Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature Example: Added ability to perform verify against signature file #27

Merged
merged 2 commits into from Nov 15, 2016
Merged

Signature Example: Added ability to perform verify against signature file #27

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ad8ca32
Added ability to perform verify against signature file.
dgarske Nov 11, 2016
f03ff6e
Updated ECC make key example to use wc_ecc_make_key_ex API, which sup…
dgarske Nov 11, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
227 changes: 136 additions & 91 deletions signature/signature.c
View file
Open in desktop
Expand Up @@ -52,7 +52,7 @@ void hexdump(const void *buffer, word32 len, byte cols)

#ifdef HAVE_ECC
int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type,
byte* fileBuf, int fileLen)
byte* fileBuf, int fileLen, byte* verifyFileBuf, int verifyFileLen)
{
int ret;
ecc_key eccKey;
Expand All @@ -67,7 +67,7 @@ int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t

/* Generate key */
wc_ecc_init(&eccKey);
ret = wc_ecc_make_key(&rng, 32, &eccKey);
ret = wc_ecc_make_key_ex(&rng, 32, &eccKey, ECC_CURVE_DEF);
if(ret != 0) {
printf("ECC Make Key Failed! %d\n", ret);
}
Expand All @@ -94,32 +94,38 @@ int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
printf("ECC Private Key: Len %d\n", eccPrivKeyLen);
hexdump(eccPrivKeyBuf, eccPrivKeyLen, 16);

/* Get signature length and allocate buffer */
sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey));
if(sigLen <= 0) {
printf("ECC Signature type %d not supported!\n", sig_type);
ret = EXIT_FAILURE;
goto exit;
if (verifyFileBuf) {
sigLen = verifyFileLen;
sigBuf = verifyFileBuf;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("ECC Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
printf("ECC Signature Len: %d\n", sigLen);

/* Perform hash and sign to create signature */
ret = wc_SignatureGenerate(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, &sigLen,
&eccKey, sizeof(eccKey),
&rng);
printf("ECC Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
if(ret < 0) {
ret = EXIT_FAILURE;
goto exit;
else {
/* Get signature length and allocate buffer */
sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey));
if(sigLen <= 0) {
printf("ECC Signature type %d not supported!\n", sig_type);
ret = EXIT_FAILURE;
goto exit;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("ECC Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
printf("ECC Signature Len: %d\n", sigLen);

/* Perform hash and sign to create signature */
ret = wc_SignatureGenerate(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, &sigLen,
&eccKey, sizeof(eccKey),
&rng);
printf("ECC Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
if(ret < 0) {
ret = EXIT_FAILURE;
goto exit;
}
}

printf("Signature Data:\n");
Expand Down Expand Up @@ -175,22 +181,22 @@ int rsa_load_der_file(const char* derFile, RsaKey *rsaKey)
buffer = malloc(RSA_KEY_SIZE);
if(buffer) {
bytes = fread(buffer, 1, RSA_KEY_SIZE, file);
fclose(file);
fclose(file);
}
}

if(buffer != NULL && bytes > 0) {
ret = wc_RsaPrivateKeyDecode(buffer, &idx, rsaKey, (word32)bytes);
}

if(buffer) {
free(buffer);
}
}
return ret;
}

int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_type,
byte* fileBuf, int fileLen)
byte* fileBuf, int fileLen, byte* verifyFileBuf, int verifyFileLen)
{
int ret;
RsaKey rsaKey;
Expand Down Expand Up @@ -228,7 +234,7 @@ int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
rsaKeyLen = ret;
printf("RSA Key: Len %d\n", rsaKeyLen);
hexdump(rsaKeyBuf, rsaKeyLen, 16);

rsaPubKeyLen = RSA_KEY_SIZE;
rsaPubKeyBuf = malloc(rsaPubKeyLen);
ret = wc_RsaKeyToPublicDer(&rsaKey, rsaPubKeyBuf, rsaPubKeyLen);
Expand All @@ -245,32 +251,38 @@ int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
rsa_load_der_file("../certs/client-key.der", &rsaKey);
#endif

/* Get signature length and allocate buffer */
sigLen = wc_SignatureGetSize(sig_type, &rsaKey, sizeof(rsaKey));
if(sigLen <= 0) {
printf("RSA Signature size check fail! %d\n", sigLen);
ret = EXIT_FAILURE;
goto exit;
if (verifyFileBuf) {
sigLen = verifyFileLen;
sigBuf = verifyFileBuf;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("RSA Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
printf("RSA Signature Len: %d\n", sigLen);

/* Perform hash and sign to create signature */
ret = wc_SignatureGenerate(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, &sigLen,
&rsaKey, sizeof(rsaKey),
&rng);
printf("RSA Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
if(ret < 0) {
ret = EXIT_FAILURE;
goto exit;
else {
/* Get signature length and allocate buffer */
sigLen = wc_SignatureGetSize(sig_type, &rsaKey, sizeof(rsaKey));
if(sigLen <= 0) {
printf("RSA Signature size check fail! %d\n", sigLen);
ret = EXIT_FAILURE;
goto exit;
}
sigBuf = malloc(sigLen);
if(!sigBuf) {
printf("RSA Signature malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}
printf("RSA Signature Len: %d\n", sigLen);

/* Perform hash and sign to create signature */
ret = wc_SignatureGenerate(
hash_type, sig_type,
fileBuf, fileLen,
sigBuf, &sigLen,
&rsaKey, sizeof(rsaKey),
&rng);
printf("RSA Signature Generation: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
if(ret < 0) {
ret = EXIT_FAILURE;
goto exit;
}
}

printf("RSA Signature Data:\n");
Expand Down Expand Up @@ -321,15 +333,61 @@ int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
}
#endif /* !NO_RSA */

static int load_file_to_buffer(const char* filename, byte** fileBuf, int* fileLen)
{
int ret = 0;
FILE* file = NULL;

/* Open file */
file = fopen(filename, "rb");
if (file == NULL) {
printf("File %s does not exist!\n", filename);
ret = EXIT_FAILURE;
goto exit;
}

/* Determine length of file */
fseek(file, 0, SEEK_END);
*fileLen = (int) ftell(file);
fseek(file, 0, SEEK_SET);
printf("File %s is %d bytes\n", filename, *fileLen);

/* Allocate buffer for image */
*fileBuf = malloc(*fileLen);
if(!*fileBuf) {
printf("File buffer malloc failed!\n");
ret = EXIT_FAILURE;
goto exit;
}

/* Load file into buffer */
ret = (int)fread(*fileBuf, 1, *fileLen, file);
if(ret != *fileLen) {
printf("Error reading file! %d", ret);
ret = EXIT_FAILURE;
goto exit;
}

exit:

if(file) {
fclose(file);
}

return ret;
}

int main(int argc, char** argv)
{
int ret = 0;
int fileLen;
byte* fileBuf = NULL;
FILE* file = NULL;
int verifyFileLen;
byte* verifyFileBuf = NULL;
const char* verify_file = NULL;
enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_NONE;
enum wc_HashType hash_type = WC_HASH_TYPE_NONE;

#ifdef HAVE_ECC
sig_type = WC_SIGNATURE_TYPE_ECC;
#elif !defined(NO_RSA)
Expand All @@ -352,9 +410,10 @@ int main(int argc, char** argv)

/* Check arguments */
if (argc < 2) {
printf("Usage: signature <filename> <sig> <hash>\n");
printf("Usage: signature <filename> <sig> <hash> <verifyfile> \n");
printf(" <sig>: 1=ECC, 2=RSA, 3=RSA (w/DER Encoding): default %d\n", sig_type);
printf(" <hash>: 1=MD2, 2=MD4, 3=MD5, 4=SHA, 5=SHA256, 6=SHA384, 7=SHA512, 8=MD5+SHA: default %d\n", hash_type);
printf(" <verifyfile>: optional sig verify binary file\n");
return 1;
}
if(argc >= 3) {
Expand All @@ -363,6 +422,9 @@ int main(int argc, char** argv)
if(argc >= 4) {
hash_type = atoi(argv[3]);
}
if(argc >= 5) {
verify_file = argv[4];
}

/* Verify hash type is supported */
if (wc_HashGetDigestSize(hash_type) <= 0) {
Expand All @@ -372,50 +434,36 @@ int main(int argc, char** argv)

printf("Signature Example: Sig=%d, Hash=%d\n", sig_type, hash_type);

/* Open file */
file = fopen(argv[1], "rb");
if (file == NULL) {
printf("File %s does not exist!\n", argv[1]);
ret = EXIT_FAILURE;
goto exit;
}

/* Determine length of file */
fseek(file, 0, SEEK_END);
fileLen = (int) ftell(file);
fseek(file, 0, SEEK_SET);
printf("File %s is %d bytes\n", argv[1], fileLen);

/* Allocate buffer for image */
fileBuf = malloc(fileLen);
if(!fileBuf) {
printf("File buffer malloc failed!\n");
ret = EXIT_FAILURE;
/* Load input file */
ret = load_file_to_buffer(argv[1], &fileBuf, &fileLen);
if (ret < 0) {
goto exit;
}

/* Load file into buffer */
ret = (int)fread(fileBuf, 1, fileLen, file);
if(ret != fileLen) {
printf("Error reading file! %d", ret);
ret = EXIT_FAILURE;
goto exit;
/* Load verify signature file (optional) */
if (verify_file) {
ret = load_file_to_buffer(verify_file, &verifyFileBuf, &verifyFileLen);
if (ret < 0) {
goto exit;
}
}

/* Perform sign and verify */
switch(sig_type)
{
#ifdef HAVE_ECC
case WC_SIGNATURE_TYPE_ECC:
ret = ecc_sign_verify_test(hash_type, sig_type, fileBuf, fileLen);
ret = ecc_sign_verify_test(hash_type, sig_type, fileBuf, fileLen,
verifyFileBuf, verifyFileLen);
break;
#endif
#ifndef NO_RSA
#ifndef NO_ASN
case WC_SIGNATURE_TYPE_RSA_W_ENC:
#endif
case WC_SIGNATURE_TYPE_RSA:
ret = rsa_sign_verify_test(hash_type, sig_type, fileBuf, fileLen);
ret = rsa_sign_verify_test(hash_type, sig_type, fileBuf, fileLen,
verifyFileBuf, verifyFileLen);
break;
#endif
default:
Expand All @@ -428,9 +476,6 @@ int main(int argc, char** argv)
if(fileBuf) {
free(fileBuf);
}
if(file) {
fclose(file);
}

return ret;
}