Hi Ron,
I’m here again to ask your help.
I developed my code but when I execute the function mbedtls_x509write_csr_pem I get back this error code: -17168.
I don’t undestand this error.
I built a module that expose this function MBEDTLS_GenerateRsaPrivateKey() that I use to generate the private key and CSR.
This is my code:
#include "mbedtls.h"
#include "mbedtls/config.h"
#include "mbedtls/platform.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/bignum.h"
#include "mbedtls/x509.h"
#include "mbedtls/rsa.h"
#include "mbedtls/x509_csr.h"
#define MBEDTLS_KEY_SIZE (2048)
#define MBEDTLS_EXPONENT (65537)
static mbedtls_pk_context MBEDTLS_PrivateKeyContext;
static mbedtls_entropy_context MBEDTLS_Entropy;
static mbedtls_ctr_drbg_context MBEDTLS_CtrDrbg;
static mbedtls_mpi MBEDTLS_N;
static mbedtls_mpi MBEDTLS_P;
static mbedtls_mpi MBEDTLS_Q;
static mbedtls_mpi MBEDTLS_D;
static mbedtls_mpi MBEDTLS_E;
static mbedtls_mpi MBEDTLS_DP;
static mbedtls_mpi MBEDTLS_DQ;
static mbedtls_mpi MBEDTLS_QP;
static const char* MBEDTLS_Pers = "gen_key";
static mbedtls_x509write_csr MBEDTLS_CsrRequest;
static char MBEDTLS_PrivateKey[1024];
static unsigned char MBEDTLS_CsrPem[4096];
static const char* MBEDTLS_SubjectName = "CN=Cert,O=Cefriel TLS,C=IT";
static int MBEDTLS_Printf( const char* buffer, ... );
static int MBEDTLS_Printf( const char* buffer, ... )
{
int opResult;
va_list list;
va_start( list, buffer );
opResult = Report( buffer, list );
va_end(list);
return opResult;
return 1;
}
uint8_t MBEDTLS_Initialize( void );
uint8_t MBEDTLS_GenerateRsaPrivateKey( void );
uint8_t MBEDTLS_Initialize( void )
{
uint8_t opResult = APP_TRUE;
if( mbedtls_platform_set_printf( MBEDTLS_Printf ) != 0 )
{
opResult = APP_FALSE;
}
return opResult;
}
static uint8_t MBEDTLS_GenerateCsr( void )
{
int mbedResult;
mbedtls_x509write_csr_init( &MBEDTLS_CsrRequest );
mbedtls_x509write_csr_set_md_alg( &MBEDTLS_CsrRequest, MBEDTLS_MD_SHA256 );
mbedtls_ctr_drbg_init( &MBEDTLS_CtrDrbg );
//mbedtls_pk_init( &MBEDTLS_PrivateKeyContext );
memset( MBEDTLS_PrivateKey, 0, sizeof(MBEDTLS_PrivateKey) );
UART_PRINT( "Seeding the random number generator...\r\n" );
mbedtls_entropy_init( &MBEDTLS_Entropy );
mbedResult = mbedtls_ctr_drbg_seed( &MBEDTLS_CtrDrbg, mbedtls_entropy_func, &MBEDTLS_Entropy, (const unsigned char *)MBEDTLS_Pers, strlen(MBEDTLS_Pers) );
if( mbedResult == 0 )
{
/* Check the subject name for validity */
UART_PRINT( "Check the subject name for validity\r\n" );
mbedResult = mbedtls_x509write_csr_set_subject_name( &MBEDTLS_CsrRequest, MBEDTLS_SubjectName );
if( mbedResult == 0 )
{
/* Load the key */
UART_PRINT( "Loading Private Key" );
