KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

px5g: Create mbedtls variant

Browse source 
px5g has been listed as a blocker for switching to new mbedtls
as the default, therefore make and mbedtls variant of px5g so
that an new mbedtls-only image can be created.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
This commit is contained in:
Daniel Dickinson 2016-06-22 21:12:16 -04:00 committed by John Crispin
parent df2889c709
commit a7f6dc9f8b
2 changed files with 69 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
package/utils/px5g/Makefile
View file

@ -10,36 +10,53 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=px5g PKG_NAME:=px5g
PKG_RELEASE:=4 PKG_RELEASE:=4
PKG_LICENSE:=LGPL-2.1 PKG_LICENSE:=LGPL-2.1
PKG_BUILD_DIR:=$(BUILD_DIR)/px5g-$(BUILD_VARIANT)
PKG_USE_MIPS16:=0 PKG_USE_MIPS16:=0
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
define Package/px5g define Package/px5g/Template
SECTION:=utils SECTION:=utils
CATEGORY:=Utilities CATEGORY:=Utilities
TITLE:=X.509 certificate generator (using PolarSSL) TITLE:=X.509 certificate generator (using $(1))
MAINTAINER:=Jo-Philipp Wich <jo@mein.io> MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
DEPENDS:=+libpolarssl DEPENDS:=+lib$(1)
PROVIDES:=px5g
VARIANT:=$(1)
endef endef
define Package/px5g/description define Package/px5g-polarssl/description
Px5g is a tiny standalone X.509 certificate generator. Px5g is a tiny standalone X.509 certificate generator.
It suitable to create key files and certificates in DER It suitable to create key files and certificates in DER
and PEM format for use with stunnel, uhttpd and others. and PEM format for use with stunnel, uhttpd and others.
endef endef
Package/px5g-mbedtls=$(call Package/px5g/Template,mbedtls)
Package/px5g-polarssl=$(call Package/px5g/Template,polarssl)
Package/px5g-mbedtls/description=$(Package/px5g-polarssl/description)
define Build/Prepare define Build/Prepare
mkdir -p $(PKG_BUILD_DIR) mkdir -p $(PKG_BUILD_DIR)
endef endef
ifeq ($(BUILD_VARIANT),mbedtls)
TARGET_CFLAGS += -DMBEDTLS
TARGET_LDFLAGS := -lmbedtls -lmbedx509 -lmbedcrypto
else
TARGET_LDFLAGS := -lpolarssl
endif
define Build/Compile define Build/Compile
$(TARGET_CC) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c -lpolarssl $(TARGET_CC) $(TARGET_CFLAGS) -o $(PKG_BUILD_DIR)/px5g px5g.c $(TARGET_LDFLAGS)
endef endef
define Package/px5g/install define Package/px5g-polarssl/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g $(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g
endef endef
$(eval $(call BuildPackage,px5g)) Package/px5g-mbedtls/install=$(Package/px5g-polarssl/install)
$(eval $(call BuildPackage,px5g-polarssl))
$(eval $(call BuildPackage,px5g-mbedtls))

