Тесты cert_req

modules/mbedtls_api/cert_req.c

@@ -0,0 +1,199 @@
+/********************************* (C) РОТЕК ***********************************
+ * @module  cert_req
+ * @file    cert_req.c
+ * @version 1.0.0
+ * @date    XX.XX.XXXX
+ *******************************************************************************
+ * @history     Version  Author         Comment
+ * XX.XX.XXXX   1.0.0    Telenkov D.A.  First release.
+ *******************************************************************************
+ */
+#include "cert_req.h"
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/platform.h"
+
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME            "keyfile.key"
+#define DFL_DEBUG_LEVEL         0
+#define DFL_OUTPUT_FILENAME     "cert.req"
+#define DFL_SUBJECT_NAME        "CN=Cert,O=mbed TLS,C=UK" // Надо CN - ip, O - VimpelCom, C=RU
+#define DFL_KEY_USAGE           0
+#define DFL_NS_CERT_TYPE        0
+
+/*
+ * global options
+ */
+struct options
+{
+    const char *filename;       /* filename of the key file             */
+    int debug_level;            /* level of debugging                   */
+    const char *output_file;    /* where to store the constructed key file  */
+    const char *subject_name;   /* subject name for certificate request */
+    unsigned char key_usage;    /* key usage flags                      */
+    unsigned char ns_cert_type; /* NS cert type                         */
+} opt;
+
+static int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng );
+
+unsigned char output_buf[4096];
+
+void SSL_Test()
+{
+    int ret = 0;
+    mbedtls_pk_context key;
+    char buf[1024];
+    mbedtls_x509write_csr req;
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    const char *pers = "csr example app";
+    
+
+    // Set to sane values
+    mbedtls_x509write_csr_init( &req );
+    mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 );
+    mbedtls_pk_init( &key );
+    mbedtls_ctr_drbg_init( &ctr_drbg );
+    memset( buf, 0, sizeof( buf ) );
+    
+    // default
+    opt.filename            = DFL_FILENAME;
+    opt.debug_level         = DFL_DEBUG_LEVEL;
+    opt.output_file         = DFL_OUTPUT_FILENAME;
+    opt.subject_name        = DFL_SUBJECT_NAME;
+    opt.key_usage           = DFL_KEY_USAGE;
+    opt.ns_cert_type        = DFL_NS_CERT_TYPE;
+    
+    // user
+    opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
+    opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
+    
+    if( opt.key_usage )
+        mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
+
+    if( opt.ns_cert_type )
+        mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
+    
+
+    // 0. Seed the PRNG
+    mbedtls_printf( "  . Seeding the random number generator..." );
+    fflush( stdout );
+
+    mbedtls_entropy_init( &entropy );
+    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+                               (const unsigned char *) pers,
+                               strlen( pers ) ) ) != 0 )
+    {
+        mbedtls_printf( " failed\r\n  !  mbedtls_ctr_drbg_seed returned %d", ret );
+        goto exit;
+    }
+
+    mbedtls_printf( " ok\r\n" );
+    
+    // 1.0. Check the subject name for validity
+    mbedtls_printf( "  . Checking subject name..." );
+    fflush( stdout );
+
+    if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
+    {
+        mbedtls_printf( " failed\r\n  !  mbedtls_x509write_csr_set_subject_name returned %d", ret );
+        goto exit;
+    }
+
+    mbedtls_printf( " ok\r\n" );
+    
+    // 1.1. Load the key
+    mbedtls_printf( "  . Loading the private key ..." );
+    fflush( stdout );
+
+    //ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL );
+    ret =  mbedtls_pk_parse_key( &key, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0 );
+    
+    
+    
+    if( ret != 0 )
+    {
+        mbedtls_printf( " failed\r\n  !  mbedtls_pk_parse_keyfile returned %d", ret );
+        goto exit;
+    }
+
+    mbedtls_x509write_csr_set_key( &req, &key );
+
+    mbedtls_printf( " ok\r\n" );
+        
+    // 1.2. Writing the request
+    mbedtls_printf( "  . Writing the certificate request ..." );
+   
+    //if( ( ret = write_certificate_request( &req, opt.output_file, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+    ret = mbedtls_x509write_csr_pem( &req, output_buf, 4096, mbedtls_ctr_drbg_random, &ctr_drbg );
+    if (ret != 0)
+    {
+        mbedtls_printf( " failed\r\n  !  write_certifcate_request %d", ret );
+        goto exit;
+    }
+
+    mbedtls_printf( " ok\r\n" );
+    
+    
+exit:
+
+    if( ret != 0 && ret != 1)
+    {
+        mbedtls_printf("\r\n");
+    }
+
+    mbedtls_x509write_csr_free( &req );
+    mbedtls_pk_free( &key );
+    mbedtls_ctr_drbg_free( &ctr_drbg );
+    mbedtls_entropy_free( &entropy );    
+}
+
+//
+static int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng )
+{
+/*  
+    int ret;
+    FILE *f;
+    unsigned char output_buf[4096];
+    size_t len = 0;
+
+    memset( output_buf, 0, 4096 );
+    if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
+        return( ret );
+
+    len = strlen( (char *) output_buf );
+
+    if( ( f = fopen( output_file, "w" ) ) == NULL )
+        return( -1 );
+
+    if( fwrite( output_buf, 1, len, f ) != len )
+    {
+        fclose( f );
+        return( -1 );
+    }
+
+    fclose( f );
+*/
+    return( 0 );
+}
+
+/********************************* (C) РОТЕК **********************************/

