Improve programs/cert_write with a way to set the signature digest
This is useful for generating SHA-1 and MD5 certificates for test purposes. I guess RSA-PSS could be added too, but I don't need that now. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
8e5bdfbbcf
commit
99a96b1c22
1 changed files with 17 additions and 0 deletions
|
@ -85,6 +85,7 @@ int main( void )
|
||||||
#define DFL_SELFSIGN 0
|
#define DFL_SELFSIGN 0
|
||||||
#define DFL_IS_CA 0
|
#define DFL_IS_CA 0
|
||||||
#define DFL_MAX_PATHLEN -1
|
#define DFL_MAX_PATHLEN -1
|
||||||
|
#define DFL_SIG_ALG MBEDTLS_MD_SHA256
|
||||||
#define DFL_KEY_USAGE 0
|
#define DFL_KEY_USAGE 0
|
||||||
#define DFL_EXT_KEY_USAGE 0
|
#define DFL_EXT_KEY_USAGE 0
|
||||||
#define DFL_NS_CERT_TYPE 0
|
#define DFL_NS_CERT_TYPE 0
|
||||||
|
@ -134,6 +135,7 @@ int main( void )
|
||||||
" basic_constraints=%%d default: 1\n" \
|
" basic_constraints=%%d default: 1\n" \
|
||||||
" Possible values: 0, 1\n" \
|
" Possible values: 0, 1\n" \
|
||||||
" (Considered for v3 only)\n"\
|
" (Considered for v3 only)\n"\
|
||||||
|
" sig_alg=%%s default: SHA-256\n" \
|
||||||
" key_usage=%%s default: (empty)\n" \
|
" key_usage=%%s default: (empty)\n" \
|
||||||
" Comma-separated-list of values:\n" \
|
" Comma-separated-list of values:\n" \
|
||||||
" digital_signature\n" \
|
" digital_signature\n" \
|
||||||
|
@ -189,6 +191,7 @@ struct options
|
||||||
int basic_constraints; /* add basic constraints ext to CRT */
|
int basic_constraints; /* add basic constraints ext to CRT */
|
||||||
int version; /* CRT version */
|
int version; /* CRT version */
|
||||||
mbedtls_md_type_t md; /* Hash used for signing */
|
mbedtls_md_type_t md; /* Hash used for signing */
|
||||||
|
mbedtls_md_type_t sig_alg; /* MD to use generating signature */
|
||||||
unsigned char key_usage; /* key usage flags */
|
unsigned char key_usage; /* key usage flags */
|
||||||
mbedtls_asn1_sequence *ext_key_usage; /* extended key usages */
|
mbedtls_asn1_sequence *ext_key_usage; /* extended key usages */
|
||||||
unsigned char ns_cert_type; /* NS cert type */
|
unsigned char ns_cert_type; /* NS cert type */
|
||||||
|
@ -284,6 +287,7 @@ int main( int argc, char *argv[] )
|
||||||
opt.selfsign = DFL_SELFSIGN;
|
opt.selfsign = DFL_SELFSIGN;
|
||||||
opt.is_ca = DFL_IS_CA;
|
opt.is_ca = DFL_IS_CA;
|
||||||
opt.max_pathlen = DFL_MAX_PATHLEN;
|
opt.max_pathlen = DFL_MAX_PATHLEN;
|
||||||
|
opt.sig_alg = DFL_SIG_ALG;
|
||||||
opt.key_usage = DFL_KEY_USAGE;
|
opt.key_usage = DFL_KEY_USAGE;
|
||||||
opt.ext_key_usage = DFL_EXT_KEY_USAGE;
|
opt.ext_key_usage = DFL_EXT_KEY_USAGE;
|
||||||
opt.ns_cert_type = DFL_NS_CERT_TYPE;
|
opt.ns_cert_type = DFL_NS_CERT_TYPE;
|
||||||
|
@ -413,6 +417,17 @@ int main( int argc, char *argv[] )
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "sig_alg") == 0 )
|
||||||
|
{
|
||||||
|
if( strcmp( q, "SHA-1" ) == 0 )
|
||||||
|
opt.sig_alg = MBEDTLS_MD_SHA1;
|
||||||
|
else if( strcmp( q, "SHA-256" ) == 0 )
|
||||||
|
opt.sig_alg = MBEDTLS_MD_SHA256;
|
||||||
|
else if( strcmp( q, "MD5" ) == 0 )
|
||||||
|
opt.sig_alg = MBEDTLS_MD_MD5;
|
||||||
|
else
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
else if( strcmp( p, "key_usage" ) == 0 )
|
else if( strcmp( p, "key_usage" ) == 0 )
|
||||||
{
|
{
|
||||||
while( q != NULL )
|
while( q != NULL )
|
||||||
|
@ -732,6 +747,8 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_x509write_crt_set_md_alg( &crt, opt.sig_alg );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
||||||
opt.subject_identifier != 0 )
|
opt.subject_identifier != 0 )
|
||||||
|
|
Loading…
Reference in a new issue