Exemplo n.º 1
0
/* ECC Public x963 Export */
int CRYPT_ECC_PublicExport(CRYPT_ECC_CTX* ecc, unsigned char* out,
                           unsigned int outSz, unsigned int* usedSz)
{
    int          ret;
    unsigned int inOut = outSz;

    if (ecc == NULL || out == NULL)
        return BAD_FUNC_ARG;

    ret = wc_ecc_export_x963((ecc_key*)ecc->holder, out, &inOut);
    *usedSz = inOut;

    return ret;
}
Exemplo n.º 2
0
int main()
{
    ecc_key key;
    byte der[4096];
    byte buf[4096];
    word32 idx = 0;
    FILE* derFile;
    size_t sz;

    RNG rng;

    wc_InitRng(&rng);
    wc_ecc_init(&key);

    if (wc_ecc_make_key(&rng, 32, &key) != 0) {
        printf("error making ecc key\n");
        return -1;
    }

    /* write private key */
    if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) {
        printf("error in ecc to der\n");
        return -1;
    }
    printf("writing private key to ecc-key.der\n");
    derFile = fopen("ecc-key.der", "w");
    if (!derFile) {
        printf("error loading file\n");
        return -1;
    }

    sz = fwrite(der, 1, 4096, derFile);
    fclose(derFile);
    wc_ecc_free(&key);

    /* open and read from der file */
    printf("reading in private key\n");
    derFile = fopen("ecc-key.der", "rb");
    if (!derFile) {
        printf("error reading from file\n");
        return -1;
    }

    sz = fread(buf, 1, 4096, derFile);
    fclose(derFile);

    /* load private ecc key */
    printf("storing private key in ecc struct\n");
    wc_ecc_init(&key);
    if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) {
        printf("error decoding private key\n");
        return -1;
    }
    wc_ecc_free(&key);

    /* Or the der file can be loaded into a TLS connection using something like

       int wc_DerToPem(der, sizeof(der), pemOut, sizeof(pemOut),
                                                           ECC_PRIVATEKEY_TYPE);

       int wolfSSL_use_PrivateKey_file(&ssl, pemOut, SSL_FILETYPE_PEM);

       */

    /* to store a public key */
    wc_ecc_init(&key);
    if (wc_ecc_make_key(&rng, 32, &key) != 0) {
        printf("error making ecc key\n");
        return -1;
    }

    printf("storing public key into ecc-public.x963\n");
    memset(buf, 0, sizeof(buf));
    idx = sizeof(buf);
    if (wc_ecc_export_x963(&key, buf, &idx) != 0) {
        printf("error exporting public ecc key\n");
        return -1;
    }

    derFile = fopen("ecc-public.x963", "w"); /* reused the derFile pointer */
    if (!derFile) {
        printf("error loading file\n");
        return -1;
    }
    sz = fwrite(buf, 1, idx, derFile);

    /* close stuff up */
    fclose(derFile);
    wc_ecc_free(&key);
    wc_FreeRng(&rng);
    return 0;
}
Exemplo n.º 3
0
int ecc_sign_verify_test(enum wc_HashType hash_type,
    enum wc_SignatureType sig_type, const byte* fileBuf, int fileLen,
    byte* verifyFileBuf, int* verifyFileLen, int* pmaxSigSz, int* pmaxCurveSigSz,
    int curveId, int keySz)
{
    int ret;
    ecc_key eccKey;
    RNG rng;
    byte* sigBuf = NULL;
    word32 sigLen;
    byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];
    word32 eccPubKeyLen, eccPrivKeyLen;
    word32 maxCurveSigSz;

#ifdef DEBUG_SIG_TEST
    printf("ECC Signature: Curve %s, Size %d\n", wc_ecc_get_name(curveId), keySz);
#endif

    /* Init */
    wc_InitRng(&rng);

    /* Generate key */
    wc_ecc_init(&eccKey);

    ret = wc_ecc_make_key_ex(&rng, keySz, &eccKey, curveId);
    if(ret != 0) {
        printf("ECC Make Key Failed! %d\n", ret);
        goto exit;
    }

    ret = wc_ecc_sig_size(&eccKey);
    if (ret < 0) {
        printf("ECC Sig SizeFailed! %d\n", ret);
        goto exit;
    }
    maxCurveSigSz = ret;

    /* Display public key data */
    eccPubKeyLen = ECC_BUFSIZE;
    ret = wc_ecc_export_x963(&eccKey, eccPubKeyBuf, &eccPubKeyLen);
    if (ret != 0) {
        printf("ECC public key x963 export failed! %d\n", ret);
        ret = EXIT_FAILURE;
        goto exit;
    }

#ifdef DEBUG_SIG_TEST
    printf("ECC Public Key: Len %d\n", eccPubKeyLen);
    hexdump(eccPubKeyBuf, eccPubKeyLen, 16);
#endif

