static AJ_Status AuthListenerCallback(uint32_t authmechanism, uint32_t command, AJ_Credential*cred)
{
AJ_Status status = AJ_ERR_INVALID;
uint8_t* b8;
size_t b8len;
char* b64;
size_t b64len;
AJ_AlwaysPrintf(("AuthListenerCallback authmechanism %d command %d\n", authmechanism, command));
switch (authmechanism) {
case AUTH_SUITE_ECDHE_NULL:
cred->expiration = keyexpiration;
status = AJ_OK;
break;
case AUTH_SUITE_ECDHE_PSK:
switch (command) {
case AJ_CRED_PUB_KEY:
break; // Don't use username - use anon
cred->mask = AJ_CRED_PUB_KEY;
cred->data = (uint8_t*) psk_hint;
cred->len = strlen(psk_hint);
status = AJ_OK;
break;
case AJ_CRED_PRV_KEY:
if (AJ_CRED_PUB_KEY == cred->mask) {
AJ_AlwaysPrintf(("Request Credentials for PSK ID: %s\n", cred->data));
}
cred->mask = AJ_CRED_PRV_KEY;
cred->data = (uint8_t*) psk_char;
cred->len = strlen(psk_char);
cred->expiration = keyexpiration;
status = AJ_OK;
break;
}
break;
case AUTH_SUITE_ECDHE_ECDSA:
switch (command) {
case AJ_CRED_PUB_KEY:
b8len = 3 * strlen(ecc_pub_b64) / 4;
b8 = (uint8_t*) AJ_Malloc(b8len);
AJ_ASSERT(b8);
status = AJ_B64ToRaw(ecc_pub_b64, strlen(ecc_pub_b64), b8, b8len);
AJ_ASSERT(AJ_OK == status);
status = AJ_BigEndianDecodePublicKey(&ecc_pub, b8);
AJ_ASSERT(AJ_OK == status);
cred->mask = AJ_CRED_PUB_KEY;
cred->data = (uint8_t*) &ecc_pub;
cred->len = sizeof (ecc_pub);
cred->expiration = keyexpiration;
AJ_Free(b8);
break;
case AJ_CRED_PRV_KEY:
b8len = 3 * strlen(ecc_prv_b64) / 4;
b8 = (uint8_t*) AJ_Malloc(b8len);
AJ_ASSERT(b8);
status = AJ_B64ToRaw(ecc_prv_b64, strlen(ecc_prv_b64), b8, b8len);
AJ_ASSERT(AJ_OK == status);
status = AJ_BigEndianDecodePrivateKey(&ecc_prv, b8);
AJ_ASSERT(AJ_OK == status);
cred->mask = AJ_CRED_PRV_KEY;
cred->data = (uint8_t*) &ecc_prv;
cred->len = sizeof (ecc_prv);
cred->expiration = keyexpiration;
AJ_Free(b8);
break;
case AJ_CRED_CERT_CHAIN:
b8len = sizeof (AJ_Certificate);
b8 = (uint8_t*) AJ_Malloc(b8len);
AJ_ASSERT(b8);
status = AJ_B64ToRaw(owner_cert1_b64, strlen(owner_cert1_b64), b8, b8len);
AJ_ASSERT(AJ_OK == status);
status = AJ_BigEndianDecodeCertificate(&root_cert, b8, b8len);
AJ_ASSERT(AJ_OK == status);
cred->mask = AJ_CRED_CERT_CHAIN;
cred->data = (uint8_t*) &root_cert;
cred->len = sizeof (root_cert);
AJ_Free(b8);
break;
case AJ_CRED_CERT_TRUST:
b64len = 4 * ((cred->len + 2) / 3) + 1;
b64 = (char*) AJ_Malloc(b64len);
AJ_ASSERT(b64);
status = AJ_RawToB64(cred->data, cred->len, b64, b64len);
AJ_ASSERT(AJ_OK == status);
status = IsTrustedIssuer(b64);
AJ_AlwaysPrintf(("TRUST: %s %d\n", b64, status));
AJ_Free(b64);
break;
case AJ_CRED_CERT_ROOT:
b64len = 4 * ((cred->len + 2) / 3) + 1;
b64 = (char*) AJ_Malloc(b64len);
AJ_ASSERT(b64);
status = AJ_RawToB64(cred->data, cred->len, b64, b64len);
AJ_ASSERT(AJ_OK == status);
AJ_AlwaysPrintf(("ROOT: %s\n", b64));
status = AJ_OK;
AJ_Free(b64);
break;
}
break;
default:
break;
}
return status;
}
int AJ_Main_certificate(int ac, char** av)
{
AJ_Status status = AJ_OK;
size_t num = 2;
size_t i;
uint8_t* b8;
char* pem;
size_t pemlen;
ecc_privatekey root_prvkey;
ecc_publickey root_pubkey;
uint8_t* manifest;
size_t manifestlen;
uint8_t digest[SHA256_DIGEST_LENGTH];
ecc_privatekey peer_prvkey;
ecc_publickey peer_pubkey;
AJ_Certificate* cert;
AJ_GUID guild;
/*
* Create an owner key pair
*/
AJ_GenerateDSAKeyPair(&root_pubkey, &root_prvkey);
b8 = (uint8_t*) AJ_Malloc(sizeof (ecc_publickey));
AJ_ASSERT(b8);
status = AJ_BigEndianEncodePublicKey(&root_pubkey, b8);
