215 lines
5.8 KiB
C
215 lines
5.8 KiB
C
/* sphincs_sign_verify.c
|
|
*
|
|
* Copyright (C) 2022 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#include <wolfssl/options.h>
|
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
|
#include <wolfssl/wolfcrypt/asn.h>
|
|
#include <wolfssl/wolfcrypt/sphincs.h>
|
|
|
|
#ifdef HAVE_LIBOQS
|
|
|
|
#define MAX_PEM_CERT_SIZE 70000
|
|
#define MAX_KEY_KEY_SIZE 256
|
|
|
|
/* You can use any of the following combinations, but make sure to use the
|
|
* correct file names:
|
|
* LEVEL = 1 | 3 | 5
|
|
* VARIANT = FAST_VARIANT | SMALL_VARIANT */
|
|
#define LEVEL 5
|
|
#define VARIANT FAST_VARIANT
|
|
#define CERT_FILE "../certs/sphincs_fast_level5_entity_cert.pem"
|
|
#define KEY_FILE "../certs/sphincs_fast_level5_entity_key.pem"
|
|
|
|
#define MESSAGE "This message is protected with post-quantum cryptography!"
|
|
|
|
static void check_ret(char *func_name, int ret) {
|
|
if (ret != 0) {
|
|
fprintf(stderr, "ERROR: %s() returned %d\n", func_name, ret);
|
|
}
|
|
}
|
|
|
|
int main(int argc, char** argv)
|
|
{
|
|
int ret = 0;
|
|
int verify_result = -1;
|
|
FILE *file = NULL;
|
|
|
|
byte pem_buf[MAX_PEM_CERT_SIZE];
|
|
word32 pem_len = sizeof(pem_buf);
|
|
|
|
byte priv_der_buf[MAX_KEY_KEY_SIZE];
|
|
word32 priv_der_len = sizeof(priv_der_buf);
|
|
|
|
byte cert_der_buf[MAX_PEM_CERT_SIZE];
|
|
word32 cert_der_len = sizeof(cert_der_buf);
|
|
|
|
byte pub_der_buf[MAX_KEY_KEY_SIZE];
|
|
word32 pub_der_len = sizeof(pub_der_buf);
|
|
|
|
byte signature[SPHINCS_MAX_SIG_SIZE];
|
|
word32 signature_len = sizeof(signature);
|
|
|
|
WC_RNG rng;
|
|
sphincs_key priv_key;
|
|
sphincs_key pub_key;
|
|
DecodedCert decodedCert;
|
|
|
|
wc_InitRng(&rng);
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_init(&priv_key);
|
|
check_ret("wc_sphincs_init", ret);
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_init(&pub_key);
|
|
check_ret("wc_sphincs_init", ret);
|
|
}
|
|
|
|
/* Get private key from key PEM file. */
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_set_level_and_optim(&priv_key, LEVEL, VARIANT);
|
|
check_ret("wc_sphincs_set_level_and_optim", ret);
|
|
}
|
|
|
|
if (ret == 0) {
|
|
file = fopen(KEY_FILE, "rb");
|
|
ret = fread(pem_buf, 1, sizeof(pem_buf), file);
|
|
fclose(file);
|
|
file = NULL;
|
|
if (ret > 0) {
|
|
pem_len = ret;
|
|
ret = 0;
|
|
} else {
|
|
check_ret("fread", ret);
|
|
ret = -1;
|
|
}
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_KeyPemToDer((const byte*)pem_buf, pem_len,
|
|
priv_der_buf, priv_der_len, NULL);
|
|
if (ret > 0) {
|
|
priv_der_len = ret;
|
|
ret = 0;
|
|
} else {
|
|
check_ret("wc_KeyPemToDer", ret);
|
|
/* In case ret = 0. */
|
|
ret = -1;
|
|
}
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_import_private_only(priv_der_buf, priv_der_len,
|
|
&priv_key);
|
|
check_ret("wc_sphincs_import_private_only", ret);
|
|
}
|
|
|
|
/* Get public key from certificate PEM file. */
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_set_level_and_optim(&pub_key, LEVEL, VARIANT);
|
|
check_ret("wc_sphincs_set_level_and_optim", ret);
|
|
}
|
|
|
|
if (ret == 0) {
|
|
file = fopen(CERT_FILE, "rb");
|
|
ret = fread(pem_buf, 1, sizeof(pem_buf), file);
|
|
fclose(file);
|
|
file = NULL;
|
|
if (ret > 0) {
|
|
pem_len = ret;
|
|
ret = 0;
|
|
} else {
|
|
check_ret("fread", ret);
|
|
ret = -1;
|
|
}
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_CertPemToDer((const byte*)pem_buf, pem_len, cert_der_buf,
|
|
cert_der_len, CERT_TYPE);
|
|
if (ret > 0) {
|
|
cert_der_len = ret;
|
|
ret = 0;
|
|
} else {
|
|
check_ret("wc_CertPemToDer", ret);
|
|
/* In case ret = 0. */
|
|
ret = -1;
|
|
}
|
|
}
|
|
|
|
if (ret == 0) {
|
|
wc_InitDecodedCert(&decodedCert, cert_der_buf, cert_der_len, 0);
|
|
ret = wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL);
|
|
check_ret("ParseCert", ret);
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_GetPubKeyDerFromCert(&decodedCert, pub_der_buf,
|
|
&pub_der_len);
|
|
check_ret("wc_GetPubKeyDerFromCert", ret);
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_import_public(pub_der_buf, pub_der_len, &pub_key);
|
|
check_ret("wc_sphincs_import_public", ret);
|
|
}
|
|
|
|
/* We now have the public and private key. Time to sign and verify the
|
|
* message. */
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_sign_msg((const byte *)MESSAGE, sizeof(MESSAGE),
|
|
signature, &signature_len, &priv_key);
|
|
check_ret("wc_sphincs_sign_msg", ret);
|
|
}
|
|
|
|
if (ret == 0) {
|
|
ret = wc_sphincs_verify_msg(signature, signature_len,
|
|
(const byte *)MESSAGE, sizeof(MESSAGE), &verify_result,
|
|
&pub_key);
|
|
check_ret("wc_sphincs_verify_msg", ret);
|
|
}
|
|
|
|
printf("verify result: %s\n", verify_result == 1 ? "SUCCESS" : "FAILURE");
|
|
|
|
wc_FreeDecodedCert(&decodedCert);
|
|
wc_sphincs_free(&priv_key);
|
|
wc_sphincs_free(&pub_key);
|
|
wc_FreeRng(&rng);
|
|
wolfCrypt_Cleanup();
|
|
|
|
return ret;
|
|
}
|
|
|
|
#else
|
|
|
|
int main(int argc, char** argv) {
|
|
printf("This requires the --with-liboqs flag.\n");
|
|
return 0;
|
|
}
|
|
#endif /* WITH_LIBOQS */
|
|
|