Example to generate self signed certificate programatically

[PrithviAPai]

Hi Team,
I m new mbedTLS and interested to learn various security aspects.
I have generated key pairs(private and public key). programmatically using OP-TEE PKCS11 APIs.
I have a requirement to generate self signed certificate using the private key.

I dont see any examples for the same in mbedTLS code base. I saw an API in cert_write.c however, it requires the key pais to be passed as a file in argument. Is there any examples demonstrating generation of self signed certificate dynamically ?

Mbed TLS needs this because as it helps newbies in security

[gilles-peskine-arm]

If you want to use the Mbed TLS command-line tools, please read the knowledge base article. There also is an example in my cert_write_demo.sh script (submitted as #2698, not merged). The pull request needs rework, but I think the script would work with current Mbed TLS since the sample programs have not changed.

If you want to use the Mbed TLS C API, you can follow the code in cert_write.c. For a self-signed certificate, take the branches where opt.selfsign is true.

[PrithviAPai]

@gilles-peskine-arm I tried using cert_write.c but, that API expects the key pair to be in der/pem format. I have the key pair in raw format which I have generated using OP-TEE. Do you have any suggestions on how to parse raw key pair ?

[tom-cosgrove-arm]

@PrithviAPai You are more likely to get a reply to this kind of question on the Mbed TLS mailing list - we tend to use GitHub issues for bug reports rather than support requests like this

[gilles-peskine-arm]

For x509, you need to have the key as a mbedtls_pk_context. To fill it from raw data:

1. Use mbedtls_pk_setup to select the key type.
2. Use either mbedtls_pk_rsa or mbedtls_pk_ec to get a pointer to the type-dependent low-level context.
3. Fill the low-level context with the raw data.

[PrithviAPai]

Thanks @gilles-peskine-arm the method you suggested worked for me however now when I call "mbedtls_x509write_crt_der" I get this error code (-46) MBEDTLS_ERR_OID_NOT_FOUND.
The md algo which I have set is "MBEDTLS_MD_SHA384"
And these are init steps of pk context

mbedtls_pk_init(&issuer_ctx);
mbedtls_pk_setup(&issuer_ctx,mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA));

Have I missed anything ?

[PrithviAPai]

int setKey(mbedtls_ecp_keypair **ec_context, const uint8_t *key_X, const uint8_t *key_Y,
                             const uint8_t *key, size_t key_size)
{
	int ret = 1;
	mbedtls_ecp_keypair *ctx;

    if (ec_context == NULL || key_X == NULL || key_Y == NULL) {
        return TEE_ERROR_GENERIC;
    }

	ctx = *ec_context;
	mbedtls_ecp_group_init(&ctx->grp);
	ret = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP384R1);
	if (ret != 0) {
		return TEE_ERROR_GENERIC;
	}
	ret = mbedtls_mpi_read_binary(&ctx->Q.X, key_X, key_size);
    if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
    ret = mbedtls_mpi_read_binary(&ctx->Q.Y, key_Y, key_size);
    if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
	ret = mbedtls_mpi_lset(&ctx->Q.Z, 1);
    if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
	ret = mbedtls_mpi_read_binary(&ctx->d, key, key_size);
	if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
	return TEE_SUCCESS;
}


int GenerateCertificate(const uint8_t *public_key_X, const uint8_t *public_key_X, const uint8_t *key)
{
	int ret = 1;
	mbedtls_pk_context	 issuer_ctx;

	mbedtls_pk_init(&issuer_ctx);

	if ((ret = mbedtls_pk_setup(&issuer_ctx,mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) {
        EMSG(" failed\n  !  mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
        goto exit;
      }
	mbedtls_ecp_keypair *issuer_ecp = mbedtls_pk_ec(issuer_ctx);

	res =  setKey(&issuer_ecp, public_key_X, public_key_Y, private_key, 48);
	if (res != TEE_SUCCESS)
	{
		goto exit;
	}
	

exit:
	mbedtls_pk_free(&subject_ctx);
	return ret;
}

[PrithviAPai]

@gilles-peskine-arm this is the complete function for setting raw key pair to pk_context.
I did follow all the steps given by you. Am I missing something ?

