pkigen.c 7.78 KB
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <stdlib.h>
#include <sha1.h>
#include <PR/bbmetadata.h>
#include <PR/bbcert.h>
#include <openssl/rand.h>
#include <stdlib.h>
#include <bb_nn.h>
#include <util.h>
#include <bbtoolsapi.h>


#define DEBUG

#define MAX_KEY_SIZE 4096

     

int main(int argc, char **argv){
    RSA *prsa;
    unsigned char subjectname[64];
    unsigned char issuername[64];
    unsigned long certdata[SIZE_RSA_CERTBLOB_WORDS];
    char *temp_string;
    int i, num_bits, num_bytes;
    unsigned char *padded_data;
    unsigned char *verify;
    unsigned long number;
    FILE *certptr;
    FILE *cpcertbin;
    FILE *cpcacertbin;
    FILE *rsawriteptr;
    FILE *rsareadptr;
    FILE *rsaptr;
    
    
    certptr = fopen("cert.sys", "w");
    cpcertbin = fopen("cpcert.bin", "w");
    cpcacertbin = fopen("cpcacert.bin", "w");
    
    if((certptr == 0) || (cpcertbin ==0) || (cpcacertbin ==0)){
        fprintf(stderr,"cannot open file to write \n");
    }
    padded_data = (unsigned char *) malloc(512);
    verify = (unsigned char *) malloc(512);
    
    /* input file name is root key data, use it */

    if(argc ==2){
        prsa = RSA_new();
        rsareadptr = fopen(argv[1], "r");
        readRsaData(rsareadptr, prsa);
    }
    else{
        /* generate */
        prsa = RSA_new();
        num_bits = 4096;
        num_bytes = num_bits/8;
        prsa = RSA_generate_key(num_bits, 3, NULL, NULL);

        rsaptr = fopen("rsadata", "w");
        rsawriteptr = fopen("rsabindata", "w");
        RSA_print_fp(rsaptr, prsa, 0);
        
        saveRsaData(rsawriteptr, prsa);
        fclose(rsawriteptr);

        free(prsa);
        /* read it back to validate */
        prsa = RSA_new();
    
        num_bits = 4096;
        
        rsareadptr = fopen("rsabindata", "r");
        readRsaData(rsareadptr, prsa);
    }
    if (validate(prsa, 4096) != 0){
      fprintf(stderr,"Key validation failed\n");
    }
    else{
      ;
#ifdef DEBUG
      printf("Key validation OK\n");
#endif
    }

    fclose(rsareadptr);
    free(prsa);

    if(argc ==1){
        fprintf(stderr,"wrote new root key, call again to get
cert.sys!\n");
        exit(1);
    }
    
/* generate the two certs for cp chain and save and validate */
    /* CP cert keys */
    prsa = RSA_new();
    
    num_bits = 2048;
    num_bytes = num_bits/8;
    prsa = RSA_generate_key(num_bits, 3, NULL, NULL);
    
    /* write out data */

    rsawriteptr = fopen("cpbindata", "w");
        
    saveRsaData(rsawriteptr, prsa);
    fclose(rsawriteptr);
    
    /* validate */
    if (validate(prsa, 2048) != 0){
      fprintf(stderr,"Key validation failed\n");
    }
    else{
      ;
#ifdef DEBUG
      printf("Key validation OK\n");
#endif
    }


    /* assign the names */
    /* null data first */
    for(i = 0; i < 64; i++){
        issuername[i] = 0;
    }
    for( i = 0; i < 64; i++){
        subjectname[i] = 0;
    }
    temp_string = "Root-CPCA00010203";
    for(i = 0; i< strlen(temp_string); i++){
        issuername[i] = temp_string[i];
    }
    temp_string = "CP0a0b0c0d";
    for(i =0; i < strlen(temp_string); i++){
        subjectname[i] = temp_string[i];
    }

#ifdef DEBUG
    for( i =0; i< 64; i++){
        printf("issuername = %02x\n", issuername[i]);
    }
    for( i =0; i< 64; i++){
        printf("subjectname = %02x\n", subjectname[i]);
    }
#endif
   
    free(prsa);
    /* sign it 
     */
    /* compute keys for CPCA for signing CP cert RSA 2048 bits */
    printf("signing the CP cert\n");

    prsa = RSA_new();
    
    num_bits = 2048;
    num_bytes = num_bits/8;
    prsa = RSA_generate_key(num_bits, 3, NULL, NULL);
        
        
    /* write out data */
    rsawriteptr = fopen("cpcabindata", "w");
        
    saveRsaData(rsawriteptr, prsa);
    fclose(rsawriteptr);
    
    /* validate */
    
    if (validate(prsa, 2048) != 0){
      fprintf(stderr,"Key validation failed\n");
    }
    else{
      ;
#ifdef DEBUG
      printf("Key validation OK\n");
#endif
    }
    generateCertFromKeyData("cpbindata", "cpcabindata", subjectname, issuername, certdata);
    
