Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Macros | Functions | Variables
attest.c File Reference
#include <assert.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <yubihsm.h>
#include "openssl-compat.h"
Include dependency graph for attest.c:

Go to the source code of this file.

Macros

#define DEFAULT_CONNECTOR_URL   "http://127.0.0.1:12345"
 

Functions

int main (void)
 

Variables

const char attestation_template_file [] = "attestation_template.pem"
 
const char * key_label = "label"
 
const uint8_t password [] = "password"
 

Macro Definition Documentation

◆ DEFAULT_CONNECTOR_URL

#define DEFAULT_CONNECTOR_URL   "http://127.0.0.1:12345"

Definition at line 34 of file attest.c.

Function Documentation

◆ main()

int main ( void )

Definition at line 107 of file attest.c.

107 {
108 yh_connector *connector = NULL;
109 yh_session *session = NULL;
110 yh_rc yrc = YHR_GENERIC_ERROR;
111
112 uint16_t authkey = 1;
113
114 const char *connector_url;
115
116 connector_url = getenv("DEFAULT_CONNECTOR_URL");
117 if (connector_url == NULL) {
118 connector_url = DEFAULT_CONNECTOR_URL;
119 }
120
121 yrc = yh_init();
122 assert(yrc == YHR_SUCCESS);
123
124 yrc = yh_init_connector(connector_url, &connector);
125 assert(yrc == YHR_SUCCESS);
126
127 yrc = yh_connect(connector, 0);
128 assert(yrc == YHR_SUCCESS);
129
130 yrc = yh_create_session_derived(connector, authkey, password,
131 sizeof(password), false, &session);
132 assert(yrc == YHR_SUCCESS);
133
134 yrc = yh_authenticate_session(session);
135 assert(yrc == YHR_SUCCESS);
136
137 uint8_t session_id;
138 yrc = yh_get_session_id(session, &session_id);
139 assert(yrc == YHR_SUCCESS);
140
141 printf("Successfully established session %02d\n", session_id);
142
143 yh_capabilities capabilities = {{0}};
144 yrc =
145 yh_string_to_capabilities("sign-attestation-certificate", &capabilities);
146 assert(yrc == YHR_SUCCESS);
147
148 uint16_t domain_five = 0;
149 yrc = yh_string_to_domains("5", &domain_five);
150 assert(yrc == YHR_SUCCESS);
151
152 uint16_t attesting_key_id = 0; // ID 0 lets the device generate an ID
153
154 yrc = yh_util_generate_ec_key(session, &attesting_key_id, key_label,
155 domain_five, &capabilities, YH_ALGO_EC_P256);
156 assert(yrc == YHR_SUCCESS);
157
158 printf("Generated attesting key with ID %04x\n", attesting_key_id);
159
160 FILE *fp = fopen(attestation_template_file, "rb");
161 assert(fp != NULL);
162
163 X509 *attestation_template = PEM_read_X509(fp, NULL, NULL, NULL);
164 assert(attestation_template != NULL);
165 fclose(fp);
166
167 uint8_t attestation_template_buffer[3072];
168 uint16_t attestation_template_buffer_len =
169 i2d_X509(attestation_template, NULL);
170 assert(sizeof(attestation_template_buffer) >=
171 attestation_template_buffer_len);
172
173 unsigned char *certptr = attestation_template_buffer;
174
175 i2d_X509(attestation_template, &certptr);
176 X509_free(attestation_template);
177
178 memset(capabilities.capabilities, 0, YH_CAPABILITIES_LEN);
179 yrc =
180 yh_util_import_opaque(session, &attesting_key_id, key_label, domain_five,
181 &capabilities, YH_ALGO_OPAQUE_X509_CERTIFICATE,
182 attestation_template_buffer,
183 attestation_template_buffer_len);
184 assert(yrc == YHR_SUCCESS);
185
186 uint8_t tmpbuf[3072];
187 size_t tmpbuf_len = sizeof(tmpbuf);
188 yrc = yh_util_get_opaque(session, attesting_key_id, tmpbuf, &tmpbuf_len);
189 assert(yrc == YHR_SUCCESS);
190 assert(tmpbuf_len == attestation_template_buffer_len);
191 assert(memcmp(attestation_template_buffer, tmpbuf, tmpbuf_len) == 0);
192
193 memset(capabilities.capabilities, 0, YH_CAPABILITIES_LEN);
194 yrc = yh_string_to_capabilities("sign-ecdsa", &capabilities);
195 assert(yrc == YHR_SUCCESS);
196
197 uint16_t attested_key_id = 0; // ID 0 lets the device generate an ID
198 yrc = yh_util_generate_ec_key(session, &attested_key_id, key_label,
199 domain_five, &capabilities, YH_ALGO_EC_P256);
200 assert(yrc == YHR_SUCCESS);
201
202 printf("Generated attested key with ID %04x\n", attested_key_id);
203
204 uint8_t attestation[2048];
205 size_t attestation_len = sizeof(attestation);
206
207 yrc = yh_util_sign_attestation_certificate(session, attested_key_id,
208 attesting_key_id, attestation,
209 &attestation_len);
210 assert(yrc == YHR_SUCCESS);
211
212 const unsigned char *ptr = attestation;
213
214 X509 *x509 = d2i_X509(NULL, &ptr, attestation_len);
215 assert(x509 != NULL);
216
217 BIO *STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
218
219 X509_print_ex(STDout, x509, 0, 0);
220
221 BIO_free(STDout);
222
223 const STACK_OF(X509_EXTENSION) *extensions_list = X509_get0_extensions(x509);