modules/mbedtls_api/cert_req.h

@@ -0,0 +1,25 @@
+/********************************* (C) РОТЕК ***********************************
+ * @module  cert_req
+ * @file    cert_req
+ * @version 1.0.0
+ * @date    XX.XX.XXXX
+ * $brief   cert_req
+ *******************************************************************************
+ * @history     Version  Author         Comment
+ * XX.XX.XXXX   1.0.0    Telenkov D.A.  First release.
+ *******************************************************************************
+ */
+
+/* Define to prevent recursive  ----------------------------------------------*/
+#ifndef CERT_REQ_H
+#define CERT_REQ_H
+   
+#include "stm32f4xx.h"
+
+void SSL_Test();
+
+
+
+#endif /* #ifndef CERT_REQ_H */
+
+/********************************* (C) РОТЕК **********************************/

modules/mbedtls_api/mbedtls_config.h

@@ -78,8 +78,8 @@
 #define MBEDTLS_X509_USE_C
 
 // User
-#define MBEDTLS_RSA_C
-#define MBEDTLS_PKCS1_V21
+//#define MBEDTLS_RSA_C
+//#define MBEDTLS_PKCS1_V21
 
 /* For test certificates */
 #define MBEDTLS_BASE64_C
@@ -143,6 +143,12 @@
                          // 3 Informational
                          // 4 Verbose
 
+// User define for create req_cert
+#define MBEDTLS_X509_CSR_WRITE_C      
+#define MBEDTLS_X509_CREATE_C     
+#define MBEDTLS_PK_WRITE_C      
+#define MBEDTLS_PEM_WRITE_C         
+      
 #define UNUSED(x) ((void)(x))      
       
 #include "mbedtls/check_config.h"

projects/iar/bt-670x.ewp

@@ -2053,6 +2053,9 @@
     </group>
     <group>
       <name>mbedtls_api</name>
+      <file>
+        <name>$PROJ_DIR$\..\..\modules\mbedtls_api\cert_req.c</name>
+      </file>
       <file>
         <name>$PROJ_DIR$\..\..\modules\mbedtls_api\hardware_rng.c</name>
       </file>

thirdparty/mbedTLS/library/certs.c

@@ -108,26 +108,35 @@ const char mbedtls_test_cli_key_ec[] =
 "-----END EC PRIVATE KEY-----\r\n";
 
