/* ECC Public x963 Export */ int CRYPT_ECC_PublicExport(CRYPT_ECC_CTX* ecc, unsigned char* out, unsigned int outSz, unsigned int* usedSz) { int ret; unsigned int inOut = outSz; if (ecc == NULL || out == NULL) return BAD_FUNC_ARG; ret = wc_ecc_export_x963((ecc_key*)ecc->holder, out, &inOut); *usedSz = inOut; return ret; }
int main() { ecc_key key; byte der[4096]; byte buf[4096]; word32 idx = 0; FILE* derFile; size_t sz; RNG rng; wc_InitRng(&rng); wc_ecc_init(&key); if (wc_ecc_make_key(&rng, 32, &key) != 0) { printf("error making ecc key\n"); return -1; } /* write private key */ if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) { printf("error in ecc to der\n"); return -1; } printf("writing private key to ecc-key.der\n"); derFile = fopen("ecc-key.der", "w"); if (!derFile) { printf("error loading file\n"); return -1; } sz = fwrite(der, 1, 4096, derFile); fclose(derFile); wc_ecc_free(&key); /* open and read from der file */ printf("reading in private key\n"); derFile = fopen("ecc-key.der", "rb"); if (!derFile) { printf("error reading from file\n"); return -1; } sz = fread(buf, 1, 4096, derFile); fclose(derFile); /* load private ecc key */ printf("storing private key in ecc struct\n"); wc_ecc_init(&key); if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) { printf("error decoding private key\n"); return -1; } wc_ecc_free(&key); /* Or the der file can be loaded into a TLS connection using something like int wc_DerToPem(der, sizeof(der), pemOut, sizeof(pemOut), ECC_PRIVATEKEY_TYPE); int wolfSSL_use_PrivateKey_file(&ssl, pemOut, SSL_FILETYPE_PEM); */ /* to store a public key */ wc_ecc_init(&key); if (wc_ecc_make_key(&rng, 32, &key) != 0) { printf("error making ecc key\n"); return -1; } printf("storing public key into ecc-public.x963\n"); memset(buf, 0, sizeof(buf)); idx = sizeof(buf); if (wc_ecc_export_x963(&key, buf, &idx) != 0) { printf("error exporting public ecc key\n"); return -1; } derFile = fopen("ecc-public.x963", "w"); /* reused the derFile pointer */ if (!derFile) { printf("error loading file\n"); return -1; } sz = fwrite(buf, 1, idx, derFile); /* close stuff up */ fclose(derFile); wc_ecc_free(&key); wc_FreeRng(&rng); return 0; }
int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* fileBuf, int fileLen, byte* verifyFileBuf, int* verifyFileLen, int* pmaxSigSz, int* pmaxCurveSigSz, int curveId, int keySz) { int ret; ecc_key eccKey; RNG rng; byte* sigBuf = NULL; word32 sigLen; byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE]; word32 eccPubKeyLen, eccPrivKeyLen; word32 maxCurveSigSz; #ifdef DEBUG_SIG_TEST printf("ECC Signature: Curve %s, Size %d\n", wc_ecc_get_name(curveId), keySz); #endif /* Init */ wc_InitRng(&rng); /* Generate key */ wc_ecc_init(&eccKey); ret = wc_ecc_make_key_ex(&rng, keySz, &eccKey, curveId); if(ret != 0) { printf("ECC Make Key Failed! %d\n", ret); goto exit; } ret = wc_ecc_sig_size(&eccKey); if (ret < 0) { printf("ECC Sig SizeFailed! %d\n", ret); goto exit; } maxCurveSigSz = ret; /* Display public key data */ eccPubKeyLen = ECC_BUFSIZE; ret = wc_ecc_export_x963(&eccKey, eccPubKeyBuf, &eccPubKeyLen); if (ret != 0) { printf("ECC public key x963 export failed! %d\n", ret); ret = EXIT_FAILURE; goto exit; } #ifdef DEBUG_SIG_TEST printf("ECC Public Key: Len %d\n", eccPubKeyLen); hexdump(eccPubKeyBuf, eccPubKeyLen, 16); #endif /* Display private key data */ eccPrivKeyLen = ECC_BUFSIZE; ret = wc_ecc_export_private_only(&eccKey, eccPrivKeyBuf, &eccPrivKeyLen); if (ret != 0) { printf("ECC private key export failed! %d\n", ret); ret = EXIT_FAILURE; goto exit; } #ifdef DEBUG_SIG_TEST printf("ECC Private Key: Len %d\n", eccPrivKeyLen); hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16); #endif if (verifyFileBuf) { sigLen = *verifyFileLen; sigBuf = verifyFileBuf; } else { /* Get signature length and allocate buffer */ sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey)); if(sigLen <= 0) { printf("ECC Signature type %d not supported!\n", sig_type); ret = EXIT_FAILURE; goto exit; } sigBuf = malloc(sigLen); if(!sigBuf) { printf("ECC Signature malloc failed!\n"); ret = EXIT_FAILURE; goto exit; } #ifdef DEBUG_SIG_TEST printf("ECC Signature Len: %d\n", sigLen); #endif /* Perform hash and sign to create signature */ ret = wc_SignatureGenerate( hash_type, sig_type, fileBuf, fileLen, sigBuf, &sigLen, &eccKey, sizeof(eccKey), &rng); *verifyFileLen = sigLen; #ifdef DEBUG_SIG_TEST printf("ECC Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); #endif if(ret < 0) { ret = EXIT_FAILURE; goto exit; } } #ifdef DEBUG_SIG_TEST printf("Signature Data:\n"); hexdump(sigBuf, sigLen, 16); #endif /* Perform signature verification */ /* Release and init new key */ wc_ecc_free(&eccKey); wc_ecc_init(&eccKey); /* Import the public key */ ret = wc_ecc_import_x963_ex(eccPubKeyBuf, eccPubKeyLen, &eccKey, curveId); if (ret != 0) { printf("ECC public key import failed! %d\n", ret); ret = EXIT_FAILURE; goto exit; } /* Perform signature verification using public key */ ret = wc_SignatureVerify( hash_type, sig_type, fileBuf, fileLen, sigBuf, sigLen, &eccKey, sizeof(eccKey)); #ifdef DEBUG_SIG_TEST printf("ECC Signature Verification: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); #endif if (ret < 0) { ret = EXIT_FAILURE; } if (pmaxSigSz && *pmaxSigSz < sigLen) { #ifdef DEBUG_SIG_TEST_MAX printf("Curve: Max %d->%d\n", *pmaxSigSz, sigLen); hexdump(sigBuf, sigLen, 16); #endif *pmaxSigSz = sigLen; } if (pmaxCurveSigSz && *pmaxCurveSigSz < maxCurveSigSz) { *pmaxCurveSigSz = maxCurveSigSz; } exit: /* Free */ if(sigBuf) { free(sigBuf); } wc_ecc_free(&eccKey); wc_FreeRng(&rng); return ret; }
int main(int argc, char** argv) { int ret; WC_RNG rng; ecEncCtx* srvCtx = NULL; void* devCtx = NULL; const byte* mySalt; byte peerSalt[EXCHANGE_SALT_SZ]; byte buffer[BTLE_MSG_MAX_SIZE]; word32 bufferSz; byte plain[BTLE_MSG_MAX_SIZE]; word32 plainSz; ecc_key myKey, peerKey; int type; wolfSSL_Init(); #ifdef DEBUG_WOLFSSL wolfSSL_Debugging_ON(); #endif /* make my session key */ ret = wc_ecc_init(&myKey); ret |= wc_ecc_init(&peerKey); if (ret != 0) { printf("wc_ecc_init failed!\n"); goto cleanup; } /* open BTLE */ ret = btle_open(&devCtx, BTLE_ROLE_SERVER); if (ret != 0) { printf("btle_open failed %d! errno %d\n", ret, errno); goto cleanup; } ret = wc_InitRng(&rng); if (ret != 0) { printf("wc_InitRng failed! %d\n", ret); goto cleanup; } ret = wc_ecc_make_key(&rng, 32, &myKey); if (ret != 0) { printf("wc_ecc_make_key failed %d\n", ret); goto cleanup; } srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); if (srvCtx == NULL) { printf("wc_ecc_ctx_new failed!