From f2fcadddd0b0a2fa66e4d6aca2022d044e612f26 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Mon, 22 Jul 2024 16:19:09 -0700 Subject: [PATCH 1/8] Sign and Verify Support with PEM format key ED25519 --- src/genkey/clu_genkey.c | 171 ++++++++++++-- src/sign-verify/clu_sign.c | 203 +++++++++++++---- src/sign-verify/clu_sign_verify_setup.c | 17 +- src/sign-verify/clu_verify.c | 214 ++++++++++++++---- tests/genkey_sign_ver/genkey-sign-ver-test.sh | 75 ++++-- wolfclu/sign-verify/clu_sign.h | 9 +- wolfclu/sign-verify/clu_verify.h | 8 +- 7 files changed, 566 insertions(+), 131 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index b3986533..73ad0d48 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -39,16 +39,22 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) int ret; /* return value */ int fOutNmSz; /* file name without append */ int fOutNmAppendSz = 6; /* # of bytes to append to file name */ - int flagOutputPub = 0; /* set if outputting both priv/pub */ + int flagOutputPub = 0; /* set if outputting both priv/pub */ char privAppend[6] = ".priv\0"; /* last part of the priv file name */ char pubAppend[6] = ".pub\0\0"; /* last part of the pub file name*/ +#if 0 byte privKeyBuf[ED25519_KEY_SIZE*2]; /* will hold public & private parts */ byte pubKeyBuf[ED25519_KEY_SIZE]; /* holds just the public key part */ word32 privKeySz; /* size of private key */ word32 pubKeySz; /* size of public key */ +#endif ed25519_key edKeyOut; /* the ed25519 key structure */ char* finalOutFNm; /* file name + append */ - XFILE file; /* file stream */ + XFILE file = NULL; /* file stream */ + byte* derBuf = NULL; /* buffer for DER format */ + byte* pemBuf = NULL; /* buffer for PEM format */ + int derSz; /* size of DER buffer */ + int pemSz; /* size of PEM buffer */ WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fOutNm); @@ -62,6 +68,8 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &edKeyOut); if (ret != 0) return ret; + +#if 0 /*--------------- GET KEY SIZES ---------------------*/ privKeySz = wc_ed25519_priv_size(&edKeyOut); if (privKeySz <= 0) @@ -70,18 +78,14 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) pubKeySz = wc_ed25519_pub_size(&edKeyOut); if (pubKeySz <= 0) return WC_KEY_SIZE_E; + /*--------------- EXPORT KEYS TO BUFFERS ---------------------*/ ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz, pubKeyBuf, &pubKeySz); if (ret != 0) return ret; +#endif - /*--------------- CONVERT TO PEM IF APPLICABLE ---------------------*/ - if (format == PEM_FORM) { - wolfCLU_LogError("Der to Pem for ed25519 key not yet implemented"); - WOLFCLU_LOG(WOLFCLU_L0, "FEATURE COMING SOON!"); - return FEATURE_COMING_SOON; - } /*--------------- OUTPUT KEYS TO FILE(S) ---------------------*/ finalOutFNm = (char*) XMALLOC( (fOutNmSz + fOutNmAppendSz), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -95,44 +99,158 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) switch(directive) { case PRIV_AND_PUB_FILES: flagOutputPub = 1; - /* Fall through to PRIV_ONLY_FILE */ + + /* fall through to PRIV_ONLY_FILE */ FALL_THROUGH; + /*--------------- PRIVATE ---------------------*/ case PRIV_ONLY_FILE: /* add on the final part of the file name ".priv" */ XMEMCPY(finalOutFNm+fOutNmSz, privAppend, fOutNmAppendSz); WOLFCLU_LOG(WOLFCLU_L0, "finalOutFNm = %s", finalOutFNm); + /* open the file for writing the private key */ file = XFOPEN(finalOutFNm, "wb"); if (!file) { XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return OUTPUT_FILE_ERROR; } - ret = (int)XFWRITE(privKeyBuf, 1, privKeySz, file); - if (ret <= 0) { - XFCLOSE(file); - XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return OUTPUT_FILE_ERROR; + /* determine size for buffer */ + derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, NULL, 0); + if (derSz <= 0) { + ret = MEMORY_E; + } + + /* allocate DER buffer */ + if (ret == 0) { + derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + ret = MEMORY_E; + } } - fclose(file); + /* convert Key to DER */ + if (ret == 0) { + derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, derBuf, derSz); + if (derSz < 0) { + ret = derSz; + } + } + if (ret != 0) + break; + + /* convert DER to PEM if necessary */ + if (format == PEM_FORM) { + if (ret == 0) { + pemSz = wolfCLU_KeyDerToPem(derBuf, derSz, &pemBuf, PRIVATEKEY_TYPE, + DYNAMIC_TYPE_TMP_BUFFER); + if (pemSz < 0) { + ret = pemSz; + } + } + if (derBuf != NULL) { + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (ret == 0) { + ret = (int)XFWRITE(pemBuf, 1, pemSz, file); + if (ret != pemSz) { + ret = OUTPUT_FILE_ERROR; + } + else { + ret = 0; /* reset ret to 0 if success */ + } + } + } + else { + /* write DER format to the file */ + if (ret == 0) { + ret = (int)XFWRITE(derBuf, 1, derSz, file); + if (ret != derSz) { + ret = OUTPUT_FILE_ERROR; + } + else { + ret = 0; /* reset ret to 0 if success */ + } + } + } + if (ret != 0) { + break; + } if (flagOutputPub == 0) { break; - } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1*/ + } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1 */ FALL_THROUGH; + /*--------------- PUBLIC ---------------------*/ case PUB_ONLY_FILE: /* add on the final part of the file name ".pub" */ XMEMCPY(finalOutFNm+fOutNmSz, pubAppend, fOutNmAppendSz); WOLFCLU_LOG(WOLFCLU_L0, "finalOutFNm = %s", finalOutFNm); + /* open the file for writing the public key */ file = XFOPEN(finalOutFNm, "wb"); if (!file) { XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return OUTPUT_FILE_ERROR; } - ret = (int)XFWRITE(pubKeyBuf, 1, pubKeySz, file); - if (ret <= 0) { + /* Determine size for buffer */ + derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, NULL, 0, 1); + if (derSz <= 0) { + ret = MEMORY_E; + } + + /* Allocate DER buffer */ + if (ret == 0) { + derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + ret = MEMORY_E; + } + } + /* Convert Key to DER */ + if (ret == 0) { + derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, derBuf, derSz, 1); + if (derSz < 0) { + ret = derSz; + } + } + if (ret != 0) + break; + + /* convert DER to PEM if necessary */ + if (format == PEM_FORM) { + if (ret == 0) { + pemSz = wolfCLU_KeyDerToPem(derBuf, derSz, &pemBuf, PUBLICKEY_TYPE, + DYNAMIC_TYPE_TMP_BUFFER); + if (pemSz < 0) { + ret = pemSz; + } + } + if (derBuf != NULL) { + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (ret == 0) { + ret = (int)XFWRITE(pemBuf, 1, pemSz, file); + if (ret != pemSz) { + ret = OUTPUT_FILE_ERROR; + } else { + ret = 0; /* reset ret to 0 if success */ + } + } + } + else { + /* write DER format to the file */ + if (ret == 0) { + ret = (int)XFWRITE(derBuf, 1, derSz, file); + if (ret != derSz) { + ret = OUTPUT_FILE_ERROR; + } + else { + ret = 0; /* reset ret to 0 if success */ + } + } + } + + if (ret != 0) { XFCLOSE(file); XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return OUTPUT_FILE_ERROR; @@ -145,10 +263,19 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) return BAD_FUNC_ARG; } + /* cleamup allocated resources */ + if (file != NULL) + XFCLOSE(file); XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf != NULL) { + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (pemBuf != NULL) { + XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } - if (ret > 0) { - /* ret > 0 indicates a successful file write, set to zero for return */ + if (ret >= 0) { + /* ret >= 0 indicates a successful file write, set to zero for return */ ret = WOLFCLU_SUCCESS; } @@ -579,7 +706,7 @@ int wolfCLU_GenAndOutput_ECC(WC_RNG* rng, char* fName, int directive, } -#ifndef NO_RSA +#if !defined(NO_RSA) || defined(HAVE_ED25519) /* helper function to convert a key to PEM format. Creates new 'out' buffer on * success. * returns size of PEM buffer created on success @@ -613,7 +740,7 @@ int wolfCLU_KeyDerToPem(const byte* der, int derSz, byte** out, int pemType, *out = pemBuf; return pemBufSz; } -#endif /* !NO_RSA */ +#endif /* !NO_RSA || HAVE_ED25519*/ /* return WOLFCLU_SUCCESS on success */ diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index 296d9bc8..f637eb43 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -22,10 +22,76 @@ #include #include #include +#include #ifndef WOLFCLU_NO_FILESYSTEM -int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType) +int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { + int ret = 0; + byte* der = NULL; + + const unsigned char* keyBuf = *pkeyBuf; + + if (pubIn == 0) { + int derSz = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, + 0, NULL); + if (derSz > 0) { + der = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), + der, derSz, NULL); + if (ret > 0) { + XFREE(*pkeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *pkeyBuf = der; + ret = 0; + } + else { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + } + } + else { + ret = derSz; + } + } + else { + int derSz = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, 0); + if (derSz > 0) { + der = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), der, derSz); + if (ret > 0) { + XFREE(*pkeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + *pkeyBuf = der; + ret = 0; + } + else { + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + } + } + else { + ret = derSz; + } + } + + if (ret != 0) { + if (der) + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + return ret; +} + +int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType, + int inForm) { int ret; int fSz; @@ -55,15 +121,15 @@ int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType) switch(keyType) { case RSA_SIG_VER: - ret = wolfCLU_sign_data_rsa(data, out, fSz, privKey); + ret = wolfCLU_sign_data_rsa(data, out, fSz, privKey, inForm); break; case ECC_SIG_VER: - ret = wolfCLU_sign_data_ecc(data, out, fSz, privKey); + ret = wolfCLU_sign_data_ecc(data, out, fSz, privKey, inForm); break; case ED25519_SIG_VER: - ret = wolfCLU_sign_data_ed25519(data, out, fSz, privKey); + ret = wolfCLU_sign_data_ed25519(data, out, fSz, privKey, inForm); break; default: @@ -75,7 +141,8 @@ int wolfCLU_sign_data(char* in, char* out, char* privKey, int