While generating certificate in der format I get MBEDTLS_ERR_OID_NOT_FOUND error.
Please help me here

[gilles-peskine-arm]

The setKey function doesn't look obviously wrong to me. The GenerateCertificate doesn't compile and doesn't do anything related to certificates, you seem to have posted an early draft.

Looking at what can generate MBEDTLS_ERR_OID_NOT_FOUND — did you use MBEDTLS_PK_ECDSA or MBEDTLS_PK_ECKEY when calling mbedtls_pk_setup? I'm not sure if both are supported. (If not then there's something missing in our documentation.)

[PrithviAPai]

@gilles-peskine-arm I did use MBEDTLS_PK_ECKEY when calling mbedtls_pk_setup

[PrithviAPai]

TEE_Result TA_GenerateCert(void *loaded_issuer_key, void *loaded_subject_key, uint8_t **cert, size_t *len, uint8_t is_ca, const char *issuer_name, const char *subject_name)
{
	int ret = 1;
	unsigned char certificate_der[4096];
	unsigned char *cert_start;
	mbedtls_mpi serial;
	mbedtls_x509write_cert crt;
      mbedtls_ctr_drbg_context ctr_drbg;
      mbedtls_pk_context *issuer_key = loaded_issuer_key,
                         *subject_key = loaded_subject_key;
	TEE_Result res = TEE_ERROR_GENERIC;

    mbedtls_x509write_crt_init(&crt);
    mbedtls_mpi_init(&serial);
    mbedtls_ctr_drbg_init(&ctr_drbg);

	const char *serial_number = CERT_SERIAL_NUMBER;
 	if ((ret = mbedtls_mpi_read_string(&serial, 10, serial_number)) != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
     }

    mbedtls_x509write_crt_set_subject_key(&crt, subject_key);
    mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key);

    if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, subject_name)) != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }
    if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name)) != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

    mbedtls_x509write_crt_set_version(&crt, MBEDTLS_X509_CRT_VERSION_3);
    mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA384);

	ret = mbedtls_x509write_crt_set_serial(&crt, &serial);
    if (ret != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

	const char *validity_from = CERT_VALIDITY_FROM;
	const char *validity_till = CERT_VALIDITY_TILL;
    ret = mbedtls_x509write_crt_set_validity(&crt, validity_from, validity_till);
    if (ret != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }


	if (is_ca)
	{
        ret = mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca,0);
        if (ret != 0) {
			res = TEE_ERROR_GENERIC;
            goto exit;
        }
	}

	ret = mbedtls_x509write_crt_der(&crt, certificate_der, sizeof(certificate_der), mbedtls_ctr_drbg_random, &ctr_drbg);
    if (ret != 0) {
		res = TEE_ERROR_GENERIC;
        return ret;
    }

    *len = ret;
    cert_start = certificate_der + 4096 - *len;
	cert = TEE_Malloc(*len, TEE_MALLOC_FILL_ZERO);
	TEE_MemMove(cert, cert_start, *len);
	res =  TEE_SUCCESS;

exit:
    mbedtls_x509write_crt_free(&crt);
    mbedtls_mpi_free(&serial);
    mbedtls_ctr_drbg_free(&ctr_drbg);
    return res;
}

[PrithviAPai]

@gilles-peskine-arm added snippet which I have to generate the certificate. The return value from mbedtls_x509write_crt_der I get is -46 which is MBEDTLS_ERR_OID_NOT_FOUND
Am I missing anything here ?

[gilles-peskine-arm]

That's still not complete code: how are you creating loaded_issuer_key and loaded_subject_key?

The only obvious way for mbedtls_x509write_crt_der to return MBEDTLS_ERR_OID_NOT_FOUND is if the mbedtls_pk_type_t of the mbedtls_pk_context is wrong.

