From eb1d3f62672d0ad12690fd0d1c240f8af45dc0c4 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp@vt.edu>
Date: Sun, 6 May 2018 20:14:11 -0400
Subject: [PATCH] add cert/privkey scripts

---
 tools/ca_sign.sh  | 13 +++++++++++++
 tools/cbytes.py   | 42 ++++++++++++++++++++++++++++++++++++++++++
 tools/dump_pem.py | 21 +++++++++++++++++++++
 tools/genca.sh    | 17 +++++++++++++++++
 4 files changed, 93 insertions(+)
 create mode 100644 tools/ca_sign.sh
 create mode 100644 tools/cbytes.py
 create mode 100644 tools/dump_pem.py
 create mode 100644 tools/genca.sh

diff --git a/tools/ca_sign.sh b/tools/ca_sign.sh
new file mode 100644
index 0000000..b5182fa
--- /dev/null
+++ b/tools/ca_sign.sh
@@ -0,0 +1,13 @@
+
+[[ "$#" != 4 ]] && echo "usage: $0 <private-key> <CA-cert> <signing-key> <output-cert>" && exit 1
+
+# generate a "signing request"
+echo "generate request"
+openssl req -new -key "$1" -out "$1".csr
+
+# CA sign the request
+echo "sign request with CA key"
+openssl x509 -days 18250 -req -in "$1".csr -CA "$2" -CAkey "$3" -out "$4" -set_serial 0
+
+echo "output as der"
+openssl  x509 -in "$4" -outform der -out "$4".der
diff --git a/tools/cbytes.py b/tools/cbytes.py
new file mode 100644
index 0000000..6ad5fa5
--- /dev/null
+++ b/tools/cbytes.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+from __future__ import print_function
+"""
+    cbytes.py
+
+    Output a c file with the DER certificate.
+    Read der file as input
+"""
+import sys,fileinput,binascii
+
+if len(sys.argv) not in [2,3]:
+    print('usage: %s <certificate.der|hex-input> [-s]' % sys.argv[0])
+    print('    -s: just output c string (for general use)')
+    sys.exit(1)
+
+buf = None
+try:
+    buf = bytearray(open(sys.argv[1], 'rb').read())
+except:
+    n = sys.argv[1].replace('\n','')
+    n = sys.argv[1].replace('\r','')
+    buf = bytearray(binascii.unhexlify(n))
+
+c_str = ''
+size = len(buf)
+
+a = ''.join(map(lambda c:'\\x%02x'%c, buf))
+
+for i in range(0,len(a), 80):
+    c_str += ("\""+a[i:i+80]+"\"\n")
+
+if '-s' in sys.argv:
+    print(c_str)
+    sys.exit(0)
+
+print('// generated')
+print('#include <stdint.h>')
+print()
+print('code uint8_t __attest[] = \n%s;' % c_str)
+print('const uint16_t __attest_size = sizeof(__attest)-1;')
+
+
diff --git a/tools/dump_pem.py b/tools/dump_pem.py
new file mode 100644
index 0000000..7e9c825
--- /dev/null
+++ b/tools/dump_pem.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+from __future__ import print_function
+import sys,fileinput,binascii
+try:
+    import ecdsa
+except:
+    print('python ecdsa module is required')
+    print('try running: ')
+    print('     pip install ecdsa')
+    sys.exit(1)
+
+
+if len(sys.argv) not in [2]:
+    print('usage: %s <key.pem>' % sys.argv[0])
+    sys.exit(1)
+
+pemkey = sys.argv[1]
+attestkey = ecdsa.SigningKey.from_pem(open(pemkey).read())
+
+print(binascii.hexlify(attestkey.to_string()))
+print(repr(attestkey.to_string()))
diff --git a/tools/genca.sh b/tools/genca.sh
new file mode 100644
index 0000000..3ee8b62
--- /dev/null
+++ b/tools/genca.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+keyname=key.pem
+certname=cert.pem
+smallcertname=cert.der
+curve=prime256v1
+
+# generate EC private key
+openssl ecparam -genkey -name "$curve" -out "$keyname"
+# generate a "signing request"
+openssl req -new -key "$keyname" -out "$keyname".csr
+# self sign the request
+openssl x509 -req -days 18250  -in "$keyname".csr -signkey "$keyname" -out "$certname"
+
+# convert to smaller size format DER
+openssl  x509 -in $certname  -outform der -out $smallcertname
+