    /* Display private key data */
    eccPrivKeyLen = ECC_BUFSIZE;
    ret = wc_ecc_export_private_only(&eccKey, eccPrivKeyBuf, &eccPrivKeyLen);
    if (ret != 0) {
        printf("ECC private key export failed! %d\n", ret);
        ret = EXIT_FAILURE;
        goto exit;
    }
#ifdef DEBUG_SIG_TEST
    printf("ECC Private Key: Len %d\n", eccPrivKeyLen);
    hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16);
#endif

    if (verifyFileBuf) {
        sigLen = *verifyFileLen;
        sigBuf = verifyFileBuf;
    }
    else {
        /* Get signature length and allocate buffer */
        sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey));
        if(sigLen <= 0) {
            printf("ECC Signature type %d not supported!\n", sig_type);
            ret = EXIT_FAILURE;
            goto exit;
        }

        sigBuf = malloc(sigLen);
        if(!sigBuf) {
            printf("ECC Signature malloc failed!\n");
            ret = EXIT_FAILURE;
            goto exit;
        }
    #ifdef DEBUG_SIG_TEST
        printf("ECC Signature Len: %d\n", sigLen);
    #endif

        /* Perform hash and sign to create signature */
        ret = wc_SignatureGenerate(
            hash_type, sig_type,
            fileBuf, fileLen,
            sigBuf, &sigLen,
            &eccKey, sizeof(eccKey),
            &rng);
        *verifyFileLen = sigLen;
    #ifdef DEBUG_SIG_TEST
        printf("ECC Signature Generation: %s (%d)\n",
            (ret == 0) ? "Pass" : "Fail", ret);
    #endif
        if(ret < 0) {
            ret = EXIT_FAILURE;
            goto exit;
        }
    }

#ifdef DEBUG_SIG_TEST
    printf("Signature Data:\n");
    hexdump(sigBuf, sigLen, 16);
#endif

    /* Perform signature verification */
    /* Release and init new key */
    wc_ecc_free(&eccKey);
    wc_ecc_init(&eccKey);

    /* Import the public key */
    ret = wc_ecc_import_x963_ex(eccPubKeyBuf, eccPubKeyLen, &eccKey, curveId);
    if (ret != 0) {
        printf("ECC public key import failed! %d\n", ret);
        ret = EXIT_FAILURE;
        goto exit;
    }

    /* Perform signature verification using public key */
    ret = wc_SignatureVerify(
        hash_type, sig_type,
        fileBuf, fileLen,
        sigBuf, sigLen,
        &eccKey, sizeof(eccKey));
#ifdef DEBUG_SIG_TEST
    printf("ECC Signature Verification: %s (%d)\n",
        (ret == 0) ? "Pass" : "Fail", ret);
#endif
    if (ret < 0) {
        ret = EXIT_FAILURE;
    }

    if (pmaxSigSz && *pmaxSigSz < sigLen) {
    #ifdef DEBUG_SIG_TEST_MAX
        printf("Curve: Max %d->%d\n", *pmaxSigSz, sigLen);
        hexdump(sigBuf, sigLen, 16);
    #endif
        *pmaxSigSz = sigLen;
    }

    if (pmaxCurveSigSz && *pmaxCurveSigSz < maxCurveSigSz) {
        *pmaxCurveSigSz = maxCurveSigSz;
    }

exit:
    /* Free */
    if(sigBuf) {
        free(sigBuf);
    }
    wc_ecc_free(&eccKey);
    wc_FreeRng(&rng);

    return ret;
}
Exemplo n.º 4
0
int main(int argc, char** argv)
{
    int ret;
    WC_RNG rng;
    ecEncCtx* srvCtx = NULL;
    void* devCtx = NULL;
    const byte* mySalt;
    byte peerSalt[EXCHANGE_SALT_SZ];
    byte buffer[BTLE_MSG_MAX_SIZE];
    word32 bufferSz;
    byte plain[BTLE_MSG_MAX_SIZE];
    word32 plainSz;
    ecc_key myKey, peerKey;
    int type;

    wolfSSL_Init();

#ifdef DEBUG_WOLFSSL
    wolfSSL_Debugging_ON();
#endif

    /* make my session key */
    ret =  wc_ecc_init(&myKey);
    ret |= wc_ecc_init(&peerKey);
    if (ret != 0) {
        printf("wc_ecc_init failed!\n");
        goto cleanup;
    }

    /* open BTLE */
    ret = btle_open(&devCtx, BTLE_ROLE_SERVER);
    if (ret != 0) {
        printf("btle_open failed %d! errno %d\n", ret, errno);
        goto cleanup;
    }

    ret = wc_InitRng(&rng);
    if (ret != 0) {
        printf("wc_InitRng failed! %d\n", ret);
        goto cleanup;
    }

    ret = wc_ecc_make_key(&rng, 32, &myKey);
    if (ret != 0) {
        printf("wc_ecc_make_key failed %d\n", ret);
        goto cleanup;
    }

    srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
    if (srvCtx == NULL) {
        printf("wc_ecc_ctx_new failed!\n");
        ret = -1; goto cleanup;
    }