[PrithviAPai]

Hi @gilles-peskine-arm
At first I call GenerateCertificate function with raw key pair values
Here pk_init, pk_setup is done .

int GenerateCertificate(const uint8_t *public_key_X, const uint8_t *public_key_X, const uint8_t *key)
{
	int ret = 1;
	mbedtls_pk_context	 issuer_ctx;

	mbedtls_pk_init(&issuer_ctx);

	if ((ret = mbedtls_pk_setup(&issuer_ctx,mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY))) != 0) {
        EMSG(" failed\n  !  mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
        goto exit;
      }
	mbedtls_ecp_keypair *issuer_ecp = mbedtls_pk_ec(issuer_ctx);

	res =  setKey(&issuer_ecp, public_key_X, public_key_Y, private_key, 48);
	if (res != TEE_SUCCESS)
	{
		goto exit;
	}
	

exit:
	mbedtls_pk_free(&subject_ctx);
	return ret;
}

This function makes a call to setKey.
Here the raw values are copied to pk_context by the help of mbedtls_mpi_read_binary function.

int setKey(mbedtls_ecp_keypair **ec_context, const uint8_t *key_X, const uint8_t *key_Y,
                             const uint8_t *key, size_t key_size)
{
	int ret = 1;
	mbedtls_ecp_keypair *ctx;

    if (ec_context == NULL || key_X == NULL || key_Y == NULL) {
        return TEE_ERROR_GENERIC;
    }

	ctx = *ec_context;
	mbedtls_ecp_group_init(&ctx->grp);
	ret = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP384R1);
	if (ret != 0) {
		return TEE_ERROR_GENERIC;
	}
	ret = mbedtls_mpi_read_binary(&ctx->Q.X, key_X, key_size);
    if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
    ret = mbedtls_mpi_read_binary(&ctx->Q.Y, key_Y, key_size);
    if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
	ret = mbedtls_mpi_lset(&ctx->Q.Z, 1);
    if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
	ret = mbedtls_mpi_read_binary(&ctx->d, key, key_size);
	if (ret != 0) {
        return TEE_ERROR_GENERIC;
    }
	return TEE_SUCCESS;
}

Once that is completed now I have pk_context filled with all required values.
with that I call TA_GenerateCert where loaded_issuer_key= loaded_subject_key = issue_ctx as it is for self signed certificate

[PrithviAPai]

@gilles-peskine-arm Complete flow is attached below.

/**
caller of this function is TA_GenerateRootCertificate
**/
TEE_Result TA_GenerateCert(mbedtls_pk_context *loaded_issuer_key, mbedtls_pk_context *loaded_subject_key, uint8_t **cert, size_t *len, 
                                    uint8_t is_ca, const char *issuer_name, const char *subject_name)
{
	int ret = 1;
	unsigned char certificate_der[4096];
	unsigned char *cert_start;
	mbedtls_mpi serial;
	mbedtls_x509write_cert crt;
	mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_pk_context *issuer_key = loaded_issuer_key,
                       *subject_key = loaded_subject_key;
    const char *pers = "crt";
	TEE_Result res = TEE_ERROR_GENERIC;

    mbedtls_x509write_crt_init(&crt);
    mbedtls_mpi_init(&serial);
    mbedtls_ctr_drbg_init(&ctr_drbg);
    mbedtls_entropy_init(&entropy);
    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, f_entropy, &entropy,
                                     (const unsigned char *) pers,
                                     strlen(pers))) != 0) {
        goto exit;
    }

	const char *serial_number = CERT_SERIAL_NUMBER;
 	if ((ret = mbedtls_mpi_read_string(&serial, 10, serial_number)) != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

	mbedtls_x509write_crt_set_subject_key(&crt, subject_key);
    mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key);

    if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, subject_name)) != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }
    if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, issuer_name)) != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

    mbedtls_x509write_crt_set_version(&crt, MBEDTLS_X509_CRT_VERSION_3);
    mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA384);

	ret = mbedtls_x509write_crt_set_serial(&crt, &serial);
    if (ret != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

	const char *validity_from = CERT_VALIDITY_FROM;
	const char *validity_till = CERT_VALIDITY_TILL;
    ret = mbedtls_x509write_crt_set_validity(&crt, validity_from, validity_till);
    if (ret != 0) {
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

	if (is_ca)
	{
        ret = mbedtls_x509write_crt_set_basic_constraints(&crt, is_ca,0);
        if (ret != 0) {
			res = TEE_ERROR_GENERIC;
            goto exit;
        }
	}

	ret = mbedtls_x509write_crt_der(&crt, certificate_der, sizeof(certificate_der), mbedtls_ctr_drbg_random, &ctr_drbg);
    if (ret != 0) {
		EMSG("mbedtls_x509write_crt_der error 0x%x ", ret);
		res = TEE_ERROR_GENERIC;
        goto exit;
    }