keyType) return ret; } -int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey) +int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, + int inForm) { #ifndef NO_RSA int ret; @@ -121,6 +188,17 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey) } XFCLOSE(privKeyFile); + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } + } + /* retrieving private key and storing in the RsaKey */ ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, privFileSz); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -180,7 +258,8 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey) #endif } -int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey) +int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, + int inForm) { #ifdef HAVE_ECC int ret; @@ -234,6 +313,17 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey) } XFCLOSE(privKeyFile); + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } + } + /* retrieving private key and storing in the Ecc Key */ ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, privFileSz); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -277,7 +367,8 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey) #endif } -int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey) +int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, + int inForm) { #ifdef HAVE_ED25519 int ret; @@ -296,20 +387,21 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey) XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); - /* init the ED25519 key */ + /* initialize ED25519 key */ ret = wc_ed25519_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ed25519 key\nRET: %d", ret); return ret; } + /* initialize RNG */ ret = wc_InitRng(&rng); if (ret != 0) { wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); return ret; } - /* read in and store private key */ + /* open, read, and store ED25519 key */ privKeyFile = XFOPEN(privKey, "rb"); if (privKeyFile == NULL) { wolfCLU_LogError("unable to open file %s", privKey); @@ -325,53 +417,78 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey) wc_FreeRng(&rng); return MEMORY_E; } + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { XFCLOSE(privKeyFile); return WOLFCLU_FATAL_ERROR; } XFCLOSE(privKeyFile); - /* retrieving private key and storing in the ED25519 Key */ - ret = wc_ed25519_import_private_key(keyBuf, - ED25519_KEY_SIZE, - keyBuf + ED25519_KEY_SIZE, - ED25519_KEY_SIZE, &key); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != 0 ) { - wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); - wc_FreeRng(&rng); - return ret; + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed25519_free(&key); + wc_FreeRng(&rng); + return ret; + } + } + + /* decode the private key from the DER-encoded input */ + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); + if (ret == 0) { + /* Calculate the public key */ + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; + } } - - /* setting up output buffer based on key size */ - outBufSz = ED25519_SIG_SIZE; - outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (outBuf == NULL) { - wc_FreeRng(&rng); - return MEMORY_E; + else { + wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } - XMEMSET(outBuf, 0, outBufSz); - outLen = outBufSz; - - /* signing input with ED25519 priv key to produce signature */ - ret = wc_ed25519_sign_msg(data, fSz, outBuf, &outLen, &key); - if (ret < 0) { - wolfCLU_LogError("Failed to sign data with ED25519 private key.\nRET: %d", ret); + if (ret == 0) { + /* setting up output buffer based on key size */ + outBufSz = ED25519_SIG_SIZE; + outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (outBuf == NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed25519_free(&key); + wc_FreeRng(&rng); + return MEMORY_E; + } + } + if (ret == 0) { + XMEMSET(outBuf, 0, outBufSz); + outLen = outBufSz; + + /* signing input with ED25519 priv key to produce signature */ + ret = wc_ed25519_sign_msg(data, fSz, outBuf, &outLen, &key); + if (ret >= 0) { + XFILE s; + s = XFOPEN(out, "wb"); + XFWRITE(outBuf, 1, outBufSz, s); + XFCLOSE(s); + } + else { + wolfCLU_LogError("Failed to sign data with ED25519 private key.\nRET: %d", ret); + } + } + + /* cleanup allocated resources */ + if (outBuf!= NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - return ret; } - else { - XFILE s; - s = XFOPEN(out, "wb"); - XFWRITE(outBuf, 1, outBufSz, s); - XFCLOSE(s); + if (keyBuf != NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - (void)index; + wc_ed25519_free(&key); wc_FreeRng(&rng); - return WOLFCLU_SUCCESS; + + /* expected ret == 1 */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif diff --git a/src/sign-verify/clu_sign_verify_setup.c b/src/sign-verify/clu_sign_verify_setup.c index a0232cdd..1bad0972 100644 --- a/src/sign-verify/clu_sign_verify_setup.c +++ b/src/sign-verify/clu_sign_verify_setup.c @@ -24,6 +24,7 @@ #include #include #include +#include int wolfCLU_sign_verify_setup(int argc, char** argv) { @@ -39,6 +40,7 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) int signCheck = 0; int verifyCheck = 0; int pubInCheck = 0; + int inForm = DER_FORM; /* the key input format */ /* checkForArg doesn't look for "-" here, as it would have been * removed in clu_main.c if present */ @@ -107,6 +109,17 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) return ret; } + ret = wolfCLU_checkForArg("-inform", 7, argc, argv); + if (ret > 0) { + inForm = wolfCLU_checkInform(argv[ret+1]); + if (inForm == USER_INPUT_ERROR) { + ret = WOLFCLU_FATAL_ERROR; + if (priv) + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + } + ret = wolfCLU_checkForArg("-pubin", 6, argc, argv); if (ret > 0) { /* output file */ @@ -226,10 +239,10 @@ int wolfCLU_sign_verify_setup(int argc, char** argv) } if (signCheck == 1) { - ret = wolfCLU_sign_data(in, out, priv, algCheck); + ret = wolfCLU_sign_data(in, out, priv, algCheck, inForm); } else if (verifyCheck == 1) { - ret = wolfCLU_verify_signature(sig, in, out, priv, algCheck, pubInCheck); + ret = wolfCLU_verify_signature(sig, in, out, priv, algCheck, pubInCheck, inForm); } if (priv) diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 834961ad..21e68539 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -22,12 +22,13 @@ #include #include #include +#include #include /* for RSA_SIG_VER, ECC_SIG_VER, - ED25519_SIG_VER */ + * and ED25519_SIG_VER */ #ifndef WOLFCLU_NO_FILESYSTEM static byte* wolfCLU_generate_public_key_rsa(char* privKey, byte* outBuf, - int* outBufSz) + int* outBufSz) { #ifndef NO_RSA int ret; @@ -110,50 +111,111 @@ static byte* wolfCLU_generate_public_key_rsa(char* privKey, byte* outBuf, #endif } -static int wolfCLU_generate_public_key_ed25519(char* privKey, byte* outBuf) +static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* outBuf, + word32 outLen) { #ifdef HAVE_ED25519 int ret; - word32 outLen = ED25519_KEY_SIZE; + int privFileSz; + word32 index = 0; + XFILE privKeyFile; + byte* keyBuf = NULL; ed25519_key key; - byte privBuf[ED25519_SIG_SIZE]; + WC_RNG rng; XMEMSET(&key, 0, sizeof(key)); - XMEMSET(privBuf, 0, ED25519_SIG_SIZE); + XMEMSET(&rng, 0, sizeof(rng)); + /* initialize ED25519 key */ ret = wc_ed25519_init(&key); if (ret != 0) { - wolfCLU_LogError("Failed to initialize ED25519.\nRet: %d", ret); + wolfCLU_LogError("Failed to initialize ed25519 key\nRET: %d", ret); + return ret; + } + + /* initialize RNG */ + ret = wc_InitRng(&rng); + if (ret != 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); return ret; } /* read in and store private key */ privKeyFile = XFOPEN(privKey, "rb"); - if ((int)XFREAD(privBuf, 1, ED25519_SIG_SIZE, privKeyFile) != ED25519_SIG_SIZE) { + if (privKeyFile == NULL) { + wolfCLU_LogError("unable to open file %s", privKey); + wc_ed25519_free(&key); + wc_FreeRng(&rng); + return BAD_FUNC_ARG; + } + + XFSEEK(privKeyFile, 0, SEEK_END); + privFileSz = (int)XFTELL(privKeyFile); + keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + XFCLOSE(privKeyFile); + wc_ed25519_free(&key); + wc_FreeRng(&rng); + return MEMORY_E; + } + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { XFCLOSE(privKeyFile); return WOLFCLU_FATAL_ERROR; } XFCLOSE(privKeyFile); - /* retrieving private key and storing in the ED25519 */ - ret = wc_ed25519_import_private_key(privBuf, - ED25519_KEY_SIZE, - privBuf + ED25519_KEY_SIZE, - ED25519_KEY_SIZE, - &key); - if (ret < 0 ) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); - return ret; + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed25519_free(&key); + wc_FreeRng(&rng); + return ret; + } } - /* retrive public key from private */ - ret = wc_ed25519_export_public(&key, outBuf, &outLen); - if (ret != 0) { - wolfCLU_LogError("Failed to create ED25519 public key.\nRET: %d", ret); - return ret; + /* decode the private key from the DER-encoded input */ + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); + if (ret == 0) { + /* Calculate the public key */ + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; + } } - return WOLFCLU_SUCCESS; + else { + wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); + } + + /* export public key */ + if (ret == 0) { + if (outLen < ED25519_PUB_KEY_SIZE) { + wolfCLU_LogError("Output buffer too small. Required: %d, Provided: %d", + ED25519_PUB_KEY_SIZE, outLen); + ret = BUFFER_E; + } + else { + outLen = ED25519_PUB_KEY_SIZE; + ret = wc_ed25519_export_public(&key, outBuf, &outLen); + if (ret != 0) { + wolfCLU_LogError("Failed to export ED25519 public key.