/* ECC DHE Make key */ int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz) { if (ecc == NULL || rng == NULL) return BAD_FUNC_ARG; return wc_ecc_make_key((WC_RNG*)rng, keySz, (ecc_key*)ecc->holder); }
static void* do_it(void* args) { int ret; InitMemoryTracker(); ret = wc_ecc_make_key(&mRng, TEST_KEY_SZ, &mGenKey); if (ret != 0) { printf("ecc make key failed %d\n", ret); } ShowMemoryTracker(); CleanupMemoryTracker(); (void)args; return 0; }
int main() { ecc_key key; byte der[4096]; byte buf[4096]; word32 idx = 0; FILE* derFile; size_t sz; RNG rng; wc_InitRng(&rng); wc_ecc_init(&key); if (wc_ecc_make_key(&rng, 32, &key) != 0) { printf("error making ecc key\n"); return -1; } /* write private key */ if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) { printf("error in ecc to der\n"); return -1; } printf("writing private key to ecc-key.der\n"); derFile = fopen("ecc-key.der", "w"); if (!derFile) { printf("error loading file\n"); return -1; } sz = fwrite(der, 1, 4096, derFile); fclose(derFile); wc_ecc_free(&key); /* open and read from der file */ printf("reading in private key\n"); derFile = fopen("ecc-key.der", "rb"); if (!derFile) { printf("error reading from file\n"); return -1; } sz = fread(buf, 1, 4096, derFile); fclose(derFile); /* load private ecc key */ printf("storing private key in ecc struct\n"); wc_ecc_init(&key); if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) { printf("error decoding private key\n"); return -1; } wc_ecc_free(&key); /* Or the der file can be loaded into a TLS connection using something like int wc_DerToPem(der, sizeof(der), pemOut, sizeof(pemOut), ECC_PRIVATEKEY_TYPE); int wolfSSL_use_PrivateKey_file(&ssl, pemOut, SSL_FILETYPE_PEM); */ /* to store a public key */ wc_ecc_init(&key); if (wc_ecc_make_key(&rng, 32, &key) != 0) { printf("error making ecc key\n"); return -1; } printf("storing public key into ecc-public.x963\n"); memset(buf, 0, sizeof(buf)); idx = sizeof(buf); if (wc_ecc_export_x963(&key, buf, &idx) != 0) { printf("error exporting public ecc key\n"); return -1; } derFile = fopen("ecc-public.x963", "w"); /* reused the derFile pointer */ if (!derFile) { printf("error loading file\n"); return -1; } sz = fwrite(buf, 1, idx, derFile); /* close stuff up */ fclose(derFile); wc_ecc_free(&key); wc_FreeRng(&rng); return 0; }
int main(int argc, char** argv) { int ret; WC_RNG rng; ecEncCtx* srvCtx = NULL; void* devCtx = NULL; const byte* mySalt; byte peerSalt[EXCHANGE_SALT_SZ]; byte buffer[BTLE_MSG_MAX_SIZE]; word32 bufferSz; byte plain[BTLE_MSG_MAX_SIZE]; word32 plainSz; ecc_key myKey, peerKey; int type; wolfSSL_Init(); #ifdef DEBUG_WOLFSSL wolfSSL_Debugging_ON(); #endif /* make my session key */ ret = wc_ecc_init(&myKey); ret |= wc_ecc_init(&peerKey); if (ret != 0) { printf("wc_ecc_init failed!\n"); goto cleanup; } /* open BTLE */ ret = btle_open(&devCtx, BTLE_ROLE_SERVER); if (ret != 0) { printf("btle_open failed %d! errno %d\n", ret, errno); goto cleanup; } ret = wc_InitRng(&rng); if (ret != 0) { printf("wc_InitRng failed! %d\n", ret); goto cleanup; } ret = wc_ecc_make_key(&rng, 32, &myKey); if (ret != 0) { printf("wc_ecc_make_key failed %d\n", ret); goto cleanup; } srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); if (srvCtx == NULL) { printf("wc_ecc_ctx_new failed!