224 assert(sk_X509_EXTENSION_num(extensions_list) >= 6);
225
226 for (int i = 0; i < sk_X509_EXTENSION_num(extensions_list); i++) {
227 X509_EXTENSION *extension;
228
229 extension = sk_X509_EXTENSION_value(extensions_list, i);
230
231 print_extension(extension);
232 }
233
234 X509_free(x509);
235
236 yrc = yh_util_close_session(session);
237 assert(yrc == YHR_SUCCESS);
238
239 yrc = yh_destroy_session(&session);
240 assert(yrc == YHR_SUCCESS);
241
242 yrc = yh_disconnect(connector);
243 assert(yrc == YHR_SUCCESS);
244
245 yrc = yh_exit();
246 assert(yrc == YHR_SUCCESS);
247
248 return 0;
249}
DEFAULT_CONNECTOR_URL
#define DEFAULT_CONNECTOR_URL
Definition attest.c:34
key_label
const char * key_label
Definition attest.c:38
attestation_template_file
const char attestation_template_file[]
Definition attest.c:37
session
CK_SESSION_HANDLE session
Definition ecdh_derive_test.c:45
Log::printf
LOGGING_API void printf(Category category, const char *format,...)
Definition Logging.cpp:30
STACK_OF
const STACK_OF(X509_EXTENSION)
Definition openssl-compat.c:90
uint16_t
unsigned short uint16_t
Definition stdint.h:125
uint8_t
unsigned char uint8_t
Definition stdint.h:124
yh_capabilities
Capabilities representation.
Definition yubihsm.h:162
yh_capabilities::capabilities
uint8_t capabilities[YH_CAPABILITIES_LEN]
Capabilities is represented as an 8 byte uint8_t array.
Definition yubihsm.h:164
yh_connector
Definition internal.h:37
yh_session
Definition internal.h:25
yh_util_import_opaque
yh_rc yh_util_import_opaque(yh_session *session, uint16_t *object_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm, const uint8_t *in, size_t in_len)
Definition yubihsm.c:2666
yh_destroy_session
yh_rc yh_destroy_session(yh_session **session)
Definition yubihsm.c:890
yh_util_generate_ec_key
yh_rc yh_util_generate_ec_key(yh_session *session, uint16_t *key_id, const char *label, uint16_t domains, const yh_capabilities *capabilities, yh_algorithm algorithm)
Definition yubihsm.c:1913
yh_exit
yh_rc yh_exit(void)
Definition yubihsm.c:3910
yh_create_session_derived
yh_rc yh_create_session_derived(yh_connector *connector, uint16_t authkey_id, const uint8_t *password, size_t password_len, bool recreate, yh_session **session)
Definition yubihsm.c:593
yh_init
yh_rc yh_init(void)
Definition yubihsm.c:3857
yh_util_get_opaque
yh_rc yh_util_get_opaque(yh_session *session, uint16_t object_id, uint8_t *out, size_t *out_len)
Definition yubihsm.c:2636
yh_util_sign_attestation_certificate
yh_rc yh_util_sign_attestation_certificate(yh_session *session, uint16_t key_id, uint16_t attest_id, uint8_t *out, size_t *out_len)
Definition yubihsm.c:3495
yh_util_close_session
yh_rc yh_util_close_session(yh_session *session)
Definition yubihsm.c:1257
yh_authenticate_session
yh_rc yh_authenticate_session(yh_session *session)
Definition yubihsm.c:2927
yh_string_to_domains
yh_rc yh_string_to_domains(const char *domains, uint16_t *result)
Definition yubihsm.c:4535
yh_init_connector
yh_rc yh_init_connector(const char *url, yh_connector **connector)
Definition yubihsm.c:4024
yh_connect
yh_rc yh_connect(yh_connector *connector, int timeout)
Definition yubihsm.c:4079
yh_string_to_capabilities
yh_rc yh_string_to_capabilities(const char *capability, yh_capabilities *result)
Definition yubihsm.c:4115
yh_disconnect
yh_rc yh_disconnect(yh_connector *connector)
Definition yubihsm.c:4097
yh_get_session_id
yh_rc yh_get_session_id(yh_session *session, uint8_t *sid)
Definition yubihsm.c:2915
YH_ALGO_OPAQUE_X509_CERTIFICATE
@ YH_ALGO_OPAQUE_X509_CERTIFICATE
opaque-x509-certificate
Definition yubihsm.h:452
YH_ALGO_EC_P256
@ YH_ALGO_EC_P256
ecp256
Definition yubihsm.h:414
YH_CAPABILITIES_LEN
#define YH_CAPABILITIES_LEN
Length of capabilities array.
Definition yubihsm.h:119
yh_rc
yh_rc
Definition yubihsm.h:170
YHR_GENERIC_ERROR
@ YHR_GENERIC_ERROR
Return value when encountering an unknown error.
Definition yubihsm.h:228
YHR_SUCCESS
@ YHR_SUCCESS
Returned value when function was successful.
Definition yubihsm.h:172
capabilities
yh_capabilities capabilities
Definition yubihsm_pkcs11.c:1305
yrc
yh_rc yrc
Definition yubihsm_pkcs11.c:606
memset
memset(pInfo->slotDescription, ' ', 64)
Here is the call graph for this function:

Variable Documentation

◆ attestation_template_file

const char attestation_template_file[] = "attestation_template.pem"

Definition at line 37 of file attest.c.

◆ key_label

const char* key_label = "label"

Definition at line 38 of file attest.c.

◆ password

const uint8_t password[] = "password"

Definition at line 39 of file attest.c.