\nRET: %d", ret); + } + } + } + + /* cleanup allocated resources */ + if (keyBuf != NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + + wc_ed25519_free(&key); + wc_FreeRng(&rng); + + /* expected ret == 1 */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif @@ -161,7 +223,8 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, byte* outBuf) int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, - char* keyPath, int keyType, int pubIn) + char* keyPath, int keyType, int pubIn, + int inForm) { int hSz = 0; int fSz; @@ -198,7 +261,7 @@ int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, switch(keyType) { case RSA_SIG_VER: - ret = wolfCLU_verify_signature_rsa(data, out, fSz, keyPath, pubIn); + ret = wolfCLU_verify_signature_rsa(data, out, fSz, keyPath, pubIn, inForm); break; case ECC_SIG_VER: @@ -225,7 +288,7 @@ int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, } XFCLOSE(h); ret = wolfCLU_verify_signature_ecc(data, fSz, hash, hSz, keyPath, - pubIn); + pubIn, inForm); break; case ED25519_SIG_VER: @@ -253,7 +316,7 @@ int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, } XFCLOSE(h); ret = wolfCLU_verify_signature_ed25519(data, fSz, hash, hSz, - keyPath, pubIn); + keyPath, pubIn, inForm); #endif break; @@ -273,7 +336,7 @@ int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, } int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, - int pubIn) + int pubIn, int inForm) { #ifndef NO_RSA int ret; @@ -325,6 +388,17 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, } } + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } + } + /* retrieving public key and storing in the RsaKey */ ret = wc_RsaPublicKeyDecode(keyBuf, &index, &key, keyFileSz); if (keyBuf != NULL) { @@ -377,7 +451,8 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, } int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, - char* keyPath, int pubIn) { + char* keyPath, int pubIn, int inForm) +{ #ifdef HAVE_ECC int ret; @@ -418,6 +493,17 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, } XFCLOSE(keyPathFile); + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } + } + if (pubIn == 1) { /* retrieving public key and storing in the ecc key */ ret = wc_EccPublicKeyDecode(keyBuf, &index, &key, keyFileSz); @@ -459,13 +545,16 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, } int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, - byte* hash, int hashSz, char* keyPath, int pubIn) { + byte* hash, int hashSz, char* keyPath, int pubIn, int inForm) { #ifdef HAVE_ED25519 int ret; int stat = 0; + word32 index = 0; + int keyFileSz; XFILE keyPathFile; + WC_RNG rng; ed25519_key key; byte* keyBuf = (byte*)XMALLOC(ED25519_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -477,6 +566,7 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, XMEMSET(&key, 0, sizeof(key)); XMEMSET(keyBuf, 0, ED25519_KEY_SIZE); + /* initialize ED25519 key */ ret = wc_ed25519_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ED25519 key.\nRet: %d", ret); @@ -484,38 +574,80 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, return ret; } - /* retrieving public key and storing in the ED25519 key */ + /* retrieve public key and store in the ED25519 key */ if (pubIn == 1) { - /* read in and store ED25519 key */ + /* open, read, and store ED25519 key */ keyPathFile = XFOPEN(keyPath, "rb"); if (keyPathFile == NULL) { - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfCLU_LogError("unable to open file %s", keyPath); + wc_FreeRng(&rng); return BAD_FUNC_ARG; } - if ((int)XFREAD(keyBuf, 1, ED25519_KEY_SIZE, keyPathFile) != ED25519_KEY_SIZE) { + + XFSEEK(keyPathFile, 0, SEEK_END); + keyFileSz = (int)XFTELL(keyPathFile); + keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + XFCLOSE(keyPathFile); + wc_FreeRng(&rng); + return MEMORY_E; + } + + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { XFCLOSE(keyPathFile); return WOLFCLU_FATAL_ERROR; } XFCLOSE(keyPathFile); + /* convert public key to DER format if PEM */ + if (inForm == PEM_FORM) { + ret = wc_Ed25519PublicKeyToDer(&key, keyBuf, keyFileSz, ED25519_KEY_SIZE); + if (ret != 0) { + wolfCLU_LogError("Failed to convert public key to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + } + + /* decode public key from DER-encoded input */ + ret = wc_Ed25519PublicKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } } else { - ret = wolfCLU_generate_public_key_ed25519(keyPath, keyBuf); + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } + } + + /* derive public key from private key */ + ret = wolfCLU_generate_public_key_ed25519(keyPath, inForm, keyBuf, ED25519_KEY_SIZE); if (ret != 0) { wolfCLU_LogError("Failed to derive public key from private key."); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } - } - ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); - if (ret != 0 ) { - wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + /* decode public key */ + ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); + if (ret != 0) { + wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } } XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + /* verify data with ED25519 public key */ ret = wc_ed25519_verify_msg(sig, sigSz, hash, hashSz, &stat, &key); if (ret != 0) { wolfCLU_LogError("Failed to verify data with ED25519 public key.\nRET: %d", ret); diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh index 3f79dd5a..d00fc511 100755 --- a/tests/genkey_sign_ver/genkey-sign-ver-test.sh +++ b/tests/genkey_sign_ver/genkey-sign-ver-test.sh @@ -23,6 +23,8 @@ #/ # +set -x + # Skip test if filesystem disabled FILESYSTEM=`cat config.log | grep "disable\-filesystem"` if [ "$FILESYSTEM" != "" ] @@ -66,7 +68,7 @@ rsa_compare_decrypted(){ gen_key_sign_ver_test(){ # generate a key pair for signing - ./wolfssl -genkey $1 -out $2 -outform der KEYPAIR + ./wolfssl -genkey $1 -out $2 -outform $4 KEYPAIR RESULT=$? printf '%s\n' "genkey RESULT - $RESULT" [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 genkey" && \ @@ -74,40 +76,40 @@ gen_key_sign_ver_test(){ printf '%s\n' "--enable-keygen" && exit -1 # test signing with priv key - ./wolfssl -$1 -sign -inkey $2.priv -in sign-this.txt -out $3 + ./wolfssl -$1 -sign -inkey $2.priv -inform $4 -in sign-this.txt -out $3 RESULT=$? printf '%s\n' "sign RESULT - $RESULT" [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 sign" && exit -1 # test verifying with priv key if [ "${1}" = "rsa" ]; then - ./wolfssl -$1 -verify -inkey $2.priv -sigfile $3 -in sign-this.txt \ - -out $4.private_result + ./wolfssl -$1 -verify -inkey $2.priv -inform $4 -sigfile $3 -in sign-this.txt \ + -out $5.private_result else - ./wolfssl -$1 -verify -inkey $2.priv -sigfile $3 -in sign-this.txt + ./wolfssl -$1 -verify -inkey $2.priv -inform $4 -sigfile $3 -in sign-this.txt fi RESULT=$? printf '%s\n' "private verify RESULT - $RESULT" - [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 sign" && exit -1 + [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 private verify" && exit -1 # test verifying with pub key if [ "${1}" = "rsa" ]; then - ./wolfssl -$1 -verify -inkey $2.pub -sigfile $3 -in sign-this.txt \ - -out $4.public_result -pubin + ./wolfssl -$1 -verify -inkey $2.pub -inform $4 -sigfile $3 -in sign-this.txt \ + -out $5.public_result -pubin else - ./wolfssl -$1 -verify -inkey $2.pub -sigfile $3 -in sign-this.txt -pubin + ./wolfssl -$1 -verify -inkey $2.pub -inform $4 -sigfile $3 -in sign-this.txt -pubin fi RESULT=$? printf '%s\n' "public verify RESULT - $RESULT" - [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 sign" && exit -1 + [ $RESULT -ne 0 ] && printf '%s\n' "Failed $1 public verify " && exit -1 if [ $1 = "rsa" ]; then ORIGINAL=`cat -A sign-this.txt` - DECRYPTED=`cat -A $4.private_result` + DECRYPTED=`cat -A $5.private_result` rsa_compare_decrypted "${DECRYPTED}" "${ORIGINAL}" - DECRYPTED=`cat -A $4.public_result` + DECRYPTED=`cat -A $5.public_result` rsa_compare_decrypted "${DECRYPTED}" "${ORIGINAL}" fi @@ -118,17 +120,60 @@ create_sign_data_file ALGORITHM="ed25519" KEYFILENAME="edkey" SIGOUTNAME="ed-signed.sig" -gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} +DERPEMRAW="der" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} + +ALGORITHM="ecc" +KEYFILENAME="ecckey" +SIGOUTNAME="ecc-signed.sig" +DERPEMRAW="der" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} + +ALGORITHM="rsa" +KEYFILENAME="rsakey" +SIGOUTNAME="rsa-signed.sig" +DERPEMRAW="der" +VERIFYOUTNAME="rsa-sigout" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} + +ALGORITHM="ed25519" +KEYFILENAME="edkey" +SIGOUTNAME="ed-signed.sig" +DERPEMRAW="pem" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} + +ALGORITHM="ecc" +KEYFILENAME="ecckey" +SIGOUTNAME="ecc-signed.sig" +DERPEMRAW="pem" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} + +ALGORITHM="rsa" +KEYFILENAME="rsakey" +SIGOUTNAME="rsa-signed.sig" +DERPEMRAW="pem" +VERIFYOUTNAME="rsa-sigout" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} + +: ' +ALGORITHM="ed25519" +KEYFILENAME="edkey" +SIGOUTNAME="ed-signed.sig" +DERPEMRAW="raw" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ALGORITHM="ecc" KEYFILENAME="ecckey" SIGOUTNAME="ecc-signed.sig" -gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} +DERPEMRAW="raw" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ALGORITHM="rsa" KEYFILENAME="rsakey" SIGOUTNAME="rsa-signed.sig" +DERPEMRAW="raw" VERIFYOUTNAME="rsa-sigout" -gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${VERIFYOUTNAME} +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} +' exit 0 diff --git a/wolfclu/sign-verify/clu_sign.h b/wolfclu/sign-verify/clu_sign.h index a86223f2..cf041793 100644 --- a/wolfclu/sign-verify/clu_sign.h +++ b/wolfclu/sign-verify/clu_sign.h @@ -39,11 +39,12 @@ enum { ED25519_SIG_VER, }; -int wolfCLU_sign_data(char*, char*, char*, int); +int wolfCLU_sign_data(char*, char*, char*, int, int); -int wolfCLU_sign_data_rsa(byte*, char*, word32, char*); -int wolfCLU_sign_data_ecc(byte*, char*, word32, char*); -int wolfCLU_sign_data_ed25519(byte*, char*, word32, char*); +int wolfCLU_sign_data_rsa(byte*, char*, word32, char*, int); +int wolfCLU_sign_data_ecc(byte*, char*, word32, char*, int); +int wolfCLU_sign_data_ed25519(byte*, char*, word32, char*, int); +int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn); diff --git a/wolfclu/sign-verify/clu_verify.h b/wolfclu/sign-verify/clu_verify.h index dd826029..a3a50826 100644 --- a/wolfclu/sign-verify/clu_verify.h +++ b/wolfclu/sign-verify/clu_verify.h @@ -36,8 +36,8 @@ int wolfCLU_x509Verify(int