Topic: support of DTLS Raw public keys (RFC 7250)
Hello guys
Does wolfssl support dtls/tls raw public keys?
I googled for a few days and does not found anything about this topic.
Or, can i go in another way, create server certificate based on a 'SubjectPublicKeyInfo' in DER format? And then attaching it to SSL context, and work it, like working with x509 certificates
Like:
uint8_t srv_cert_buffer[1024] = {};
const uint8_t srv_pub_key[] = {...}; // Server's 'SubjectPublicKeyInfo' in DER format
size_t srv_pubkey_len = sizeof(srv_pub_key);
wc_ecc_init(&srv_pub_key_ecc);
if ( wc_EccPublicKeyDecode(srv_pub_key, (word32*)&srv_pub_ecc_key_inptr, &srv_pub_key_ecc, (word32)srv_pubkey_len) != 0)
{
LOG("Error parsing server public key");
goto on_error;
}
if (wc_InitRng(&rng) != 0)
{
LOG("Init RNG failed");
goto on_error;
}
wc_InitCert(&srv_cert);
strncpy(srv_cert.subject.country, "UA", CTC_NAME_SIZE);
strncpy(srv_cert.subject.state, "Kiev", CTC_NAME_SIZE);
strncpy(srv_cert.subject.locality, "Kiev", CTC_NAME_SIZE);
strncpy(srv_cert.subject.commonName, "dlab.pw", CTC_NAME_SIZE);
srv_cert_len = wc_MakeCert (&srv_cert, srv_cert_buffer, sizeof(srv_cert_buffer), NULL, &srv_pub_key_ecc, &rng);
if(srv_cert_len == 0)
{
LOG("Generated server public certificate is null");
goto on_error;
}
wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1);
if(wolfSSL_use_certificate_ASN1(ssl,(unsigned char*)srv_cert_buffer,srv_cert_len) != WOLFSSL_SUCCESS)
{
LOG("Wrong RPK server certificate");
goto on_error;
}But this could be ridiculous code, because for generating wc_MakeCert() want's to see Private key. Is there some method to include only public key to certificate, without any generation.