    *len = ret;
    cert_start = certificate_der + 4096 - *len;
	cert = TEE_Malloc(*len, TEE_MALLOC_FILL_ZERO);
	TEE_MemMove(cert, cert_start, *len);
	res =  TEE_SUCCESS;

exit:
    mbedtls_x509write_crt_free(&crt);
    mbedtls_mpi_free(&serial);
    mbedtls_ctr_drbg_free(&ctr_drbg);
    mbedtls_entropy_free(&entropy);
	return res;
}

/**
caller of this function is TA_GenerateRootCertificate
**/
TEE_Result TA_GenerateRootCertificate(void *issuer_ec_context, void *subject_ec_context, uint8_t **cert, uint8_t *cert_len)
{
	int res = 1;
	const char issuer_name[ISSUER_LENGTH] = ROOT_ISSUER_NAME;
	if (issuer_ec_context == NULL || subject_ec_context == NULL)
	{
		return res;
	}
	res = TA_GenerateCert(issuer_ec_context, subject_ec_context, cert,
	                               cert_len, 1, issuer_name, issuer_name);
	return res;
}

/**
caller of this function is GenerateCertificate
**/
TEE_Result TA_ECSetKey(mbedtls_ecp_keypair **ec_context, const uint8_t *key_X, const uint8_t *key_Y,
                             const uint8_t *key, size_t key_size)
{
	int ret = 1;
	mbedtls_ecp_keypair *ctx;

    if (ec_context == NULL || key_X == NULL || key_Y == NULL) {
        return TEE_ERROR_GENERIC;
    }

	ctx = *ec_context;
	mbedtls_ecp_group_init(&ctx->grp);
    mbedtls_mpi_init(&ctx->d);
    mbedtls_ecp_point_init(&ctx->Q);

	ret = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP384R1);
	if (ret != 0) {
		return ret;
	}
	ret = mbedtls_mpi_read_binary(&ctx->Q.X, key_X, key_size);
    if (ret != 0) {
        return ret;
    }
    ret = mbedtls_mpi_read_binary(&ctx->Q.Y, key_Y, key_size);
    if (ret != 0) {
        return ret;
    }
	ret = mbedtls_mpi_lset(&ctx->Q.Z, 1);
    if (ret != 0) {
        return ret;
    }
	ret = mbedtls_mpi_read_binary(&ctx->d, key, key_size);
	if (ret != 0) {
        return ret;
    }
	return ret;
}

/*
* Entry Point
*/
int TA_GenerateCertificate(const uint8_t *public_key_X, const uint8_t *public_key_X, const uint8_t *key)
{
	int ret = 1;
	mbedtls_pk_context	 issuer_ctx;

	mbedtls_pk_init(&issuer_ctx);

	if ((ret = mbedtls_pk_setup(&issuer_ctx,
	                    mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA))) != 0) {
        EMSG(" failed\n  !  mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
        goto exit;
    }

	mbedtls_ecp_keypair *issuer_ecp = mbedtls_pk_ec(issuer_ctx);

	ret =  TA_ECSetKey(&issuer_ecp, public_key_X, spublic_key_Y, 
	                       private_key, SHA384_SIZE);
	if (res != 0)
	{
		goto exit;
	}
	
	res = TA_GenerateRootCertificate(&issuer_ctx, &issuer_ctx, &certificate, cert_len);
	if (res != 0) {
        goto exit;
    }


exit:
	mbedtls_pk_free(&issuer_ctx);
	return res;
}

Please help me understand what I m missing here.
I have referred the sample code from mbedtls/programs/x509/cert_write.c for my development

[PrithviAPai]

@gilles-peskine-arm I have generated self signed certificate which is my root certificate
How if I need to generate leaf certificate for the certificate chain, issuer key pair will be my root key pair and subject key pair will be my leaf key pair is my understanding right ?
Basically I want to generate certificate chain where CA is my self signed certificate and leaf certificate needs to be signed by mu root key.
Please share your guidance