JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doVerify
(JNIEnv* jenv, jobject jcl, jobject sig, jlong sigSz, jobject hash,
jlong hashSz, jobject keyDer, jlong keySz, jintArray result)
{
int ret;
int tmpResult;
ecc_key myKey;
if ((sigSz < 0) || (hashSz < 0) || (keySz < 0)) {
return -1;
}
/* get pointers to our buffers */
unsigned char* sigBuf = (*jenv)->GetDirectBufferAddress(jenv, sig);
if (sigBuf == NULL) {
printf("problem getting sig buffer address\n");
return -1;
}
unsigned char* hashBuf = (*jenv)->GetDirectBufferAddress(jenv, hash);
if (hashBuf == NULL) {
printf("problem getting hash buffer address\n");
return -1;
}
unsigned char* keyBuf = (*jenv)->GetDirectBufferAddress(jenv, keyDer);
if (keyBuf == NULL) {
printf("problem getting key buffer address\n");
return -1;
}
wc_ecc_init(&myKey);
ret = wc_ecc_import_x963(keyBuf, (unsigned int)keySz, &myKey);
if (ret == 0) {
ret = wc_ecc_verify_hash(sigBuf, (unsigned int)sigSz, hashBuf,
(unsigned int)hashSz, &tmpResult, &myKey);
if (ret != 0) {
printf("wc_ecc_verify_hash failed, ret = %d\n", ret);
wc_ecc_free(&myKey);
return -1;
}
} else {
printf("wc_ecc_import_x963 failed, ret = %d\n", ret);
return -1;
}
wc_ecc_free(&myKey);
(*jenv)->SetIntArrayRegion(jenv, result, 0, 1, &tmpResult);
return ret;
}
/* ECC free resources */
int CRYPT_ECC_Free(CRYPT_ECC_CTX* ecc)
{
if (ecc == NULL)
return BAD_FUNC_ARG;
wc_ecc_free((ecc_key*)ecc->holder);
XFREE(ecc->holder, NULL, DYNAMIC_TYPE_ECC);
ecc->holder = NULL;
return 0;
}
static int fw_message_process(MQTTCtx *mqttCtx, byte* buffer, word32 len)
{
int rc;
FirmwareHeader* header = (FirmwareHeader*)buffer;
byte *sigBuf, *pubKeyBuf, *fwBuf;
ecc_key eccKey;
word32 check_len = sizeof(FirmwareHeader) + header->sigLen +
header->pubKeyLen + header->fwLen;
/* Verify entire message was received */
if (len != check_len) {
PRINTF("Message header vs. actual size mismatch! %d != %d",
len, check_len);
return EXIT_FAILURE;
}
/* Get pointers to structure elements */
sigBuf = (buffer + sizeof(FirmwareHeader));
pubKeyBuf = (buffer + sizeof(FirmwareHeader) + header->sigLen);
fwBuf = (buffer + sizeof(FirmwareHeader) + header->sigLen +
header->pubKeyLen);
/* Import the public key */
wc_ecc_init(&eccKey);
rc = wc_ecc_import_x963(pubKeyBuf, header->pubKeyLen, &eccKey);
if (rc == 0) {
/* Perform signature verification using public key */
rc = wc_SignatureVerify(
FIRMWARE_HASH_TYPE, FIRMWARE_SIG_TYPE,
fwBuf, header->fwLen,
sigBuf, header->sigLen,
&eccKey, sizeof(eccKey));
PRINTF("Firmware Signature Verification: %s (%d)",
(rc == 0) ? "Pass" : "Fail", rc);
if (rc == 0) {
/* TODO: Process firmware image */
/* For example, save to disk using topic name */
fwfile_save(mqttCtx->pub_file, fwBuf, header->fwLen);
}
}
else {
PRINTF("ECC public key import failed! %d", rc);
}
wc_ecc_free(&eccKey);
return rc;
}
int main()
{
ecc_key key;
byte der[4096];
byte buf[4096];
word32 idx = 0;
FILE* derFile;
size_t sz;
RNG rng;
wc_InitRng(&rng);
wc_ecc_init(&key);
if (wc_ecc_make_key(&rng, 32, &key) != 0) {
printf("error making ecc key\n");
return -1;
}
/* write private key */
if (wc_EccKeyToDer(&key, der, sizeof(der)) < 0) {
printf("error in ecc to der\n");
return -1;
}