argc, char** argv); int wolfCLU_CRLVerify(int argc, char** argv); -int wolfCLU_verify_signature(char* , char*, char*, char*, int, int); +int wolfCLU_verify_signature(char* , char*, char*, char*, int, int, int); -int wolfCLU_verify_signature_rsa(byte* , char*, int, char*, int); -int wolfCLU_verify_signature_ecc(byte*, int, byte*, int, char*, int); -int wolfCLU_verify_signature_ed25519(byte*, int, byte*, int, char*, int); +int wolfCLU_verify_signature_rsa(byte* , char*, int, char*, int, int); +int wolfCLU_verify_signature_ecc(byte*, int, byte*, int, char*, int, int); +int wolfCLU_verify_signature_ed25519(byte*, int, byte*, int, char*, int, int); From 5710ccae92ad020649b95bf86f9767228e2d416e Mon Sep 17 00:00:00 2001 From: aidan garske Date: Fri, 2 Aug 2024 16:51:21 -0700 Subject: [PATCH 2/8] RSA keygen, sign, and verify DER and PEM --- src/genkey/clu_genkey.c | 253 +++++++++++++++++++++-------------- src/sign-verify/clu_sign.c | 109 ++++++++------- src/sign-verify/clu_verify.c | 243 +++++++++++++++++++++------------ 3 files changed, 371 insertions(+), 234 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 73ad0d48..3c83318c 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -102,10 +102,9 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) /* fall through to PRIV_ONLY_FILE */ FALL_THROUGH; - /*--------------- PRIVATE ---------------------*/ case PRIV_ONLY_FILE: /* add on the final part of the file name ".priv" */ - XMEMCPY(finalOutFNm+fOutNmSz, privAppend, fOutNmAppendSz); + XMEMCPY(finalOutFNm + fOutNmSz, privAppend, fOutNmAppendSz); WOLFCLU_LOG(WOLFCLU_L0, "finalOutFNm = %s", finalOutFNm); /* open the file for writing the private key */ @@ -148,9 +147,6 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = pemSz; } } - if (derBuf != NULL) { - XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } if (ret == 0) { ret = (int)XFWRITE(pemBuf, 1, pemSz, file); if (ret != pemSz) { @@ -180,7 +176,6 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) break; } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1 */ FALL_THROUGH; - /*--------------- PUBLIC ---------------------*/ case PUB_ONLY_FILE: /* add on the final part of the file name ".pub" */ XMEMCPY(finalOutFNm+fOutNmSz, pubAppend, fOutNmAppendSz); @@ -193,20 +188,20 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) return OUTPUT_FILE_ERROR; } - /* Determine size for buffer */ + /* determine size for buffer */ derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, NULL, 0, 1); if (derSz <= 0) { ret = MEMORY_E; } - /* Allocate DER buffer */ + /* allocate DER buffer */ if (ret == 0) { derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (derBuf == NULL) { ret = MEMORY_E; } } - /* Convert Key to DER */ + /* convert Key to DER */ if (ret == 0) { derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, derBuf, derSz, 1); if (derSz < 0) { @@ -225,9 +220,6 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = pemSz; } } - if (derBuf != NULL) { - XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } if (ret == 0) { ret = (int)XFWRITE(pemBuf, 1, pemSz, file); if (ret != pemSz) { @@ -263,10 +255,10 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) return BAD_FUNC_ARG; } - /* cleamup allocated resources */ + /* cleanup allocated resources */ if (file != NULL) XFCLOSE(file); - XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (derBuf != NULL) { XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } @@ -748,15 +740,16 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int keySz, long exp) { #ifndef NO_RSA - RsaKey key; - XFILE file; - int ret = WOLFCLU_SUCCESS; - - int fNameSz; - int fExtSz = 6; - char fExtPriv[6] = ".priv\0"; - char fExtPub[6] = ".pub\0\0"; - char* fOutNameBuf = NULL; + RsaKey key; /* the RSA key structure */ + XFILE file = NULL; /* file stream */ + int ret = WOLFCLU_SUCCESS; /* return value */ + + int fNameSz; /* file name without append */ + int fExtSz = 6; /* # of bytes to append to file name */ + char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ + char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ + char* fOutNameBuf = NULL; /* file name + fExt */ + int flagOutputPub = 0; /* set if outputting both priv/pub */ #ifdef NO_AES /* use 16 bytes for AES block size */ @@ -764,20 +757,20 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int #else size_t maxDerBufSz = 4 * keySz * AES_BLOCK_SIZE; #endif - byte* derBuf = NULL; - byte* pemBuf = NULL; - byte* outBuf = NULL; - int derBufSz = -1; - int pemBufSz = 0; - int outBufSz = 0; + byte* derBuf = NULL; /* buffer for DER format */ + byte* pemBuf = NULL; /* buffer for PEM format */ + int derBufSz = -1; /* size of DER buffer */ + int pemBufSz = 0; /* size of PEM buffer */ if (rng == NULL || fName == NULL) return BAD_FUNC_ARG; + /* init RSA key */ if (wc_InitRsaKey(&key, HEAP_HINT) != 0) { return WOLFCLU_FAILURE; } + /* make RSA key */ if (wc_MakeRsaKey(&key, keySz, exp, rng) != 0) { ret = WOLFCLU_FAILURE; } @@ -791,6 +784,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int ret = MEMORY_E; } + /* get the first part of the file name setup */ if (ret == WOLFCLU_SUCCESS) { XMEMSET(fOutNameBuf, 0, fNameSz + fExtSz); XMEMCPY(fOutNameBuf, fName, fNameSz); @@ -802,114 +796,179 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int } } - if (ret == WOLFCLU_SUCCESS) { - switch (directive) { - case PRIV_AND_PUB_FILES: - /* Fall through to PRIV_ONLY_FILE */ - FALL_THROUGH; - case PRIV_ONLY_FILE: - /* add on the final part of the file name ".priv" */ - XMEMCPY(fOutNameBuf + fNameSz, fExtPriv, fExtSz); - WOLFCLU_LOG(WOLFCLU_L0, "fOutNameBuf = %s", fOutNameBuf); + switch (directive) { + case PRIV_AND_PUB_FILES: + flagOutputPub = 1; + + /* Fall through to PRIV_ONLY_FILE */ + FALL_THROUGH; + case PRIV_ONLY_FILE: + /* add on the final part of the file name ".priv" */ + XMEMCPY(fOutNameBuf + fNameSz, fExtPriv, fExtSz); + WOLFCLU_LOG(WOLFCLU_L0, "fOutNameBuf = %s", fOutNameBuf); + + /* open the file for writing the private key */ + if (ret == WOLFCLU_SUCCESS) { + file = XFOPEN(fOutNameBuf, "wb"); + if (!file) { + XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ret = OUTPUT_FILE_ERROR; + } + } + + /* determine size for buffer */ + derBufSz = wc_RsaKeyToDer(&key, NULL, 0); + if (derBufSz < 0) { + ret = MEMORY_E; + } + + /* allocate DER buffer */ + if (ret == WOLFCLU_SUCCESS) { + derBuf = (byte*)XMALLOC(derBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + ret = MEMORY_E; + } + } - derBufSz = wc_RsaKeyToDer(&key, derBuf, (word32)maxDerBufSz); + /* convert Key to DER */ + if (ret == WOLFCLU_SUCCESS) { + derBufSz = wc_RsaKeyToDer(&key, derBuf, derBufSz); if (derBufSz < 0) { ret = derBufSz; } - outBuf = derBuf; - outBufSz = derBufSz; + } + if (ret != WOLFCLU_SUCCESS) + break; - /* check if should convert to PEM format */ - if (ret == WOLFCLU_SUCCESS && fmt == PEM_FORM) { + /* convert DER to PEM if necessary */ + if (fmt == PEM_FORM) { + if (ret == WOLFCLU_SUCCESS) { pemBufSz = wolfCLU_KeyDerToPem(derBuf, derBufSz, &pemBuf, - PRIVATEKEY_TYPE, DYNAMIC_TYPE_PRIVATE_KEY); - if (pemBufSz <= 0 || pemBuf == NULL) { - ret = WOLFCLU_FAILURE; + PRIVATEKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER); + if (pemBufSz < 0) { + ret = pemBufSz; } - outBuf = pemBuf; - outBufSz = pemBufSz; } - if (ret == WOLFCLU_SUCCESS) { - file = XFOPEN(fOutNameBuf, "wb"); - if (file == XBADFILE) { + ret = (int)XFWRITE(pemBuf, 1, pemBufSz, file); + if (ret != pemBufSz) { ret = OUTPUT_FILE_ERROR; } + else { + ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + } } - + } + else { + /* write DER format to the file */ if (ret == WOLFCLU_SUCCESS) { - if ((int)XFWRITE(outBuf, 1, outBufSz, file) <= 0) { + ret = (int)XFWRITE(derBuf, 1, derBufSz, file); + if (ret != derBufSz) { ret = OUTPUT_FILE_ERROR; } - XFCLOSE(file); + else { + ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + } } + } + if (ret != WOLFCLU_SUCCESS) { + break; + } + if (flagOutputPub == 0) { + break; + } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1 */ + FALL_THROUGH; + case PUB_ONLY_FILE: + /* add on the final part of the file name ".pub" */ + XMEMCPY(fOutNameBuf + fNameSz, fExtPub, fExtSz); + WOLFCLU_LOG(WOLFCLU_L0, "fOutNameBuf = %s", fOutNameBuf); - if (pemBuf != NULL) { - wolfCLU_ForceZero(pemBuf, pemBufSz); - XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_PRIVATE_KEY); + /* open the file for writing the public key */ + if (ret == WOLFCLU_SUCCESS) { + file = XFOPEN(fOutNameBuf, "wb"); + if (!file) { + XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ret = OUTPUT_FILE_ERROR; } + } - if (directive != PRIV_AND_PUB_FILES) { - break; + /* determine size for buffer */ + derBufSz = wc_RsaKeyToPublicDer(&key, NULL, 0); + if (derBufSz < 0) { + ret = MEMORY_E; + } + + /* allocate DER buffer */ + if (ret == WOLFCLU_SUCCESS) { + derBuf = (byte*)XMALLOC(derBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + ret = MEMORY_E; } - FALL_THROUGH; - case PUB_ONLY_FILE: - /* add on the final part of the file name ".pub" */ - if (ret == WOLFCLU_SUCCESS) { - XMEMCPY(fOutNameBuf + fNameSz, fExtPub, fExtSz); - WOLFCLU_LOG(WOLFCLU_L0, "fOutNameBuf = %s", fOutNameBuf); + } - derBufSz = wc_RsaKeyToPublicDer(&key, derBuf, - (word32)maxDerBufSz); - if (derBufSz < 0) { - ret = derBufSz; - } - outBuf = derBuf; - outBufSz = derBufSz; + /* convert Key to DER */ + if (ret == WOLFCLU_SUCCESS) { + derBufSz = wc_RsaKeyToPublicDer(&key, derBuf, derBufSz); + if (derBufSz < 0) { + ret = derBufSz; } + } + if (ret != WOLFCLU_SUCCESS) + break; - /* check if should convert to PEM format */ - if (ret == WOLFCLU_SUCCESS && fmt == PEM_FORM) { + /* convert DER to PEM if necessary */ + if (fmt == PEM_FORM) { + if (ret == WOLFCLU_SUCCESS) { pemBufSz = wolfCLU_KeyDerToPem(derBuf, derBufSz, &pemBuf, - PUBLICKEY_TYPE, DYNAMIC_TYPE_PUBLIC_KEY); - if (pemBufSz <= 0 || pemBuf == NULL) { - ret = WOLFCLU_FAILURE; + PRIVATEKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER); + if (pemBufSz < 0) { + ret = pemBufSz; } - outBuf = pemBuf; - outBufSz = pemBufSz; } - if (ret == WOLFCLU_SUCCESS) { - file = XFOPEN(fOutNameBuf, "wb"); - if (file == XBADFILE) { + ret = (int)XFWRITE(pemBuf, 1, pemBufSz, file); + if (ret != pemBufSz) { ret = OUTPUT_FILE_ERROR; } + else { + ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + } } - + } + else { + /* write DER format to the file */ if (ret == WOLFCLU_SUCCESS) { - if ((int)XFWRITE(outBuf, 1, outBufSz, file) <= 0) { + ret = (int)XFWRITE(derBuf, 1, derBufSz, file); + if (ret != derBufSz) { ret = OUTPUT_FILE_ERROR; } - XFCLOSE(file); - } - - if (pemBuf != NULL) { - XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_PUBLIC_KEY); + else { + ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + } } + } - break; - default: - wolfCLU_LogError("Invalid directive"); - ret = BAD_FUNC_ARG; - } + if (ret != WOLFCLU_SUCCESS) { + XFCLOSE(file); + XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return OUTPUT_FILE_ERROR; + } + XFCLOSE(file); + break; + default: + wolfCLU_LogError("Invalid directive"); + XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return BAD_FUNC_ARG; } + if (file != NULL) + XFCLOSE(file); + XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (derBuf != NULL) { - wolfCLU_ForceZero(derBuf, (unsigned int)maxDerBufSz); XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (fOutNameBuf != NULL) { - XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pemBuf != NULL) { + XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } wc_FreeRsaKey(&key); diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index f637eb43..40d21968 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -81,12 +81,6 @@ int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { } } - if (ret != 0) { - if (der) - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - return ret; } @@ -161,14 +155,32 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); - /* init the RsaKey */ + /* initialize the RSA key */ ret = wc_InitRsaKey(&key, NULL); if (ret != 0) { wolfCLU_LogError("Failed to initialize RsaKey\nRET: %d", ret); return ret; } - /* read in and store private key */ + /* initialize RNG */ + ret = wc_InitRng(&rng); + if (ret != 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + return ret; + } + + /* initialize RNG RSA_BLINDING */ +#ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(&key, &rng); + if (ret < 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } +#endif + + /* open, read, and store RSA key */ privKeyFile = XFOPEN(privKey, "rb"); if (privKeyFile == NULL) { wolfCLU_LogError("unable to open file %s", privKey); @@ -182,7 +194,9 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, XFCLOSE(privKeyFile); return MEMORY_E; } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { XFCLOSE(privKeyFile); return WOLFCLU_FATAL_ERROR; } @@ -194,6 +208,7 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, if (ret != 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRsaKey(&key); wc_FreeRng(&rng); return ret; } @@ -204,55 +219,46 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (ret != 0 ) { wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); return ret; } /* setting up output buffer based on key size */ - outBufSz = wc_RsaEncryptSize(&key); - outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (outBuf == NULL) { - return MEMORY_E; - } - XMEMSET(outBuf, 0, outBufSz); - - ret = wc_InitRng(&rng); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + if (ret == 0) { + outBufSz = wc_RsaEncryptSize(&key); + outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (outBuf == NULL) { + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); + return MEMORY_E; + } } + if (ret == 0) { + XMEMSET(outBuf, 0, outBufSz); -#ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(&key, &rng); - if (ret < 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - return ret; + /* signing input with RSA priv key to produce signature */ + ret = wc_RsaSSL_Sign(data, dataSz, outBuf, (word32)outBufSz, &key, &rng); + if (ret >= 0) { + XFILE s; + s = XFOPEN(out, "wb"); + XFWRITE(outBuf, 1, outBufSz, s); + XFCLOSE(s); + } + else { + wolfCLU_LogError("Failed to sign data with RSA private key.\nRET: %d", ret); + } } -#endif - ret = wc_RsaSSL_Sign(data, dataSz, outBuf, (word32)outBufSz, &key, - &rng); - if (ret < 0) { - wolfCLU_LogError("Failed to sign data with RSA private key.\nRET: %d", ret); + /* cleanup allocated resources */ + if (outBuf!= NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - wc_FreeRsaKey(&key); - return ret; - } - else { - XFILE s; - s = XFOPEN(out, "wb"); - XFWRITE(outBuf, 1, outBufSz, s); - XFCLOSE(s); } - - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); wc_FreeRsaKey(&key); - (void)index; - return WOLFCLU_SUCCESS; + wc_FreeRng(&rng); + + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif @@ -307,7 +313,8 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, wc_FreeRng(&rng); return MEMORY_E; } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { XFCLOSE(privKeyFile); return WOLFCLU_FATAL_ERROR; } @@ -418,7 +425,8 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, return MEMORY_E; } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { XFCLOSE(privKeyFile); return WOLFCLU_FATAL_ERROR; } @@ -448,8 +456,9 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, else { wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } + + /* setting up output buffer based on key size */ if (ret == 0) { - /* setting up output buffer based on key size */ outBufSz = ED25519_SIG_SIZE; outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (outBuf == NULL) { diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 21e68539..77ac589e 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -27,85 +27,125 @@ * and ED25519_SIG_VER */ #ifndef WOLFCLU_NO_FILESYSTEM -static byte* wolfCLU_generate_public_key_rsa(char* privKey, byte* outBuf, - int* outBufSz) +static int wolfCLU_generate_public_key_rsa(char* privKey, int inForm, byte** outBuf, + int* outBufSz) { #ifndef NO_RSA int ret; int privFileSz; word32 index = 0; + XFILE privKeyFile; + byte* keyBuf = NULL; RsaKey key; WC_RNG rng; - byte* keyBuf; - if (outBufSz == NULL) { - wolfCLU_LogError("Unexpected null output size variable"); - return NULL; + if (outBuf == NULL || outBufSz == NULL) { + wolfCLU_LogError("Unexpected null output buffer or size variable"); + return BAD_FUNC_ARG; } XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); + /* initialize RSA key */ ret = wc_InitRsaKey(&key, NULL); if (ret != 0) { wolfCLU_LogError("Failed to initialize RsaKey.\nRet: %d", ret); - *outBufSz = ret; - return outBuf; + return ret; } + /* initialize RNG */ + ret = wc_InitRng(&rng); + if (ret != 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + wc_FreeRsaKey(&key); + return ret; + } /* read in and store private key */ - privKeyFile = XFOPEN(privKey, "rb"); if (privKeyFile == NULL) { - wolfCLU_LogError("Unable to open file %s", privKey); + wolfCLU_LogError("unable to open file %s", privKey); wc_FreeRsaKey(&key); - return NULL; + wc_FreeRng(&rng); + return BAD_FUNC_ARG; } + XFSEEK(privKeyFile, 0, SEEK_END); privFileSz = (int)XFTELL(privKeyFile); keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf != NULL) { - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); - return NULL; - } + if (keyBuf == NULL) { + XFCLOSE(privKeyFile); + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); + return MEMORY_E; + } + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + XFCLOSE(privKeyFile); + return WOLFCLU_FATAL_ERROR; } XFCLOSE(privKeyFile); - /* retrieving private key and storing in the RsaKey */ - ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, privFileSz); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret < 0 ) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); - *outBufSz = ret; - wc_FreeRsaKey(&key); - return outBuf; + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, privFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); + return ret; + } } - /* set output buffer to twice the private key size to ensure enough space */ - *outBufSz = 2*wc_RsaEncryptSize(&key); + /* retrieve private key and store in the RsaKey */ + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, privFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); + } + } - /* setting up output buffer based on privateKeyFile size */ - outBuf = (byte*)XMALLOC(*outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (outBuf == NULL) { - wc_FreeRsaKey(&key); - return NULL; + /* calculate the size needed for the public key */ + if (ret == 0) { + ret = wc_RsaKeyToPublicDer(&key, NULL, 0); + if (ret < 0) { + wolfCLU_LogError("Failed to export RSA public key.\nRET: %d", ret); + } else { + *outBufSz = ret; + ret = 0; + } } - XMEMSET(outBuf, 0, *outBufSz); - ret = wc_RsaKeyToPublicDer(&key, outBuf, *outBufSz); - if (ret < 0) { - wolfCLU_LogError("Failed to create RSA public key.\nBuf size: %d\nRET: %d", - *outBufSz, ret); - *outBufSz = ret; - wc_FreeRsaKey(&key); - return outBuf; + /* allocate buffer for the public key */ + if (ret == 0) { + *outBuf = (byte*)XMALLOC(*outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (*outBuf == NULL) { + wolfCLU_LogError("Failed to allocate memory for public key.\nSize: %d", + *outBufSz); + ret = MEMORY_E; + } else { + XMEMSET(*outBuf, 0, *outBufSz); + ret = wc_RsaKeyToPublicDer(&key, *outBuf, (word32)*outBufSz); + if (ret < 0) { + wolfCLU_LogError("Failed to export RSA public key.