1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
26 #include "byte_array.h"
27 #include "ck_manager.h"
33 const char COMMAND_CRT[] = "crt";
34 const char COMMAND_CRL[] = "crl";
38 #define DEFAULT_CA_CRT_NAME "ca_crt.der"
39 #define DEFAULT_CA_PUBLIC_KEY_NAME "ca_public.key"
40 #define DEFAULT_USER_PRIVATE_KEY_NAME "user_private.key"
41 #define DEFAULT_USER_CRT_NAME "user_crt.der"
42 #define DEFAULT_CRL_NAME "crl.der"
44 #define DEFAULT_DER_DATA_SIZE 1024
45 #define SET_OF_SEQUENCE_SIZE 4
46 #define NUMBER_OF_REVOKED 1
49 * Shows program usage hint.
53 printf("Use next command:\n");
54 printf("x509_issue -c <crt/crl> [-n]\n");
55 printf("\t[-c]\t command name crt | crl\n");
56 printf("\t[-n]\t generate new CA key pair\n");
60 * Generates CA Certificate File, writes CA private and public keys to storage
62 * @param[in] updateCAkeys use new or old keys
64 int GenerateCACertificateFile(const int updateCAkeys)
66 // Variables definition
67 uint8_t derData[DEFAULT_DER_DATA_SIZE] = {0};
68 uint8_t caPubKey[PUBLIC_KEY_SIZE] = {0};
69 uint8_t caPrivKey[PRIVATE_KEY_SIZE] = {0};
70 uint8_t defaultCaName[] = "Default_CA_Name";
72 ByteArray certDer = BYTE_ARRAY_CONSTRUCTOR(derData);
73 ByteArray pubKeyIss = BYTE_ARRAY_CONSTRUCTOR(caPubKey);
74 ByteArray privKeyIss = BYTE_ARRAY_CONSTRUCTOR(caPrivKey);
75 ByteArray rootName = BYTE_ARRAY_CONSTRUCTOR(defaultCaName);
80 GenerateCAKeyPair(&privKeyIss, &pubKeyIss);
81 printf("CA key pair was changed!\n");
82 if (GenerateDERCertificateFile(&pubKeyIss, DEFAULT_CA_PUBLIC_KEY_NAME) != PKI_SUCCESS)
84 printf("Unable to generate CA public key file!\n");
89 printf("CA public key file generated: %s\n", DEFAULT_CA_PUBLIC_KEY_NAME);
93 SetSerialNumber(DEFAULT_SN);
94 SetRootName(rootName);
95 CKMIssueRootCertificate(0, 0, &certDer);
97 // Writes ByteArray to file
98 if (GenerateDERCertificateFile(&certDer, DEFAULT_CA_CRT_NAME) != PKI_SUCCESS)
100 printf("Unable to generate CA Certificate file!\n");
105 printf("CA Certificate File generated: %s\n", DEFAULT_CA_CRT_NAME);
111 * Generates User Certificate File
113 void GenerateUserCertificateFile()
115 uint8_t subjPubKey[PUBLIC_KEY_SIZE] = {0};
116 uint8_t subjPrivKey[PRIVATE_KEY_SIZE] = {0};
118 ByteArray pubKeySubj = BYTE_ARRAY_CONSTRUCTOR(subjPubKey);
119 ByteArray privKeySubj = BYTE_ARRAY_CONSTRUCTOR(subjPrivKey);
121 // TODO: Uncomment GenerateKeyPair
122 GenerateKeyPair(&privKeySubj, &pubKeySubj);
124 if (GenerateDERCertificateFile(&privKeySubj, DEFAULT_USER_PRIVATE_KEY_NAME) != PKI_SUCCESS)
126 printf("Unable to generate user private key file!\n");
131 printf("User private key file generated: %s\n", DEFAULT_USER_PRIVATE_KEY_NAME);
134 uint8_t derData[DEFAULT_DER_DATA_SIZE] = {0};
135 ByteArray certDer = BYTE_ARRAY_CONSTRUCTOR(derData);
137 const uint8_t defaultUserName[] = "Default_USER_Name";
139 CKMIssueDeviceCertificate(defaultUserName, 0, 0, subjPubKey, &certDer);
141 if (GenerateDERCertificateFile(&certDer, DEFAULT_USER_CRT_NAME) != PKI_SUCCESS)
143 printf("Unable to generate User Certificate file!\n");
148 printf("User Certificate File generated: %s\n", DEFAULT_USER_CRT_NAME);
153 * Generates Certificate Revocation List File
155 void GenerateCRLFile()
157 const uint8_t *uint8ThisUpdateTime = (const uint8_t *)"130101000000Z";
158 uint32_t revokedNumbers[NUMBER_OF_REVOKED] = {100};
159 const uint8_t *revocationDates[NUMBER_OF_REVOKED] =
161 (const uint8_t *)"130101000001Z"
166 .len = CRL_MIN_SIZE + NUMBER_OF_REVOKED * (sizeof(CertificateRevocationInfo_t) + SET_OF_SEQUENCE_SIZE),
167 .data = (uint8_t *)calloc(1, CRL_MIN_SIZE + NUMBER_OF_REVOKED * (sizeof(CertificateRevocationInfo_t) + SET_OF_SEQUENCE_SIZE))
172 printf("calloc error\n");
176 int errorCode = CKMIssueCRL(uint8ThisUpdateTime, NUMBER_OF_REVOKED, revokedNumbers, revocationDates,
179 printf("Gen CRL err code: %d\n", errorCode);
181 //CRL ByteArray to file
182 if (GenerateDERCertificateFile(&code, DEFAULT_CRL_NAME) != PKI_SUCCESS)
184 printf("Unable to generate CRL file!\n");
190 printf("CRL File generated: %s\n", DEFAULT_CRL_NAME);
199 * Generates certificate and certificate revocation list
201 * @param[in] argc An integer argument count of the command line arguments
202 * @param[in] argv An argument vector of the command line arguments
204 * @return[out] an integer 0 upon exit success
206 int main(int argc, char *argv[])
209 int updateCAkeys = 0;
211 // Parse command line arguments
214 while ((opt = getopt(argc, argv, "c:n")) != -1)
219 if (!strcmp(COMMAND_CRT, optarg))
223 else if (!strcmp(COMMAND_CRL, optarg))
229 printf("Wrong command(-c)!\n");
244 GenerateCACertificateFile(updateCAkeys);
248 GenerateUserCertificateFile();