printf("writing private key to ecc-key.der\n");
derFile = fopen("ecc-key.der", "w");
if (!derFile) {
printf("error loading file\n");
return -1;
}
sz = fwrite(der, 1, 4096, derFile);
fclose(derFile);
wc_ecc_free(&key);
/* open and read from der file */
printf("reading in private key\n");
derFile = fopen("ecc-key.der", "rb");
if (!derFile) {
printf("error reading from file\n");
return -1;
}
sz = fread(buf, 1, 4096, derFile);
fclose(derFile);
/* load private ecc key */
printf("storing private key in ecc struct\n");
wc_ecc_init(&key);
if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) {
printf("error decoding private key\n");
return -1;
}
wc_ecc_free(&key);
/* Or the der file can be loaded into a TLS connection using something like
int wc_DerToPem(der, sizeof(der), pemOut, sizeof(pemOut),
ECC_PRIVATEKEY_TYPE);
int wolfSSL_use_PrivateKey_file(&ssl, pemOut, SSL_FILETYPE_PEM);
*/
/* to store a public key */
wc_ecc_init(&key);
if (wc_ecc_make_key(&rng, 32, &key) != 0) {
printf("error making ecc key\n");
return -1;
}
printf("storing public key into ecc-public.x963\n");
memset(buf, 0, sizeof(buf));
idx = sizeof(buf);
if (wc_ecc_export_x963(&key, buf, &idx) != 0) {
printf("error exporting public ecc key\n");
return -1;
}
derFile = fopen("ecc-public.x963", "w"); /* reused the derFile pointer */
if (!derFile) {
printf("error loading file\n");
return -1;
}
sz = fwrite(buf, 1, idx, derFile);
/* close stuff up */
fclose(derFile);
wc_ecc_free(&key);
wc_FreeRng(&rng);
return 0;
}
int ecc_sign_verify_test(enum wc_HashType hash_type,
enum wc_SignatureType sig_type, const byte* fileBuf, int fileLen,
byte* verifyFileBuf, int* verifyFileLen, int* pmaxSigSz, int* pmaxCurveSigSz,
int curveId, int keySz)
{
int ret;
ecc_key eccKey;
RNG rng;
byte* sigBuf = NULL;
word32 sigLen;
byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];
word32 eccPubKeyLen, eccPrivKeyLen;
word32 maxCurveSigSz;
#ifdef DEBUG_SIG_TEST
printf("ECC Signature: Curve %s, Size %d\n", wc_ecc_get_name(curveId), keySz);
#endif
/* Init */
wc_InitRng(&rng);
/* Generate key */
wc_ecc_init(&eccKey);
ret = wc_ecc_make_key_ex(&rng, keySz, &eccKey, curveId);
if(ret != 0) {
printf("ECC Make Key Failed! %d\n", ret);
goto exit;
}
ret = wc_ecc_sig_size(&eccKey);
if (ret < 0) {
printf("ECC Sig SizeFailed! %d\n", ret);
goto exit;
}
maxCurveSigSz = ret;
/* Display public key data */
eccPubKeyLen = ECC_BUFSIZE;
ret = wc_ecc_export_x963(&eccKey, eccPubKeyBuf, &eccPubKeyLen);
if (ret != 0) {
printf("ECC public key x963 export failed! %d\n", ret);
ret = EXIT_FAILURE;
goto exit;
}
#ifdef DEBUG_SIG_TEST
printf("ECC Public Key: Len %d\n", eccPubKeyLen);
hexdump(eccPubKeyBuf, eccPubKeyLen, 16);
#endif
/* Display private key data */
eccPrivKeyLen = ECC_BUFSIZE;
ret = wc_ecc_export_private_only(&eccKey, eccPrivKeyBuf, &eccPrivKeyLen);
if (ret != 0) {
printf("ECC private key export failed! %d\n", ret);
ret = EXIT_FAILURE;
goto exit;
}
#ifdef DEBUG_SIG_TEST
printf("ECC Private Key: Len %d\n", eccPrivKeyLen);
hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16);
#endif
if (verifyFileBuf) {
sigLen = *verifyFileLen;
sigBuf = verifyFileBuf;
}
else {
/* Get signature length and allocate buffer */
sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey));
