Commit 26277d48 authored by Denis Filatov's avatar Denis Filatov
Browse files

fix usage of pre-defined public keys for certificate

parent 999abd07
......@@ -17,10 +17,9 @@ static const char * _certName = NULL;
static char * _profileName = NULL;
static char * _signerName = NULL;
static ecc_format _outKeyFormat = ecc_bin;
static const char * _verificationKey = NULL;
static const char * _decriptionKey = NULL;
static const char * _keyPath = NULL;
static int _force = 0;
static int _no_gen = 0;
static const char * _cfgFile = NULL;
static int _debug = 0;
static int _xer = 0;
......@@ -70,10 +69,9 @@ static copt_t _options [] = {
{ "k", "key-format", COPT_STRENUM, (void*)_key_formats, "Keys output format (bin|hex|pem)[binary by default]" },
{ "S", "certs", COPT_STR, (void*)&_searchPath, "Certificates search path [Output path by default]" },
{ "K", "keys", COPT_STR, (void*)&_keyPath, "Private key storage path [Output path by default]" },
{ "f", "force", COPT_BOOL, (void*)&_force, "Force regenerate existing certificate and keys" },
{ "n", "name", COPT_STR, (void*)&_certName, "Certificate name (take from profile by default)" },
{ "v", "vkey", COPT_STR, (void*)&_verificationKey, "Verification public key (generate key pair by default)" },
{ "e", "ekey", COPT_STR, (void*)&_decriptionKey, "Encription public key (generate key pair if neccessary)" },
{ "f", "force", COPT_BOOL, (void*)&_force, "Force regenerate existing certificate and keys. [use existing by default]" },
{ "e", "no-generate", COPT_BOOL, (void*)&_no_gen, "Do not generate keys. [generate if necessary by default]" },
{ "n", "name", COPT_STR, (void*)&_certName, "Certificate name (take from profile by default)" },
{ "s", "signer", COPT_STR, (void*)&_signerName, "Signer certificate name [take from profile by default]" },
{ "D", "debug", COPT_BOOL, (void*)&_debug, "Dump hashes and other values [false]" },
{ "x", "oxer", COPT_BOOL, (void*)&_xer, "Decode OER certificate to XER [false]" },
......@@ -84,8 +82,8 @@ char * _bin2hex(char * hex, size_t hlen, const char * bin, size_t blen);
static int is_CurvePoint_empty(EccP256CurvePoint_t* point);
static void fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
static int fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
static int fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath);
static int _issuer_parser_cb(pxml_chunk_type_e _type,
const void *_chunk_data, size_t _chunk_size, void *_key)
......@@ -403,46 +401,54 @@ int main(int argc, char ** argv)
// generate keys if necessary
// buf = name of private key file
int rc = -1;
cvstrncpy(buf, CERT_MAX_SIZE, _keyPath, "/", _profileName, EXT_VKEY, NULL);
switch (cert->toBeSigned.verifyKeyIndicator.present){
case VerificationKeyIndicator_PR_verificationKey:
switch (cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.present){
case PublicVerificationKey_PR_ecdsaNistP256:
fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaNistP256, ecies_nistp256, buf);
rc = fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaNistP256, ecies_nistp256, buf);
break;
case PublicVerificationKey_PR_ecdsaBrainpoolP256r1:
fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP256r1, ecies_brainpoolp256r, buf);
rc = fill_curve_point_eccP256(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP256r1, ecies_brainpoolp256r, buf);
break;
case PublicVerificationKey_PR_ecdsaBrainpoolP384r1:
fill_curve_point_eccP384(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP384r1, ecies_brainpoolp384r, buf);
rc = fill_curve_point_eccP384(&cert->toBeSigned.verifyKeyIndicator.choice.verificationKey.choice.ecdsaBrainpoolP384r1, ecies_brainpoolp384r, buf);
break;
default:
fprintf(stderr, "Unknown verification key curve type\n");
return -1;
}
break;
case VerificationKeyIndicator_PR_reconstructionValue:
fprintf(stderr, "TODO: reconstruction value generation is unsupported yet\n");
return -1;
break;
case VerificationKeyIndicator_PR_NOTHING:
default:
fprintf(stderr, "Unknown verification key indicator type\n");
break;
}
if (rc < 0){
return -1;
}
if (cert->toBeSigned.encryptionKey){
rc = -1;
cvstrncpy(buf, CERT_MAX_SIZE, _keyPath, "/", _profileName, EXT_EKEY, NULL);
switch (cert->toBeSigned.encryptionKey->publicKey.present){
case BasePublicEncryptionKey_PR_NOTHING:
cert->toBeSigned.encryptionKey->publicKey.present = BasePublicEncryptionKey_PR_eciesNistP256;
case BasePublicEncryptionKey_PR_eciesNistP256:
fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesNistP256, ecies_nistp256, buf);
rc = fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesNistP256, ecies_nistp256, buf);
break;
case BasePublicEncryptionKey_PR_eciesBrainpoolP256r1:
fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesBrainpoolP256r1, ecies_brainpoolp256r, buf);
rc = fill_curve_point_eccP256(&cert->toBeSigned.encryptionKey->publicKey.choice.eciesBrainpoolP256r1, ecies_brainpoolp256r, buf);
break;
default:
fprintf(stderr, "Unknown encryption key curve type\n");
break;
}
if (rc < 0){
return -1;
}
}
cvstrncpy(buf, CERT_MAX_SIZE, _outPath, "/", _profileName, EXT_CERT, NULL);
......@@ -483,17 +489,18 @@ static int is_CurvePoint_empty(EccP256CurvePoint_t* point)
}
return 1;
}
static void fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
static int fill_curve_point_eccP256(EccP256CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
{
fill_curve_point_eccP384((EccP384CurvePoint_t*)point, curveType, keyPath);
return fill_curve_point_eccP384((EccP384CurvePoint_t*)point, curveType, keyPath);
}
static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
static int fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id curveType, char * keyPath)
{
void * key = NULL;
char x[48], y[48];
int compressed_y;
int fsize;
int rc = -1;
char * e_pub = keyPath + strlen(keyPath);
if(!_force){
// check for public key
......@@ -509,6 +516,10 @@ static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id cu
if (key == NULL){
key = ecc_key_private_load(keyPath, curveType);
if (key == NULL){
if (_no_gen){
fprintf(stderr, "ERROR: Key %s or %s%s not found\n", keyPath, keyPath, EXT_PUB);
return rc;
}
if (_debug){
fprintf(stderr, "DEBUG: generate key %s\n", keyPath);
}
......@@ -538,6 +549,8 @@ static void fill_curve_point_eccP384(EccP384CurvePoint_t* point, ecc_curve_id cu
*_bin2hex(hex, sizeof(hex), y, fsize) = 0;
fprintf(stderr, "DEBUG: %s_pub.y=%s\n", keyPath, hex);
}
rc = 0;
}
ecc_key_free(key);
return rc;
}
......@@ -613,8 +613,9 @@ static const char* valnames[] = {
"num", /* COPT_USHORT */
"chr", /* COPT_CHAR */
"str", /* COPT_STR */
"addr",/* COPT_HOST */
"str", /* COPT_STRLIST*/
"addr",/* COPT_HOST */
"path",/* COPT_PATH */
"str", /* COPT_STRLIST*/
"str", /* COPT_STRENUM*/
"file",/* COPT_CFGFILE*/
NULL, /* COPT_HELP */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment