WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #210 from dgarske/sigtests 

Improvements and cleanups to the sigtests
pull/212/head
Eric Blankenhorn 2020-06-16 16:21:08 -05:00 committed by GitHub
parent c080ea89f5 4d3763952c
commit ede7299457
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 192 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
signature/signature.c
View File

@ -57,7 +57,7 @@ int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
{ {
int ret; int ret;
ecc_key eccKey; ecc_key eccKey;
RNG rng; WC_RNG rng;
byte* sigBuf = NULL; byte* sigBuf = NULL;
word32 sigLen; word32 sigLen;
byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE]; byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];
@ -202,7 +202,7 @@ int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
{ {
int ret; int ret;
RsaKey rsaKey; RsaKey rsaKey;
RNG rng; WC_RNG rng;
byte *sigBuf = NULL; byte *sigBuf = NULL;
word32 sigLen; word32 sigLen;
#ifdef WOLFSSL_KEY_GEN #ifdef WOLFSSL_KEY_GEN

6
signature/sigtest/Makefile
View File

@ -12,15 +12,15 @@ all:wolfsigtest opensigtest eccsiglentest
opensigtest:CFLAGS+=$(OPENSSL_FLAGS) opensigtest:CFLAGS+=$(OPENSSL_FLAGS)
opensigtest:opensigtest.o opensigtest:opensigtest.o
$(CC) -o $@ $(LIBS) $(OPENSSL_LIB) $^ $(CFLAGS) $(CC) -o $@ $(LIBS) $^ $(CFLAGS) $(OPENSSL_LIB)
wolfsigtest:CFLAGS+=$(WOLFSSL_FLAGS) wolfsigtest:CFLAGS+=$(WOLFSSL_FLAGS)
wolfsigtest:wolfsigtest.o wolfsigtest:wolfsigtest.o
$(CC) -o $@ $(LIBS) $(WOLFSSL_LIB) $^ $(CFLAGS) $(CC) -o $@ $(LIBS) $^ $(CFLAGS) $(WOLFSSL_LIB)
eccsiglentest:CFLAGS+=$(WOLFSSL_FLAGS) eccsiglentest:CFLAGS+=$(WOLFSSL_FLAGS)
eccsiglentest:eccsiglentest.o eccsiglentest:eccsiglentest.o
$(CC) -o $@ $(LIBS) $(WOLFSSL_LIB) $^ $(CFLAGS) $(CC) -o $@ $(LIBS) $^ $(CFLAGS) $(WOLFSSL_LIB)
.PHONY: clean all .PHONY: clean all

2
signature/sigtest/eccsiglentest.c
View File

@ -66,7 +66,7 @@ int ecc_sign_verify_test(enum wc_HashType hash_type,
{ {
int ret; int ret;
ecc_key eccKey; ecc_key eccKey;
RNG rng; WC_RNG rng;
byte* sigBuf = NULL; byte* sigBuf = NULL;
word32 sigLen; word32 sigLen;
byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE]; byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];

23
signature/sigtest/opensigtest.c
View File

@ -2,11 +2,11 @@
#include <string.h> #include <string.h>
#include <stdint.h> #include <stdint.h>
#include <openssl/err.h> // Error codes #include <openssl/err.h> /* Error codes */
#include <openssl/evp.h> // For crypto engine functions #include <openssl/evp.h> /* For crypto engine functions */
#include <openssl/pem.h> // For PEM file access functions #include <openssl/pem.h> /* For PEM file access functions */
#include <openssl/rsa.h> // For RSA functions #include <openssl/rsa.h> /* For RSA functions */
#include <openssl/sha.h> // For SHA-1 functions #include <openssl/sha.h> /* For SHA-1 functions */
/* this is from ./certs/ca-key.pem */ /* this is from ./certs/ca-key.pem */
@ -47,7 +47,7 @@ const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
"R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n" "R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n"
"-----END RSA PRIVATE KEY-----\n"; "-----END RSA PRIVATE KEY-----\n";