\n"); ret = -1; goto cleanup; } /* exchange public keys */ /* Get peer key */ ret = btle_recv(buffer, sizeof(buffer), &type, devCtx); if (ret < 0) { printf("btle_recv key failed %d! errno %d\n", ret, errno); goto cleanup; } if (type != BTLE_PKT_TYPE_KEY) { printf("btle_recv expected key!\n"); ret = -1; goto cleanup; } bufferSz = ret; ret = wc_ecc_import_x963(buffer, bufferSz, &peerKey); if (ret != 0) { printf("wc_ecc_import_x963 failed %d!\n", ret); goto cleanup; } /* send my public key */ /* export my public key */ bufferSz = sizeof(buffer); ret = wc_ecc_export_x963(&myKey, buffer, &bufferSz); if (ret != 0) { printf("wc_ecc_export_x963 failed %d\n", ret); goto cleanup; } /* TODO: Server should hash and sign this public key with a trust ceritifcate (already exchanged) */ /* ECC signature is about 65 bytes */ ret = btle_send(buffer, bufferSz, BTLE_PKT_TYPE_KEY, devCtx); if (ret != bufferSz) { printf("btle_send key failed %d!\n", ret); goto cleanup; } while (1) { mySalt = wc_ecc_ctx_get_own_salt(srvCtx); if (mySalt == NULL) { printf("wc_ecc_ctx_get_own_salt failed!\n"); ret = -1; goto cleanup; } /* Get peer salt */ ret = btle_recv(peerSalt, EXCHANGE_SALT_SZ, &type, devCtx); if (ret <= 0) { printf("btle_recv salt failed %d! errno %d\n", ret, errno); goto cleanup; } if (type != BTLE_PKT_TYPE_SALT) { printf("btle_recv expected salt!\n"); ret = -1; goto cleanup; } /* Send my salt */ /* You must send mySalt before set_peer_salt, because buffer changes */ ret = btle_send(mySalt, EXCHANGE_SALT_SZ, BTLE_PKT_TYPE_SALT, devCtx); if (ret != EXCHANGE_SALT_SZ) { printf("btle_send salt failed %d!\n", ret); goto cleanup; } ret = wc_ecc_ctx_set_peer_salt(srvCtx, peerSalt); if (ret != 0) { printf("wc_ecc_ctx_set_peer_salt failed %d\n", ret); goto cleanup; } /* Get message */ bufferSz = sizeof(buffer); ret = btle_recv(buffer, bufferSz, &type, devCtx); if (ret <= 0) { printf("btle_recv msg failed %d! errno %d\n", ret, errno); goto cleanup; } if (type != BTLE_PKT_TYPE_MSG) { printf("btle_recv expected msg!\n"); ret = -1; goto cleanup; } /* Decrypt message */ bufferSz = ret; plainSz = sizeof(plain); ret = wc_ecc_decrypt(&myKey, &peerKey, buffer, bufferSz, plain, &plainSz, srvCtx); if (ret != 0) { printf("wc_ecc_decrypt failed %d!\n", ret); goto cleanup; } printf("Recv %d: %s\n", plainSz, plain); /* Encrypt message */ bufferSz = sizeof(buffer); ret = wc_ecc_encrypt(&myKey, &peerKey, plain, plainSz, buffer, &bufferSz, srvCtx); if (ret != 0) { printf("wc_ecc_encrypt failed %d!\n", ret); goto cleanup; } /* Send message */ ret = btle_send(buffer, bufferSz, BTLE_PKT_TYPE_MSG, devCtx); if (ret != bufferSz) { printf("btle_send failed %d!\n", ret); goto cleanup; } /* check for exit flag */ if (strstr((char*)plain, "EXIT")) break; /* reset context (reset my salt) */ ret = wc_ecc_ctx_reset(srvCtx, &rng); if (ret != 0) { printf("wc_ecc_ctx_reset failed %d\n", ret); goto cleanup; } } cleanup: if (devCtx != NULL) btle_close(devCtx); wolfSSL_Cleanup(); return ret; }