Skip to content

Commit 9ac4ba8

Browse files
zhwistzxm256
zhwist
and
zxm256
authored
增加证书生成的C语言demo (#1465)
* Add files via upload * Add files via upload * Add files via upload * Add files via upload * Delete cert_gen.sh * Delete cert_sign.sh --------- Co-authored-by: Simon <[email protected]>
1 parent f96d2f6 commit 9ac4ba8

File tree

2 files changed

+611
-0
lines changed

2 files changed

+611
-0
lines changed

demos/src/demo_cert_gen.c

+258
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,258 @@
1+
/*
2+
* Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the License); you may
5+
* not use this file except in compliance with the License.
6+
*
7+
* http://www.apache.org/licenses/LICENSE-2.0
8+
*/
9+
10+
#include <stdio.h>
11+
#include <errno.h>
12+
#include <string.h>
13+
#include <stdlib.h>
14+
#include <gmssl/mem.h>
15+
#include <gmssl/rand.h>
16+
#include <gmssl/pkcs8.h>
17+
#include <gmssl/error.h>
18+
#include <gmssl/hex.h>
19+
#include <gmssl/x509.h>
20+
#include <gmssl/x509_ext.h>
21+
22+
23+
24+
25+
static int ext_key_usage_set(int *usages, const char *usage_name)
26+
{
27+
int flag;
28+
if (x509_key_usage_from_name(&flag, usage_name) != 1) {
29+
error_print();
30+
return -1;
31+
}
32+
*usages |= flag;
33+
return 1;
34+
}
35+
36+
int main(int argc, char *argv[])
37+
{
38+
int ret = 1;
39+
char *prog = argv[0];
40+
char *str;
41+
42+
// SerialNumber
43+
uint8_t serial[20];
44+
int serial_len = 12;
45+
46+
// Issuer, Subject
47+
uint8_t name[256];
48+
size_t namelen;
49+
char *country = "CN";
50+
char *state = "Beijing";
51+
char *locality = "Haidian";
52+
char *org = "PKU";
53+
char *org_unit = "CS";
54+
char *common_name = "ROOTCA";
55+
56+
// Validity
57+
int days = 3650;
58+
time_t not_before;
59+
time_t not_after;
60+
61+
// Private Key
62+
char *keyfile="rootcakey.pem"; //可由/demos/scripts/cert_gen.sh生成
63+
FILE *keyfp = NULL;
64+
char *pass = "1234";
65+
SM2_KEY sm2_key;
66+
char signer_id[SM2_MAX_ID_LENGTH + 1] = {0};
67+
size_t signer_id_len = 0;
68+
69+
uint8_t *cert = NULL;
70+
size_t certlen = 0;
71+
FILE *outfp = stdout;
72+
char *outfile = "rootcacert.pem";
73+
uint8_t *p;
74+
75+
// Extensions
76+
uint8_t exts[4096];
77+
size_t extslen = 0;
78+
79+
// AuthorityKeyIdentifier
80+
int gen_authority_key_id = 0;
81+
82+
// SubjectKeyIdentifier
83+
int gen_subject_key_id = 0;
84+
85+
// KeyUsage
86+
int key_usage = 0;
87+
char *keyusage1="keyCertSign";
88+
char *keyusage2="cRLSign";
89+
90+
// SubjectAltName
91+
uint8_t subject_alt_name[2048];
92+
size_t subject_alt_name_len = 0;
93+
94+
// IssuerAltName
95+
uint8_t issuer_alt_name[512];
96+
size_t issuer_alt_name_len = 0;
97+
98+
// BasicConstraints
99+
int ca = 1;
100+
int path_len_constraint = 6;
101+
102+
// ExtKeyUsageSyntax
103+
int ext_key_usages[12];
104+
size_t ext_key_usages_cnt = 0;
105+
106+
// CRLDistributionPoints
107+
char *crl_http_uri = "http://pku.edu.cn/ca.crl";
108+
char *crl_ldap_uri = NULL;
109+
110+
// InhibitAnyPolicy
111+
int inhibit_any_policy = -1;
112+
113+
// FreshestCRL
114+
char *ca_issuers_uri = "http://pku.edu.cn/ca.crt";
115+
char *ocsp_uri = "http://ocsp.pku.edu.cn";
116+
117+
118+
if (!(keyfp = fopen(keyfile, "rb"))) {
119+
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, keyfile, strerror(errno));
120+
goto end;
121+
}
122+
123+
124+
if (ext_key_usage_set(&key_usage, keyusage1) != 1) {
125+
fprintf(stderr, "%s: invalid `-key_usage` value '%s'\n", prog, keyusage1);
126+
goto end;
127+
}
128+
129+
if (ext_key_usage_set(&key_usage, keyusage2) != 1) {
130+
fprintf(stderr, "%s: invalid `-key_usage` value '%s'\n", prog, keyusage2);
