static int fw_message_process(MQTTCtx *mqttCtx, byte* buffer, word32 len)
{
int rc;
FirmwareHeader* header = (FirmwareHeader*)buffer;
byte *sigBuf, *pubKeyBuf, *fwBuf;
ecc_key eccKey;
word32 check_len = sizeof(FirmwareHeader) + header->sigLen +
header->pubKeyLen + header->fwLen;
/* Verify entire message was received */
if (len != check_len) {
PRINTF("Message header vs. actual size mismatch! %d != %d",
len, check_len);
return EXIT_FAILURE;
}
/* Get pointers to structure elements */
sigBuf = (buffer + sizeof(FirmwareHeader));
pubKeyBuf = (buffer + sizeof(FirmwareHeader) + header->sigLen);
fwBuf = (buffer + sizeof(FirmwareHeader) + header->sigLen +
header->pubKeyLen);
/* Import the public key */
wc_ecc_init(&eccKey);
rc = wc_ecc_import_x963(pubKeyBuf, header->pubKeyLen, &eccKey);
if (rc == 0) {
/* Perform signature verification using public key */
rc = wc_SignatureVerify(
FIRMWARE_HASH_TYPE, FIRMWARE_SIG_TYPE,
fwBuf, header->fwLen,
sigBuf, header->sigLen,
&eccKey, sizeof(eccKey));
PRINTF("Firmware Signature Verification: %s (%d)",
(rc == 0) ? "Pass" : "Fail", rc);
if (rc == 0) {
/* TODO: Process firmware image */
/* For example, save to disk using topic name */
fwfile_save(mqttCtx->pub_file, fwBuf, header->fwLen);
}
}
else {
PRINTF("ECC public key import failed! %d", rc);
}
wc_ecc_free(&eccKey);
return rc;
}
int ecc_sign_verify_test(enum wc_HashType hash_type,
enum wc_SignatureType sig_type, const byte* fileBuf, int fileLen,
byte* verifyFileBuf, int* verifyFileLen, int* pmaxSigSz, int* pmaxCurveSigSz,
int curveId, int keySz)
{
int ret;
ecc_key eccKey;
RNG rng;
byte* sigBuf = NULL;
word32 sigLen;
byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];
word32 eccPubKeyLen, eccPrivKeyLen;
word32 maxCurveSigSz;
#ifdef DEBUG_SIG_TEST
printf("ECC Signature: Curve %s, Size %d\n", wc_ecc_get_name(curveId), keySz);
#endif
/* Init */
wc_InitRng(&rng);
/* Generate key */
wc_ecc_init(&eccKey);
ret = wc_ecc_make_key_ex(&rng, keySz, &eccKey, curveId);
if(ret != 0) {
printf("ECC Make Key Failed! %d\n", ret);
goto exit;
}
ret = wc_ecc_sig_size(&eccKey);
if (ret < 0) {
printf("ECC Sig SizeFailed! %d\n", ret);
goto exit;
}
maxCurveSigSz = ret;
/* Display public key data */
eccPubKeyLen = ECC_BUFSIZE;
ret = wc_ecc_export_x963(&eccKey, eccPubKeyBuf, &eccPubKeyLen);
if (ret != 0) {
printf("ECC public key x963 export failed! %d\n", ret);
ret = EXIT_FAILURE;
goto exit;
}
#ifdef DEBUG_SIG_TEST
printf("ECC Public Key: Len %d\n", eccPubKeyLen);
hexdump(eccPubKeyBuf, eccPubKeyLen, 16);
#endif
/* Display private key data */
eccPrivKeyLen = ECC_BUFSIZE;
ret = wc_ecc_export_private_only(&eccKey, eccPrivKeyBuf, &eccPrivKeyLen);
if (ret != 0) {
printf("ECC private key export failed! %d\n", ret);
ret = EXIT_FAILURE;
goto exit;
}
#ifdef DEBUG_SIG_TEST
printf("ECC Private Key: Len %d\n", eccPrivKeyLen);
hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16);
#endif
if (verifyFileBuf) {
sigLen = *verifyFileLen;
sigBuf = verifyFileBuf;
}
else {
/* Get signature length and allocate buffer */
sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey));
if(sigLen <= 0) {
printf("ECC Signature type %d not supported!\n", sig_type);
ret = EXIT_FAILURE;
goto exit;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("ECC Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
#ifdef DEBUG_SIG_TEST
printf("ECC Signature Len: %d\n", sigLen);
#endif
/* Perform hash and sign to create signature */
ret = wc_SignatureGenerate(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, &sigLen,
&eccKey, sizeof(eccKey),
&rng);
*verifyFileLen = sigLen;
#ifdef DEBUG_SIG_TEST
printf("ECC Signature Generation: %s (%d)\n",
(ret == 0) ? "Pass" : "Fail", ret);
#endif
if(ret < 0) {
ret = EXIT_FAILURE;
goto exit;
}
}
#ifdef DEBUG_SIG_TEST
printf("Signature Data:\n");
hexdump(sigBuf, sigLen, 16);
#endif
/* Perform signature verification */
/* Release and init new key */
wc_ecc_free(&eccKey);
wc_ecc_init(&eccKey);
/* Import the public key */
ret = wc_ecc_import_x963_ex(eccPubKeyBuf, eccPubKeyLen, &eccKey, curveId);
if (ret != 0) {
printf("ECC public key import failed! %d\n", ret);
ret = EXIT_FAILURE;
goto exit;
}
/* Perform signature verification using public key */
ret = wc_SignatureVerify(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, sigLen,
&eccKey, sizeof(eccKey));
#ifdef DEBUG_SIG_TEST
printf("ECC Signature Verification: %s (%d)\n",
(ret == 0) ? "Pass" : "Fail", ret);
#endif
if (ret < 0) {
ret = EXIT_FAILURE;
}
if (pmaxSigSz && *pmaxSigSz < sigLen) {
#ifdef DEBUG_SIG_TEST_MAX
printf("Curve: Max %d->%d\n", *pmaxSigSz, sigLen);
hexdump(sigBuf, sigLen, 16);
#endif
*pmaxSigSz = sigLen;
}
if (pmaxCurveSigSz && *pmaxCurveSigSz < maxCurveSigSz) {
*pmaxCurveSigSz = maxCurveSigSz;
}
exit:
/* Free */
if(sigBuf) {
free(sigBuf);
}
wc_ecc_free(&eccKey);
wc_FreeRng(&rng);
return ret;
}
