WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added ability to perform verify against signature file.

pull/27/head
David Garske 2016-11-11 12:29:22 -08:00
parent 3079a10e0b
commit ad8ca32d03
1 changed files with 133 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
signature/signature.c
View File

@ -52,7 +52,7 @@ void hexdump(const void *buffer, word32 len, byte cols)
#ifdef HAVE_ECC #ifdef HAVE_ECC
int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type, int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type,
byte* fileBuf, int fileLen) byte* fileBuf, int fileLen, byte* verifyFileBuf, int verifyFileLen)
{ {
int ret; int ret;
ecc_key eccKey; ecc_key eccKey;
@ -94,32 +94,38 @@ int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
printf("ECC Private Key: Len %d\n", eccPrivKeyLen); printf("ECC Private Key: Len %d\n", eccPrivKeyLen);
hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16); hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16);
/* Get signature length and allocate buffer */ if (verifyFileBuf) {
sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey)); sigLen = verifyFileLen;
if(sigLen <= 0) { sigBuf = verifyFileBuf;
printf("ECC Signature type %d not supported!\n", sig_type);
ret = EXIT_FAILURE;
goto exit;
} }
sigBuf = malloc(sigLen); else {
if(!sigBuf) { /* Get signature length and allocate buffer */
printf("ECC Signature malloc failed!\n"); sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey));
ret = EXIT_FAILURE; if(sigLen <= 0) {
goto exit; printf("ECC Signature type %d not supported!\n", sig_type);
} ret = EXIT_FAILURE;
printf("ECC Signature Len: %d\n", sigLen); goto exit;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("ECC Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
printf("ECC Signature Len: %d\n", sigLen);
/* Perform hash and sign to create signature */ /* Perform hash and sign to create signature */
ret = wc_SignatureGenerate( ret = wc_SignatureGenerate(
hash_type, sig_type, hash_type, sig_type,
fileBuf, fileLen, fileBuf, fileLen,
sigBuf, &sigLen, sigBuf, &sigLen,
&eccKey, sizeof(eccKey), &eccKey, sizeof(eccKey),
&rng); &rng);
printf("ECC Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); printf("ECC Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
if(ret < 0) { if(ret < 0) {
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
goto exit; goto exit;
}
} }
printf("Signature Data:\n"); printf("Signature Data:\n");
@ -190,7 +196,7 @@ int rsa_load_der_file(const char* derFile, RsaKey *rsaKey)
} }
int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type, int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type,
byte* fileBuf, int fileLen) byte* fileBuf, int fileLen, byte* verifyFileBuf, int verifyFileLen)
{ {
int ret; int ret;
RsaKey rsaKey; RsaKey rsaKey;
@ -245,32 +251,38 @@ int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
rsa_load_der_file("../certs/client-key.der", &rsaKey); rsa_load_der_file("../certs/client-key.der", &rsaKey);
#endif #endif
/* Get signature length and allocate buffer */ if (verifyFileBuf) {
sigLen = wc_SignatureGetSize(sig_type, &rsaKey, sizeof(rsaKey)); sigLen = verifyFileLen;
if(sigLen <= 0) { sigBuf = verifyFileBuf;
printf("RSA Signature size check fail! %d\n", sigLen);
ret = EXIT_FAILURE;
goto exit;
} }
sigBuf = malloc(sigLen); else {
if(!sigBuf) { /* Get signature length and allocate buffer */
printf("RSA Signature malloc failed!\n"); sigLen = wc_SignatureGetSize(sig_type, &rsaKey, sizeof(rsaKey));
ret = EXIT_FAILURE; if(sigLen <= 0) {
goto exit; printf("RSA Signature size check fail! %d\n", sigLen);
} ret = EXIT_FAILURE;
printf("RSA Signature Len: %d\n", sigLen); goto exit;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("RSA Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
printf("RSA Signature Len: %d\n", sigLen);
/* Perform hash and sign to create signature */ /* Perform hash and sign to create signature */
ret = wc_SignatureGenerate( ret = wc_SignatureGenerate(
hash_type, sig_type, hash_type, sig_type,
fileBuf, fileLen, fileBuf, fileLen,
sigBuf, &sigLen, sigBuf, &sigLen,
&rsaKey, sizeof(rsaKey), &rsaKey, sizeof(rsaKey),
&rng); &rng);
printf("RSA Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); printf("RSA Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
if(ret < 0) { if(ret < 0) {
ret = EXIT_FAILURE; ret = EXIT_FAILURE;
goto exit; goto exit;
}
} }
printf("RSA Signature Data:\n"); printf("RSA Signature Data:\n");
@ -321,12 +333,58 @@ exit:
