2 * px5g - Embedded x509 key and certificate generator based on PolarSSL
4 * Copyright (C) 2009 Steven Barth <steven@midlink.org>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License, version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
25 #include "polarssl/havege.h"
26 #include "polarssl/bignum.h"
27 #include "polarssl/x509.h"
28 #include "polarssl/rsa.h"
30 #define PX5G_VERSION "0.1"
31 #define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>"
32 #define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1"
34 int rsakey(char **arg) {
38 unsigned int ksize = 512;
41 int flag = X509_OUTPUT_PEM;
43 while (*arg && **arg == '-') {
44 if (!strcmp(*arg, "-out") && arg[1]) {
47 } else if (!strcmp(*arg, "-3")) {
49 } else if (!strcmp(*arg, "-der")) {
50 flag = X509_OUTPUT_DER;
56 ksize = (unsigned int)atoi(*arg);
60 rsa_init(&rsa, RSA_PKCS_V15, 0, havege_rand, &hs);
62 fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
63 if (rsa_gen_key(&rsa, ksize, exp)) {
64 fprintf(stderr, "error: key generation failed\n");
68 if (x509write_keyfile(&rsa, path, flag)) {
69 fprintf(stderr, "error: I/O error\n");
77 int selfsigned(char **arg) {
83 unsigned int ksize = 512;
85 unsigned int days = 30;
86 char *keypath = NULL, *certpath = NULL;
87 int flag = X509_OUTPUT_PEM;
88 time_t from = time(NULL), to;
89 char fstr[20], tstr[20];
91 while (*arg && **arg == '-') {
92 if (!strcmp(*arg, "-der")) {
93 flag = X509_OUTPUT_DER;
94 } else if (!strcmp(*arg, "-newkey") && arg[1]) {
95 if (strncmp(arg[1], "rsa:", 4)) {
96 fprintf(stderr, "error: invalid algorithm");
99 ksize = (unsigned int)atoi(arg[1] + 4);
101 } else if (!strcmp(*arg, "-days") && arg[1]) {
102 days = (unsigned int)atoi(arg[1]);
104 } else if (!strcmp(*arg, "-keyout") && arg[1]) {
107 } else if (!strcmp(*arg, "-out") && arg[1]) {
110 } else if (!strcmp(*arg, "-subj") && arg[1]) {
111 if (arg[1][0] != '/' || strchr(arg[1], ';')) {
112 fprintf(stderr, "error: invalid subject");
115 subject = calloc(strlen(arg[1]) + 1, 1);
116 char *oldc = arg[1] + 1, *newc = subject, *delim;
118 delim = strchr(oldc, '=');
120 fprintf(stderr, "error: invalid subject");
123 memcpy(newc, oldc, delim - oldc + 1);
124 newc += delim - oldc + 1;
127 delim = strchr(oldc, '/');
129 delim = arg[1] + strlen(arg[1]);
131 memcpy(newc, oldc, delim - oldc);
132 newc += delim - oldc;
142 rsa_init(&rsa, RSA_PKCS_V15, 0, havege_rand, &hs);
143 x509write_init_node(&node);
144 fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
145 if (rsa_gen_key(&rsa, ksize, exp)) {
146 fprintf(stderr, "error: key generation failed\n");
151 if (x509write_keyfile(&rsa, keypath, flag)) {
152 fprintf(stderr, "error: I/O error\n");
157 from = (from < 1000000000) ? 1000000000 : from;
158 strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from));
159 to = from + 60 * 60 * 24 * days;
160 strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to));
163 x509write_init_raw(&cert);
164 x509write_add_pubkey(&cert, &rsa);
165 x509write_add_subject(&cert, (unsigned char*)subject);
166 x509write_add_validity(&cert, (unsigned char*)fstr, (unsigned char*)tstr);
167 fprintf(stderr, "Generating selfsigned certificate with subject '%s'"
168 " and validity %s-%s\n", subject, fstr, tstr);
169 if (x509write_create_selfsign(&cert, &rsa)) {
170 fprintf(stderr, "error: certificate generation failed\n");
173 if (x509write_crtfile(&cert, (unsigned char*)certpath, flag)) {
174 fprintf(stderr, "error: I/O error\n");
178 x509write_free_raw(&cert);
183 int main(int argc, char *argv[]) {
186 } else if (!strcmp(argv[1], "rsakey")) {
187 return rsakey(argv+2);
188 } else if (!strcmp(argv[1], "selfsigned")) {
189 return selfsigned(argv+2);
193 "PX5G X.509 Certificate Generator Utility v" PX5G_VERSION "\n" PX5G_COPY
194 "\nbased on PolarSSL by Christophe Devine and Paul Bakker\n\n");
195 fprintf(stderr, "Usage: %s [rsakey|selfsigned]\n", *argv);