From 9dcd0977897adbc27160ac5348f75229cf97332f Mon Sep 17 00:00:00 2001
From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Mon, 17 Apr 2023 13:00:37 +0200
Subject: [PATCH] Add 2-element OCF certificate chain

Change-Id: Ie06fa667b710937d80ba87f86a0d61ca3ceba687
---
 src/dummy-backend/CMakeLists.txt    | 88 ++++++++++++++++++++++++++-----------
 src/dummy-backend/dummy_backend.cpp | 24 +++++-----
 2 files changed, 75 insertions(+), 37 deletions(-)

diff --git a/src/dummy-backend/CMakeLists.txt b/src/dummy-backend/CMakeLists.txt
index 4d74c39..b372510 100644
--- a/src/dummy-backend/CMakeLists.txt
+++ b/src/dummy-backend/CMakeLists.txt
@@ -22,39 +22,77 @@ FIND_PACKAGE(PkgConfig REQUIRED)
 
 ADD_EXECUTABLE(bin2c bin2c.c)
 
-ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key
-	COMMAND ${OPENSSL_TOOL} genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key 1024)
-
-ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem
-	COMMAND ${OPENSSL_TOOL} req -x509 -new -nodes -key ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key
-			-sha256 -days 1024 -out ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem
-			-subj "/C=PL/ST=Test1/L=Test2/O=Dis/CN=www.example.com"
-	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key)
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.key
+	COMMAND ${OPENSSL_TOOL} genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.key 1024)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.key
+	COMMAND ${OPENSSL_TOOL} genrsa -out ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.key 1024)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.pem
+	COMMAND ${OPENSSL_TOOL} req -x509 -new -nodes -key ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.key
+			-sha256 -days 1024 -out ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.pem
+			-subj "/C=PL/ST=Test1/L=Test2/O=Test3/CN=Test4"
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.key)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.csr
+	COMMAND ${OPENSSL_TOOL} req -new -sha256 -key ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.key
+			-out ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.csr
+			-subj "/C=PL/ST=Test10/L=Test20/O=Test30/CN=Test40"
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.key)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.pem
+	COMMAND ${OPENSSL_TOOL} x509 -req -in ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.csr
+			-CA ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.pem -CAkey ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.key -CAcreateserial
+			-days 1024 -sha256 -out ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.pem
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.csr ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.key)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/chainRSA.pem
+	COMMAND cat ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.pem > ${CMAKE_CURRENT_BINARY_DIR}/chainRSA.pem
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootRSA.pem ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.pem)
 
 ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key
 	COMMAND ${OPENSSL_TOOL} ecparam -name secp521r1 -genkey -noout -out ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
 
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.key
+	COMMAND ${OPENSSL_TOOL} ecparam -name secp521r1 -genkey -noout -out ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.key)
+
 ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem
 	COMMAND ${OPENSSL_TOOL} req -x509 -new -nodes -key ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key
 			-sha256 -days 1024 -out ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem
-			-subj "/C=PL/ST=Test1/L=Test2/O=Dis/CN=www.example.com"
+			-subj "/C=PL/ST=Test1/L=Test2/O=Test3/CN=Test4"
 	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
 
-ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_key.c
-	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_key.c dummy_rootca_rsa_key
-	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootCA.key)
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.csr
+	COMMAND ${OPENSSL_TOOL} req -new -sha256 -key ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.key
+			-out ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.csr
+			-subj "/C=PL/ST=Test10/L=Test20/O=Test30/CN=Test40"
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.key)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.pem
+	COMMAND ${OPENSSL_TOOL} x509 -req -in ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.csr
+			-CA ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem -CAkey ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key -CAcreateserial
+			-days 1024 -sha256 -out ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.pem
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.csr ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/chainECDSA.pem
+	COMMAND cat ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem > ${CMAKE_CURRENT_BINARY_DIR}/chainECDSA.pem
+	DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.pem)
+
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/device_rsa_key.c
+	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.key ${CMAKE_CURRENT_BINARY_DIR}/device_rsa_key.c dummy_device_rsa_key
+	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/deviceRSA.key)
 
-ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_cert.c
-	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_cert.c dummy_rootca_rsa_cert
-	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootCA.pem)
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/device_rsa_cert.c
+	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/chainRSA.pem ${CMAKE_CURRENT_BINARY_DIR}/device_rsa_cert.c dummy_device_rsa_cert
+	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/chainRSA.pem)
 
-ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_key.c
-	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_key.c dummy_rootca_ecdsa_key
-	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.key)
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/device_ecdsa_key.c
+	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.key ${CMAKE_CURRENT_BINARY_DIR}/device_ecdsa_key.c dummy_device_ecdsa_key
+	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/deviceECDSA.key)
 
-ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_cert.c
-	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem ${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_cert.c dummy_rootca_ecdsa_cert
-	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/rootECDSA.pem)
+ADD_CUSTOM_COMMAND(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/device_ecdsa_cert.c
+	COMMAND $<TARGET_FILE:bin2c> ${CMAKE_CURRENT_BINARY_DIR}/chainECDSA.pem ${CMAKE_CURRENT_BINARY_DIR}/device_ecdsa_cert.c dummy_device_ecdsa_cert
+	DEPENDS bin2c ${CMAKE_CURRENT_BINARY_DIR}/chainECDSA.pem)
 
 PKG_CHECK_MODULES(DUMMY_DEPS REQUIRED
 	dlog
@@ -72,10 +110,10 @@ ADD_LIBRARY(${DCM_BACKEND_API}
 	dcm-backend-api-ext-dummy.cpp
 	dummy_backend.cpp
 	../shared/log.cpp
-	${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_key.c
-	${CMAKE_CURRENT_BINARY_DIR}/rootCA_ecdsa_cert.c
-	${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_key.c
-	${CMAKE_CURRENT_BINARY_DIR}/rootCA_rsa_cert.c)
+	${CMAKE_CURRENT_BINARY_DIR}/device_ecdsa_key.c
+	${CMAKE_CURRENT_BINARY_DIR}/device_ecdsa_cert.c
+	${CMAKE_CURRENT_BINARY_DIR}/device_rsa_key.c
+	${CMAKE_CURRENT_BINARY_DIR}/device_rsa_cert.c)
 
 TARGET_LINK_LIBRARIES(${DCM_BACKEND_API}
 	${DUMMY_DEPS_LIBRARIES})
diff --git a/src/dummy-backend/dummy_backend.cpp b/src/dummy-backend/dummy_backend.cpp
index a342bf4..121c2ac 100644
--- a/src/dummy-backend/dummy_backend.cpp
+++ b/src/dummy-backend/dummy_backend.cpp
@@ -29,14 +29,14 @@
 #include "log.h"
 
 extern "C" {
-	extern size_t dummy_rootca_rsa_key_size;
-	extern char dummy_rootca_rsa_key[];
-	extern size_t dummy_rootca_rsa_cert_size;
-	extern char dummy_rootca_rsa_cert[];
-	extern size_t dummy_rootca_ecdsa_key_size;
-	extern char dummy_rootca_ecdsa_key[];
-	extern size_t dummy_rootca_ecdsa_cert_size;
-	extern char dummy_rootca_ecdsa_cert[];
+	extern size_t dummy_device_rsa_key_size;
+	extern char dummy_device_rsa_key[];
+	extern size_t dummy_device_rsa_cert_size;
+	extern char dummy_device_rsa_cert[];
+	extern size_t dummy_device_ecdsa_key_size;
+	extern char dummy_device_ecdsa_key[];
+	extern size_t dummy_device_ecdsa_cert_size;
+	extern char dummy_device_ecdsa_cert[];
 }
 
 EVP_PKEY* get_rsa_pkey()
@@ -44,7 +44,7 @@ EVP_PKEY* get_rsa_pkey()
 	EVP_PKEY* pkey = NULL;
 	BIO* bio = NULL;
 
-	if(!(bio = BIO_new_mem_buf(dummy_rootca_rsa_key, dummy_rootca_rsa_key_size))) {
+	if(!(bio = BIO_new_mem_buf(dummy_device_rsa_key, dummy_device_rsa_key_size))) {
 		LOGE("Can't parse private RSA key");
 		return pkey;
 	}
@@ -63,7 +63,7 @@ EVP_PKEY* get_ecdsa_pkey()
 	EC_KEY* eckey = NULL;
 	BIO* bio = NULL;
 
-	if(!(bio = BIO_new_mem_buf(dummy_rootca_ecdsa_key, dummy_rootca_ecdsa_key_size))) {
+	if(!(bio = BIO_new_mem_buf(dummy_device_ecdsa_key, dummy_device_ecdsa_key_size))) {
 		LOGE("Can't parse private ECDSA key");
 		return pkey;
 	}
@@ -138,9 +138,9 @@ dummy_backend::~dummy_backend()
 int dummy_backend::request_certificate_chain(std::string& mutable_chain)
 {
 	if(fKey == CRYPTO_KEY_TYPE_RSA) {
-		mutable_chain.assign(dummy_rootca_rsa_cert, dummy_rootca_rsa_cert_size);
+		mutable_chain.assign(dummy_device_rsa_cert, dummy_device_rsa_cert_size);
 	} else {
-		mutable_chain.assign(dummy_rootca_ecdsa_cert, dummy_rootca_ecdsa_cert_size);
+		mutable_chain.assign(dummy_device_ecdsa_cert, dummy_device_ecdsa_cert_size);
 	}
 
 	return 0;
-- 
2.7.4