Dynamic Key Pair Creation and Hex Calculation

robindubeyibm · robindubeyibm · commit a0ad6dc17e27 · 2024-03-13T12:11:41.000+05:30
Signed-off-by: Robin Dubey &lt;robin.dubey@ibm.com&gt;
diff --git a/icc/Makefile b/icc/Makefile
@@ -429,7 +429,7 @@ tmp/tmp/dummyfile:  Build_OSSL_Complete tmp/dummyfile
 #- Split this into 2 phases for the OS/X fat binaries work - resolves circular dependencies
 # this is target for icclib085 shared library
 
-$(ICCDLL_NAME):  icclib$(OBJSUFX) $(LIBOBJS)  $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile  signer$(EXESUFX) tracer.h extsig.h
+$(ICCDLL_NAME): privkey.rsa icclib$(OBJSUFX) $(LIBOBJS)  $(STLPRFX)zlib$(STLSUFX) tmp/tmp/dummyfile  signer$(EXESUFX) tracer.h extsig.h
 	$(SLD) $(SLDFLAGS) $(ICCLIB_LNK) $(EXPORT_FLAG)$(ICCLIB_EXPFILE)  icclib$(OBJSUFX) $(LIBOBJS) $(STLPRFX)zlib$(STLSUFX) \
 		tmp/tmp/*$(OBJSUFX)  $(LDLIBS)
 #- Unstripped goes into NOSHIP
@@ -590,6 +590,15 @@ nist_algs$(EXESUFX): nist_algs1$(OBJSUFX)
 #=============================== Code sign/verify    ==============================
 
 #- stand alone signing tool
+privkey.rsa:
+	openssl genrsa -out privkey.rsa 2048
+
+pubkey.h: privkey.rsa
+	openssl rsa -in privkey.rsa -outform DER -RSAPublicKey_out > rsa_pub_key.der
+	echo "/*This is an auto generated code please DO NOT modify"
+	perl bin2hex.pl rsa_pub_key.der temp.h
+	cat temp.h >> pubkey.h
+	rm temp.h rsa_pub_key.der
 
 signer$(OBJSUFX): extsig.c
 	$(CC) -DSTANDALONE -DOPSYS=\"$(OPSYS)\" $(CFLAGS) -I$(OSSLINC_DIR) extsig.c $(OUT)$@
@@ -612,7 +621,7 @@ status$(OBJSUFX): status.c status.h icclib.h
 	$(CC) $(CFLAGS)  -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) status.c
 
 #- Build ICC FIPS code
-fips$(OBJSUFX): fips.c fips.h icclib.h iccerr.h $(PRNG_DIR)/fips-prng-RAND.h tracer.h 
+fips$(OBJSUFX): pubkey.h fips.c fips.h icclib.h iccerr.h $(PRNG_DIR)/fips-prng-RAND.h tracer.h 
 	$(CC) $(CFLAGS) -I./  -I$(SDK_DIR) -I$(OSSLINC_DIR) -I$(OSSL_DIR) -I$(API_DIR) fips.c
 
 #- Compile the FIPS prng code
diff --git a/icc/bin2hex.pl b/icc/bin2hex.pl
@@ -0,0 +1,34 @@
+#/*****Note- This Script is coping the effect of xxd -i command**********/
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+if (@ARGV != 2) {
+    die "Usage: $0 input_binary_file output_text_file\n";
+}
+
+my ($input_file, $output_file) = @ARGV;
+my ($input_file_name) = $input_file =~ /^(.*?)\.[^.]*$/;
+
+open my $input_fh, '<:raw', $input_file or die "Cannot open input file '$input_file': $!\n";
+open my $output_fh, '>', $output_file or die "Cannot open output file '$output_file': $!\n";
+
+print $output_fh "static const unsigned char $input_file_name\[] = {\n\t";
+
+my $n = 0;
+while (read $input_fh, my $buffer, 1) {
+    my $hex_byte = unpack 'H2', $buffer;
+    if ($n > 0 ) {
+	print $output_fh ",";
+    }
+    if ($n > 0 && ($n % 16) == 0) {
+        print $output_fh "\n\t";
+    }
+    print $output_fh "0x", $hex_byte;
+    $n = $n + 1;
+}
+print $output_fh "\n};\n";
+print $output_fh "unsigned $input_file_name\_size = ", $n, ";\n";
+
+close $input_fh;
+close $output_fh;
diff --git a/icc/fips.c b/icc/fips.c
@@ -22,6 +22,16 @@
 #include "TRNG/nist_algs.h"
 #include "tracer.h"
 
+/** @brief this is the public key that complements the private key */
+/* used to sign the modules within the cryptographic       */
+/* boundary at build time                                  */
+/* The private key at this time is stored in a file        */
+/* named icc/privkey.rsa                                   */
+/* \known Data: (rsa_pub_key) RSA public key used to verify
+    the ICC shared library signatures
+*/
+#include "pubkey.h"
+
 
