RSA BSAFE Micro Edition Suite

Streamlined security for mobile and embedded devices
Search  Print

req_smpl.c

/* $Id: req_smpl.c,v 1.17 2005/03/24 00:16:43 ronl Exp $ */
/*
 * Copyright (C) 1998-2003 RSA Security Inc.
 *
 * This file shall only be used to demonstrate how to interface to an
 * RSA Security Inc. licensed development product.
 *
 * You have a royalty-free right to use, reproduce and distribute this
 * demonstration file, provided that you agree that RSA Security Inc.
 * has no warranty, implied or otherwise, or liability for this
 * demonstration file (including any modified version).  This software
 * is provided "as is" without warranties or representations of any
 * kind. RSA Security disclaims all conditions and warranties, statutory
 * and otherwise, both express and implied, with respect to the software,
 * its quality and performance, including but not limited to, all
 * implied warranties of merchantability, fitness for a particular
 * purpose, title and noninfringement of third party rights. Without
 * limiting the foregoing, RSA Security does not warrant that the
 * software is error-free or that errors in the product will be
 * corrected. You agree that RSA Security shall not be liable for any
 * direct, indirect, incidental, special, consequential, punitive or
 * other damages whatsoever resulting from your use of this software
 * or any modified version.
 *
 *
 */

#include "r_prod.h"
#include "req_smpl.h"


/*
 * Main sample program entry point.
 *
 * @param argc  [In]  The number of arguments typed on the command line.
 * @param argv  [In]  The array of individual arguments from the command line.
 *
 * @returns  R_ERROR_NONE indicates success.<br>
 *           See @ref R_ERROR_IDS for valid values.
 */
int main(int argc, char **argv)
{
    int ret = R_ERROR_NONE;         /* The return value */
    BIO *bio_req = NULL;            /* The certificate request output stream */
    BIO *bio_err = NULL;            /* The standard error output stream */
    BIO *bio_out = NULL;            /* The standard out stream */
    R_LIB_CTX *lib_ctx = NULL;      /* The library context */
    R_CERT_REQ_CTX *req_ctx = NULL; /* The certificate request context */
    R_CERT_REQ *req = NULL;         /* The certificate request */
    R_CERT_NAME *name = NULL;       /* The certificate name */
    R_PKEY_CTX *pkey_ctx = NULL;    /* The public key context */
    R_PKEY *pkey = NULL;            /* The public key */
    R_PKEY *sign_key = NULL;        /* The signing key - public key */
    R_FORMAT req_form;              /* The format of certificate request */
    R_FORMAT key_form;              /* The format of public key */
    int sign_type;                  /* The signature type */
    char *reqfile = NULL;           /* The certificate request file name */
    int version = 1;                /* The version of the certificate
                                     * request */
    unsigned int consumed_len;
    /* The subject name of the certificate created from this request */
    char *name_str="CN=Sample Request,O=RSA Security,L=Brisbane, C=AU";

    /* Set the defaults */
    reqfile = "sample.req";
#ifdef NO_PEM
    req_form = R_FORMAT_BINARY;
#else
    req_form = R_FORMAT_PEM;
#endif
    key_form = R_FORMAT_PEM;
    sign_type = R_CR_ID_SHA1_RSA;

    /*
     * Create BIOs to stderr and stdout. BIOs are the Basic Input/Output
     * mechanism provided by RSA and are recommended for all input and output
     * from applications.
     */
    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
    if (bio_err == NULL)
    {
        ret = R_ERROR_ALLOC_FAILURE;
        goto done;
    }

    bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
    if (bio_out == NULL)
    {
        ret = R_ERROR_ALLOC_FAILURE;
        goto done;
    }

    /*
     * Create the library context. Retrieve the default resource list and
     * create a library context to provide access to all configurable aspects
     * of the library.
     */
    if (PRODUCT_LIBRARY_NEW(PRODUCT_DEFAULT_RESOURCE_LIST(), 0,
                            &lib_ctx) != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Unable to create the library context\n");
        ret = R_ERROR_ALLOC_FAILURE;
        goto done;
    }

    /*
     * Create a certificate request context and a public key context. These
     * contexts are required if any R_CERT_REQ_* and R_PKEY_* routines
     * are used.
     */

    /* Create a new certificate request context */
    ret = R_CERT_REQ_CTX_new(lib_ctx, R_RES_FLAG_DEF, R_CERT_REQ_TYPE_PKCS10,
                             &req_ctx);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Unable to create a certificate request context\n");
        goto done;
    }

    /* Create a new public key context */
    ret = R_PKEY_CTX_new(lib_ctx, R_RES_FLAG_DEF, R_PKEY_TYPE_RSA, &pkey_ctx);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Unable to create a public key context\n");
        ret = R_ERROR_ALLOC_FAILURE;
        goto done;
    }

