0.0
 | 
	
		
			
				|  |  | + * @date    XX.XX.XXXX
 | 
	
		
			
				|  |  | + *******************************************************************************
 | 
	
		
			
				|  |  | + * @history     Version  Author         Comment
 | 
	
		
			
				|  |  | + * XX.XX.XXXX   1.0.0    Telenkov D.A.  First release.
 | 
	
		
			
				|  |  | + *******************************************************************************
 | 
	
		
			
				|  |  | + */
 | 
	
		
			
				|  |  | +#include "cert_req.h"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#if !defined(MBEDTLS_CONFIG_FILE)
 | 
	
		
			
				|  |  | +#include "mbedtls/config.h"
 | 
	
		
			
				|  |  | +#else
 | 
	
		
			
				|  |  | +#include MBEDTLS_CONFIG_FILE
 | 
	
		
			
				|  |  | +#endif
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#include "mbedtls/platform.h"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#include "mbedtls/x509_csr.h"
 | 
	
		
			
				|  |  | +#include "mbedtls/entropy.h"
 | 
	
		
			
				|  |  | +#include "mbedtls/ctr_drbg.h"
 | 
	
		
			
				|  |  | +#include "mbedtls/error.h"
 | 
	
		
			
				|  |  | +#include "mbedtls/certs.h"
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#include <stdio.h>
 | 
	
		
			
				|  |  | +#include <stdlib.h>
 | 
	
		
			
				|  |  | +#include <string.h>
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +#define DFL_FILENAME            "keyfile.key"
 | 
	
		
			
				|  |  | +#define DFL_DEBUG_LEVEL         0
 | 
	
		
			
				|  |  | +#define DFL_OUTPUT_FILENAME     "cert.req"
 | 
	
		
			
				|  |  | +#define DFL_SUBJECT_NAME        "CN=Cert,O=mbed TLS,C=UK" // Надо CN - ip, O - VimpelCom, C=RU
 | 
	
		
			
				|  |  | +#define DFL_KEY_USAGE           0
 | 
	
		
			
				|  |  | +#define DFL_NS_CERT_TYPE        0
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +/*
 | 
	
		
			
				|  |  | + * global options
 | 
	
		
			
				|  |  | + */
 | 
	
		
			
				|  |  | +struct options
 | 
	
		
			
				|  |  | +{
 | 
	
		
			
				|  |  | +    const char *filename;       /* filename of the key file             */
 | 
	
		
			
				|  |  | +    int debug_level;            /* level of debugging                   */
 | 
	
		
			
				|  |  | +    const char *output_file;    /* where to store the constructed key file  */
 | 
	
		
			
				|  |  | +    const char *subject_name;   /* subject name for certificate request */
 | 
	
		
			
				|  |  | +    unsigned char key_usage;    /* key usage flags                      */
 | 
	
		
			
				|  |  | +    unsigned char ns_cert_type; /* NS cert type                         */
 | 
	
		
			
				|  |  | +} opt;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +static int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
 | 
	
		
			
				|  |  | +                               int (*f_rng)(void *, unsigned char *, size_t),
 | 
	
		
			
				|  |  | +                               void *p_rng );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +unsigned char output_buf[4096];
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +void SSL_Test()
 | 
	
		
			
				|  |  | +{
 | 
	
		
			
				|  |  | +    int ret = 0;
 | 
	
		
			
				|  |  | +    mbedtls_pk_context key;
 | 
	
		
			
				|  |  | +    char buf[1024];
 | 
	
		
			
				|  |  | +    mbedtls_x509write_csr req;
 | 
	
		
			
				|  |  | +    mbedtls_entropy_context entropy;
 | 
	
		
			
				|  |  | +    mbedtls_ctr_drbg_context ctr_drbg;
 | 
	
		
			
				|  |  | +    const char *pers = "csr example app";
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    // Set to sane values
 | 
	
		
			
				|  |  | +    mbedtls_x509write_csr_init( &req );
 | 
	
		
			
				|  |  | +    mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
 | 
	
		
			
				|  |  | +    mbedtls_pk_init( &key );
 | 
	
		
			
				|  |  | +    mbedtls_ctr_drbg_init( &ctr_drbg );
 | 
	
		
			
				|  |  | +    memset( buf, 0, sizeof( buf ) );
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    // default
 | 
	
		
			
				|  |  | +    opt.filename            = DFL_FILENAME;
 | 
	
		
			
				|  |  | +    opt.debug_level         = DFL_DEBUG_LEVEL;
 | 
	
		
			
				|  |  | +    opt.output_file         = DFL_OUTPUT_FILENAME;
 | 
	
		
			
				|  |  | +    opt.subject_name        = DFL_SUBJECT_NAME;
 | 
	
		
			
				|  |  | +    opt.key_usage           = DFL_KEY_USAGE;
 | 
	
		
			
				|  |  | +    opt.ns_cert_type        = DFL_NS_CERT_TYPE;
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    // user
 | 
	
		
			
				|  |  | +    opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
 | 
	
		
			
				|  |  | +    opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    if( opt.key_usage )
 | 
	