AJ_ASSERT(AJ_OK == status);
pemlen = 4 * ((sizeof (ecc_publickey) + 2) / 3) + 1;
pem = (char*) AJ_Malloc(pemlen);
status = AJ_RawToB64(b8, sizeof (ecc_publickey), pem, pemlen);
AJ_ASSERT(AJ_OK == status);
AJ_Printf("Owner Public Key\n");
AJ_Printf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n", pem);
AJ_Free(b8);
AJ_Free(pem);
CreateManifest(&manifest, &manifestlen);
ManifestDigest(manifest, &manifestlen, digest);
AJ_RandBytes((uint8_t*) &guild, sizeof (AJ_GUID));
for (i = 0; i < num; i++) {
AJ_GenerateDSAKeyPair(&peer_pubkey, &peer_prvkey);
b8 = (uint8_t*) AJ_Malloc(sizeof (ecc_publickey));
AJ_ASSERT(b8);
status = AJ_BigEndianEncodePublicKey(&peer_pubkey, b8);
AJ_ASSERT(AJ_OK == status);
pemlen = 4 * ((sizeof (ecc_publickey) + 2) / 3) + 1;
pem = (char*) AJ_Malloc(pemlen);
status = AJ_RawToB64(b8, sizeof (ecc_publickey), pem, pemlen);
AJ_ASSERT(AJ_OK == status);
AJ_Printf("Peer Public Key\n");
AJ_Printf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n", pem);
AJ_Free(b8);
AJ_Free(pem);
b8 = (uint8_t*) AJ_Malloc(sizeof (ecc_privatekey));
AJ_ASSERT(b8);
status = AJ_BigEndianEncodePrivateKey(&peer_prvkey, b8);
AJ_ASSERT(AJ_OK == status);
pemlen = 4 * ((sizeof (ecc_privatekey) + 2) / 3) + 1;
pem = (char*) AJ_Malloc(pemlen);
status = AJ_RawToB64(b8, sizeof (ecc_privatekey), pem, pemlen);
AJ_ASSERT(AJ_OK == status);
AJ_Printf("Peer Private Key\n");
AJ_Printf("-----BEGIN PRIVATE KEY-----\n%s\n-----END PRIVATE KEY-----\n", pem);
AJ_Free(b8);
AJ_Free(pem);
cert = (AJ_Certificate*) AJ_Malloc(sizeof (AJ_Certificate));
AJ_ASSERT(cert);
status = AJ_CreateCertificate(cert, 0, &peer_pubkey, NULL, NULL, digest, 0);
AJ_ASSERT(AJ_OK == status);
status = AJ_SignCertificate(cert, &peer_prvkey);
AJ_ASSERT(AJ_OK == status);
status = AJ_VerifyCertificate(cert);
AJ_ASSERT(AJ_OK == status);
b8 = (uint8_t*) AJ_Malloc(sizeof (AJ_Certificate));
AJ_ASSERT(b8);
status = AJ_BigEndianEncodeCertificate(cert, b8, sizeof (AJ_Certificate));
AJ_ASSERT(AJ_OK == status);
pemlen = 4 * ((sizeof (AJ_Certificate) + 2) / 3) + 1;
pem = (char*) AJ_Malloc(pemlen);
status = AJ_RawToB64(b8, cert->size, pem, pemlen);
AJ_ASSERT(AJ_OK == status);
AJ_Printf("Peer Certificate (Type 0)\n");
AJ_Printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", pem);
status = AJ_CreateCertificate(cert, 1, &root_pubkey, &peer_pubkey, NULL, digest, 0);
AJ_ASSERT(AJ_OK == status);
status = AJ_SignCertificate(cert, &root_prvkey);
AJ_ASSERT(AJ_OK == status);
status = AJ_VerifyCertificate(cert);
AJ_ASSERT(AJ_OK == status);
status = AJ_BigEndianEncodeCertificate(cert, b8, sizeof (AJ_Certificate));
AJ_ASSERT(AJ_OK == status);
status = AJ_RawToB64(b8, cert->size, pem, pemlen);
AJ_ASSERT(AJ_OK == status);
AJ_Printf("Root Certificate (Type 1)\n");
AJ_Printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", pem);
status = AJ_CreateCertificate(cert, 2, &root_pubkey, &peer_pubkey, &guild, digest, 0);
AJ_ASSERT(AJ_OK == status);
status = AJ_SignCertificate(cert, &root_prvkey);
AJ_ASSERT(AJ_OK == status);
status = AJ_VerifyCertificate(cert);
AJ_ASSERT(AJ_OK == status);
status = AJ_BigEndianEncodeCertificate(cert, b8, sizeof (AJ_Certificate));
AJ_ASSERT(AJ_OK == status);
status = AJ_RawToB64(b8, cert->size, pem, pemlen);
AJ_ASSERT(AJ_OK == status);
AJ_Printf("Root Certificate (Type 2)\n");
AJ_Printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", pem);
AJ_Free(cert);
AJ_Free(b8);
AJ_Free(pem);
}
AJ_Free(manifest);
return 0;
}
