Interface preparation for CSR multiple params

Signed-off-by: AssemblyJohn <[email protected]>
EVerest · Feb 19, 2024 · e8311f2 · e8311f2
1 parent dd6eca8
commit e8311f2
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 32 deletions.
diff --git a/include/evse_security/crypto/interface/crypto_types.hpp b/include/evse_security/crypto/interface/crypto_types.hpp
@@ -8,6 +8,7 @@
 #include <stdexcept>
 #include <string>
 
+#include <evse_security/evse_types.hpp>
 namespace evse_security {
 
 enum class CertificateValidationError {
@@ -20,14 +21,6 @@ enum class CertificateValidationError {
     Unknown,
 };
 
-enum class CryptoKeyType {
-    EC_prime256v1, // Default EC. P-256, ~equiv to rsa 3072
-    EC_secp384r1,  // P-384, ~equiv to rsa 7680
-    RSA_TPM20,     // Default TPM RSA, only option allowed for TPM (universal support), 2048 bits
-    RSA_3072,      // Default RSA. Protection lifetime: ~2030
-    RSA_7680,      // Protection lifetime: >2031
-};
-
 struct KeyGenerationInfo {
     CryptoKeyType key_type;
 

diff --git a/include/evse_security/evse_security.hpp b/include/evse_security/evse_security.hpp
@@ -153,6 +153,9 @@ class EvseSecurity {
     std::string generate_certificate_signing_request(LeafCertificateType certificate_type, const std::string& country,
                                                      const std::string& organization, const std::string& common);
 
+    std::string generate_certificate_signing_request_full(LeafCertificateType certificate_type,
+                                                          GenerateCSRInfo& full_info);
+
     /// @brief Searches the filesystem on the specified directories for the given \p certificate_type and retrieves the
     /// most recent certificate that is already valid and the respective key.  If no certificate is present or no key is
     /// matching the certificate, this function returns std::nullopt

diff --git a/include/evse_security/evse_types.hpp b/include/evse_security/evse_types.hpp
@@ -42,6 +42,14 @@ enum class HashAlgorithm {
     SHA512,
 };
 
+enum class CryptoKeyType {
+    EC_prime256v1, // Default EC. P-256, ~equiv to rsa 3072
+    EC_secp384r1,  // P-384, ~equiv to rsa 7680
+    RSA_TPM20,     // Default TPM RSA, only option allowed for TPM (universal support), 2048 bits
+    RSA_3072,      // Default RSA. Protection lifetime: ~2030
+    RSA_7680,      // Protection lifetime: >2031
+};
+
 // the following 3 enum classes should go into evse_security
 enum class InstallCertificateResult {
     InvalidSignature,
@@ -125,6 +133,19 @@ struct GetKeyPairResult {
     std::optional<KeyPair> pair;
 };
 
+struct GenerateCSRInfo {
+    CryptoKeyType key_type;
+    bool generate_key_on_tpm;
+
+    int n_version;
+    std::string country;
+    std::string organization;
+    std::string common_name;
+
+    std::optional<std::string> dns_name;
+    std::optional<std::string> ip_address;
+};
+
 namespace conversions {
 std::string encoding_format_to_string(EncodingFormat e);
 std::string ca_certificate_type_to_string(CaCertificateType e);

diff --git a/lib/evse_security/evse_security.cpp b/lib/evse_security/evse_security.cpp
@@ -698,12 +698,36 @@ std::string EvseSecurity::generate_certificate_signing_request(LeafCertificateTy
                                                                const std::string& country,
                                                                const std::string& organization,
                                                                const std::string& common, bool use_tpm) {
+    GenerateCSRInfo info;
+
+    info.country = country;
+    info.organization = organization;
+    info.common_name = common;
+
+    // Default key
+    info.key_type = CryptoKeyType::EC_prime256v1;
+    info.generate_key_on_tpm = use_tpm;
+
+    return generate_certificate_signing_request_full(certificate_type, info);
+}
+
+std::string EvseSecurity::generate_certificate_signing_request(LeafCertificateType certificate_type,
+                                                               const std::string& country,
+                                                               const std::string& organization,
+                                                               const std::string& common) {
+    return generate_certificate_signing_request(certificate_type, country, organization, common, false);
+}
+
+std::string EvseSecurity::generate_certificate_signing_request_full(LeafCertificateType certificate_type,
+                                                                    GenerateCSRInfo& full_info) {
     std::lock_guard<std::mutex> guard(EvseSecurity::security_mutex);
 
     fs::path key_path;
 
     EVLOG_info << "generate_certificate_signing_request: create filename";
 
+    const bool use_tpm = full_info.generate_key_on_tpm;
+
     // Make a difference between normal and tpm keys for identification
     const auto file_name =
         std::string("SECC_LEAF_") +
@@ -721,23 +745,18 @@ std::string EvseSecurity::generate_certificate_signing_request(LeafCertificateTy
     std::string csr;
     CertificateSigningRequestInfo info;
 
-    info.n_version = 0;
-    info.commonName = common;
-    info.country = country;
-    info.organization = organization;
-#ifdef CSR_DNS_NAME
-    info.dns_name = CSR_DNS_NAME;
-#else
-    info.dns_name = std::nullopt;
-#endif
-#ifdef CSR_IP_ADDRESS
-    info.ip_address = CSR_IP_ADDRESS;
-#else
-    info.ip_address = std::nullopt;
-#endif
-
-    info.key_info.key_type = CryptoKeyType::EC_prime256v1;
-    info.key_info.generate_on_tpm = use_tpm;
+    info.n_version = full_info.n_version;
+    info.commonName = full_info.common_name;
+    info.country = full_info.country;
+    info.organization = full_info.organization;
+
+    if (full_info.dns_name.has_value())
+        info.dns_name = full_info.dns_name.value();
+    if (full_info.ip_address.has_value())
+        info.ip_address = full_info.dns_name.value();
+
+    info.key_info.key_type = full_info.key_type;
+    info.key_info.generate_on_tpm = full_info.generate_key_on_tpm;
     info.key_info.private_key_file = key_path;
 
     if ((use_tpm == false) && private_key_password.has_value()) {
@@ -756,13 +775,6 @@ std::string EvseSecurity::generate_certificate_signing_request(LeafCertificateTy
     return csr;
 }
 
-std::string EvseSecurity::generate_certificate_signing_request(LeafCertificateType certificate_type,
-                                                               const std::string& country,
-                                                               const std::string& organization,
-                                                               const std::string& common) {
-    return generate_certificate_signing_request(certificate_type, country, organization, common, false);
-}
-
 GetKeyPairResult EvseSecurity::get_key_pair(LeafCertificateType certificate_type, EncodingFormat encoding) {
     std::lock_guard<std::mutex> guard(EvseSecurity::security_mutex);