 const char test_srv_crt[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDODCCAiACCQDwZ+UdnJyNVzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJS\r\n"
-"VTEPMA0GA1UECAwGTW9zY293MQ8wDQYDVQQHDAZNb3Njb3cxDjAMBgNVBAoMBVJv\r\n"
-"dGVrMQswCQYDVQQLDAJtYTENMAsGA1UEAwwEa2F0ZTAeFw0xNzA5MDQxMjQzMTJa\r\n"
-"Fw0zMTA1MTQxMjQzMTJaMGExCzAJBgNVBAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cx\r\n"
-"DzANBgNVBAcMBk1vc2NvdzELMAkGA1UECgwCSVQxCzAJBgNVBAsMAklUMRYwFAYD\r\n"
-"VQQDDA0xOTIuMTY4LjE0Ljc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\n"
-"AQEA8SVOegbQsoFrT83ExWmHtDotXCBz2uTTTWL7GhkmyD882y8io3pH5ShyBow+\r\n"
-"UeC/DvMvD9xGGH03lo3TZQaZQBw6N/JpaoIZkV+oOEnIXfru3X3CotqgKsKWyrM+\r\n"
-"PsWORpo5c3r58H/8m15iMH8NBVaA8Lpm5bgzHXD2chVLDSb39Cmn0X5TPDXOrvp2\r\n"
-"NZzdWxycdpc3G35UM0PpwBsaIAIC77uLZOmVXxojjzGyjlFNNb92UsAw5aKbEFXB\r\n"
-"DaNGBlFDvpvjZfaXDwWbg9wWjQXyYEo9zZxkCVX4qhlGHvY50C1+ZRG5d0YK9Slv\r\n"
-"60636wXQNGTDgFW83h+pZfhzUwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAbzGxW\r\n"
-"gqvad8d3em5i07Lz/xWKIQ++P78miF/TwEPGR23Z+N0uUXCIb9hJygjcQRlo+mp7\r\n"
-"XnrMI9wW1+Je2JTpavwNilpdLkglDCU9gX4hbMCO/a7K5AbCOilD84VpG9pfLe3p\r\n"
-"/NdJr4H2xMBnm6l/931ZjeUW+8bsWpdAOUSNOGmvQIRzAjHuRRzcb0JseZw30alT\r\n"
-"XFg5WMdx4yQrAtYS8tuAYciOs+oZg+VIxSSqvVMqaLHYdV1UjkPZGD9duu7T+ZY2\r\n"
-"7PrBg/eNrBhoxTPxNNUDDWD/+N32vdozdNm6mDUQ2RL6SnFwxERLKVODin/gg7iy\r\n"
-"/55oNFhDrNaZBl+u\r\n"
-"-----END CERTIFICATE-----\r\n";
+"-----BEGIN RSA PRIVATE KEY-----\r\n"
+"MIIEowIBAAKCAQEA8SVOegbQsoFrT83ExWmHtDotXCBz2uTTTWL7GhkmyD882y8i\r\n"
+"o3pH5ShyBow+UeC/DvMvD9xGGH03lo3TZQaZQBw6N/JpaoIZkV+oOEnIXfru3X3C\r\n"
+"otqgKsKWyrM+PsWORpo5c3r58H/8m15iMH8NBVaA8Lpm5bgzHXD2chVLDSb39Cmn\r\n"
+"0X5TPDXOrvp2NZzdWxycdpc3G35UM0PpwBsaIAIC77uLZOmVXxojjzGyjlFNNb92\r\n"
+"UsAw5aKbEFXBDaNGBlFDvpvjZfaXDwWbg9wWjQXyYEo9zZxkCVX4qhlGHvY50C1+\r\n"
+"ZRG5d0YK9Slv60636wXQNGTDgFW83h+pZfhzUwIDAQABAoIBABj2Q6leCzxvKSyZ\r\n"
+"oETPJ70ASLHAqj1+cmEQXe3VrK4N3b7SokNJ5SdTiHolCk5vdVeW1MhPhPIEBD0R\r\n"
+"cVCD3llEksI31bGwxfTGciNhf9w6nX9QBVXWS74hZnqVE1xsFs44KLpLgJPkq8Fp\r\n"
+"g8CBZlenHLHOmdgtuRzTFK+6hIpXyuAoRlGiIPz3uXnXi9E5UXkLTbrRWibl+DGV\r\n"
+"j1Qr89YEGgj8Z9xDDaMWvEC5lUfYp0NYRlSBVyBpWvRLrzy38BVi51VgZqzsOO2u\r\n"
+"5rERmN2hjykyuCeoLbjyFghVzX7tuRTKlI95n5DxYgl9/ctL38TLTJ4eTptXVuxv\r\n"
+"ZgmtyAECgYEA/TII/qiGtA21MM00HmgfbLwdwAJYq1D8WZ+na6p4Kp+Q971F99Nd\r\n"
+"95cSmnD9CFsQCr92jOiAsL3NKRWM+1jwmgiGypj0nx5SlfYtVKBipDEBbjEx0hol\r\n"
+"S7nB4fQSsLcMjuebriMaPfTStVil0rIM33lp1E8EcL00D8SX1NbOkskCgYEA89Ea\r\n"
+"YO/kzk9hlMQmu7K67E42JxdMPszrEda3BiuM5cReUyfzu7G8wJGGWliNMWQ9ERqH\r\n"
+"VtHOwoEskEHHbnIDGCr2EZbe9n55hPMdi7hLL16koyyb/gbF/H6uFuvrMZrPZzDi\r\n"
+"XcPYuec+sZQPaif8mQW4TtyC3KmMdWj9eQwAJzsCgYA7X2hMjyhHQI+kifoWx0PX\r\n"
+"M6WmSOaSBcOnIJEZ5jeXhyNvdKrbmm0Gih6KqMQtGW2Bl7QtBrhmuZtKbwtIRWrm\r\n"
+"M+mnyIZUab/j+n5WweVfqz4yoMaWBhuIzl5wpdNcLRB80kLnasPUk3x1mfwIlEgA\r\n"
+"f3AZoQ3hgfybVfZkqpp2QQKBgQDGYI1Q7/8/qbDgxRQqxgp2uFAxUDB2LG7a7dOu\r\n"
+"zoJudG62xBv4zG2iVQV2vvPqiv9wyh/yEPVkpotmuE6W22cPI+1gdFvnPRKMjO6u\r\n"
+"Pv3VhfD43xPxBPvULBJjjgKoMqir8kdMOUw+PhtxiuFb4zsQGmpSp/JFriIdaZZL\r\n"
+"Beud/wKBgCjIika+PDXcqvQYH62g7tCDzMAb2e7qEgVEWCtYDUXa38wgzSeHWiO2\r\n"
+"oKaf2s3b2altOc+EiZOVYkYLEyiWjEoYzWXM4s8gUbY0a8jjZ+2+z8CUcHB3jI8A\r\n"
+"ao6TDRp9QDcooYRAGxKfNm4JYEparTAtLKD3aHsjooA3ivNVpngC\r\n"
+"-----END RSA PRIVATE KEY-----\r\n";
+
+
 
