/********************************* (C) РОТЕК *********************************** * @module cert_req * @file cert_req.c * @version 1.0.0 * @date XX.XX.XXXX ******************************************************************************* * @history Version Author Comment * XX.XX.XXXX 1.0.0 Telenkov D.A. First release. ******************************************************************************* */ #include "cert_req.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else #include MBEDTLS_CONFIG_FILE #endif #include "mbedtls/platform.h" #include "mbedtls/x509_csr.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" #include "mbedtls/certs.h" #include #include #include #define DFL_FILENAME "keyfile.key" #define DFL_DEBUG_LEVEL 0 #define DFL_OUTPUT_FILENAME "cert.req" #define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK" // Надо CN - ip, O - VimpelCom, C=RU #define DFL_KEY_USAGE 0 #define DFL_NS_CERT_TYPE 0 /* * global options */ struct options { const char *filename; /* filename of the key file */ int debug_level; /* level of debugging */ const char *output_file; /* where to store the constructed key file */ const char *subject_name; /* subject name for certificate request */ unsigned char key_usage; /* key usage flags */ unsigned char ns_cert_type; /* NS cert type */ } opt; static int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); unsigned char output_buf[4096]; void SSL_Test() { int ret = 0; mbedtls_pk_context key; char buf[1024]; mbedtls_x509write_csr req; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "csr example app"; // Set to sane values mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_set_md_alg( &req, MBEDTLS_MD_SHA256 ); mbedtls_pk_init( &key ); mbedtls_ctr_drbg_init( &ctr_drbg ); memset( buf, 0, sizeof( buf ) ); // default opt.filename = DFL_FILENAME; opt.debug_level = DFL_DEBUG_LEVEL; opt.output_file = DFL_OUTPUT_FILENAME; opt.subject_name = DFL_SUBJECT_NAME; opt.key_usage = DFL_KEY_USAGE; opt.ns_cert_type = DFL_NS_CERT_TYPE; // user opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA; if( opt.key_usage ) mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage ); if( opt.ns_cert_type ) mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type ); // 0. Seed the PRNG mbedtls_printf( " . Seeding the random number generator..." ); fflush( stdout ); mbedtls_entropy_init( &entropy ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\r\n ! mbedtls_ctr_drbg_seed returned %d", ret ); goto exit; } mbedtls_printf( " ok\r\n" ); // 1.0. Check the subject name for validity mbedtls_printf( " . Checking subject name..." ); fflush( stdout ); if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 ) { mbedtls_printf( " failed\r\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret ); goto exit; } mbedtls_printf( " ok\r\n" ); // 1.1. Load the key mbedtls_printf( " . Loading the private key ..." ); fflush( stdout ); //ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL ); ret = mbedtls_pk_parse_key( &key, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0 ); if( ret != 0 ) { mbedtls_printf( " failed\r\n ! mbedtls_pk_parse_keyfile returned %d", ret ); goto exit; } mbedtls_x509write_csr_set_key( &req, &key ); mbedtls_printf( " ok\r\n" ); // 1.2. Writing the request mbedtls_printf( " . Writing the certificate request ..." ); //if( ( ret = write_certificate_request( &req, opt.output_file, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) ret = mbedtls_x509write_csr_pem( &req, output_buf, 4096, mbedtls_ctr_drbg_random, &ctr_drbg ); if (ret != 0) { mbedtls_printf( " failed\r\n ! write_certifcate_request %d", ret ); goto exit; } mbedtls_printf( " ok\r\n" ); exit: if( ret != 0 && ret != 1) { mbedtls_printf("\r\n"); } mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); } // static int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { /* int ret; FILE *f; unsigned char output_buf[4096]; size_t len = 0; memset( output_buf, 0, 4096 ); if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 ) return( ret ); len = strlen( (char *) output_buf ); if( ( f = fopen( output_file, "w" ) ) == NULL ) return( -1 ); if( fwrite( output_buf, 1, len, f ) != len ) { fclose( f ); return( -1 ); } fclose( f ); */ return( 0 ); } /********************************* (C) РОТЕК **********************************/