    /* first write out number of certs in big endian */
    number = htonl(4);
    fwrite((void *)&number, 4, 1, certptr);
    fwrite((void *)&certdata, 4, SIZE_RSA_CERTBLOB_WORDS, certptr);
    fwrite((void *)&certdata, 4, SIZE_RSA_CERTBLOB_WORDS, cpcertbin);
    
      
    /* create custom cert of cp ca cert */
           
    /* the content server ca cert */
    
    /* null data */
    
    for(i = 0; i < 64; i++){
      issuername[i] = 0;
    }
    for( i = 0; i < 64; i++){
      subjectname[i] = 0;
    }
    temp_string = "Root";
    for(i = 0; i< strlen(temp_string); i++){
      issuername[i] = temp_string[i];
    }
    temp_string = "CPCA00010203";
    for(i =0; i < strlen(temp_string); i++){
      subjectname[i] = temp_string[i];
    }
   

    generateCertFromKeyData("cpcabindata", argv[1], subjectname, issuername, certdata);
    
    fwrite((void *)&certdata, 4, SIZE_RSA_CERTBLOB_WORDS, certptr);
    fwrite((void *)&certdata, 4, SIZE_RSA_CERTBLOB_WORDS, cpcacertbin);
    free(prsa);

    /* content publishing certs done */
    
    /* repeat for ticket server certs */
    /* XS cert keys */


    prsa = RSA_new();
    
    num_bits = 2048;
    num_bytes = num_bits/8;
    prsa = RSA_generate_key(num_bits, 3, NULL, NULL);
    
    /* write out data : need to sign ticket*/

    rsawriteptr = fopen("tsbindata", "w");
        
    saveRsaData(rsawriteptr, prsa);
    fclose(rsawriteptr);
    
    /* validate */
        
    if (validate(prsa, 2048) != 0){
      fprintf(stderr,"Key validation failed\n");
    }
    else{
	  ;
#ifdef DEBUG
	  printf("Key validation OK\n");
#endif
	}
         
    /* assign the names */
        /* null data first */
    for(i = 0; i < 64; i++){
      issuername[i] = 0;
    }
    for( i = 0; i < 64; i++){
	  subjectname[i] = 0;
    }
    temp_string = "Root-XSCA00010203";
    for(i = 0; i< strlen(temp_string); i++){
	  issuername[i] = temp_string[i];
    }
    temp_string = "XS0a0b0c0d";
    for(i =0; i < strlen(temp_string); i++){
      subjectname[i] = temp_string[i];
    }
#ifdef DEBUG
    for( i =0; i< 64; i++){
      printf("issuername = %02x\n", issuername[i]);
    }
    for( i =0; i< 64; i++){
      printf("subjectname = %02x\n", subjectname[i]);
    }
#endif


    free(prsa);
    /* sign it 
     */
        /* compute keys for XSCA for signing XS cert RSA 2048 bits */
    printf("signing the XS cert\n");

    prsa = RSA_new();
    
    num_bits = 2048;
    num_bytes = num_bits/8;
    prsa = RSA_generate_key(num_bits, 3, NULL, NULL);
        
    /* write out: needed for signing crls */
    rsawriteptr = fopen("tscabindata", "w");
    saveRsaData(rsawriteptr, prsa);
    fclose(rsawriteptr);    

    /* validate */
    if (validate(prsa, 2048) != 0){
      fprintf(stderr,"Key validation failed\n");
    }
    else{
	  ;
#ifdef DEBUG
	  printf("Key validation OK\n");
#endif
	}
    free(prsa);
    generateCertFromKeyData("tsbindata", "tscabindata", subjectname, issuername, certdata);
	
    /* now go sign prev cert */

    fwrite((void *)&certdata, 4, SIZE_RSA_CERTBLOB_WORDS, certptr);
           
    /* create custom cert of cp ca cert */
    /* the content server ca cert */
    /* null data */
    for(i = 0; i < 64; i++){
        issuername[i] = 0;
    }
    for( i = 0; i < 64; i++){
        subjectname[i] = 0;
    }
    temp_string = "Root";
    for(i = 0; i< strlen(temp_string); i++){
        issuername[i] = temp_string[i];
    }
    temp_string = "XSCA00010203";
    for(i =0; i < strlen(temp_string); i++){
        subjectname[i] = temp_string[i];
    }
       
    
    generateCertFromKeyData("tscabindata", argv[1], subjectname, issuername, certdata);
    
    fwrite((void *)&certdata, 4, SIZE_RSA_CERTBLOB_WORDS, certptr);

    fclose(certptr);
    fclose(cpcertbin);
    fclose(cpcacertbin);
    return 0;
}