NetBurner 3.5.0
PDF Version
 
certgen.h
Go to the documentation of this file.
1/*NB_REVISION*/
2
3/*NB_COPYRIGHT*/
4
18#ifndef _CERT_GEN_H
19#define _CERT_GEN_H
20#include <predef.h>
21#include <nettypes.h>
22#include <nbstring.h>
23
24#if defined(NB_SSL_SUPPORTED) || defined(NB_SSH_SUPPORTED)
25
26#include <crypto/ssl.h>
27#include <crypto/wolfssl/wolfcrypt/ecc.h>
28#include <random.h>
29
30#define MAX_CERT_SNAME_LEN 64
31
32#if defined(HAVE_ECC) && defined(ENABLE_ECCKEY_CREATE)
33#define SSL_KEY_ECC
34
35#if defined(HAVE_ECC384)
36#define DEFAULT_KEY_TYPE SSL_KEY_ECC_SECP384R1
37#elif !defined(NO_ECC256)
38#define DEFAULT_KEY_TYPE SSL_KEY_ECC_SECP256R1
39#elif defined(HAVE_ECC224)
40#define DEFAULT_KEY_TYPE SSL_KEY_ECC_SECP224R1
41#elif defined(HAVE_ECC192)
42#define DEFAULT_KEY_TYPE SSL_KEY_ECC_SECP192R1
43#elif defined(HAVE_ECC521)
44#define DEFAULT_KEY_TYPE SSL_KEY_ECC_SECP521R1
45#endif
46#elif defined(ENABLE_RSAKEY_CREATE)
47#define SSL_KEY_RSA
48#define DEFAULT_KEY_TYPE SSL_KEY_RSA_2048
49#else
50#define SSL_KEY_RSA
51#define DEFAULT_KEY_TYPE SSL_KEY_RSA_2048
52#endif
53
54
70
71
75enum AltNameType_t : char
76{
77 ALT_NAME_TYPE_NONE = 0,
78 ALT_NAME_TYPE_DNS = (char)0x82,
79 ALT_NAME_TYPE_IP = (char)0x87
80};
81
82
104
105
110struct CertGenData
111{
112
113 // Values passed in by EnableOnboardCertificateCreation() and set by the user
114 const char * m_country;
115 const char * m_state;
116 const char * m_locality;
117 const char * m_org;
118 const char * m_unit;
119 const char * m_email;
120 const char *m_commonName;
121 int m_yrsValid;
122 NBString m_altNamesString;
123 /* m_altNamesString format of included alt name
124 A single string, with possibly multiple altnames separated by a comma.
125 You can either incude a tag telling the system what kind of AltName it is...
126 So say you wanted :
127 IP:192.168.1.36 and
128 DNS:demo.netburner.com
129 The following strings would both work:
130 "IP:192.168.1.36,DNS:demo.netburner.com"
131 "192.168.1.36,demo.netburner.com"
132
133 or dual interface IP's...
134
135 "192.168.1.36,10.1.1.35"
136
137 or both V4 and V6....
138 "IP:fe80::203:f4ff:fe0a:447f,192.168.1.36"
139 */
140
141
142
143 // Values set when a cert is generated to monitor its expiration
144 time_t m_certExpTime;
145
146 CertGenData() :
147 m_country(nullptr),
148 m_state(nullptr),
149 m_locality(nullptr),
150 m_org(nullptr),
151 m_unit(nullptr),
152 m_email(nullptr),
153 m_commonName(nullptr),
154 m_yrsValid(1),
155 m_certExpTime(0){}
156};
157
158
159#include <config_obj.h>
160
161extern const char * DEFAULT_CERT_COUNTRY;
162extern const char * DEFAULT_CERT_STATE;
163extern const char * DEFAULT_CERT_LOCALITY;
164extern const char * DEFAULT_CERT_ORG;
165extern const char * DEFAULT_CERT_UNIT;
166extern const char * DEFAULT_CERT_EMAIL;
167extern const char * DEFAULT_CERT_COM_NAME;
168extern const char * DEFAULT_CERT_ALT_NAMES;
169
173class CertData : public config_obj
174{
175 public:
176 config_string m_country;
177 config_string m_state;
178 config_string m_locality;
179 config_string m_org;
180 config_string m_unit;
181 config_string m_email;
182 config_string m_comname;
183 config_string m_altNames;
184 ConfigEndMarker; // No new data members below this line
185 CertGenData * GetDataForCertGen();
186 CertData(const char * Country=DEFAULT_CERT_COUNTRY,
187 const char * State=DEFAULT_CERT_STATE,
188 const char * Locality=DEFAULT_CERT_LOCALITY,
189 const char * Org=DEFAULT_CERT_ORG,
190 const char * Unit=DEFAULT_CERT_UNIT,
191 const char * Email=DEFAULT_CERT_EMAIL,
