From 08799e0760a38e07905a73f27675d1872b4e298f Mon Sep 17 00:00:00 2001 From: aweatherguy Date: Sat, 9 Apr 2022 10:40:09 -0700 Subject: [PATCH] New sample files for local root cert. --- tasmota/local_ca_data_sample.h | 51 ++++++++++++++++++++++++++++ tasmota/local_ca_descriptor_sample.h | 50 +++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 tasmota/local_ca_data_sample.h create mode 100644 tasmota/local_ca_descriptor_sample.h diff --git a/tasmota/local_ca_data_sample.h b/tasmota/local_ca_data_sample.h new file mode 100644 index 000000000..160e362ad --- /dev/null +++ b/tasmota/local_ca_data_sample.h @@ -0,0 +1,51 @@ +/* + local_ca_sample.h - sample file for embedding a local CA certificate + + Copyright (C) 2021 Theo Arends + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* +To generate a version of this file containing data for your root certificate, +run the following command from a Linux or Cygwin bash shell, assuming that a +copy of brssl (or brssl.exe) is in the directory where the EasyRSA shell script +is located. + +./brssl ta pki/ca.crt | sed -e '/br_x509/,+999 d' >local_ca_data.h + +Then copy local_ca_data.h into the same directory as user_config_override. + +Add this line to user_config_override.h: + +#define INCLUDE_LOCAL_CERT + +Be sure to generate both files: local_ca_data.h, and local_ca_descriptor.h +*/ + +// +// this is what the result will look like, except there will be +// a lot of data bytes defined in the first three arrays +// +static const unsigned char PROGMEM TA0_DN[] = { + // variable number of bytes go here (typically 100-140 or so) for the DN +}; + +static const unsigned char PROGMEM TA0_RSA_N[] = { + // 256 bytes go here for the public key modulus +}; + +static const unsigned char PROGMEM TA0_RSA_E[] = { + // 3 bytes go here for the public key exponent +}; diff --git a/tasmota/local_ca_descriptor_sample.h b/tasmota/local_ca_descriptor_sample.h new file mode 100644 index 000000000..3d4481981 --- /dev/null +++ b/tasmota/local_ca_descriptor_sample.h @@ -0,0 +1,50 @@ +/* + local-ca-sample.h - sample file for embedding a local CA certificate + + Copyright (C) 2021 Theo Arends + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* +To generate a version of this file containing data for your root certificate, +run the following command from a Linux or Cygwin bash shell, assuming that a +copy of brssl (or brssl.exe) is in the directory where the EasyRSA shell script +is located. + +./brssl ta pki/ca.crt | sed -e '1,/br_x509/ d' -e '/};/,+999 d' >local_ca_descriptor.h + +Then copy local_ca_descriptor.h into the same directory as user_config_override. + +Add this line to user_config_override.h: + +#define INCLUDE_LOCAL_CERT + +Be sure to generate both files: local_ca_data.h, and local_ca_descriptor.h +*/ + +// +// this is what the result will look like +// + { + { (unsigned char *)TA0_DN, sizeof TA0_DN }, + BR_X509_TA_CA, + { + BR_KEYTYPE_RSA, + { .rsa = { + (unsigned char *)TA0_RSA_N, sizeof TA0_RSA_N, + (unsigned char *)TA0_RSA_E, sizeof TA0_RSA_E, + } } + } + }