static int fw_message_process(MQTTCtx *mqttCtx, byte* buffer, word32 len) { int rc; FirmwareHeader* header = (FirmwareHeader*)buffer; byte *sigBuf, *pubKeyBuf, *fwBuf; ecc_key eccKey; word32 check_len = sizeof(FirmwareHeader) + header->sigLen + header->pubKeyLen + header->fwLen; /* Verify entire message was received */ if (len != check_len) { PRINTF("Message header vs. actual size mismatch! %d != %d", len, check_len); return EXIT_FAILURE; } /* Get pointers to structure elements */ sigBuf = (buffer + sizeof(FirmwareHeader)); pubKeyBuf = (buffer + sizeof(FirmwareHeader) + header->sigLen); fwBuf = (buffer + sizeof(FirmwareHeader) + header->sigLen + header->pubKeyLen); /* Import the public key */ wc_ecc_init(&eccKey); rc = wc_ecc_import_x963(pubKeyBuf, header->pubKeyLen, &eccKey); if (rc == 0) { /* Perform signature verification using public key */ rc = wc_SignatureVerify( FIRMWARE_HASH_TYPE, FIRMWARE_SIG_TYPE, fwBuf, header->fwLen, sigBuf, header->sigLen, &eccKey, sizeof(eccKey)); PRINTF("Firmware Signature Verification: %s (%d)", (rc == 0) ? "Pass" : "Fail", rc); if (rc == 0) { /* TODO: Process firmware image */ /* For example, save to disk using topic name */ fwfile_save(mqttCtx->pub_file, fwBuf, header->fwLen); } } else { PRINTF("ECC public key import failed! %d", rc); } wc_ecc_free(&eccKey); return rc; }
int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* fileBuf, int fileLen, byte* verifyFileBuf, int* verifyFileLen, int* pmaxSigSz, int* pmaxCurveSigSz, int curveId, int keySz) { int ret; ecc_key eccKey; RNG rng; byte* sigBuf = NULL; word32 sigLen; byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE]; word32 eccPubKeyLen, eccPrivKeyLen; word32 maxCurveSigSz; #ifdef DEBUG_SIG_TEST printf("ECC Signature: Curve %s, Size %d\n", wc_ecc_get_name(curveId), keySz); #endif /* Init */ wc_InitRng(&rng); /* Generate key */ wc_ecc_init(&eccKey); ret = wc_ecc_make_key_ex(&rng, keySz, &eccKey, curveId); if(ret != 0) { printf("ECC Make Key Failed! %d\n", ret); goto exit; } ret = wc_ecc_sig_size(&eccKey); if (ret < 0) { printf("ECC Sig SizeFailed! %d\n", ret); goto exit; } maxCurveSigSz = ret; /* Display public key data */ eccPubKeyLen = ECC_BUFSIZE; ret = wc_ecc_export_x963(&eccKey, eccPubKeyBuf, &eccPubKeyLen); if (ret != 0) { printf("ECC public key x963 export failed! %d\n", ret); ret = EXIT_FAILURE; goto exit; } #ifdef DEBUG_SIG_TEST printf("ECC Public Key: Len %d\n", eccPubKeyLen); hexdump(eccPubKeyBuf, eccPubKeyLen, 16); #endif /* Display private key data */ eccPrivKeyLen = ECC_BUFSIZE; ret = wc_ecc_export_private_only(&eccKey, eccPrivKeyBuf, &eccPrivKeyLen); if (ret != 0) { printf("ECC private key export failed! %d\n", ret); ret = EXIT_FAILURE; goto exit; } #ifdef DEBUG_SIG_TEST printf("ECC Private Key: Len %d\n", eccPrivKeyLen); hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16); #endif if (verifyFileBuf) { sigLen = *verifyFileLen; sigBuf = verifyFileBuf; } else { /* Get signature length and allocate buffer */ sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey)); if(sigLen <= 0) { printf("ECC Signature type %d not supported!\n", sig_type); ret = EXIT_FAILURE; goto exit; } sigBuf = malloc(sigLen); if(!sigBuf) { printf("ECC Signature malloc failed!\n"); ret = EXIT_FAILURE; goto exit; } #ifdef DEBUG_SIG_TEST printf("ECC Signature Len: %d\n", sigLen); #endif /* Perform hash and sign to create signature */ ret = wc_SignatureGenerate( hash_type, sig_type, fileBuf, fileLen, sigBuf, &sigLen, &eccKey, sizeof(eccKey), &rng); *verifyFileLen = sigLen; #ifdef DEBUG_SIG_TEST printf("ECC Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); #endif if(ret < 0) { ret = EXIT_FAILURE; goto exit; } } #ifdef DEBUG_SIG_TEST printf("Signature Data:\n"); hexdump(sigBuf, sigLen, 16); #endif /* Perform signature verification */ /* Release and init new key */ wc_ecc_free(&eccKey); wc_ecc_init(&eccKey); /* Import the public key */ ret = wc_ecc_import_x963_ex(eccPubKeyBuf, eccPubKeyLen, &eccKey, curveId); if (ret != 0) { printf("ECC public key import failed! %d\n", ret); ret = EXIT_FAILURE; goto exit; } /* Perform signature verification using public key */ ret = wc_SignatureVerify( hash_type, sig_type, fileBuf, fileLen, sigBuf, sigLen, &eccKey, sizeof(eccKey)); #ifdef DEBUG_SIG_TEST printf("ECC Signature Verification: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); #endif if (ret < 0) { ret = EXIT_FAILURE; } if (pmaxSigSz && *pmaxSigSz < sigLen) { #ifdef DEBUG_SIG_TEST_MAX printf("Curve: Max %d->%d\n", *pmaxSigSz, sigLen); hexdump(sigBuf, sigLen, 16); #endif *pmaxSigSz = sigLen; } if (pmaxCurveSigSz && *pmaxCurveSigSz < maxCurveSigSz) { *pmaxCurveSigSz = maxCurveSigSz; } exit: /* Free */ if(sigBuf) { free(sigBuf); } wc_ecc_free(&eccKey); wc_FreeRng(&rng); return ret; }