192 const char * Name=DEFAULT_CERT_COM_NAME,
193 const char * AltNames=DEFAULT_CERT_ALT_NAMES
194 ) : config_obj(sys,"CertData" ,"Object to hold the data for certificate generation"),
195 m_country(Country,"Country"),
196 m_state (State,"State"),
197 m_locality(Locality,"Locality"),
198 m_org(Org,"Org"),
199 m_unit(Unit,"Unit"),
200 m_email(Email,"Email"),
201 m_comname(Name,"Comname"),
202 m_altNames(AltNames,"AltNames")
203 {
204 };
205};
206
207
222extern "C" CertGenReturnCode SSL_CreateNewSelfSignedCert(CertGenData & pGenData);
223
224extern CertGenReturnCode (*SSL_CreateNewCert)(CertGenData & cGenData);
225
237void EnableOnboardCertificateCreation( CertGenReturnCode (*createCertFunc)(CertGenData & cGenData) = SSL_CreateNewSelfSignedCert);
238
239
262void FillInAltNamesASN1(Cert & TheCert,NBString & altNameString);
263
267CertGenReturnCode CheckAndCreateHalCertAndKey();
268
279extern CertGenData * GetDataForCertGen();
280
281#endif /* NB_SSL_SUPPORTED */
282#endif /* #ifdef _CERT_GEN_H */
283
CertData
Definition certgen.h:174
NBString
Lightweight alternative to C++ CString class.
Definition nbstring.h:118
config_obj
Base class used to create configuration objects.
Definition config_obj.h:277
config_string
String Configuration Variable.
Definition config_obj.h:1055
config_obj.h
Configuration object header file.
CertGenReturnCode
CertGenReturnCode
Certificate Generation Function Return Codes.
Definition certgen.h:87
FillInAltNamesASN1
void FillInAltNamesASN1(Cert &TheCert, NBString &altNameString)
Helper function used to build ASN1 representation of alt names.
SSL_CreateNewSelfSignedCert
CertGenReturnCode SSL_CreateNewSelfSignedCert(CertGenData &pGenData)
Generates a new self-signed certificate that will be stored on the device.
CheckAndCreateHalCertAndKey
CertGenReturnCode CheckAndCreateHalCertAndKey()
Check for a valid SSL certificate and generate one if not found.
SslKeyType_t
SslKeyType_t
Certificate Generation Key Types.
Definition certgen.h:59
GetDataForCertGen
CertGenData * GetDataForCertGen()
A function to be overridden to pass certificate details to the certificate generator.
Definition SSL/SslOnboardCertGeneration/CompiledCa/src/main.cpp:26
EnableOnboardCertificateCreation
void EnableOnboardCertificateCreation(CertGenReturnCode(*createCertFunc)(CertGenData &cGenData)=SSL_CreateNewSelfSignedCert)
Enables the ability for the module to automatically generate self-signed certificates for use in SSL/...
AltNameType_t
AltNameType_t
Certificate Generation Alternate Name Types.
Definition certgen.h:76
CERT_GEN_RETURN_NOT_REQUIRED
@ CERT_GEN_RETURN_NOT_REQUIRED
Returned when the a new certificate was not required to be generated.
Definition certgen.h:89
CERT_GEN_RETURN_CERT_SAVING_ERROR
@ CERT_GEN_RETURN_CERT_SAVING_ERROR
Returned when the device was unable to properly save the certificate.
Definition certgen.h:99
CERT_GEN_RETURN_CERT_INIT_ERROR
@ CERT_GEN_RETURN_CERT_INIT_ERROR
Returned when the device was unable to initialize the required certificate object.
Definition certgen.h:96
CERT_GEN_RETURN_INVALID_RANDOM
@ CERT_GEN_RETURN_INVALID_RANDOM
Returned when the device was unable to generate a valid random number.
Definition certgen.h:90
CERT_GEN_RETURN_RSA_INIT_ERROR
@ CERT_GEN_RETURN_RSA_INIT_ERROR
Returned when the device was unable to initialize the required RSA object.
Definition certgen.h:94
CERT_GEN_RETURN_CERT_SIGNING_ERROR
@ CERT_GEN_RETURN_CERT_SIGNING_ERROR
Returned when the device was unable to sign the created certificate.
