static AJ_Status AuthListenerCallback(uint32_t authmechanism, uint32_t command, AJ_Credential*cred) { AJ_Status status = AJ_ERR_INVALID; uint8_t* b8; size_t b8len; char* b64; size_t b64len; AJ_AlwaysPrintf(("AuthListenerCallback authmechanism %d command %d\n", authmechanism, command)); switch (authmechanism) { case AUTH_SUITE_ECDHE_NULL: cred->expiration = keyexpiration; status = AJ_OK; break; case AUTH_SUITE_ECDHE_PSK: switch (command) { case AJ_CRED_PUB_KEY: break; // Don't use username - use anon cred->mask = AJ_CRED_PUB_KEY; cred->data = (uint8_t*) psk_hint; cred->len = strlen(psk_hint); status = AJ_OK; break; case AJ_CRED_PRV_KEY: if (AJ_CRED_PUB_KEY == cred->mask) { AJ_AlwaysPrintf(("Request Credentials for PSK ID: %s\n", cred->data)); } cred->mask = AJ_CRED_PRV_KEY; cred->data = (uint8_t*) psk_char; cred->len = strlen(psk_char); cred->expiration = keyexpiration; status = AJ_OK; break; } break; case AUTH_SUITE_ECDHE_ECDSA: switch (command) { case AJ_CRED_PUB_KEY: b8len = 3 * strlen(ecc_pub_b64) / 4; b8 = (uint8_t*) AJ_Malloc(b8len); AJ_ASSERT(b8); status = AJ_B64ToRaw(ecc_pub_b64, strlen(ecc_pub_b64), b8, b8len); AJ_ASSERT(AJ_OK == status); status = AJ_BigEndianDecodePublicKey(&ecc_pub, b8); AJ_ASSERT(AJ_OK == status); cred->mask = AJ_CRED_PUB_KEY; cred->data = (uint8_t*) &ecc_pub; cred->len = sizeof (ecc_pub); cred->expiration = keyexpiration; AJ_Free(b8); break; case AJ_CRED_PRV_KEY: b8len = 3 * strlen(ecc_prv_b64) / 4; b8 = (uint8_t*) AJ_Malloc(b8len); AJ_ASSERT(b8); status = AJ_B64ToRaw(ecc_prv_b64, strlen(ecc_prv_b64), b8, b8len); AJ_ASSERT(AJ_OK == status); status = AJ_BigEndianDecodePrivateKey(&ecc_prv, b8); AJ_ASSERT(AJ_OK == status); cred->mask = AJ_CRED_PRV_KEY; cred->data = (uint8_t*) &ecc_prv; cred->len = sizeof (ecc_prv); cred->expiration = keyexpiration; AJ_Free(b8); break; case AJ_CRED_CERT_CHAIN: b8len = sizeof (AJ_Certificate); b8 = (uint8_t*) AJ_Malloc(b8len); AJ_ASSERT(b8); status = AJ_B64ToRaw(owner_cert1_b64, strlen(owner_cert1_b64), b8, b8len); AJ_ASSERT(AJ_OK == status); status = AJ_BigEndianDecodeCertificate(&root_cert, b8, b8len); AJ_ASSERT(AJ_OK == status); cred->mask = AJ_CRED_CERT_CHAIN; cred->data = (uint8_t*) &root_cert; cred->len = sizeof (root_cert); AJ_Free(b8); break; case AJ_CRED_CERT_TRUST: b64len = 4 * ((cred->len + 2) / 3) + 1; b64 = (char*) AJ_Malloc(b64len); AJ_ASSERT(b64); status = AJ_RawToB64(cred->data, cred->len, b64, b64len); AJ_ASSERT(AJ_OK == status); status = IsTrustedIssuer(b64); AJ_AlwaysPrintf(("TRUST: %s %d\n", b64, status)); AJ_Free(b64); break; case AJ_CRED_CERT_ROOT: b64len = 4 * ((cred->len + 2) / 3) + 1; b64 = (char*) AJ_Malloc(b64len); AJ_ASSERT(b64); status = AJ_RawToB64(cred->data, cred->len, b64, b64len); AJ_ASSERT(AJ_OK == status); AJ_AlwaysPrintf(("ROOT: %s\n", b64)); status = AJ_OK; AJ_Free(b64); break; } break; default: break; } return status; }
int AJ_Main_certificate(int ac, char** av) { AJ_Status status = AJ_OK; size_t num = 2; size_t i; uint8_t* b8; char* pem; size_t pemlen; ecc_privatekey root_prvkey; ecc_publickey root_pubkey; uint8_t* manifest; size_t manifestlen; uint8_t digest[SHA256_DIGEST_LENGTH]; ecc_privatekey peer_prvkey; ecc_publickey peer_pubkey; AJ_Certificate* cert; AJ_GUID guild; /* * Create an owner key pair */ AJ_GenerateDSAKeyPair(&root_pubkey, &root_prvkey); b8 = (uint8_t*) AJ_Malloc(sizeof (ecc_publickey)); AJ_ASSERT(b8); status = AJ_BigEndianEncodePublicKey(&root_pubkey, b8); AJ_ASSERT(AJ_OK == status); pemlen = 4 * ((sizeof (ecc_publickey) + 2) / 3) + 1; pem = (char*) AJ_Malloc(pemlen); status = AJ_RawToB64(b8, sizeof (ecc_publickey), pem, pemlen); AJ_ASSERT(AJ_OK == status); AJ_Printf("Owner Public Key\n"); AJ_Printf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n", pem); AJ_Free(b8); AJ_Free(pem); CreateManifest(&manifest, &manifestlen); ManifestDigest(manifest, &manifestlen, digest); AJ_RandBytes((uint8_t*) &guild, sizeof (AJ_GUID)); for (i = 0; i < num; i++) { AJ_GenerateDSAKeyPair(&peer_pubkey, &peer_prvkey); b8 = (uint8_t*) AJ_Malloc(sizeof (ecc_publickey)); AJ_ASSERT(b8); status = AJ_BigEndianEncodePublicKey(&peer_pubkey, b8); AJ_ASSERT(AJ_OK == status); pemlen = 4 * ((sizeof (ecc_publickey) + 2) / 3) + 1; pem = (char*) AJ_Malloc(pemlen); status = AJ_RawToB64(b8, sizeof (ecc_publickey), pem, pemlen); AJ_ASSERT(AJ_OK == status); AJ_Printf("Peer Public Key\n"); AJ_Printf("-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n", pem); AJ_Free(b8); AJ_Free(pem); b8 = (uint8_t*) AJ_Malloc(sizeof (ecc_privatekey)); AJ_ASSERT(b8); status = AJ_BigEndianEncodePrivateKey(&peer_prvkey, b8); AJ_ASSERT(AJ_OK == status); pemlen = 4 * ((sizeof (ecc_privatekey) + 2) / 3) + 1; pem = (char*) AJ_Malloc(pemlen); status = AJ_RawToB64(b8, sizeof (ecc_privatekey), pem, pemlen); AJ_ASSERT(AJ_OK == status); AJ_Printf("Peer Private Key\n"); AJ_Printf("-----BEGIN PRIVATE KEY-----\n%s\n-----END PRIVATE KEY-----\n", pem); AJ_Free(b8); AJ_Free(pem); cert = (AJ_Certificate*) AJ_Malloc(sizeof (AJ_Certificate)); AJ_ASSERT(cert); status = AJ_CreateCertificate(cert, 0, &peer_pubkey, NULL, NULL, digest, 0); AJ_ASSERT(AJ_OK == status); status = AJ_SignCertificate(cert, &peer_prvkey); AJ_ASSERT(AJ_OK == status); status = AJ_VerifyCertificate(cert); AJ_ASSERT(AJ_OK == status); b8 = (uint8_t*) AJ_Malloc(sizeof (AJ_Certificate)); AJ_ASSERT(b8); status = AJ_BigEndianEncodeCertificate(cert, b8, sizeof (AJ_Certificate)); AJ_ASSERT(AJ_OK == status); pemlen = 4 * ((sizeof (AJ_Certificate) + 2) / 3) + 1; pem = (char*) AJ_Malloc(pemlen); status = AJ_RawToB64(b8, cert->size, pem, pemlen); AJ_ASSERT(AJ_OK == status); AJ_Printf("Peer Certificate (Type 0)\n"); AJ_Printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", pem); status = AJ_CreateCertificate(cert, 1, &root_pubkey, &peer_pubkey, NULL, digest, 0); AJ_ASSERT(AJ_OK == status); status = AJ_SignCertificate(cert, &root_prvkey); AJ_ASSERT(AJ_OK == status); status = AJ_VerifyCertificate(cert); AJ_ASSERT(AJ_OK == status); status = AJ_BigEndianEncodeCertificate(cert, b8, sizeof (AJ_Certificate)); AJ_ASSERT(AJ_OK == status); status = AJ_RawToB64(b8, cert->size, pem, pemlen); AJ_ASSERT(AJ_OK == status); AJ_Printf("Root Certificate (Type 1)\n"); AJ_Printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", pem); status = AJ_CreateCertificate(cert, 2, &root_pubkey, &peer_pubkey, &guild, digest, 0); AJ_ASSERT(AJ_OK == status); status = AJ_SignCertificate(cert, &root_prvkey); AJ_ASSERT(AJ_OK == status); status = AJ_VerifyCertificate(cert); AJ_ASSERT(AJ_OK == status); status = AJ_BigEndianEncodeCertificate(cert, b8, sizeof (AJ_Certificate)); AJ_ASSERT(AJ_OK == status); status = AJ_RawToB64(b8, cert->size, pem, pemlen); AJ_ASSERT(AJ_OK == status); AJ_Printf("Root Certificate (Type 2)\n"); AJ_Printf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", pem); AJ_Free(cert); AJ_Free(b8); AJ_Free(pem); } AJ_Free(manifest); return 0; }