\nRET: %d", ret); + *outBufSz = ret; + } + } + } + + /* cleanup allocated resources */ + if (keyBuf != NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - *outBufSz = ret; + wc_FreeRsaKey(&key); - return outBuf; + wc_FreeRng(&rng); + + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif @@ -159,7 +199,8 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* wc_FreeRng(&rng); return MEMORY_E; } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { XFCLOSE(privKeyFile); return WOLFCLU_FATAL_ERROR; } @@ -214,7 +255,7 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* wc_ed25519_free(&key); wc_FreeRng(&rng); - /* expected ret == 1 */ + /* expected ret == WOLFCLU_SUCCESS */ return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; @@ -336,83 +377,102 @@ int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, } int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, - int pubIn, int inForm) -{ + int pubIn, int inForm) { + #ifndef NO_RSA int ret; int keyFileSz = 0; word32 index = 0; - XFILE keyPathFile; + XFILE keyPathFile = NULL; RsaKey key; WC_RNG rng; byte* keyBuf = NULL; byte* outBuf = NULL; int outBufSz = 0; - XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); + /* initialize RSA key */ ret = wc_InitRsaKey(&key, NULL); if (ret != 0) { wolfCLU_LogError("Failed to initialize RsaKey.\nRet: %d", ret); + XFREE(&key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } + /* retrieve public key and store in the RSA key */ if (pubIn == 1) { - /* read in and store rsa key */ + /* open, read, and store RSA key */ keyPathFile = XFOPEN(keyPath, "rb"); if (keyPathFile == NULL) { wolfCLU_LogError("unable to open file %s", keyPath); - wc_FreeRsaKey(&key); + wc_FreeRng(&rng); return BAD_FUNC_ARG; } XFSEEK(keyPathFile, 0, SEEK_END); keyFileSz = (int)XFTELL(keyPathFile); keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf != NULL) { - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - return WOLFCLU_FATAL_ERROR; - } + if (keyBuf == NULL) { + XFCLOSE(keyPathFile); + wc_FreeRng(&rng); + return MEMORY_E; + } + + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + XFCLOSE(keyPathFile); + return WOLFCLU_FATAL_ERROR; } XFCLOSE(keyPathFile); - } - else { - keyBuf = wolfCLU_generate_public_key_rsa(keyPath, keyBuf, &keyFileSz); - if (keyFileSz < 0) { - wolfCLU_LogError("Failed to derive public key from private key."); - wc_FreeRsaKey(&key); + + /* convert public key to DER format if PEM */ + if (inForm == PEM_FORM) { + ret = wc_RsaKeyToPublicDer(&key, keyBuf, keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to convert public key to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; + } } - } - /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { - ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + /* decode public key from DER-encoded input */ + ret = wc_RsaPublicKeyDecode(keyBuf, &index, &key, keyFileSz); if (ret != 0) { - wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); return ret; } } + else { + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + if (ret != 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + return ret; + } + } - /* retrieving public key and storing in the RsaKey */ - ret = wc_RsaPublicKeyDecode(keyBuf, &index, &key, keyFileSz); - if (keyBuf != NULL) { - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + /* derive public key from private key */ + ret = wolfCLU_generate_public_key_rsa(keyPath, inForm, &keyBuf, &keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to derive public key from private key."); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } } - if (ret < 0 ) { - wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); + /* set up output buffer based on key size */ + outBufSz = wc_RsaEncryptSize(&key); + if (outBufSz <= 0) { + wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); wc_FreeRsaKey(&key); - return ret; + return WOLFCLU_FATAL_ERROR; } - /* setting up output buffer based on key size */ - outBufSz = wc_RsaEncryptSize(&key); outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (outBuf == NULL) { wolfCLU_LogError("Failed to malloc output buffer"); @@ -421,6 +481,7 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, } XMEMSET(outBuf, 0, outBufSz); + /* verify the RSA signature */ ret = wc_RsaSSL_Verify(sig, sigSz, outBuf, (word32)outBufSz, &key); if (ret < 0) { wolfCLU_LogError("Failed to verify data with RSA public key.\nRET: %d", ret); @@ -428,23 +489,30 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, wc_FreeRsaKey(&key); return ret; } + + /* write the output to the specified file */ + XFILE s = XFOPEN(out, "wb"); + if (s == NULL) { + wolfCLU_LogError("Unable to open file %s", out); + ret = BAD_FUNC_ARG; + } else { - XFILE s = XFOPEN(out, "wb"); - if (s == NULL) { - wolfCLU_LogError("unable to open file %s", out); - ret = BAD_FUNC_ARG; - } - else { - XFWRITE(outBuf, 1, ret, s); - XFCLOSE(s); - } + XFWRITE(outBuf, 1, ret, s); + XFCLOSE(s); } + /* Cleanup allocated resources */ if (outBuf != NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } + if (keyBuf != NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + wc_FreeRsaKey(&key); - return (ret < 0)? ret : WOLFCLU_SUCCESS; + + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif @@ -593,7 +661,8 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, return MEMORY_E; } - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { XFCLOSE(keyPathFile); return WOLFCLU_FATAL_ERROR; } From a61717803975747d9ecbc6e43ec138a685393881 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Mon, 5 Aug 2024 16:36:23 -0700 Subject: [PATCH 3/8] ECC, RSA, and ED25519 sign and verify support for DER and PEM passing --- src/genkey/clu_genkey.c | 50 +-- src/sign-verify/clu_sign.c | 110 +++-- src/sign-verify/clu_verify.c | 384 +++++++----------- tests/genkey_sign_ver/genkey-sign-ver-test.sh | 10 +- 4 files changed, 227 insertions(+), 327 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 3c83318c..37a8243f 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -60,17 +60,17 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fOutNm); fOutNmSz = (int)XSTRLEN(fOutNm); - /*--------------- INIT ---------------------*/ + /* init ed25519 key */ ret = wc_ed25519_init(&edKeyOut); if (ret != 0) return ret; - /*--------------- MAKE KEY ---------------------*/ + /* make ed25519 key */ ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &edKeyOut); if (ret != 0) return ret; #if 0 - /*--------------- GET KEY SIZES ---------------------*/ + /* get key size */ privKeySz = wc_ed25519_priv_size(&edKeyOut); if (privKeySz <= 0) return WC_KEY_SIZE_E; @@ -79,14 +79,14 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) if (pubKeySz <= 0) return WC_KEY_SIZE_E; - /*--------------- EXPORT KEYS TO BUFFERS ---------------------*/ + /* export keys to buffers */ ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz, pubKeyBuf, &pubKeySz); if (ret != 0) return ret; #endif - /*--------------- OUTPUT KEYS TO FILE(S) ---------------------*/ + /* set up the file name output buffer */ finalOutFNm = (char*) XMALLOC( (fOutNmSz + fOutNmAppendSz), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (finalOutFNm == NULL) @@ -178,7 +178,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) FALL_THROUGH; case PUB_ONLY_FILE: /* add on the final part of the file name ".pub" */ - XMEMCPY(finalOutFNm+fOutNmSz, pubAppend, fOutNmAppendSz); + XMEMCPY(finalOutFNm + fOutNmSz, pubAppend, fOutNmAppendSz); WOLFCLU_LOG(WOLFCLU_L0, "finalOutFNm = %s", finalOutFNm); /* open the file for writing the public key */ @@ -743,25 +743,20 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int RsaKey key; /* the RSA key structure */ XFILE file = NULL; /* file stream */ int ret = WOLFCLU_SUCCESS; /* return value */ - int fNameSz; /* file name without append */ int fExtSz = 6; /* # of bytes to append to file name */ char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ char* fOutNameBuf = NULL; /* file name + fExt */ int flagOutputPub = 0; /* set if outputting both priv/pub */ - - #ifdef NO_AES - /* use 16 bytes for AES block size */ - size_t maxDerBufSz = 4 * keySz * 16; - #else - size_t maxDerBufSz = 4 * keySz * AES_BLOCK_SIZE; - #endif byte* derBuf = NULL; /* buffer for DER format */ byte* pemBuf = NULL; /* buffer for PEM format */ int derBufSz = -1; /* size of DER buffer */ int pemBufSz = 0; /* size of PEM buffer */ + WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fName); + fNameSz = (int)XSTRLEN(fName); + if (rng == NULL || fName == NULL) return BAD_FUNC_ARG; @@ -776,25 +771,14 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int } /* set up the file name output buffer */ - if (ret == WOLFCLU_SUCCESS) { - fNameSz = (int)XSTRLEN(fName); - fOutNameBuf = (char*)XMALLOC(fNameSz + fExtSz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (fOutNameBuf == NULL) - ret = MEMORY_E; - } + fOutNameBuf = (char*) XMALLOC( (fNameSz + fExtSz), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (fOutNameBuf == NULL) + return MEMORY_E; /* get the first part of the file name setup */ - if (ret == WOLFCLU_SUCCESS) { - XMEMSET(fOutNameBuf, 0, fNameSz + fExtSz); - XMEMCPY(fOutNameBuf, fName, fNameSz); - - derBuf = (byte*) XMALLOC(maxDerBufSz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - ret = MEMORY_E; - } - } + XMEMSET(fOutNameBuf, 0, fNameSz + fExtSz); + XMEMCPY(fOutNameBuf, fName, fNameSz); switch (directive) { case PRIV_AND_PUB_FILES: @@ -875,7 +859,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int break; } if (flagOutputPub == 0) { - break; + break; } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1 */ FALL_THROUGH; case PUB_ONLY_FILE: @@ -920,7 +904,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int if (fmt == PEM_FORM) { if (ret == WOLFCLU_SUCCESS) { pemBufSz = wolfCLU_KeyDerToPem(derBuf, derBufSz, &pemBuf, - PRIVATEKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER); + PUBLICKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER); if (pemBufSz < 0) { ret = pemBufSz; } diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index 40d21968..8943abc8 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -33,52 +33,50 @@ int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { const unsigned char* keyBuf = *pkeyBuf; if (pubIn == 0) { - int derSz = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, - 0, NULL); - if (derSz > 0) { + ret = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, 0, NULL); + if (ret > 0) { + int derSz = ret; der = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = MEMORY_E; } else { - ret = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), - der, derSz, NULL); + ret = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), der, + derSz, NULL); if (ret > 0) { + /* replace incoming pkeyBuf with new der buf */ XFREE(*pkeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); *pkeyBuf = der; - ret = 0; } else { + /* failure, so cleanup */ XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } } } - else { - ret = derSz; - } } else { - int derSz = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, 0); - if (derSz > 0) { + ret = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, 0); + if (ret > 0) { + int derSz = ret; der = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = MEMORY_E; } else { - ret = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), der, derSz); + ret = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), + der, derSz); if (ret > 0) { + /* replace incoming pkeyBuf with new der buf */ XFREE(*pkeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); *pkeyBuf = der; - ret = 0; } else { + /* failure, so cleanup */ XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } } } - else { - ret = derSz; - } } return ret; @@ -205,13 +203,17 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); - if (ret != 0) { + if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRsaKey(&key); wc_FreeRng(&rng); return ret; } + else { + privFileSz = ret; + ret = 0; + } } /* retrieving private key and storing in the RsaKey */ @@ -285,20 +287,21 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); - /* init the ecc key */ + /* initialize ecc key */ ret = wc_ecc_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ecc key\nRET: %d", ret); return ret; } + /* initialize RNG */ ret = wc_InitRng(&rng); if (ret != 0) { wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); return ret; } - /* read in and store private key */ + /* open, read, and store ecc key */ privKeyFile = XFOPEN(privKey, "rb"); if (privKeyFile == NULL) { wolfCLU_LogError("unable to open file %s", privKey); @@ -323,52 +326,65 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); - if (ret != 0) { + if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ecc_free(&key); wc_FreeRng(&rng); return ret; } + else { + privFileSz = ret; + ret = 0; + } } /* retrieving private key and storing in the Ecc Key */ ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, privFileSz); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (ret != 0 ) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); + wolfCLU_LogError("Failed to decode Ecc private key.\nRET: %d", ret); wc_FreeRng(&rng); return ret; } /* setting up output buffer based on key size */ - outBufSz = wc_ecc_sig_size(&key); - outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (outBuf == NULL) { - wc_FreeRng(&rng); - return MEMORY_E; + if (ret == 0) { + outBufSz = wc_ecc_sig_size(&key); + outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (outBuf == NULL) { + wc_ecc_free(&key); + wc_FreeRng(&rng); + return MEMORY_E; + } } - XMEMSET(outBuf, 0, outBufSz); - outLen = (word32)outBufSz; + if (ret == 0) { + XMEMSET(outBuf, 0, outBufSz); - /* signing input with ecc priv key to produce signature */ - ret = wc_ecc_sign_hash(data, fSz, outBuf, &outLen, &rng, &key); - if (ret < 0) { - wolfCLU_LogError("Failed to sign data with Ecc private key.\nRET: %d", ret); - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - return ret; + /* signing input with ecc priv key to produce signature */ + outLen = (word32)outBufSz; + ret = wc_ecc_sign_hash(data, fSz, outBuf, &outLen, &rng, &key); + if (ret >= 0) { + XFILE s; + s = XFOPEN(out, "wb"); + XFWRITE(outBuf, 1, outLen, s); + XFCLOSE(s); + } + else { + wolfCLU_LogError("Failed to sign data with Ecc private key.\nRET: %d", ret); + } } - else { - XFILE s; - s = XFOPEN(out, "wb"); - XFWRITE(outBuf, 1, outLen, s); - XFCLOSE(s); + + /* cleanup allocated resources */ + if (outBuf!= NULL) { + XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + wc_ecc_free(&key); wc_FreeRng(&rng); - (void)index; - return WOLFCLU_SUCCESS; + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif @@ -435,13 +451,17 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); - if (ret != 0) { + if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ed25519_free(&key); wc_FreeRng(&rng); return ret; } + else { + privFileSz = ret; + ret = 0; + } } /* decode the private key from the DER-encoded input */ @@ -496,7 +516,7 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, wc_ed25519_free(&key); wc_FreeRng(&rng); - /* expected ret == 1 */ + /* expected ret == WOLFCLU_SUCCESS */ return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 77ac589e..0de97ec5 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -27,130 +27,6 @@ * and ED25519_SIG_VER */ #ifndef WOLFCLU_NO_FILESYSTEM -static int wolfCLU_generate_public_key_rsa(char* privKey, int inForm, byte** outBuf, - int* outBufSz) -{ -#ifndef NO_RSA - int ret; - int privFileSz; - word32 index = 0; - - XFILE privKeyFile; - byte* keyBuf = NULL; - RsaKey key; - WC_RNG rng; - - if (outBuf == NULL || outBufSz == NULL) { - wolfCLU_LogError("Unexpected null output buffer or size variable"); - return BAD_FUNC_ARG; - } - - XMEMSET(&rng, 0, sizeof(rng)); - XMEMSET(&key, 0, sizeof(key)); - - /* initialize RSA key */ - ret = wc_InitRsaKey(&key, NULL); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize RsaKey.\nRet: %d", ret); - return ret; - } - - /* initialize RNG */ - ret = wc_InitRng(&rng); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - wc_FreeRsaKey(&key); - return ret; - } - - /* read in and store private key */ - privKeyFile = XFOPEN(privKey, "rb"); - if (privKeyFile == NULL) { - wolfCLU_LogError("unable to open file %s", privKey); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - return BAD_FUNC_ARG; - } - - XFSEEK(privKeyFile, 0, SEEK_END); - privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(privKeyFile); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - return MEMORY_E; - } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); - return WOLFCLU_FATAL_ERROR; - } - XFCLOSE(privKeyFile); - - /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { - ret = wolfCLU_KeyPemToDer(&keyBuf, privFileSz); - if (ret != 0) { - wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - return ret; - } - } - - /* retrieve private key and store in the RsaKey */ - if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, privFileSz); - if (ret != 0) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); - } - } - - /* calculate the size needed for the public key */ - if (ret == 0) { - ret = wc_RsaKeyToPublicDer(&key, NULL, 0); - if (ret < 0) { - wolfCLU_LogError("Failed to export RSA public key.\nRET: %d", ret); - } else { - *outBufSz = ret; - ret = 0; - } - } - - /* allocate buffer for the public key */ - if (ret == 0) { - *outBuf = (byte*)XMALLOC(*outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (*outBuf == NULL) { - wolfCLU_LogError("Failed to allocate memory for public key.\nSize: %d", - *outBufSz); - ret = MEMORY_E; - } else { - XMEMSET(*outBuf, 0, *outBufSz); - ret = wc_RsaKeyToPublicDer(&key, *outBuf, (word32)*outBufSz); - if (ret < 0) { - wolfCLU_LogError("Failed to export RSA public key.\nRET: %d", ret); - *outBufSz = ret; - } - } - } - - /* cleanup allocated resources */ - if (keyBuf != NULL) { - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } - - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - - /* expected ret == WOLFCLU_SUCCESS */ - return (ret >= 0) ? WOLFCLU_SUCCESS : ret; -#else - return NOT_COMPILED_IN; -#endif -} - static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* outBuf, word32 outLen) { @@ -209,13 +85,15 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* /* convert PEM to DER if necessary */ if (inForm == PEM_FORM) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); - if (ret != 0) { + if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed25519_free(&key); - wc_FreeRng(&rng); return ret; } + else { + privFileSz = ret; + ret = 0; + } } /* decode the private key from the DER-encoded input */ @@ -385,7 +263,6 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, word32 index = 0; XFILE keyPathFile = NULL; RsaKey key; - WC_RNG rng; byte* keyBuf = NULL; byte* outBuf = NULL; int outBufSz = 0; @@ -400,42 +277,43 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, return ret; } - /* retrieve public key and store in the RSA key */ - if (pubIn == 1) { - /* open, read, and store RSA key */ - keyPathFile = XFOPEN(keyPath, "rb"); - if (keyPathFile == NULL) { - wolfCLU_LogError("unable to open file %s", keyPath); - wc_FreeRng(&rng); - return BAD_FUNC_ARG; - } + /* open, read, and store RSA key */ + keyPathFile = XFOPEN(keyPath, "rb"); + if (keyPathFile == NULL) { + wolfCLU_LogError("unable to open file %s", keyPath); + return BAD_FUNC_ARG; + } - XFSEEK(keyPathFile, 0, SEEK_END); - keyFileSz = (int)XFTELL(keyPathFile); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(keyPathFile); - wc_FreeRng(&rng); - return MEMORY_E; - } + XFSEEK(keyPathFile, 0, SEEK_END); + keyFileSz = (int)XFTELL(keyPathFile); + keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + XFCLOSE(keyPathFile); + return MEMORY_E; + } - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - return WOLFCLU_FATAL_ERROR; - } + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { XFCLOSE(keyPathFile); + return WOLFCLU_FATAL_ERROR; + } + XFCLOSE(keyPathFile); - /* convert public key to DER format if PEM */ - if (inForm == PEM_FORM) { - ret = wc_RsaKeyToPublicDer(&key, keyBuf, keyFileSz); - if (ret != 0) { - wolfCLU_LogError("Failed to convert public key to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + if (ret < 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + else { + keyFileSz = ret; + ret = 0; } + } + if (pubIn == 1) { /* decode public key from DER-encoded input */ ret = wc_RsaPublicKeyDecode(keyBuf, &index, &key, keyFileSz); if (ret != 0) { @@ -445,23 +323,10 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, } } else { - /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { - ret = wolfCLU_KeyPemToDer(&keyBuf, 0); - if (ret != 0) { - wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - return ret; - } - } - - /* derive public key from private key */ - ret = wolfCLU_generate_public_key_rsa(keyPath, inForm, &keyBuf, &keyFileSz); + /* retrieve private key and store in the RsaKey */ + ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, keyFileSz); if (ret != 0) { - wolfCLU_LogError("Failed to derive public key from private key."); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); } } @@ -524,25 +389,27 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, #ifdef HAVE_ECC int ret; - int keyFileSz; + int keyFileSz = 0; int stat = 0; word32 index = 0; XFILE keyPathFile; ecc_key key; - WC_RNG rng; - byte* keyBuf; + byte* keyBuf = NULL; + byte* outBuf = NULL; + int outBufSz = 0; - XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); + /* initialize Ecc key */ ret = wc_ecc_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ecc key.