From 71b3e7ceaf1ca34b002d3c8c16d1df6c831315fb Mon Sep 17 00:00:00 2001 From: Jannik Hoelling Date: Tue, 18 Jan 2022 20:21:54 +0000 Subject: [PATCH] bearssl: generate ca certificate --- evaluation-libraries/bearssl/Dockerfile | 1 + evaluation-libraries/bearssl/client/client.h | 46 -------------------- 2 files changed, 1 insertion(+), 46 deletions(-) diff --git a/evaluation-libraries/bearssl/Dockerfile b/evaluation-libraries/bearssl/Dockerfile index 369ea63..f37a0ad 100644 --- a/evaluation-libraries/bearssl/Dockerfile +++ b/evaluation-libraries/bearssl/Dockerfile @@ -19,6 +19,7 @@ ADD CMakeLists.txt /build/CMakeLists.txt # generate c code from private keys and certs RUN ls /build/server/ +RUN /build/BearSSL/build/brssl ta /etc/ssl/cert-data/ca.crt | tail -n +2 >> /build/client/client.h RUN /build/BearSSL/build/brssl chain /etc/ssl/cert-data/tls-server.com-chain.crt | tail -n +2 >> /build/server/server.h RUN /build/BearSSL/build/brssl skey -C /etc/ssl/cert-data/tls-server.com.key | tail -n +2 >> /build/server/server.h diff --git a/evaluation-libraries/bearssl/client/client.h b/evaluation-libraries/bearssl/client/client.h index 6c712f0..eb0848e 100644 --- a/evaluation-libraries/bearssl/client/client.h +++ b/evaluation-libraries/bearssl/client/client.h @@ -35,52 +35,6 @@ #include #include -/* certs/ca.crt - Code generated by running "brssl ta ca.crt" -*/ -static const unsigned char TA0_DN[] = { - 0x30, 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, - 0x09, 0x54, 0x68, 0x65, 0x73, 0x69, 0x73, 0x20, 0x43, 0x41}; - -static const unsigned char TA0_RSA_N[] = { - 0xD2, 0x20, 0x8A, 0x5D, 0x20, 0x05, 0x4B, 0x15, 0x3D, 0x00, 0x29, 0x4A, - 0xFB, 0x95, 0x0F, 0x7A, 0x3E, 0x04, 0x61, 0xC2, 0x95, 0x85, 0x80, 0xAD, - 0xD9, 0xA8, 0xA3, 0x07, 0x22, 0xB1, 0x60, 0xA2, 0x1C, 0xA0, 0x90, 0xA0, - 0x14, 0x30, 0x45, 0x3D, 0xF6, 0xC6, 0x26, 0x5D, 0xA3, 0xE7, 0x05, 0x6A, - 0xFC, 0x5C, 0x3F, 0x8B, 0xE4, 0xF1, 0xB1, 0xD1, 0xCF, 0x43, 0x7C, 0x82, - 0x39, 0xEB, 0x81, 0xC5, 0xF9, 0x55, 0x03, 0x7E, 0x68, 0x1C, 0x6A, 0x52, - 0x1C, 0x29, 0x0B, 0x15, 0x43, 0x4B, 0x0D, 0xA7, 0x99, 0xCA, 0xBA, 0x7E, - 0xFD, 0x19, 0xB6, 0xA4, 0x00, 0xFD, 0x64, 0xE9, 0xBC, 0x87, 0xA1, 0x48, - 0xBE, 0x3F, 0x0D, 0xE0, 0xF1, 0xD7, 0xE6, 0x31, 0x99, 0x81, 0xE2, 0xC3, - 0x4B, 0x21, 0xFE, 0x6C, 0x70, 0x57, 0x9F, 0x86, 0x61, 0xA3, 0x95, 0x6A, - 0xC9, 0x0E, 0x1E, 0xE1, 0x66, 0x9F, 0x5D, 0xD2, 0xE0, 0x65, 0x6D, 0xB7, - 0xE5, 0x45, 0x93, 0xE0, 0xCA, 0x9E, 0xA5, 0x2E, 0x94, 0x9D, 0x1F, 0x1A, - 0x96, 0x02, 0xCF, 0x7B, 0xE6, 0x39, 0x6C, 0x0C, 0x34, 0xA4, 0xA1, 0x7E, - 0xB3, 0x38, 0x5F, 0x5D, 0x46, 0x40, 0x90, 0xAF, 0x8C, 0x56, 0x60, 0xEC, - 0xB9, 0x86, 0x78, 0xF6, 0x36, 0x38, 0x35, 0x28, 0x88, 0xC0, 0xFA, 0x57, - 0x9D, 0xFE, 0x94, 0x97, 0x2F, 0x0A, 0x31, 0x41, 0x02, 0xE6, 0xFA, 0x03, - 0x72, 0x98, 0x64, 0x71, 0x28, 0x6D, 0xFB, 0x12, 0x88, 0x7B, 0x41, 0xA7, - 0x8E, 0xBB, 0x6C, 0x16, 0x70, 0x86, 0x58, 0x55, 0x58, 0xF3, 0xE8, 0x60, - 0x24, 0xBF, 0x0D, 0x9C, 0x78, 0x8B, 0x0B, 0xCB, 0xD5, 0xA8, 0x8E, 0x3E, - 0x9F, 0x71, 0x46, 0x2A, 0x5A, 0x16, 0xE8, 0xE8, 0x63, 0xBC, 0x5E, 0x0A, - 0x5D, 0xE9, 0xF0, 0x99, 0xAB, 0x49, 0x8E, 0x44, 0xB7, 0x36, 0xEF, 0xC6, - 0x42, 0xC1, 0xC3, 0x71}; - -static const unsigned char TA0_RSA_E[] = { - 0x01, 0x00, 0x01}; - -static const br_x509_trust_anchor TAs[1] = { - {{(unsigned char *)TA0_DN, sizeof TA0_DN}, - BR_X509_TA_CA, - {BR_KEYTYPE_RSA, - {.rsa = { - (unsigned char *)TA0_RSA_N, - sizeof TA0_RSA_N, - (unsigned char *)TA0_RSA_E, - sizeof TA0_RSA_E, - }}}}}; -//only one certificate -#define TAs_NUM 1 /* * Connect to the specified host and port. The connected socket is