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
static int load_file_to_buffer(const char* filename, byte** fileBuf, int* fileLen)
{
int ret = 0;
FILE* file = NULL;
/* Open file */
file = fopen(filename, "rb");
if (file == NULL) {
printf("File %s does not exist!\n", filename);
ret = EXIT_FAILURE;
goto exit;
}
/* Determine length of file */
fseek(file, 0, SEEK_END);
*fileLen = (int) ftell(file);
fseek(file, 0, SEEK_SET);
printf("File %s is %d bytes\n", filename, *fileLen);
/* Allocate buffer for image */
*fileBuf = malloc(*fileLen);
if(!*fileBuf) {
printf("File buffer malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
/* Load file into buffer */
ret = (int)fread(*fileBuf, 1, *fileLen, file);
if(ret != *fileLen) {
printf("Error reading file! %d", ret);
ret = EXIT_FAILURE;
goto exit;
}
exit:
if(file) {
fclose(file);
}
return ret;
}
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
int fileLen; int fileLen;
byte* fileBuf = NULL; byte* fileBuf = NULL;
FILE* file = NULL; int verifyFileLen;
byte* verifyFileBuf = NULL;
const char* verify_file = NULL;
enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_NONE; enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_NONE;
enum wc_HashType hash_type = WC_HASH_TYPE_NONE; enum wc_HashType hash_type = WC_HASH_TYPE_NONE;
@ -352,9 +410,10 @@ int main(int argc, char** argv)
/* Check arguments */ /* Check arguments */
if (argc < 2) { if (argc < 2) {
printf("Usage: signature <filename> <sig> <hash>\n"); printf("Usage: signature <filename> <sig> <hash> <verifyfile> \n");
printf(" <sig>: 1=ECC, 2=RSA, 3=RSA (w/DER Encoding): default %d\n", sig_type); printf(" <sig>: 1=ECC, 2=RSA, 3=RSA (w/DER Encoding): default %d\n", sig_type);
printf(" <hash>: 1=MD2, 2=MD4, 3=MD5, 4=SHA, 5=SHA256, 6=SHA384, 7=SHA512, 8=MD5+SHA: default %d\n", hash_type); printf(" <hash>: 1=MD2, 2=MD4, 3=MD5, 4=SHA, 5=SHA256, 6=SHA384, 7=SHA512, 8=MD5+SHA: default %d\n", hash_type);
printf(" <verifyfile>: optional sig verify binary file\n");
return 1; return 1;
} }
if(argc >= 3) { if(argc >= 3) {
@ -363,6 +422,9 @@ int main(int argc, char** argv)
if(argc >= 4) { if(argc >= 4) {
hash_type = atoi(argv[3]); hash_type = atoi(argv[3]);
} }
if(argc >= 5) {
verify_file = argv[4];
}
/* Verify hash type is supported */ /* Verify hash type is supported */
if (wc_HashGetDigestSize(hash_type) <= 0) { if (wc_HashGetDigestSize(hash_type) <= 0) {
@ -372,34 +434,18 @@ int main(int argc, char** argv)
printf("Signature Example: Sig=%d, Hash=%d\n", sig_type, hash_type); printf("Signature Example: Sig=%d, Hash=%d\n", sig_type, hash_type);
/* Open file */ /* Load input file */
file = fopen(argv[1], "rb"); ret = load_file_to_buffer(argv[1], &fileBuf, &fileLen);
if (file == NULL) { if (ret < 0) {
printf("File %s does not exist!\n", argv[1]);
ret = EXIT_FAILURE;
goto exit; goto exit;
} }
/* Determine length of file */ /* Load verify signature file (optional) */
fseek(file, 0, SEEK_END); if (verify_file) {
fileLen = (int) ftell(file); ret = load_file_to_buffer(verify_file, &verifyFileBuf, &verifyFileLen);
fseek(file, 0, SEEK_SET); if (ret < 0) {
printf("File %s is %d bytes\n", argv[1], fileLen); goto exit;
}
/* Allocate buffer for image */
fileBuf = malloc(fileLen);
if(!fileBuf) {
printf("File buffer malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
/* Load file into buffer */
ret = (int)fread(fileBuf, 1, fileLen, file);
if(ret != fileLen) {
printf("Error reading file! %d", ret);
ret = EXIT_FAILURE;
goto exit;
} }
/* Perform sign and verify */ /* Perform sign and verify */
@ -407,7 +453,8 @@ int main(int argc, char** argv)
{ {
#ifdef HAVE_ECC #ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC: case WC_SIGNATURE_TYPE_ECC:
ret = ecc_sign_verify_test(hash_type, sig_type, fileBuf, fileLen); ret = ecc_sign_verify_test(hash_type, sig_type, fileBuf, fileLen,
verifyFileBuf, verifyFileLen);
break; break;
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
@ -415,7 +462,8 @@ int main(int argc, char** argv)
case WC_SIGNATURE_TYPE_RSA_W_ENC: case WC_SIGNATURE_TYPE_RSA_W_ENC:
#endif #endif
case WC_SIGNATURE_TYPE_RSA: case WC_SIGNATURE_TYPE_RSA:
ret = rsa_sign_verify_test(hash_type, sig_type, fileBuf, fileLen); ret = rsa_sign_verify_test(hash_type, sig_type, fileBuf, fileLen,
verifyFileBuf, verifyFileLen);
break; break;
#endif #endif
default: default:
@ -428,9 +476,6 @@ exit:
if(fileBuf) { if(fileBuf) {
free(fileBuf); free(fileBuf);
} }
if(file) {
fclose(file);
}
return ret; return ret;
} }