lob_t local_sign(local_t local, lob_t args, uint8_t *data, size_t len) { uint8_t hash[32], sig[uECC_BYTES*2]; if(lob_get_cmp(args,"alg","HS256") == 0) { // LOG("[%.*s] [%.*s]",args->body_len,args->body,len,data); hmac_256(args->body,args->body_len,data,len,hash); lob_body(args,NULL,32); memcpy(args->body,hash,32); return args; } if(lob_get_cmp(args,"alg","ES160") == 0) { if(!local) return NULL; // hash data first, then sign it e3x_hash(data,len,hash); uECC_sign(local->secret,hash,sig); lob_body(args,NULL,uECC_BYTES*2); memcpy(args->body,sig,uECC_BYTES*2); return args; } return NULL; }
int main(void) { uint32_t err_code; uint32_t time0, time1; LOG("Starting LFCLK"); err_code = nrf_drv_clock_init(); APP_ERROR_CHECK(err_code); nrf_drv_clock_lfclk_request(NULL); LOG("Starting RTC"); err_code = nrf_drv_rtc_init(&rtc, NULL, &rtc_handler); APP_ERROR_CHECK(err_code); nrf_drv_rtc_tick_enable(&rtc, false); nrf_drv_rtc_enable(&rtc); LOG("Starting RNG"); err_code = nrf_drv_rng_init(NULL); APP_ERROR_CHECK(err_code); while (1) { /* get a random key */ time0 = nrf_drv_rtc_counter_get(&rtc); uECC_make_key(public_key, private_key); time1 = nrf_drv_rtc_counter_get(&rtc); LOG("Key time was %u ", time1 - time0); /* use the key to sign the hash */ time0 = nrf_drv_rtc_counter_get(&rtc); uECC_sign(private_key, hash, signature); time1 = nrf_drv_rtc_counter_get(&rtc); LOG("Sig Time was %u ", time1 - time0); /* verify the signature */ time0 = nrf_drv_rtc_counter_get(&rtc); uECC_verify(public_key, hash, signature); time1 = nrf_drv_rtc_counter_get(&rtc); LOG("Verify Time was %u ", time1 - time0); time0 = nrf_drv_rtc_counter_get(&rtc); uECC_shared_secret(public_key, private_key, secret); time1 = nrf_drv_rtc_counter_get(&rtc); LOG("SS Time was %u ", time1 - time0); time0 = nrf_drv_rtc_counter_get(&rtc); sha256_init(&context); sha256_update(&context, message, 20); sha256_final(&context, shahash); time1 = nrf_drv_rtc_counter_get(&rtc); LOG("SHA Time was %u ", time1 - time0); } return 0; }
int yacl_ecdsa_sign(const uint8_t private_key[YACL_P256_COORD_SIZE], const uint8_t message_hash[YACL_P256_COORD_SIZE], uint8_t signature[YACL_P256_COORD_SIZE*2]) { int rc; rc = uECC_sign(private_key, message_hash, signature); rc = (rc == 1) ? 0 : 1; return rc; }
int main() { for (unsigned int i = 1; i < num_peers(); i++) { unsigned char val = input(i); private_key[0] ^= val; } uECC_sign(private_key, p_hash, p_signature); printf("Signature:\n"); for (unsigned int i = 0; i < 64; i++) { printf("%x ", p_signature[i]); } printf("\n"); return 0; }
void ecdsa_sign(const unsigned char skey[ECDSA_SKEY_SIZE], const unsigned char digest[ECDSA_DIGEST_SIZE], unsigned char signature[ECDSA_SIGNATURE_SIZE]) { uECC_sign(skey, digest, signature); }
int main(void) { printf("micro-ecc compiled!\n"); const struct uECC_Curve_t *curve = uECC_secp256r1(); int i, errorc = 0; int curve_size = uECC_curve_private_key_size(curve); int public_key_size = uECC_curve_public_key_size(curve); uint8_t l_secret1[curve_size]; uint8_t l_secret2[curve_size]; /* reserve space for a SHA-256 hash */ uint8_t l_hash[32] = { 0 }; uint8_t l_sig[public_key_size]; printf("Testing %d random private key pairs and signature using HWRNG\n", TESTROUNDS); uint8_t l_private1[curve_size]; uint8_t l_private2[curve_size]; uint8_t l_public1[public_key_size]; uint8_t l_public2[public_key_size]; for (i = 0; i < TESTROUNDS; ++i) { printf("."); if (!uECC_make_key(l_public1, l_private1, curve) || !uECC_make_key(l_public2, l_private2, curve)) { printf("\nRound %d: uECC_make_key() failed", i); errorc++; } else { if (!uECC_shared_secret(l_public2, l_private1, l_secret1, curve)) { printf("\nRound %d: shared_secret() failed (1)", i); errorc++; } else { if (!uECC_shared_secret(l_public1, l_private2, l_secret2, curve)) { printf("\nRound: %d: shared_secret() failed (2)", i); errorc++; } else { if (memcmp(l_secret1, l_secret2, sizeof(l_secret1)) != 0) { printf("\nShared secrets are not identical!\n"); errorc++; } /* copy some bogus data into the hash */ memcpy(l_hash, l_public1, 32); if ((uECC_sign(l_private1, l_hash, sizeof(l_hash), l_sig, curve)) != 1) { printf("\nRound %d: uECC_sign() failed", i); errorc++; } else { if ((uECC_verify(l_public1, l_hash, sizeof(l_hash), l_sig, curve)) != 1) { printf("\nRound %d: uECC_verify() failed", i); errorc++; } } } } } } printf(" done with %d error(s)\n", errorc); if (errorc) { puts("FAILURE"); return 1; } else { puts("SUCCESS"); return 0; } }
PKIError GenerateCertificate (const UTF8String_t *subjectName, const UTF8String_t *issuerName, const UTCTime_t *notBefore, const UTCTime_t *notAfter, const BIT_STRING_t *subjectPublicKey, const BIT_STRING_t *issuerPrivateKey, ByteArray *encodedCertificate) { FUNCTION_INIT(); asn_enc_rval_t ec; /* Encoder return value */ Certificate_t *certificate = NULL; /* Type to encode */ AttributeTypeAndValue_t *issuerTypeAndValue = NULL; AttributeTypeAndValue_t *subjectTypeAndValue = NULL; RelativeDistinguishedName_t *issuerRDN = NULL; RelativeDistinguishedName_t *subjectRDN = NULL; uint8_t *uint8Pointer = NULL; ByteArray tbs = BYTE_ARRAY_INITIALIZER; uint8_t signature[SIGN_FULL_SIZE]; uint8_t sha256[SHA_256_HASH_LEN]; uint8_t tbsDer[ISSUER_MAX_CERT_SIZE]; long serialNumber = 0; CHECK_NULL(subjectName, ISSUER_X509_NULL_PASSED); CHECK_NULL(issuerName, ISSUER_X509_NULL_PASSED); CHECK_NULL(notBefore, ISSUER_X509_NULL_PASSED); CHECK_NULL(notAfter, ISSUER_X509_NULL_PASSED); CHECK_NULL(subjectPublicKey, ISSUER_X509_NULL_PASSED); CHECK_NULL(issuerPrivateKey, ISSUER_X509_NULL_PASSED); CHECK_NULL_BYTE_ARRAY_PTR(encodedCertificate, ISSUER_X509_NULL_PASSED); CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, encodedCertificate->len, ISSUER_X509_WRONG_BYTE_ARRAY_LEN); /* Allocate the memory */ certificate = OICCalloc(1, sizeof(Certificate_t)); // not malloc! CHECK_NULL(certificate, ISSUER_X509_MEMORY_ALLOC_FAILED); issuerTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t)); CHECK_NULL(issuerTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED); issuerRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t)); CHECK_NULL(issuerRDN, ISSUER_X509_MEMORY_ALLOC_FAILED); subjectTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t)); CHECK_NULL(subjectTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED); subjectRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t)); CHECK_NULL(subjectRDN, ISSUER_X509_MEMORY_ALLOC_FAILED); //set issuer name issuerTypeAndValue->value = *issuerName; issuerTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3 issuerTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]); ASN_SET_ADD(issuerRDN, issuerTypeAndValue); ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.issuer), issuerRDN); //set subject name subjectTypeAndValue->value = *subjectName; subjectTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3 subjectTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]); ASN_SET_ADD(subjectRDN, subjectTypeAndValue); ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.subject), subjectRDN); //set validity certificate->tbsCertificate.validity.notBefore = *notBefore; certificate->tbsCertificate.validity.notAfter = *notAfter; //set X.509 certificate version certificate->tbsCertificate.version = X509_V2; //set serial number certificate->tbsCertificate.serialNumber = 0; CHECK_CALL(InitCKMInfo); CHECK_CALL(GetNextSerialNumber, &serialNumber); certificate->tbsCertificate.serialNumber = serialNumber; serialNumber++; CHECK_CALL(SetNextSerialNumber, serialNumber); CHECK_CALL(SaveCKMInfo); //set signature algorithm in TBS certificate->tbsCertificate.signature.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID; //1.2.840.10045.4.3.2 certificate->tbsCertificate.signature.algorithm.size = sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]); certificate->tbsCertificate.signature.nul = OICCalloc(1, sizeof(NULL_t)); CHECK_NULL(certificate->tbsCertificate.signature.nul, ISSUER_X509_MEMORY_ALLOC_FAILED); //set subject Public Key algorithm certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = (uint8_t *)g_EC_PUBLIC_KEY_OID; //1.2.840.10045.2.1 certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.size = sizeof(g_EC_PUBLIC_KEY_OID) / sizeof(g_EC_PUBLIC_KEY_OID[0]); //set subject Public Key curve certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey = OICCalloc(1, sizeof(OBJECT_IDENTIFIER_t)); CHECK_NULL(certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey, ISSUER_X509_MEMORY_ALLOC_FAILED); certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = (uint8_t *)g_PRIME_256_V1_OID; //1.2.840.10045.3.1.7 certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->size = sizeof(g_PRIME_256_V1_OID) / sizeof(g_PRIME_256_V1_OID[0]); //set subject Public Key certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey = *subjectPublicKey; //set signature algorithm certificate->signatureAlgorithm.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID; certificate->signatureAlgorithm.algorithm.size = sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]); certificate->signatureAlgorithm.nul = OICCalloc(1, sizeof(NULL_t)); CHECK_NULL(certificate->signatureAlgorithm.nul, ISSUER_X509_MEMORY_ALLOC_FAILED); //encode TBS to DER ec = der_encode_to_buffer(&asn_DEF_TBSCertificate, &(certificate->tbsCertificate), tbsDer, ISSUER_MAX_CERT_SIZE); CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL); tbs.len = ec.encoded; tbs.data = tbsDer; GET_SHA_256(tbs, sha256); CHECK_COND(uECC_sign((issuerPrivateKey->buf) + 1, sha256, signature), ISSUER_X509_SIGNATURE_FAIL); //additional byte for ASN1_UNCOMPRESSED_KEY_ID // ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } (RFC 5480) certificate->signatureValue.size = SIGN_FULL_SIZE + 6;// size for SEQUENCE ID + 2 * INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[0] > 127) { certificate->signatureValue.size ++; } // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[SIGN_R_LEN] > 127) { certificate->signatureValue.size ++; } certificate->signatureValue.buf = OICCalloc(certificate->signatureValue.size, sizeof(uint8_t)); CHECK_NULL(certificate->signatureValue.buf, ISSUER_X509_MEMORY_ALLOC_FAILED); *(certificate->signatureValue.buf) = (12 << 2); //ASN.1 SEQUENCE ID *(certificate->signatureValue.buf + 1) = certificate->signatureValue.size - 2; //ASN.1 SEQUENCE size uint8Pointer = certificate->signatureValue.buf + 2; //skip SEQUENCE ID and size *uint8Pointer = (2 << 0); //ASN.1 INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[0] > 127) { *(uint8Pointer + 1) = SIGN_R_LEN + 1; //ASN.1 INTEGER size uint8Pointer += 3; //skip INTEGER ID and size } else { *(uint8Pointer + 1) = SIGN_R_LEN; //ASN.1 INTEGER SIZE uint8Pointer += 2; //skip INTEGER ID and size } memcpy(uint8Pointer, signature, SIGN_R_LEN); uint8Pointer += SIGN_R_LEN; //skip first part of signature *uint8Pointer = (2 << 0); //ASN.1 INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature [SIGN_R_LEN] > 127) { *(uint8Pointer + 1) = SIGN_S_LEN + 1; //ASN.1 INTEGER size uint8Pointer += 3; //skip INTEGER ID and size } else { *(uint8Pointer + 1) = SIGN_S_LEN; //ASN.1 INTEGER size uint8Pointer += 2; //skip INTEGER ID and size } memcpy(uint8Pointer, signature + SIGN_R_LEN, SIGN_S_LEN); ec = der_encode_to_buffer(&asn_DEF_Certificate, certificate, encodedCertificate->data, ISSUER_MAX_CERT_SIZE); CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL); encodedCertificate->len = ec.encoded; FUNCTION_CLEAR( if (issuerTypeAndValue) { issuerTypeAndValue->value.buf = NULL; issuerTypeAndValue->type.buf = NULL; } if (subjectTypeAndValue) { subjectTypeAndValue->value.buf = NULL; subjectTypeAndValue->type.buf = NULL; } if (certificate) { certificate->tbsCertificate.validity.notBefore.buf = NULL; certificate->tbsCertificate.validity.notAfter.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.buf = NULL; certificate->tbsCertificate.signature.algorithm.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = NULL; certificate->signatureAlgorithm.algorithm.buf = NULL; } ASN_STRUCT_FREE(asn_DEF_Certificate, certificate); certificate = NULL; );
int main(void) { printf("micro-ecc compiled!\n"); int i, errorc = 0; uint8_t l_private1[uECC_BYTES]; uint8_t l_private2[uECC_BYTES]; uint8_t l_public1[uECC_BYTES * 2]; uint8_t l_public2[uECC_BYTES * 2]; uint8_t l_secret1[uECC_BYTES]; uint8_t l_secret2[uECC_BYTES]; uint8_t l_hash[uECC_BYTES]; uint8_t l_sig[uECC_BYTES * 2]; /* initialize hardware random number generator */ random_init(); /* power off RNG to save energy */ random_poweroff(); printf("Testing %d random private key pairs and signature\n", TESTROUNDS); for (i = 0; i < TESTROUNDS; ++i) { printf("."); if (!uECC_make_key(l_public1, l_private1) || !uECC_make_key(l_public2, l_private2)) { printf("\nRound %d: uECC_make_key() failed", i); errorc++; } else { if (!uECC_shared_secret(l_public2, l_private1, l_secret1)) { printf("\nRound %d: shared_secret() failed (1)", i); errorc++; } else { if (!uECC_shared_secret(l_public1, l_private2, l_secret2)) { printf("\nRound: %d: shared_secret() failed (2)", i); errorc++; } else { if (memcmp(l_secret1, l_secret2, sizeof(l_secret1)) != 0) { printf("\nShared secrets are not identical!\n"); errorc++; } memcpy(l_hash, l_public1, uECC_BYTES); if ((uECC_sign(l_private1, l_hash, l_sig)) != 1) { printf("\nRound %d: uECC_sign() failed", i); errorc++; } else { if ((uECC_verify(l_public1, l_hash, l_sig)) != 1) { printf("\nRound %d: uECC_verify() failed", i); errorc++; } } } } } } printf(" done with %d error(s)\n", errorc); if (errorc == 0) { return 0; } else { return 1; } }