mbedtls_x509write_csr_set_key( &MBEDTLS_CsrRequest, &MBEDTLS_PrivateKeyContext );
/* Covert CSR in PEM format */
memset( MBEDTLS_CsrPem, 0, sizeof(MBEDTLS_CsrPem) );
mbedResult = mbedtls_x509write_csr_pem( &MBEDTLS_CsrRequest, MBEDTLS_CsrPem, sizeof(MBEDTLS_CsrPem), mbedtls_ctr_drbg_random, &MBEDTLS_CtrDrbg );
if( mbedResult >= 0 )
{
UART_PRINT( "CSR conversion to PEM COMPLETED" );
}
else
{
UART_PRINT( "mbedtls_x509write_csr_pem returned %d - FAILED", mbedResult );
}
}
else
{
UART_PRINT( "mbedtls_x509write_csr_set_subject_name returned %d - FAILED", mbedResult );
}
}
else
{
}
mbedtls_x509write_csr_free( &MBEDTLS_CsrRequest );
mbedtls_pk_free( &MBEDTLS_PrivateKeyContext );
mbedtls_ctr_drbg_free( &MBEDTLS_CtrDrbg );
mbedtls_entropy_free( &MBEDTLS_Entropy );
}
uint8_t MBEDTLS_GenerateRsaPrivateKey( void )
{
int mbedResult;
mbedtls_ctr_drbg_init( &MBEDTLS_CtrDrbg );
mbedtls_pk_init( &MBEDTLS_PrivateKeyContext );
memset( MBEDTLS_PrivateKey, 0, sizeof(MBEDTLS_PrivateKey) );
mbedtls_mpi_init( &MBEDTLS_N );
mbedtls_mpi_init( &MBEDTLS_P );
mbedtls_mpi_init( &MBEDTLS_Q );
mbedtls_mpi_init( &MBEDTLS_D );
mbedtls_mpi_init( &MBEDTLS_E );
mbedtls_mpi_init( &MBEDTLS_DP );
mbedtls_mpi_init( &MBEDTLS_DQ );
mbedtls_mpi_init( &MBEDTLS_QP );
UART_PRINT("Seeding the random number generator...\r\n");
mbedtls_entropy_init( &MBEDTLS_Entropy );
mbedResult = mbedtls_ctr_drbg_seed( &MBEDTLS_CtrDrbg, mbedtls_entropy_func, &MBEDTLS_Entropy, (const unsigned char *)MBEDTLS_Pers, strlen(MBEDTLS_Pers) );
if( mbedResult == 0 )
{
UART_PRINT( "Generating the private key\r\n" );
mbedResult = mbedtls_pk_setup( &MBEDTLS_PrivateKeyContext, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if( mbedResult == 0 )
{
mbedResult = mbedtls_rsa_gen_key( mbedtls_pk_rsa(MBEDTLS_PrivateKeyContext), mbedtls_ctr_drbg_random, &MBEDTLS_CtrDrbg, MBEDTLS_KEY_SIZE, 65537 );
if( mbedResult == 0 )
{
UART_PRINT( "Private Key COMPLETE\r\n" );
/* Generate CSR */
MBEDTLS_GenerateCsr();
return APP_TRUE;
}
else
{
UART_PRINT( " FAILED - mbedtls_rsa_gen_key returned -0x%04x", -mbedResult );
}
}
else
{
UART_PRINT( "FAILED - mbedtls_pk_setup returned -0x%04x", -mbedResult );
}
}
else
{
UART_PRINT( "mbedtls_ctr_drbg_seed returned %d - FAILED\r\n", mbedResult );
}
/* Free Resources */
mbedtls_mpi_free( &MBEDTLS_N );
mbedtls_mpi_free( &MBEDTLS_P );
mbedtls_mpi_free( &MBEDTLS_Q );
mbedtls_mpi_free( &MBEDTLS_D );
mbedtls_mpi_free( &MBEDTLS_E );
mbedtls_mpi_free( &MBEDTLS_DP );
mbedtls_mpi_free( &MBEDTLS_DQ );
mbedtls_mpi_free( &MBEDTLS_QP );
mbedtls_ctr_drbg_free( &MBEDTLS_CtrDrbg );
mbedtls_entropy_free( &MBEDTLS_Entropy );
return APP_FALSE;
}
Thanks for your help!
BR,
Federico