uint8_t Digest_given[] = { //44 bytes uint8_t Digest_given[] = { /* 44 bytes */
0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc, 0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc,
0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49, 0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19
@ -106,7 +106,7 @@ int SignVerify_OpenSSL(void)
BIO * bio; BIO * bio;
if ( (bio = BIO_new_mem_buf((void*)privPemKey, -1)) != NULL ) if ( (bio = BIO_new_mem_buf((void*)privPemKey, -1)) != NULL )
{ {
// Create input data (44 bytes) /* Create input data (44 bytes) */
print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN); print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN);
rsa = PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL); rsa = PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL);
@ -117,17 +117,17 @@ int SignVerify_OpenSSL(void)
printf("OpenSSL error: %s", buffer); printf("OpenSSL error: %s", buffer);
} }
// Create Digest (20 bytes) /* Create Digest (20 bytes) */
iRetval = EVP_Digest(&Digest_given[0], DATA_BLOCK_LEN, abDigest, NULL, EVP_sha1(), NULL); iRetval = EVP_Digest(&Digest_given[0], DATA_BLOCK_LEN, abDigest, NULL, EVP_sha1(), NULL);
printf("Digest SHA1 result %d\n", iRetval); printf("Digest SHA1 result %d\n", iRetval);
print_buf("Digest Output 20 Data:", abDigest, sizeof(abDigest)); print_buf("Digest Output 20 Data:", abDigest, sizeof(abDigest));
// Sign hash (128 bytes) /* Sign hash (128 bytes) */
iRetval = RSA_sign(NID_sha1, abDigest, sizeof(abDigest), &signedData[0], &iSigLen, rsa); iRetval = RSA_sign(NID_sha1, abDigest, sizeof(abDigest), &signedData[0], &iSigLen, rsa);
printf("RSA Sign result %d\n", iRetval); printf("RSA Sign result %d\n", iRetval);
print_buf("OpenSSL Signed data results:", &signedData[0], iSigLen); print_buf("OpenSSL Signed data results:", &signedData[0], iSigLen);
// Verify Signature /* Verify Signature */
iRetval = RSA_verify(NID_sha1, abDigest, sizeof(abDigest), &signedData[0], SIGNED_LEN, rsa); iRetval = RSA_verify(NID_sha1, abDigest, sizeof(abDigest), &signedData[0], SIGNED_LEN, rsa);
if(iRetval != 1) if(iRetval != 1)
{ {
@ -141,7 +141,7 @@ int SignVerify_OpenSSL(void)
} }
#if 1 #if 1
if (iRetval == 0) { if (iRetval == 0) {
// Verify Signature with "expected_signature_results" /* Verify Signature with "expected_signature_results" */
iRetval = RSA_verify(NID_sha1, abDigest, SHA1_HASH_LEN, &expected_signed_results[0], SIGNED_LEN, rsa); iRetval = RSA_verify(NID_sha1, abDigest, SHA1_HASH_LEN, &expected_signed_results[0], SIGNED_LEN, rsa);
if(iRetval != 1) if(iRetval != 1)
{ {
@ -165,4 +165,3 @@ int main(int argc, char * argv[])
{ {
return SignVerify_OpenSSL(); return SignVerify_OpenSSL();
} }

290
signature/sigtest/wolfsigtest.c
View File

@ -8,12 +8,10 @@
#include <wolfssl/wolfcrypt/logging.h> #include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/ssl.h> #include <wolfssl/wolfcrypt/rsa.h>
#include "wolfssl/wolfcrypt/rsa.h" // For RSA functions /* Set this define to show RSA verify only */
//#define DEMO_RSA_VERIFY_ONLY
/* wolfSSL must be build with WOLFSSL_CERT_EXT defined */
#ifdef WOLFSSL_CERT_EXT
/* this is from ./certs/ca-key.pem */ /* this is from ./certs/ca-key.pem */
