2
0

px5g.c 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274
  1. /*
  2. * px5g - Embedded x509 key and certificate generator based on PolarSSL
  3. *
  4. * Copyright (C) 2009 Steven Barth <steven@midlink.org>
  5. * Copyright (C) 2014 Felix Fietkau <nbd@nbd.name>
  6. *
  7. * This library is free software; you can redistribute it and/or
  8. * modify it under the terms of the GNU Lesser General Public
  9. * License, version 2.1 as published by the Free Software Foundation.
  10. *
  11. * This library is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14. * Lesser General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU Lesser General Public
  17. * License along with this library; if not, write to the Free Software
  18. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  19. * MA 02110-1301 USA
  20. */
  21. #include <sys/types.h>
  22. #include <stdio.h>
  23. #include <stdlib.h>
  24. #include <string.h>
  25. #include <time.h>
  26. #include <limits.h>
  27. #include <unistd.h>
  28. #include <fcntl.h>
  29. #include <stdbool.h>
  30. #include <mbedtls/bignum.h>
  31. #include <mbedtls/x509_crt.h>
  32. #include <mbedtls/rsa.h>
  33. #include <mbedtls/pk.h>
  34. #define PX5G_VERSION "0.2"
  35. #define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>"
  36. #define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1"
  37. static int urandom_fd;
  38. static char buf[16384];
  39. static int _urandom(void *ctx, unsigned char *out, size_t len)
  40. {
  41. read(urandom_fd, out, len);
  42. return 0;
  43. }
  44. static void write_file(const char *path, int len, bool pem)
  45. {
  46. FILE *f = stdout;
  47. const char *buf_start = buf;
  48. if (!pem)
  49. buf_start += sizeof(buf) - len;
  50. if (!len) {
  51. fprintf(stderr, "No data to write\n");
  52. exit(1);
  53. }
  54. if (!f) {
  55. fprintf(stderr, "error: I/O error\n");
  56. exit(1);
  57. }
  58. if (path)
  59. f = fopen(path, "w");
  60. fwrite(buf_start, 1, len, f);
  61. fclose(f);
  62. }
  63. static void write_key(mbedtls_pk_context *key, const char *path, bool pem)
  64. {
  65. int len = 0;
  66. if (pem) {
  67. if (mbedtls_pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0)
  68. len = strlen(buf);
  69. } else {
  70. len = mbedtls_pk_write_key_der(key, (void *) buf, sizeof(buf));
  71. if (len < 0)
  72. len = 0;
  73. }
  74. write_file(path, len, pem);
  75. }
  76. static void gen_key(mbedtls_pk_context *key, int ksize, int exp, bool pem)
  77. {
  78. mbedtls_pk_init(key);
  79. fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
  80. mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
  81. if (mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) {
  82. fprintf(stderr, "error: key generation failed\n");
  83. exit(1);
  84. }
  85. }
  86. int rsakey(char **arg)
  87. {
  88. mbedtls_pk_context key;
  89. unsigned int ksize = 512;
  90. int exp = 65537;
  91. char *path = NULL;
  92. bool pem = true;
  93. while (*arg && **arg == '-') {
  94. if (!strcmp(*arg, "-out") && arg[1]) {
  95. path = arg[1];
  96. arg++;
  97. } else if (!strcmp(*arg, "-3")) {
  98. exp = 3;
  99. } else if (!strcmp(*arg, "-der")) {
  100. pem = false;
  101. }
  102. arg++;
  103. }
  104. if (*arg)
  105. ksize = (unsigned int)atoi(*arg);
  106. gen_key(&key, ksize, exp, pem);
  107. write_key(&key, path, pem);
  108. mbedtls_pk_free(&key);
  109. return 0;
  110. }
  111. int selfsigned(char **arg)
  112. {
  113. mbedtls_pk_context key;
  114. mbedtls_x509write_cert cert;
  115. mbedtls_mpi serial;
  116. char *subject = "";
  117. unsigned int ksize = 512;
  118. int exp = 65537;
  119. unsigned int days = 30;
  120. char *keypath = NULL, *certpath = NULL;
  121. bool pem = true;
  122. time_t from = time(NULL), to;
  123. char fstr[20], tstr[20], sstr[17];
  124. int len;
  125. while (*arg && **arg == '-') {
  126. if (!strcmp(*arg, "-der")) {