\n"); ret = -1; goto cleanup; } /* exchange public keys */ /* Get peer key */ ret = btle_recv(buffer, sizeof(buffer), &type, devCtx); if (ret < 0) { printf("btle_recv key failed %d! errno %d\n", ret, errno); goto cleanup; } if (type != BTLE_PKT_TYPE_KEY) { printf("btle_recv expected key!\n"); ret = -1; goto cleanup; } bufferSz = ret; ret = wc_ecc_import_x963(buffer, bufferSz, &peerKey); if (ret != 0) { printf("wc_ecc_import_x963 failed %d!\n", ret); goto cleanup; } /* send my public key */ /* export my public key */ bufferSz = sizeof(buffer); ret = wc_ecc_export_x963(&myKey, buffer, &bufferSz); if (ret != 0) { printf("wc_ecc_export_x963 failed %d\n", ret); goto cleanup; } /* TODO: Server should hash and sign this public key with a trust ceritifcate (already exchanged) */ /* ECC signature is about 65 bytes */ ret = btle_send(buffer, bufferSz, BTLE_PKT_TYPE_KEY, devCtx); if (ret != bufferSz) { printf("btle_send key failed %d!\n", ret); goto cleanup; } while (1) { mySalt = wc_ecc_ctx_get_own_salt(srvCtx); if (mySalt == NULL) { printf("wc_ecc_ctx_get_own_salt failed!\n"); ret = -1; goto cleanup; } /* Get peer salt */ ret = btle_recv(peerSalt, EXCHANGE_SALT_SZ, &type, devCtx); if (ret <= 0) { printf("btle_recv salt failed %d! errno %d\n", ret, errno); goto cleanup; } if (type != BTLE_PKT_TYPE_SALT) { printf("btle_recv expected salt!\n"); ret = -1; goto cleanup; } /* Send my salt */ /* You must send mySalt before set_peer_salt, because buffer changes */ ret = btle_send(mySalt, EXCHANGE_SALT_SZ, BTLE_PKT_TYPE_SALT, devCtx); if (ret != EXCHANGE_SALT_SZ) { printf("btle_send salt failed %d!\n", ret); goto cleanup; } ret = wc_ecc_ctx_set_peer_salt(srvCtx, peerSalt); if (ret != 0) { printf("wc_ecc_ctx_set_peer_salt failed %d\n", ret); goto cleanup; } /* Get message */ bufferSz = sizeof(buffer); ret = btle_recv(buffer, bufferSz, &type, devCtx); if (ret <= 0) { printf("btle_recv msg failed %d! errno %d\n", ret, errno); goto cleanup; } if (type != BTLE_PKT_TYPE_MSG) { printf("btle_recv expected msg!\n"); ret = -1; goto cleanup; } /* Decrypt message */ bufferSz = ret; plainSz = sizeof(plain); ret = wc_ecc_decrypt(&myKey, &peerKey, buffer, bufferSz, plain, &plainSz, srvCtx); if (ret != 0) { printf("wc_ecc_decrypt failed %d!\n", ret); goto cleanup; } printf("Recv %d: %s\n", plainSz, plain); /* Encrypt message */ bufferSz = sizeof(buffer); ret = wc_ecc_encrypt(&myKey, &peerKey, plain, plainSz, buffer, &bufferSz, srvCtx); if (ret != 0) { printf("wc_ecc_encrypt failed %d!\n", ret); goto cleanup; } /* Send message */ ret = btle_send(buffer, bufferSz, BTLE_PKT_TYPE_MSG, devCtx); if (ret != bufferSz) { printf("btle_send failed %d!\n", ret); goto cleanup; } /* check for exit flag */ if (strstr((char*)plain, "EXIT")) break; /* reset context (reset my salt) */ ret = wc_ecc_ctx_reset(srvCtx, &rng); if (ret != 0) { printf("wc_ecc_ctx_reset failed %d\n", ret); goto cleanup; } } cleanup: if (devCtx != NULL) btle_close(devCtx); wolfSSL_Cleanup(); return ret; }