74
package/utils/px5g/px5g.c
View file

@ -30,9 +30,20 @@
#include <fcntl.h> #include <fcntl.h>
#include <stdbool.h> #include <stdbool.h>
#ifdef MBEDTLS
#include <mbedtls/bignum.h>
#include <mbedtls/x509_crt.h>
#include <mbedtls/rsa.h>
#include <mbedtls/pk.h>
#define lib_wrapper(x) mbedtls_##x
#define MD_SHA256 MBEDTLS_MD_SHA256
#else
#include <polarssl/bignum.h> #include <polarssl/bignum.h>
#include <polarssl/x509_crt.h> #include <polarssl/x509_crt.h>
#include <polarssl/rsa.h> #include <polarssl/rsa.h>
#define lib_wrapper(x) x
#define MD_SHA256 POLARSSL_MD_SHA256
#endif
#define PX5G_VERSION "0.2" #define PX5G_VERSION "0.2"
#define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>" #define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven@midlink.org>"
@ -72,15 +83,15 @@ static void write_file(const char *path, int len, bool pem)
fclose(f); fclose(f);
} }
static void write_key(pk_context *key, const char *path, bool pem) static void write_key(lib_wrapper(pk_context) *key, const char *path, bool pem)
{ {
int len = 0; int len = 0;
if (pem) { if (pem) {
if (pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0) if (lib_wrapper(pk_write_key_pem(key, (void *) buf, sizeof(buf)) == 0))
len = strlen(buf); len = strlen(buf);
} else { } else {
len = pk_write_key_der(key, (void *) buf, sizeof(buf)); len = lib_wrapper(pk_write_key_der(key, (void *) buf, sizeof(buf)));
if (len < 0) if (len < 0)
len = 0; len = 0;
} }
@ -88,12 +99,17 @@ static void write_key(pk_context *key, const char *path, bool pem)
write_file(path, len, pem); write_file(path, len, pem);
} }
static void gen_key(pk_context *key, int ksize, int exp, bool pem) static void gen_key(lib_wrapper(pk_context) *key, int ksize, int exp, bool pem)
{ {
pk_init(key); lib_wrapper(pk_init(key));
pk_init_ctx(key, pk_info_from_type(POLARSSL_PK_RSA));
fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize); fprintf(stderr, "Generating RSA private key, %i bit long modulus\n", ksize);
#ifdef MBEDTLS
mbedtls_pk_setup(key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), _urandom, NULL, ksize, exp)) {
#else
pk_init_ctx(key, lib_wrapper(pk_info_from_type(POLARSSL_PK_RSA)));
if (rsa_gen_key(pk_rsa(*key), _urandom, NULL, ksize, exp)) { if (rsa_gen_key(pk_rsa(*key), _urandom, NULL, ksize, exp)) {
#endif
fprintf(stderr, "error: key generation failed\n"); fprintf(stderr, "error: key generation failed\n");
exit(1); exit(1);
} }
@ -101,7 +117,7 @@ static void gen_key(pk_context *key, int ksize, int exp, bool pem)
int rsakey(char **arg) int rsakey(char **arg)
{ {
pk_context key; lib_wrapper(pk_context) key;
unsigned int ksize = 512; unsigned int ksize = 512;
int exp = 65537; int exp = 65537;
char *path = NULL; char *path = NULL;
@ -125,16 +141,16 @@ int rsakey(char **arg)
gen_key(&key, ksize, exp, pem); gen_key(&key, ksize, exp, pem);
write_key(&key, path, pem); write_key(&key, path, pem);
pk_free(&key); lib_wrapper(pk_free(&key));
return 0; return 0;
} }
int selfsigned(char **arg) int selfsigned(char **arg)
{ {
pk_context key; lib_wrapper(pk_context) key;
x509write_cert cert; lib_wrapper(x509write_cert) cert;
mpi serial; lib_wrapper(mpi) serial;
char *subject = ""; char *subject = "";
unsigned int ksize = 512; unsigned int ksize = 512;
@ -211,34 +227,34 @@ int selfsigned(char **arg)
fprintf(stderr, "Generating selfsigned certificate with subject '%s'" fprintf(stderr, "Generating selfsigned certificate with subject '%s'"
" and validity %s-%s\n", subject, fstr, tstr); " and validity %s-%s\n", subject, fstr, tstr);
x509write_crt_init(&cert); lib_wrapper(x509write_crt_init(&cert));
x509write_crt_set_md_alg(&cert, POLARSSL_MD_SHA256); lib_wrapper(x509write_crt_set_md_alg(&cert, MD_SHA256));
x509write_crt_set_issuer_key(&cert, &key); lib_wrapper(x509write_crt_set_issuer_key(&cert, &key));
x509write_crt_set_subject_key(&cert, &key); lib_wrapper(x509write_crt_set_subject_key(&cert, &key));
x509write_crt_set_subject_name(&cert, subject); lib_wrapper(x509write_crt_set_subject_name(&cert, subject));
x509write_crt_set_issuer_name(&cert, subject); lib_wrapper(x509write_crt_set_issuer_name(&cert, subject));
x509write_crt_set_validity(&cert, fstr, tstr); lib_wrapper(x509write_crt_set_validity(&cert, fstr, tstr));
x509write_crt_set_basic_constraints(&cert, 0, -1); lib_wrapper(x509write_crt_set_basic_constraints(&cert, 0, -1));
x509write_crt_set_subject_key_identifier(&cert); lib_wrapper(x509write_crt_set_subject_key_identifier(&cert));
x509write_crt_set_authority_key_identifier(&cert); lib_wrapper(x509write_crt_set_authority_key_identifier(&cert));
_urandom(NULL, buf, 8); _urandom(NULL, buf, 8);
for (len = 0; len < 8; len++) for (len = 0; len < 8; len++)
sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]); sprintf(sstr + len*2, "%02x", (unsigned char) buf[len]);
mpi_init(&serial); lib_wrapper(mpi_init(&serial));
mpi_read_string(&serial, 16, sstr); lib_wrapper(mpi_read_string(&serial, 16, sstr));
x509write_crt_set_serial(&cert, &serial); lib_wrapper(x509write_crt_set_serial(&cert, &serial));
if (pem) { if (pem) {
if (x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0) { if (lib_wrapper(x509write_crt_pem(&cert, (void *) buf, sizeof(buf), _urandom, NULL) < 0)) {
fprintf(stderr, "Failed to generate certificate\n"); fprintf(stderr, "Failed to generate certificate\n");
return 1; return 1;
} }
len = strlen(buf); len = strlen(buf);
} else { } else {
len = x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL); len = lib_wrapper(x509write_crt_der(&cert, (void *) buf, sizeof(buf), _urandom, NULL));
if (len < 0) { if (len < 0) {
fprintf(stderr, "Failed to generate certificate: %d\n", len); fprintf(stderr, "Failed to generate certificate: %d\n", len);
return 1; return 1;
@ -246,9 +262,9 @@ int selfsigned(char **arg)
} }
write_file(certpath, len, pem); write_file(certpath, len, pem);
x509write_crt_free(&cert); lib_wrapper(x509write_crt_free(&cert));
mpi_free(&serial); lib_wrapper(mpi_free(&serial));
pk_free(&key); lib_wrapper(pk_free(&key));
return 0; return 0;
} }