 #if defined(_WIN32)
 #include <fcntl.h>
@@ -826,52 +836,6 @@ static const unsigned char cmac_ka[] = {
   0xbd,0x4b,0xf2,0x8d,0x8c,0x37,0xc3,0x5c
 };
 
-/** @brief this is the public key that complements the private key */
-/* used to sign the modules within the cryptographic       */
-/* boundary at build time                                  */
-/* The private key at this time is stored in a file        */
-/* named icc/privkey.rsa                                   */
-/** \known Data: (rsa_pub_key_DER) RSA public key used to verify
-    the ICC shared library signatures
-*/
-static const unsigned char rsa_pub_key_DER[] =
-  {
-    0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
-    0x00,0xD5,0x61,0x38,0x36,0x15,0x97,0xAD,
-    0xDC,0x6D,0x4D,0x44,0x8E,0x06,0x45,0x36,
-    0xB4,0x23,0x1A,0x69,0x82,0xD8,0xFE,0x9E,
-    0xF0,0x74,0x45,0x87,0xE1,0xE3,0x7F,0x58,
-    0x6D,0xA2,0x42,0xBB,0xAF,0xC6,0xC8,0x41,
-    0xBE,0xCA,0x50,0x1D,0x02,0x96,0xFC,0xAB,
-    0x66,0xDB,0xD5,0xE9,0x78,0x48,0x87,0x55,
-    0x68,0xF6,0x2B,0x7A,0xD3,0x18,0xDA,0xC7,
-    0x36,0xD0,0xD2,0x14,0xF8,0x93,0x2B,0x21,
-    0x5E,0x7A,0x95,0xAC,0xB6,0x76,0x9A,0xFE,
-    0x6C,0x31,0x4C,0x6D,0xC8,0xC7,0xDE,0x53,
-    0x53,0xB5,0x98,0x87,0x2F,0x9D,0x96,0x6B,
-    0x21,0xC0,0x83,0x6E,0xFC,0x13,0x39,0x28,
-    0x9B,0xBB,0x76,0xC7,0xF6,0x4E,0xDE,0x69,
-    0xCE,0xE0,0x4B,0x35,0x4D,0xC5,0xB9,0xE6,
-    0x96,0xDD,0xD1,0xB4,0x1C,0xE9,0xDC,0xE3,
-    0x7A,0x9C,0x74,0x19,0x71,0xCD,0xFE,0xF7,
-    0xEA,0x4E,0xC5,0x5E,0x7C,0xE7,0xA7,0xE7,
-    0x09,0x8C,0xB6,0xA8,0xC2,0x9F,0x1B,0xAE,
-    0x8C,0x22,0x08,0x05,0xF2,0xA4,0x53,0xA3,
-    0x03,0x83,0x4E,0x36,0x99,0x0D,0x86,0xC2,
-    0x00,0xE4,0xDF,0x82,0x29,0x88,0xA6,0x99,
-    0x1C,0x36,0x80,0xF5,0xD7,0x88,0x99,0x0A,
-    0x6F,0xB6,0x37,0xFF,0x99,0x87,0xF1,0x6C,
-    0x7B,0x3F,0x63,0x94,0x5A,0x42,0x56,0xF6,
-    0x34,0x80,0xC5,0x22,0x04,0x89,0x50,0x9F,
-    0x36,0x6A,0x58,0x49,0xB4,0xF0,0x65,0x01,
-    0xF8,0x69,0xD9,0x76,0x0E,0x9D,0x5F,0xAF,
-    0xB5,0xFE,0x0D,0xE0,0xF8,0x41,0xB6,0x80,
-    0xE5,0xA2,0x02,0xD0,0x8D,0xC6,0xAB,0xEE,
-    0xAE,0x53,0x8C,0xBC,0x1E,0x97,0x4F,0xEE,
-    0x9C,0xF3,0x47,0x08,0xDE,0x8C,0xB1,0xD8,
-    0x1B,0x02,0x03,0x01,0x00,0x01
-  };
-
 #if defined(KNOWN) 
 /** \known Data. OpenSSL curve name corresponding to NIST B-233  
     for binary field KAT
@@ -5099,14 +5063,14 @@ EVP_PKEY *get_pubkey(ICC_STATUS *stat) {
     SetStatusMem(NULL, stat, __FILE__, __LINE__);
   } else {
     const unsigned char *p1 = NULL;
-    p1 = (unsigned char *)rsa_pub_key_DER;
+    p1 = (unsigned char *)rsa_pub_key;
     /** \induced 157. Signature test, corrupt DER encoding
      */
     if (157 == icc_failure) {
       p1++;
     }
     rsaPKey = d2i_PublicKey(EVP_PKEY_RSA, &rsaPKey, (const unsigned char **)&p1,
-                            sizeof(rsa_pub_key_DER));
+                            sizeof(rsa_pub_key));
 
     /** \induced 153. iccSignature test. Couldn't convert embedded key to
        binary representation. This should never happen as if OpenSSL isn't