131+
goto end;
132+
}
133+
134+
135+
if (!(outfp = fopen(outfile, "wb"))) {
136+
fprintf(stderr, "%s: open '%s' failure : %s\n", prog, outfile, strerror(errno));
137+
goto end;
138+
}
139+
140+
if (!signer_id_len) {
141+
strcpy(signer_id, SM2_DEFAULT_ID);
142+
signer_id_len = strlen(SM2_DEFAULT_ID);
143+
}
144+
145+
146+
147+
if (sm2_private_key_info_decrypt_from_pem(&sm2_key, pass, keyfp) != 1) {
148+
fprintf(stderr, "%s: load private key failed\n", prog);
149+
goto end;
150+
}
151+
152+
153+
154+
155+
// Issuer, Subject
156+
if (x509_name_set(name, &namelen, sizeof(name), country, state, locality, org, org_unit, common_name) != 1) {
157+
fprintf(stderr, "%s: set Issuer/Subject Name error\n", prog);
158+
goto end;
159+
}
160+
161+
// Validity
162+
time(&not_before);
163+
if (x509_validity_add_days(&not_after, not_before, days) != 1) {
164+
fprintf(stderr, "%s: set Validity failure\n", prog);
165+
goto end;
166+
}
167+
168+
169+
if (key_usage) {
170+
if (x509_exts_add_key_usage(exts, &extslen, sizeof(exts), X509_critical, key_usage) != 1) {
171+
fprintf(stderr, "%s: set KeyUsage extension failure\n", prog);
172+
goto end;
173+
}
174+
}
175+
176+
177+
// no SubjectDirectoryAttributes
178+
if (ca >= 0 || path_len_constraint >= 0) {
179+
if (x509_exts_add_basic_constraints(exts, &extslen, sizeof(exts),
180+
X509_critical, ca, path_len_constraint) != 1) {
181+
fprintf(stderr, "%s: set BasicConstraints extension failure\n", prog);
182+
goto end;
183+
}
184+
}
185+
// no NameConstraints
186+
// no PolicyConstraints
187+
188+
if (crl_http_uri || crl_ldap_uri) {
189+
if (x509_exts_add_crl_distribution_points(exts, &extslen, sizeof(exts),
190+
-1,
191+
crl_http_uri, crl_http_uri ? strlen(crl_http_uri) : 0,
192+
crl_ldap_uri, crl_ldap_uri ? strlen(crl_ldap_uri) : 0) != 1) {
193+
fprintf(stderr, "%s: set CRLDistributionPoints extension failure\n", prog);
194+
return -1;
195+
}
196+
}
197+
198+
199+
if (ca_issuers_uri || ocsp_uri) {
200+
if (x509_exts_add_authority_info_access(exts, &extslen, sizeof(exts), 0,
201+
ca_issuers_uri, ca_issuers_uri ? strlen(ca_issuers_uri) : 0,
202+
ocsp_uri, ocsp_uri ? strlen(ocsp_uri) : 0) != 1) {
203+
fprintf(stderr, "%s: set AuthorityInfoAccess extension failure\n", prog);
204+
goto end;
205+
}
206+
}
207+
208+
if (x509_cert_sign_to_der(
209+
X509_version_v3,
210+
serial, serial_len,
211+
OID_sm2sign_with_sm3,
212+
name, namelen,
213+
not_before, not_after,
214+
name, namelen,
215+
&sm2_key,
216+
NULL, 0,
217+
NULL, 0,
218+
exts, extslen,
219+
&sm2_key, signer_id, signer_id_len,
220+
NULL, &certlen) != 1) {
221+
fprintf(stderr, "%s: certificate generation failure\n", prog);
222+
goto end;
223+
}
224+
if (!(cert = malloc(certlen))) {
225+
fprintf(stderr, "%s: malloc failure\n", prog);
226+
goto end;
227+
}
228+
p = cert;
229+
certlen = 0;
230+
if (x509_cert_sign_to_der(
231+
X509_version_v3,
232+
serial, serial_len,
233+
OID_sm2sign_with_sm3,
234+
name, namelen,
235+
not_before, not_after,
236+
name, namelen,
237+
&sm2_key,
238+
NULL, 0,
239+
NULL, 0,
240+
exts, extslen,
241+
&sm2_key, signer_id, signer_id_len,
242+
&p, &certlen) != 1) {
243+
fprintf(stderr, "%s: certificate generation failure\n", prog);
244+
goto end;
245+
}
246+
if (x509_cert_to_pem(cert, certlen, outfp) != 1) {
247+
fprintf(stderr, "%s: output certificate failed\n", prog);
248+
goto end;
249+
}
250+
ret = 0;
251+
252+
end:
253+
gmssl_secure_clear(&sm2_key, sizeof(SM2_KEY));
254+
if (cert) free(cert);
255+
if (keyfp) fclose(keyfp);
256+
if (outfile && outfp) fclose(outfp);
257+
return ret;
258+
}

0 commit comments

Comments
 (0)