 const char test_srv_key[] =
 "-----BEGIN RSA PRIVATE KEY-----\r\n"

user/init_task.c

@@ -36,6 +36,7 @@
 //#include "ups_monitor.h"
 #include "lwip/stats.h"
 #include "radius_user.h"
+#include "cert_req.h"
 
 #ifdef PRINTF_STDLIB
 #include <stdio.h>
@@ -157,8 +158,8 @@ void InitTask(void *params)
 */
   
 #define SSL_TASK_PRIO   ( configMAX_PRIORITIES - 3 )
-	   xTaskCreate(ssl_server, "SSL", 10*configMINIMAL_STACK_SIZE, NULL, SSL_TASK_PRIO, NULL);  
-  
+	   //xTaskCreate(ssl_server, "SSL", 10*configMINIMAL_STACK_SIZE, NULL, SSL_TASK_PRIO, NULL);  
+  SSL_Test();
   
   
 

user/main.c

@@ -58,7 +58,8 @@ int main()
 
 	init_settings();
   
-  xTaskCreate( InitTask, "InitTask", 1000, NULL, tskIDLE_PRIORITY, NULL);
+  //xTaskCreate( InitTask, "InitTask", 1000, NULL, tskIDLE_PRIORITY, NULL);
+    xTaskCreate( InitTask, "InitTask", 6000, NULL, tskIDLE_PRIORITY, NULL);
   
   vTaskStartScheduler();