    /*
     * Create the public key objects and load the keys. Creating a private key
     * object allows the key to be read from memory and converted into a public
     * key object. Two keys are loaded from memory and defined in req_smpl.h.
     */

    /* This is the key stored in the certificate request */
    ret = R_PKEY_from_binary( pkey_ctx, R_PKEY_FL_DEFAULT, R_PKEY_TYPE_RSA,
                              sizeof(pkey_data), pkey_data,
                              &consumed_len, &pkey );
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Indicates R_PKEY_from_binary failure - for pkey\n");
        goto done;
    }

    /* Indicates the key that signs the request */
    ret = R_PKEY_from_binary( pkey_ctx, R_PKEY_FL_DEFAULT, R_PKEY_TYPE_RSA,
                              sizeof(signer_key_data), signer_key_data,
                              &consumed_len, &sign_key );
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Indicates R_PKEY_from_binary failure"
            " - for signer pkey\n");
        goto done;
    }

    /*
     * Create a certificate request object. The certificate request object
     * stores all the certificate request information. The information in the
     * various fields of the certificate request is set against the certificate
     * request object in the next step of this sample.
     */
    ret = R_CERT_REQ_new(req_ctx, R_CERT_REQ_TYPE_PKCS10, &req);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to create the request\n");
        goto done;
    }

    /*
     * Set all the certificate request information against the certificate
     * request object. All the fields of the certificate request are set
     * against the certificate request object.
     */

    /* Enter the version of the certificate request structure */
    ret = R_CERT_REQ_set_info(req, R_CERT_REQ_INFO_VERSION, &version);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to set the version\n");
        goto done;
    }

    /* Convert the string into an R_CERT_NAME structure */
    ret = R_CERT_NAME_from_string(req_ctx, name_str, &name);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to create the name from the string\n");
        goto done;
    }

    /* Store the subject name */
    ret = R_CERT_REQ_set_info(req, R_CERT_REQ_INFO_SUBJECT_R_CERT_NAME, name);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to set the subject name\n");
        goto done;
    }

    /* Enter the public key for the certificate request */
    ret = R_CERT_REQ_set_info(req, R_CERT_REQ_INFO_R_PKEY, pkey);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to set the public key\n");
        goto done;
    }

    /*
     * Sign the certificate. All request information is in the certificate
     * request object. Sign the request information with the private key using
     * the specified signature algorithm.
     */
    ret = R_CERT_REQ_sign(req, sign_key, sign_type);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to sign the request\n");
        goto done;
    }

    BIO_printf(bio_out, "The certificate request generated successfully\n");
    BIO_printf(bio_out, "Writing the request to %s\n", reqfile);

    /*
     * Write the certificate request to file. Open the output stream and print
     * the request into the stream.
     */
    bio_req = BIO_new_file(reqfile, "wb");
    if (bio_req == NULL)
    {
        BIO_printf(bio_err, "Unable to open the file: %s\n", reqfile);
        ret = R_ERROR_ALLOC_FAILURE;
        goto done;
    }

    /* Output the certificate request to the request BIO */
    ret = R_CERT_REQ_write(req, bio_req, req_form, NULL);
    if (ret != R_ERROR_NONE)
    {
        BIO_printf(bio_err, "Failed to write the request\n");
    }

done:
    /*
     * Clean up. Report errors if there is an output stream using both the
     * error and the string representation. Destroy the dynamically allocated
     * objects and return an exit code.
     */
    if ((ret != R_ERROR_NONE) && (bio_err != NULL))
    {
        BIO_printf(bio_err, "Error: (%d) %s\n", ret,
            R_LIB_CTX_get_error_string(lib_ctx, R_RES_MOD_ID_LIBRARY, ret));
    }

    if (sign_key != NULL)
    {
        R_PKEY_free(sign_key);
    }
    if (pkey != NULL)
    {
        R_PKEY_free(pkey);
    }
    if (name != NULL)
    {
        R_CERT_NAME_free(name);
    }
    if (req != NULL)
    {
        R_CERT_REQ_free(req);
    }
    if (pkey_ctx != NULL)
    {
        R_PKEY_CTX_free(pkey_ctx);
    }
    if (req_ctx != NULL)
    {
        R_CERT_REQ_CTX_free(req_ctx);
    }
    if (bio_req != NULL)
    {
        BIO_free(bio_req);
    }
    if (lib_ctx != NULL)
    {
        R_LIB_CTX_free(lib_ctx);
    }
    if (bio_out != NULL)
    {
        BIO_free(bio_out);
    }
    if (bio_err != NULL)
    {
        BIO_free(bio_err);
    }

    return(R_ERROR_EXIT_CODE(ret));
}
Copyright (c) 1999-2005 RSA Security Inc. All rights reserved. 072-001001-2100-001-000 - 2.1