  127. pem = false;
  128. } else if (!strcmp(*arg, "-newkey") && arg[1]) {
  129. if (strncmp(arg[1], "rsa:", 4)) {
  130. fprintf(stderr, "error: invalid algorithm");
  131. return 1;
  132. }
  133. ksize = (unsigned int)atoi(arg[1] + 4);
  134. arg++;
  135. } else if (!strcmp(*arg, "-days") && arg[1]) {
  136. days = (unsigned int)atoi(arg[1]);
  137. arg++;
  138. } else if (!strcmp(*arg, "-keyout") && arg[1]) {
  139. keypath = arg[1];
  140. arg++;
  141. } else if (!strcmp(*arg, "-out") && arg[1]) {
  142. certpath = arg[1];
  143. arg++;
  144. } else if (!strcmp(*arg, "-subj") && arg[1]) {
  145. if (arg[1][0] != '/' || strchr(arg[1], ';')) {
  146. fprintf(stderr, "error: invalid subject");
  147. return 1;
  148. }
  149. subject = calloc(strlen(arg[1]) + 1, 1);
  150. char *oldc = arg[1] + 1, *newc = subject, *delim;
  151. do {
  152. delim = strchr(oldc, '=');
  153. if (!delim) {
  154. fprintf(stderr, "error: invalid subject");
  155. return 1;
  156. }
  157. memcpy(newc, oldc, delim - oldc + 1);
  158. newc += delim - oldc + 1;
  159. oldc = delim + 1;
  160. delim = strchr(oldc, '/');
  161. if (!delim) {
  162. delim = arg[1] + strlen(arg[1]);
  163. }
  164. memcpy(newc, oldc, delim - oldc);
  165. newc += delim - oldc;
  166. *newc++ = ',';
  167. oldc = delim + 1;
  168. } while(*delim);
  169. arg++;
  170. }
  171. arg++;
  172. }
  173. gen_key(&key, ksize, exp, pem);
  174. if (keypath)
  175. write_key(&key, keypath, pem);
  176. from = (from < 1000000000) ? 1000000000 : from;
  177. strftime(fstr, sizeof(fstr), "%Y%m%d%H%M%S", gmtime(&from));
  178. to = from + 60 * 60 * 24 * days;
  179. if (to < from)
  180. to = INT_MAX;
  181. strftime(tstr, sizeof(tstr), "%Y%m%d%H%M%S", gmtime(&to));
  182. fprintf(stderr, "Generating selfsigned certificate with subject '%s'"
  183. " and validity %s-%s\n", subject, fstr, tstr);
  184. mbedtls_x509write_crt_init(&cert);
  185. mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA256);
  186. mbedtls_x509write_crt_set_issuer_key(&cert, &key);
  187. mbedtls_x509write_crt_set_subject_key(&cert, &key);
  188. mbedtls_x509write_crt_set_subject_name(&cert, subject);
  189. mbedtls_x509write_crt_set_issuer_name(&cert, subject);
  190. mbedtls_x509write_crt_set_validity(&cert, fstr, tstr);
  191. mbedtls_x509write_crt_set_basic_constraints(&cert, 0, -1);
  192. mbedtls_x509write_crt_set_subject_key_identifier(&cert);
  193. mbedtls_x509write_crt_set_authority_key_identifier(&cert);
  194. _urandom(NULL, buf, 8);
  195. for (len = 0; len < 8; len++)
  196. sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
  197. mbedtls_mpi_init(&serial);
  198. mbedtls_mpi_read_string(&serial, 16, sstr);
  199. mbedtls_x509write_crt_set_serial(&cert, &serial);
  200. if (pem) {
  201. if (mbedtls_x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0) {
  202. fprintf(stderr, "Failed to generate certificate\n");
  203. return 1;
  204. }
  205. len = strlen(buf);
  206. } else {
  207. len = mbedtls_x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL);
  208. if (len < 0) {
  209. fprintf(stderr, "Failed to generate certificate: %d\n", len);
  210. return 1;
  211. }
  212. }
  213. write_file(certpath, len, pem);
  214. mbedtls_x509write_crt_free(&cert);
  215. mbedtls_mpi_free(&serial);
  216. mbedtls_pk_free(&key);
  217. return 0;
  218. }
  219. int main(int argc, char *argv[])
  220. {
  221. urandom_fd = open("/dev/urandom", O_RDONLY);
  222. if (!argv[1]) {
  223. //Usage
  224. } else if (!strcmp(argv[1], "rsakey")) {
  225. return rsakey(argv+2);
  226. } else if (!strcmp(argv[1], "selfsigned")) {
  227. return selfsigned(argv+2);
  228. }
  229. fprintf(stderr,
  230. "PX5G X.509 Certificate Generator Utility v" PX5G_VERSION "\n" PX5G_COPY
  231. "\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n");
  232. fprintf(stderr, "Usage: %s [rsakey|selfsigned]\n", *argv);
  233. return 1;
  234. }