const char* pubPemKey = "-----BEGIN PUBLIC KEY-----\n" const char* pubPemKey = "-----BEGIN PUBLIC KEY-----\n"
@ -25,6 +23,30 @@ const char* pubPemKey = "-----BEGIN PUBLIC KEY-----\n"
"JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02\n" "JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02\n"
"eQIDAQAB\n" "eQIDAQAB\n"
"-----END PUBLIC KEY-----\n"; "-----END PUBLIC KEY-----\n";
const byte pubKeyModulus[] = {
0x00, 0xbf, 0x0c, 0xca, 0x2d, 0x14, 0xb2, 0x1e, 0x84, 0x42, 0x5b, 0xcd, 0x38, 0x1f, 0x4a,
0xf2, 0x4d, 0x75, 0x10, 0xf1, 0xb6, 0x35, 0x9f, 0xdf, 0xca, 0x7d, 0x03, 0x98, 0xd3, 0xac,
0xde, 0x03, 0x66, 0xee, 0x2a, 0xf1, 0xd8, 0xb0, 0x7d, 0x6e, 0x07, 0x54, 0x0b, 0x10, 0x98,
0x21, 0x4d, 0x80, 0xcb, 0x12, 0x20, 0xe7, 0xcc, 0x4f, 0xde, 0x45, 0x7d, 0xc9, 0x72, 0x77,
0x32, 0xea, 0xca, 0x90, 0xbb, 0x69, 0x52, 0x10, 0x03, 0x2f, 0xa8, 0xf3, 0x95, 0xc5, 0xf1,
0x8b, 0x62, 0x56, 0x1b, 0xef, 0x67, 0x6f, 0xa4, 0x10, 0x41, 0x95, 0xad, 0x0a, 0x9b, 0xe3,
0xa5, 0xc0, 0xb0, 0xd2, 0x70, 0x76, 0x50, 0x30, 0x5b, 0xa8, 0xe8, 0x08, 0x2c, 0x7c, 0xed,
0xa7, 0xa2, 0x7a, 0x8d, 0x38, 0x29, 0x1c, 0xac, 0xc7, 0xed, 0xf2, 0x7c, 0x95, 0xb0, 0x95,
0x82, 0x7d, 0x49, 0x5c, 0x38, 0xcd, 0x77, 0x25, 0xef, 0xbd, 0x80, 0x75, 0x53, 0x94, 0x3c,
0x3d, 0xca, 0x63, 0x5b, 0x9f, 0x15, 0xb5, 0xd3, 0x1d, 0x13, 0x2f, 0x19, 0xd1, 0x3c, 0xdb,
0x76, 0x3a, 0xcc, 0xb8, 0x7d, 0xc9, 0xe5, 0xc2, 0xd7, 0xda, 0x40, 0x6f, 0xd8, 0x21, 0xdc,
0x73, 0x1b, 0x42, 0x2d, 0x53, 0x9c, 0xfe, 0x1a, 0xfc, 0x7d, 0xab, 0x7a, 0x36, 0x3f, 0x98,
0xde, 0x84, 0x7c, 0x05, 0x67, 0xce, 0x6a, 0x14, 0x38, 0x87, 0xa9, 0xf1, 0x8c, 0xb5, 0x68,
0xcb, 0x68, 0x7f, 0x71, 0x20, 0x2b, 0xf5, 0xa0, 0x63, 0xf5, 0x56, 0x2f, 0xa3, 0x26, 0xd2,
0xb7, 0x6f, 0xb1, 0x5a, 0x17, 0xd7, 0x38, 0x99, 0x08, 0xfe, 0x93, 0x58, 0x6f, 0xfe, 0xc3,
0x13, 0x49, 0x08, 0x16, 0x0b, 0xa7, 0x4d, 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4e, 0x98,
0xed, 0x51, 0x45, 0x1d, 0xb9, 0x04, 0xd9, 0x0b, 0xec, 0xd8, 0x28, 0xb3, 0x4b, 0xbd, 0xed,
0x36, 0x79
};
const byte pubKeyExponent[] = { 0x01, 0x00, 0x01 };
const long pubKeyExponentLong = 65537; /* 0x10001 */
const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n" const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
"MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY\n" "MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY\n"
"sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB\n" "sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB\n"
@ -53,13 +75,13 @@ const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
"R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n" "R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n"
"-----END RSA PRIVATE KEY-----\n"; "-----END RSA PRIVATE KEY-----\n";
uint8_t Digest_given[] = { //44 bytes byte Digest_given[] = { /* 44 bytes */
0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc, 0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc,
0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49, 0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19
}; };
uint8_t expected_signed_results[] = { byte expected_signed_results[] = {
0x15,0xEB,0xE3,0x5A,0xA7,0x82,0x97,0x7C,0x3E,0x6D,0x3E,0x30,0xFB,0x3D,0x01,0x2C, 0x15,0xEB,0xE3,0x5A,0xA7,0x82,0x97,0x7C,0x3E,0x6D,0x3E,0x30,0xFB,0x3D,0x01,0x2C,