if(sigLen <= 0) {
printf("ECC Signature type %d not supported!\n", sig_type);
ret = EXIT_FAILURE;
goto exit;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("ECC Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
#ifdef DEBUG_SIG_TEST
printf("ECC Signature Len: %d\n", sigLen);
#endif
/* Perform hash and sign to create signature */
ret = wc_SignatureGenerate(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, &sigLen,
&eccKey, sizeof(eccKey),
&rng);
*verifyFileLen = sigLen;
#ifdef DEBUG_SIG_TEST
printf("ECC Signature Generation: %s (%d)\n",
(ret == 0) ? "Pass" : "Fail", ret);
#endif
if(ret < 0) {
ret = EXIT_FAILURE;
goto exit;
}
}
#ifdef DEBUG_SIG_TEST
printf("Signature Data:\n");
hexdump(sigBuf, sigLen, 16);
#endif
/* Perform signature verification */
/* Release and init new key */
wc_ecc_free(&eccKey);
wc_ecc_init(&eccKey);
/* Import the public key */
ret = wc_ecc_import_x963_ex(eccPubKeyBuf, eccPubKeyLen, &eccKey, curveId);
if (ret != 0) {
printf("ECC public key import failed! %d\n", ret);
ret = EXIT_FAILURE;
goto exit;
}
/* Perform signature verification using public key */
ret = wc_SignatureVerify(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, sigLen,
&eccKey, sizeof(eccKey));
#ifdef DEBUG_SIG_TEST
printf("ECC Signature Verification: %s (%d)\n",
(ret == 0) ? "Pass" : "Fail", ret);
#endif
if (ret < 0) {
ret = EXIT_FAILURE;
}
if (pmaxSigSz && *pmaxSigSz < sigLen) {
#ifdef DEBUG_SIG_TEST_MAX
printf("Curve: Max %d->%d\n", *pmaxSigSz, sigLen);
hexdump(sigBuf, sigLen, 16);
#endif
*pmaxSigSz = sigLen;
}
if (pmaxCurveSigSz && *pmaxCurveSigSz < maxCurveSigSz) {
*pmaxCurveSigSz = maxCurveSigSz;
}
exit:
/* Free */
if(sigBuf) {
free(sigBuf);
}
wc_ecc_free(&eccKey);
wc_FreeRng(&rng);
return ret;
}
JNIEXPORT jint JNICALL Java_com_wolfssl_wolfcrypt_ECC_doSign
(JNIEnv* jenv, jobject jcl, jobject in, jlong inSz, jobject out,
jlongArray outSz, jobject keyDer, jlong keySz)
{
int ret;
RNG rng;
ecc_key myKey;
unsigned int tmpOut;
unsigned int idx = 0;
/* check in and key sz */
if ((inSz < 0) || (keySz < 0)) {
return -1;
}
/* get pointers to our buffers */
unsigned char* inBuf = (*jenv)->GetDirectBufferAddress(jenv, in);
if (inBuf == NULL) {
printf("problem getting in buffer address\n");
return -1;
}
unsigned char* outBuf = (*jenv)->GetDirectBufferAddress(jenv, out);
if (outBuf == NULL) {
printf("problem getting out buffer address\n");
return -1;
}
unsigned char* keyBuf = (*jenv)->GetDirectBufferAddress(jenv, keyDer);
if (keyBuf == NULL) {
printf("problem getting key buffer address\n");
return -1;
}
/* set previous value of outSz */
jlong tmp;
(*jenv)->GetLongArrayRegion(jenv, outSz, 0, 1, &tmp);
tmpOut = (unsigned int)tmp;
wc_InitRng(&rng);
wc_ecc_init(&myKey);
ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &myKey, keySz);
if (ret == 0) {
ret = wc_ecc_sign_hash(inBuf, (unsigned int)inSz, outBuf, &tmpOut,
&rng, &myKey);
if (ret != 0) {
printf("wc_ecc_sign_hash failed, ret = %d\n", ret);
wc_ecc_free(&myKey);
return -1;
}
} else {
printf("wc_EccPrivateKeyDecode failed, ret = %d\n", ret);
return -1;
}
wc_ecc_free(&myKey);
(*jenv)->SetLongArrayRegion(jenv, outSz, 0, 1, (jlong*)&tmpOut);
return ret;
}