    /* exchange public keys */
    /* Get peer key */
    ret = btle_recv(buffer, sizeof(buffer), &type, devCtx);
    if (ret < 0) {
        printf("btle_recv key failed %d! errno %d\n", ret, errno);
        goto cleanup;
    }
    if (type != BTLE_PKT_TYPE_KEY) {
        printf("btle_recv expected key!\n");
        ret = -1; goto cleanup;
    }
    bufferSz = ret;
    ret = wc_ecc_import_x963(buffer, bufferSz, &peerKey);
    if (ret != 0) {
        printf("wc_ecc_import_x963 failed %d!\n", ret);
        goto cleanup;
    }

    /* send my public key */
    /* export my public key */
    bufferSz = sizeof(buffer);
    ret = wc_ecc_export_x963(&myKey, buffer, &bufferSz);
    if (ret != 0) {
        printf("wc_ecc_export_x963 failed %d\n", ret);
        goto cleanup;
    }
    /* TODO: Server should hash and sign this public key with a trust ceritifcate (already exchanged) */
    /* ECC signature is about 65 bytes */


    ret = btle_send(buffer, bufferSz, BTLE_PKT_TYPE_KEY, devCtx);
    if (ret != bufferSz) {
        printf("btle_send key failed %d!\n", ret);
        goto cleanup;
    }

    while (1) {
        mySalt = wc_ecc_ctx_get_own_salt(srvCtx);
        if (mySalt == NULL) {
            printf("wc_ecc_ctx_get_own_salt failed!\n");
            ret = -1; goto cleanup;
        }

        /* Get peer salt */
        ret = btle_recv(peerSalt, EXCHANGE_SALT_SZ, &type, devCtx);
        if (ret <= 0) {
            printf("btle_recv salt failed %d! errno %d\n", ret, errno);
            goto cleanup;
        }
        if (type != BTLE_PKT_TYPE_SALT) {
            printf("btle_recv expected salt!\n");
            ret = -1; goto cleanup;
        }

        /* Send my salt */
        /* You must send mySalt before set_peer_salt, because buffer changes */
        ret = btle_send(mySalt, EXCHANGE_SALT_SZ, BTLE_PKT_TYPE_SALT, devCtx);
        if (ret != EXCHANGE_SALT_SZ) {
            printf("btle_send salt failed %d!\n", ret);
            goto cleanup;
        }

        ret = wc_ecc_ctx_set_peer_salt(srvCtx, peerSalt);
        if (ret != 0) {
            printf("wc_ecc_ctx_set_peer_salt failed %d\n", ret);
            goto cleanup;
        }

        /* Get message */
        bufferSz = sizeof(buffer);
        ret = btle_recv(buffer, bufferSz, &type, devCtx);
        if (ret <= 0) {
            printf("btle_recv msg failed %d! errno %d\n", ret, errno);
            goto cleanup;
        }
        if (type != BTLE_PKT_TYPE_MSG) {
            printf("btle_recv expected msg!\n");
            ret = -1; goto cleanup;
        }

        /* Decrypt message */
        bufferSz = ret;
        plainSz = sizeof(plain);
        ret = wc_ecc_decrypt(&myKey, &peerKey, buffer, bufferSz, plain, &plainSz, srvCtx);
        if (ret != 0) {
            printf("wc_ecc_decrypt failed %d!\n", ret);
            goto cleanup;
        }

        printf("Recv %d: %s\n", plainSz, plain);

        /* Encrypt message */
        bufferSz = sizeof(buffer);
        ret = wc_ecc_encrypt(&myKey, &peerKey, plain, plainSz, buffer, &bufferSz, srvCtx);
        if (ret != 0) {
            printf("wc_ecc_encrypt failed %d!\n", ret);
            goto cleanup;
        }

        /* Send message */
        ret = btle_send(buffer, bufferSz, BTLE_PKT_TYPE_MSG, devCtx);
        if (ret != bufferSz) {
            printf("btle_send failed %d!\n", ret);
            goto cleanup;
        }

        /* check for exit flag */
        if (strstr((char*)plain, "EXIT"))
            break;

        /* reset context (reset my salt) */
        ret = wc_ecc_ctx_reset(srvCtx, &rng);
        if (ret != 0) {
            printf("wc_ecc_ctx_reset failed %d\n", ret);
            goto cleanup;
        }
    }

cleanup:

    if (devCtx != NULL)
        btle_close(devCtx);

    wolfSSL_Cleanup();

    return ret;
}