0x71,0x3A,0x47,0x84,0x2B,0xB4,0x99,0x35,0xA3,0x2E,0x91,0xE4,0xF0,0x77,0x29,0x8A, 0x71,0x3A,0x47,0x84,0x2B,0xB4,0x99,0x35,0xA3,0x2E,0x91,0xE4,0xF0,0x77,0x29,0x8A,
0x63,0x51,0x33,0xB0,0x4F,0xBE,0x92,0xDB,0x17,0x3B,0xD6,0x3E,0x45,0x06,0x4E,0xAB, 0x63,0x51,0x33,0xB0,0x4F,0xBE,0x92,0xDB,0x17,0x3B,0xD6,0x3E,0x45,0x06,0x4E,0xAB,
@ -82,7 +104,7 @@ uint8_t expected_signed_results[] = {
#define DATA_BLOCK_LEN 44 #define DATA_BLOCK_LEN 44
#define SIGNED_LEN 256 #define SIGNED_LEN 256
static void print_buf(char *str, uint8_t *buf, int blen) static void print_buf(char *str, byte *buf, int blen)
{ {
int i, j; int i, j;
@ -101,129 +123,167 @@ static void print_buf(char *str, uint8_t *buf, int blen)
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
int ret = 0; int ret = 0;
RNG rng; WC_RNG rng;
byte DER_buf[2048]; word32 DER_len = sizeof(DER_buf); byte DER_buf[2048]; word32 DER_len = 0;
byte Sig_buf[SIGNED_LEN]; word32 Sig_len = sizeof(Sig_buf); byte Sig_buf[SIGNED_LEN]; word32 Sig_len = sizeof(Sig_buf);
byte Hash_buf[SHA1_HASH_LEN]; word32 Hash_len = sizeof(Hash_buf); byte Hash_buf[SHA1_HASH_LEN]; word32 Hash_len = sizeof(Hash_buf);
byte Digest_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 Digest_len = sizeof(Digest_buf); byte Digest_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 Digest_len = sizeof(Digest_buf);
byte DigestVer_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 DigestVer_len = sizeof(DigestVer_buf); byte DigestVer_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 DigestVer_len = sizeof(DigestVer_buf);
word32 inOutIdx=0; word32 inOutIdx=0;
RsaKey rsakey; RsaKey rsakey;
byte pemPublic = 0; byte pemPublic = 0;
enum wc_HashType hash_type = WC_HASH_TYPE_SHA; enum wc_HashType hash_type = WC_HASH_TYPE_SHA;
enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_RSA_W_ENC; enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_RSA_W_ENC;
// Create input data (44 bytes) /* Create input data (44 bytes) */
print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN); print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN);
/* Init */ /* Init */
wc_InitRng(&rng); wc_InitRng(&rng);
/* Init Rsa Key */ /* Init Rsa Key */
wc_InitRsaKey(&rsakey, NULL); wc_InitRsaKey(&rsakey, NULL);
memset(DER_buf, 0, sizeof(DER_buf)); XMEMSET(DER_buf, 0, sizeof(DER_buf));
ret = wolfSSL_KeyPemToDer((const byte*)privPemKey, strlen(privPemKey), DER_buf, sizeof(DER_buf), NULL);
if (ret < 0) { #ifndef DEMO_RSA_VERIFY_ONLY
ret = wolfSSL_PubKeyPemToDer((const byte*)pubPemKey, strlen(pubPemKey), DER_buf, sizeof(DER_buf)); /* Needs WOLFSSL_CERT_EXT defined or --enable-certgen --enable-certext */ ret = wc_KeyPemToDer((const byte*)privPemKey, strlen(privPemKey),
pemPublic = 1; DER_buf, sizeof(DER_buf), NULL);
} if (ret < 0)
printf("DER_len = %d DER_buf:\n", ret); #endif
if (ret < 0) goto exit; {
DER_len = ret; pemPublic = 1;
print_buf("DER:", DER_buf, DER_len);
// PEM key selection #ifdef WOLFSSL_CERT_EXT
if (!pemPublic) { /* Needs WOLFSSL_CERT_EXT defined or --enable-certgen --enable-certext */
ret = wc_RsaPrivateKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len); ret = wc_PubKeyPemToDer((const byte*)pubPemKey, strlen(pubPemKey),