Definition certgen.h:98
CERT_GEN_RETURN_SUCCESS
@ CERT_GEN_RETURN_SUCCESS
Returned when the certificate was successfully generated.
Definition certgen.h:88
CERT_GEN_RETURN_MALLOC_ERROR
@ CERT_GEN_RETURN_MALLOC_ERROR
Returned when the device is unable to malloc enough space to generate the certificate.
Definition certgen.h:91
CERT_GEN_RETURN_CERT_CREATE_ERROR
@ CERT_GEN_RETURN_CERT_CREATE_ERROR
Returned when the device was unable to create the certificate.
Definition certgen.h:97
CERT_GEN_RETURN_KEY_SAVING_ERROR
@ CERT_GEN_RETURN_KEY_SAVING_ERROR
Returned when the device was unable to save the key.
Definition certgen.h:101
CERT_GEN_RETURN_ECC_CREATE_ERROR
@ CERT_GEN_RETURN_ECC_CREATE_ERROR
Returned when the device was unable to create the ECC key.
Definition certgen.h:93
CERT_GEN_RETURN_SET_ISSUER_ERROR
@ CERT_GEN_RETURN_SET_ISSUER_ERROR
Returned when the device was unable to set the issuer if a CA was used.
Definition certgen.h:102
CERT_GEN_RETURN_ECC_INIT_ERROR
@ CERT_GEN_RETURN_ECC_INIT_ERROR
Returned when the device was unable to initialize the required ECC object.
Definition certgen.h:92
CERT_GEN_RETURN_KEY_CONVERT_ERROR
@ CERT_GEN_RETURN_KEY_CONVERT_ERROR
Returned when the device was unable to convert the certificate from PEM to DER format.
Definition certgen.h:100
CERT_GEN_RETURN_RSA_CREATE_ERROR
@ CERT_GEN_RETURN_RSA_CREATE_ERROR
Returned when the device was unable to create the RSA key.
Definition certgen.h:95
SSL_KEY_RSA_1024
@ SSL_KEY_RSA_1024
RSA 1024.
Definition certgen.h:61
SSL_KEY_ECC_SECP224R1
@ SSL_KEY_ECC_SECP224R1
Defined in wolfssl/wolfcrypt/ecc.h.
Definition certgen.h:65
SSL_KEY_ECC_SECP384R1
@ SSL_KEY_ECC_SECP384R1
Defined in wolfssl/wolfcrypt/ecc.h.
Definition certgen.h:67
SSL_KEY_ECC_SECP192R1
@ SSL_KEY_ECC_SECP192R1
Defined in wolfssl/wolfcrypt/ecc.h.
Definition certgen.h:64
SSL_KEY_ECC_SECP521R1
@ SSL_KEY_ECC_SECP521R1
Defined in wolfssl/wolfcrypt/ecc.h.
Definition certgen.h:68
SSL_KEY_NONE
@ SSL_KEY_NONE
None.
Definition certgen.h:60
SSL_KEY_RSA_4096
@ SSL_KEY_RSA_4096
RSA 4096.
Definition certgen.h:63
SSL_KEY_RSA_2048
@ SSL_KEY_RSA_2048
RSA 2048.
Definition certgen.h:62
SSL_KEY_ECC_SECP256R1
@ SSL_KEY_ECC_SECP256R1
Defined in wolfssl/wolfcrypt/ecc.h.
Definition certgen.h:66
ALT_NAME_TYPE_IP
@ ALT_NAME_TYPE_IP
IP Address.
Definition certgen.h:79
ALT_NAME_TYPE_NONE
@ ALT_NAME_TYPE_NONE
None.
Definition certgen.h:77
ALT_NAME_TYPE_DNS
@ ALT_NAME_TYPE_DNS
DNS Name.
Definition certgen.h:78
nbstring.h
NetBurner String Class.
nettypes.h
NetBurner IPADDR4 Class. See the IPADDR4 Class page for complete documentation.
ssl.h
NetBurner SSL/TLS API.
CertGenData
Used to store the information that is passed in when enabling onboard generated certificates,...
Definition certgen.h:111
CertGenData::m_commonName
const char * m_commonName
Common Name.
Definition certgen.h:120
CertGenData::m_altNamesString
NBString m_altNamesString
Alternate names string.
Definition certgen.h:122
CertGenData::m_certExpTime
time_t m_certExpTime
Certificate expiration time.
Definition certgen.h:144
CertGenData::m_yrsValid
int m_yrsValid
Number of years.
Definition certgen.h:121