		
			
				|  |  | +        mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if( opt.ns_cert_type )
 | 
	
		
			
				|  |  | +        mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    // 0. Seed the PRNG
 | 
	
		
			
				|  |  | +    mbedtls_printf( "  . Seeding the random number generator..." );
 | 
	
		
			
				|  |  | +    fflush( stdout );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_entropy_init( &entropy );
 | 
	
		
			
				|  |  | +    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
 | 
	
		
			
				|  |  | +                               (const unsigned char *) pers,
 | 
	
		
			
				|  |  | +                               strlen( pers ) ) ) != 0 )
 | 
	
		
			
				|  |  | +    {
 | 
	
		
			
				|  |  | +        mbedtls_printf( " failed\r\n  !  mbedtls_ctr_drbg_seed returned %d", ret );
 | 
	
		
			
				|  |  | +        goto exit;
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_printf( " ok\r\n" );
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    // 1.0. Check the subject name for validity
 | 
	
		
			
				|  |  | +    mbedtls_printf( "  . Checking subject name..." );
 | 
	
		
			
				|  |  | +    fflush( stdout );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
 | 
	
		
			
				|  |  | +    {
 | 
	
		
			
				|  |  | +        mbedtls_printf( " failed\r\n  !  mbedtls_x509write_csr_set_subject_name returned %d", ret );
 | 
	
		
			
				|  |  | +        goto exit;
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_printf( " ok\r\n" );
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    // 1.1. Load the key
 | 
	
		
			
				|  |  | +    mbedtls_printf( "  . Loading the private key ..." );
 | 
	
		
			
				|  |  | +    fflush( stdout );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    //ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
 | 
	
		
			
				|  |  | +    ret =  mbedtls_pk_parse_key( &key, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0 );
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    if( ret != 0 )
 | 
	
		
			
				|  |  | +    {
 | 
	
		
			
				|  |  | +        mbedtls_printf( " failed\r\n  !  mbedtls_pk_parse_keyfile returned %d", ret );
 | 
	
		
			
				|  |  | +        goto exit;
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_x509write_csr_set_key( &req, &key );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_printf( " ok\r\n" );
 | 
	
		
			
				|  |  | +        
 | 
	
		
			
				|  |  | +    // 1.2. Writing the request
 | 
	
		
			
				|  |  | +    mbedtls_printf( "  . Writing the certificate request ..." );
 | 
	
		
			
				|  |  | +   
 | 
	
		
			
				|  |  | +    //if( ( ret = write_certificate_request( &req, opt.output_file, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
 | 
	
		
			
				|  |  | +    ret = mbedtls_x509write_csr_pem( &req, output_buf, 4096, mbedtls_ctr_drbg_random, &ctr_drbg );
 | 
	
		
			
				|  |  | +    if (ret != 0)
 | 
	
		
			
				|  |  | +    {
 | 
	
		
			
				|  |  | +        mbedtls_printf( " failed\r\n  !  write_certifcate_request %d", ret );
 | 
	
		
			
				|  |  | +        goto exit;
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_printf( " ok\r\n" );
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +    
 | 
	
		
			
				|  |  | +exit:
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if( ret != 0 && ret != 1)
 | 
	
		
			
				|  |  | +    {
 | 
	
		
			
				|  |  | +        mbedtls_printf("\r\n");
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    mbedtls_x509write_csr_free( &req );
 | 
	
		
			
				|  |  | +    mbedtls_pk_free( &key );
 | 
	
		
			
				|  |  | +    mbedtls_ctr_drbg_free( &ctr_drbg );
 | 
	
		
			
				|  |  | +    mbedtls_entropy_free( &entropy );    
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +//
 | 
	
		
			
				|  |  | +static int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
 | 
	
		
			
				|  |  | +                               int (*f_rng)(void *, unsigned char *, size_t),
 | 
	
		
			
				|  |  | +                               void *p_rng )
 | 
	
		
			
				|  |  | +{
 | 
	
		
			
				|  |  | +/*  
 | 
	
		
			
				|  |  | +    int ret;
 | 
	
		
			
				|  |  | +    FILE *f;
 | 
	
		
			
				|  |  | +    unsigned char output_buf[4096];
 | 
	
		
			
				|  |  | +    size_t len = 0;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    memset( output_buf, 0, 4096 );
 | 
	
		
			
				|  |  | +    if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
 | 
	
		
			
				|  |  | +        return( ret );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    len = strlen( (char *) output_buf );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if( ( f = fopen( output_file, "w" ) ) == NULL )
 | 
	
		
			
				|  |  | +        return( -1 );
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if( fwrite( output_buf, 1, len, f ) != len )
 | 
	
		
			
				|  |  | +    {
 | 
	
		
			
				|  |  | +        fclose( f );
 | 
	
		
			
				|  |  | +        return( -1 );
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    fclose( f );
 | 
	
		
			
				|  |  | +*/
 | 
	
		
			
				|  |  | +    return( 0 );
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +/********************************* (C) РОТЕК **********************************/
 |