} DER_buf, sizeof(DER_buf));
else { #else
ret = wc_RsaPublicKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len); ret = 0; /* NOT_COMPILED_IN */
} #endif
printf("decode %s key =%d\n", pemPublic ? "public" : "private", ret); }
if (ret >= 0) {
DER_len = ret;
}
printf("Key Pem to Der ret %d\n", ret);
/* Get signature length and allocate buffer */ if (ret < 0) goto exit;
ret = wc_SignatureGetSize(sig_type, &rsakey, sizeof(rsakey)); if (DER_len > 0) {
printf("Sig Len: %d\n", ret); printf("DER_len = %d DER_buf:\n", DER_len);
if (ret < 0) goto exit; print_buf("DER:", DER_buf, DER_len);
Sig_len = ret; }
/* Get Hash length */ /* PEM key selection */
ret = wc_HashGetDigestSize(hash_type); if (!pemPublic) {
printf("Hash Digest Len: %d\n", ret); ret = wc_RsaPrivateKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len);
if (ret < 0) goto exit; }
Hash_len = ret; else {
/* Three Examples for loading an RSA public key */
/* Hash digest with SHA1 */ /* 1. Decode DER key */
ret = wc_Hash(hash_type, Digest_given, sizeof(Digest_given), Hash_buf, Hash_len); if (DER_len > 0) {
printf("Digest SHA1 Hash: %d\n", ret); ret = wc_RsaPublicKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len);
if (ret < 0) goto exit; }
print_buf("Digest Output 20 Data:", Hash_buf, Hash_len); else {
#if 1
/* 2. Decode Raw: Example for loading RSA public key with modulus and exponenet only */
ret = wc_RsaPublicKeyDecodeRaw(pubKeyModulus, sizeof(pubKeyModulus),
pubKeyExponent, sizeof(pubKeyExponent), &rsakey);
#else
/* 3. Manual Math: Manually setting with math API's */
ret = mp_set_int(&rsakey.e, pubKeyExponentLong);
if (ret == 0) {
ret = mp_read_unsigned_bin(&rsakey.n, pubKeyModulus,
sizeof(pubKeyModulus));
}
#endif
}
}
printf("decode %s key =%d\n", pemPublic ? "public" : "private", ret);
/* Add ASN digest info header */ /* Get signature length and allocate buffer */
ret = wc_EncodeSignature(Digest_buf, Hash_buf, Hash_len, SHAh); ret = wc_SignatureGetSize(sig_type, &rsakey, sizeof(rsakey));
printf("Digest Header: %d\n", ret); printf("Sig Len: %d\n", ret);
if (ret <= 0) goto exit; if (ret < 0) goto exit;
Digest_len = ret; Sig_len = ret;
print_buf("Signed data results:", Digest_buf, Digest_len);
if (!pemPublic) { /* Get Hash length */
/* Perform hash and sign to create signature */ ret = wc_HashGetDigestSize(hash_type);
ret = wc_RsaSSL_Sign(Digest_buf, Digest_len, Sig_buf, Sig_len, &rsakey, &rng); printf("Hash Digest Len: %d\n", ret);
printf("RSA Sign Result: %d\n", ret); if (ret < 0) goto exit;
if (ret < 0) goto exit; Hash_len = ret;
Sig_len = ret;
print_buf("RSA Sign Data:", Sig_buf, Sig_len); /* Hash digest with SHA1 */
ret = wc_Hash(hash_type, Digest_given, sizeof(Digest_given), Hash_buf, Hash_len);
printf("Digest SHA1 Hash: %d\n", ret);
if (ret < 0) goto exit;
print_buf("Digest Output 20 Data:", Hash_buf, Hash_len);
ret = wc_SignatureGenerate(hash_type, sig_type, Digest_given, sizeof(Digest_given), Sig_buf, &Sig_len, &rsakey, sizeof(rsakey), &rng); /* Add ASN digest info header */
printf("Sig Generation: ret %d, Sig_len=%d\n", ret, Sig_len); ret = wc_EncodeSignature(Digest_buf, Hash_buf, Hash_len, SHAh);
print_buf("Sign Data:", Sig_buf, Sig_len); printf("Digest Header: %d\n", ret);
} if (ret <= 0) goto exit;
else { Digest_len = ret;
/* Use digest for RSA verify */ print_buf("Signed data results:", Digest_buf, Digest_len);
ret = wc_RsaSSL_Verify(Sig_buf, Sig_len, DigestVer_buf, DigestVer_len, &rsakey);
if (ret != Digest_len || XMEMCMP(DigestVer_buf, Digest_buf, Digest_len) != 0) { if (!pemPublic) {
/* Perform hash and sign to create signature */
ret = wc_RsaSSL_Sign(Digest_buf, Digest_len, Sig_buf, Sig_len, &rsakey, &rng);
printf("RSA Sign Result: %d\n", ret);
if (ret < 0) goto exit;
Sig_len = ret;
print_buf("RSA Sign Data:", Sig_buf, Sig_len);
ret = wc_SignatureGenerate(hash_type, sig_type,
Digest_given, sizeof(Digest_given),
Sig_buf, &Sig_len,
&rsakey, sizeof(rsakey), &rng);
printf("Sig Generation: ret %d, Sig_len=%d\n", ret, Sig_len);
print_buf("Sign Data:", Sig_buf, Sig_len);
/* Verify against expected signature */
print_buf("Expected Signature:", expected_signed_results, sizeof(expected_signed_results));
if (XMEMCMP(Sig_buf, expected_signed_results, Sig_len) == 0) {
printf("Signatures match!\n");
}
else {
printf("Signature invalid!\n");
}
}
else {
/* Use digest for RSA verify */
ret = wc_RsaSSL_Verify(expected_signed_results, sizeof(expected_signed_results),
DigestVer_buf, DigestVer_len, &rsakey);
if (ret != Digest_len || XMEMCMP(DigestVer_buf, Digest_buf, Digest_len) != 0) {
printf("RSA Verify Failed! %d\n", ret); printf("RSA Verify Failed! %d\n", ret);
} }
else { else {
printf("RSA Verify Success!\n"); printf("RSA Verify Success!\n");
ret = 0; ret = 0;
} }
print_buf("Ecpected Verify Data:", DigestVer_buf, DigestVer_len); print_buf("Expected Verify Data:", DigestVer_buf, DigestVer_len);
print_buf("RSA Verify Data:", Digest_buf, Digest_len); print_buf("RSA Verify Data:", Digest_buf, Digest_len);
if (ret == 0) { if (ret == 0) {
ret = wc_SignatureVerify(hash_type, sig_type, Digest_given, sizeof(Digest_given), Sig_buf, Sig_len, &rsakey, sizeof(rsakey)); ret = wc_SignatureVerify(hash_type, sig_type,
printf("Sig Verification: %s (%d)\n", (ret == wc_HashGetDigestSize(hash_type)) ? "Pass" : "Fail", ret); Digest_given, sizeof(Digest_given),
print_buf("Sig Verify Data:", Digest_buf, Digest_len); expected_signed_results, sizeof(expected_signed_results),
} &rsakey, sizeof(rsakey));
} printf("Sig Verify: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
/* Verify against expected signature */ /* Example for validating hash directly */
print_buf("Expected Signature:", expected_signed_results, sizeof(expected_signed_results)); ret = wc_SignatureVerifyHash(hash_type, sig_type,
if (memcmp(Sig_buf, expected_signed_results, Sig_len) == 0) { Digest_buf, Digest_len,
printf("Signatures match!\n"); expected_signed_results, sizeof(expected_signed_results),
} &rsakey, sizeof(rsakey));
else { printf("Sig Verify Hash: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
printf("Signature invalid!\n"); }
} }
exit: exit:
wc_FreeRsaKey(&rsakey); wc_FreeRsaKey(&rsakey);
wc_FreeRng(&rng); wc_FreeRng(&rng);
return 0;
}
#else
int main(int argc, char** argv)
{
(void)argc;
(void)argv;
printf("Error wolfSSL must be build with WOLFSSL_CERT_EXT enable ./configure --enable-certgen --enable-certext\n");
return 0; return 0;
} }
#endif /* WOLFSSL_CERT_EXT */