\nRet: %d", ret); + XFREE(&key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } - /* read in and store ecc key */ + /* open, read, and store Ecc key */ keyPathFile = XFOPEN(keyPath, "rb"); if (keyPathFile == NULL) { wolfCLU_LogError("unable to open file %s", keyPath); @@ -552,48 +419,69 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, XFSEEK(keyPathFile, 0, SEEK_END); keyFileSz = (int)XFTELL(keyPathFile); keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf != NULL) { - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - return WOLFCLU_FATAL_ERROR; - } + if (keyBuf == NULL) { + XFCLOSE(keyPathFile); + return MEMORY_E; + } + + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + XFCLOSE(keyPathFile); + return WOLFCLU_FATAL_ERROR; } XFCLOSE(keyPathFile); /* convert PEM to DER if necessary */ if (inForm == PEM_FORM) { ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); - if (ret != 0) { + if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); return ret; } + else { + keyFileSz = ret; + ret = 0; + } } if (pubIn == 1) { - /* retrieving public key and storing in the ecc key */ + /* retrieve public key and store in the Ecc key */ ret = wc_EccPublicKeyDecode(keyBuf, &index, &key, keyFileSz); if (ret < 0 ) { wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); return ret; } + } else { - /* retrieving private key and storing in the Ecc Key */ + /* retrieve private key and store in the Ecc Key */ ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, keyFileSz); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (ret != 0 ) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfCLU_LogError("Failed to decode Ecc private key.\nRET: %d", ret); + wc_ecc_free(&key); return ret; } } - if (keyBuf) - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + /* setting up output buffer based on key size */ + outBufSz = wc_ecc_sig_size(&key); + if (outBufSz <= 0) { + wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); + wc_ecc_free(&key); + return WOLFCLU_FATAL_ERROR; + } + outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (outBuf == NULL) { + wolfCLU_LogError("Failed to malloc output buffer"); + wc_ecc_free(&key); + return MEMORY_E; + } + XMEMSET(outBuf, 0, outBufSz); + /* verify data with Ecc public key */ ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &stat, &key); if (ret < 0) { wolfCLU_LogError("Failed to verify data with Ecc public key.\nRET: %d", ret); @@ -606,7 +494,15 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, wolfCLU_LogError("Invalid Signature."); } - return WOLFCLU_SUCCESS; + /* Cleanup allocated resources */ + if (outBuf != NULL) { + XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + + wc_ecc_free(&key); + + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif @@ -619,10 +515,9 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, int ret; int stat = 0; word32 index = 0; - int keyFileSz; + int keyFileSz = 0; XFILE keyPathFile; - WC_RNG rng; ed25519_key key; byte* keyBuf = (byte*)XMALLOC(ED25519_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -642,42 +537,45 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, return ret; } - /* retrieve public key and store in the ED25519 key */ - if (pubIn == 1) { - /* open, read, and store ED25519 key */ - keyPathFile = XFOPEN(keyPath, "rb"); - if (keyPathFile == NULL) { - wolfCLU_LogError("unable to open file %s", keyPath); - wc_FreeRng(&rng); - return BAD_FUNC_ARG; - } + /* open, read, and store ED25519 key */ + keyPathFile = XFOPEN(keyPath, "rb"); + if (keyPathFile == NULL) { + wolfCLU_LogError("unable to open file %s", keyPath); + return BAD_FUNC_ARG; + } - XFSEEK(keyPathFile, 0, SEEK_END); - keyFileSz = (int)XFTELL(keyPathFile); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(keyPathFile); - wc_FreeRng(&rng); - return MEMORY_E; - } + XFSEEK(keyPathFile, 0, SEEK_END); + keyFileSz = (int)XFTELL(keyPathFile); + XFSEEK(keyPathFile, 0, SEEK_SET); - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - return WOLFCLU_FATAL_ERROR; - } + keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { XFCLOSE(keyPathFile); + return MEMORY_E; + } - /* convert public key to DER format if PEM */ - if (inForm == PEM_FORM) { - ret = wc_Ed25519PublicKeyToDer(&key, keyBuf, keyFileSz, ED25519_KEY_SIZE); - if (ret != 0) { - wolfCLU_LogError("Failed to convert public key to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } + if ((int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + XFCLOSE(keyPathFile); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFCLU_FATAL_ERROR; + } + XFCLOSE(keyPathFile); + + /* convert PEM to DER if necessary */ + if (inForm == PEM_FORM) { + ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + if (ret < 0) { + wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; } + else { + keyFileSz = ret; + ret = 0; + } + } + if (pubIn == 1) { /* decode public key from DER-encoded input */ ret = wc_Ed25519PublicKeyDecode(keyBuf, &index, &key, keyFileSz); if (ret != 0) { @@ -687,25 +585,19 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, } } else { - /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { - ret = wolfCLU_KeyPemToDer(&keyBuf, 0); - if (ret != 0) { - wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); + /* derive public key from private key */ + if (ret == 0) { + ret = wolfCLU_generate_public_key_ed25519(keyPath, inForm, keyBuf, + ED25519_KEY_SIZE); + if (ret == WOLFCLU_SUCCESS) { + ret = 0; + } + else { + wolfCLU_LogError("Failed to verify data with ed25519 public key.\nRET: %d", ret); return ret; } } - /* derive public key from private key */ - ret = wolfCLU_generate_public_key_ed25519(keyPath, inForm, keyBuf, ED25519_KEY_SIZE); - if (ret != 0) { - wolfCLU_LogError("Failed to derive public key from private key."); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - /* decode public key */ ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); if (ret != 0) { @@ -714,11 +606,10 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, return ret; } } - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* verify data with ED25519 public key */ ret = wc_ed25519_verify_msg(sig, sigSz, hash, hashSz, &stat, &key); - if (ret != 0) { + if (ret < 0) { wolfCLU_LogError("Failed to verify data with ED25519 public key.\nRET: %d", ret); return ret; } @@ -729,7 +620,12 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, wolfCLU_LogError("Invalid Signature."); } - return WOLFCLU_SUCCESS; + /* Cleanup allocated resources */ + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed25519_free(&key); + + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; #else return NOT_COMPILED_IN; #endif diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh index d00fc511..8b600384 100755 --- a/tests/genkey_sign_ver/genkey-sign-ver-test.sh +++ b/tests/genkey_sign_ver/genkey-sign-ver-test.sh @@ -155,25 +155,25 @@ DERPEMRAW="pem" VERIFYOUTNAME="rsa-sigout" gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} -: ' +# TODO - raw support ALGORITHM="ed25519" KEYFILENAME="edkey" SIGOUTNAME="ed-signed.sig" DERPEMRAW="raw" -gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} +# gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ALGORITHM="ecc" KEYFILENAME="ecckey" SIGOUTNAME="ecc-signed.sig" DERPEMRAW="raw" -gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} +# gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ALGORITHM="rsa" KEYFILENAME="rsakey" SIGOUTNAME="rsa-signed.sig" DERPEMRAW="raw" VERIFYOUTNAME="rsa-sigout" -gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} -' +# gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} + exit 0 From 98c8dbb69f3a05ff14413db79ebad663d797fffb Mon Sep 17 00:00:00 2001 From: aidan garske Date: Wed, 7 Aug 2024 16:13:32 -0700 Subject: [PATCH 4/8] Refactor cleanup for sign, verify, and genkey --- src/genkey/clu_genkey.c | 167 +++++++------- src/sign-verify/clu_sign.c | 258 +++++++++++----------- src/sign-verify/clu_verify.c | 414 +++++++++++++++++------------------ 3 files changed, 415 insertions(+), 424 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 37a8243f..08c4141f 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -60,14 +60,19 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fOutNm); fOutNmSz = (int)XSTRLEN(fOutNm); - /* init ed25519 key */ + /* initialize ed25519 key */ ret = wc_ed25519_init(&edKeyOut); - if (ret != 0) - return ret; + if (ret != 0) { + wolfCLU_LogError("Failed to initialize ed25519 key.\nRET: %d", ret); + } + /* make ed25519 key */ - ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &edKeyOut); - if (ret != 0) - return ret; + if (ret == 0) { + ret = wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &edKeyOut); + if (ret != 0) { + wolfCLU_LogError("Failed to make ed25519 key.\nRET: %d", ret); + } + } #if 0 /* get key size */ @@ -81,20 +86,23 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) /* export keys to buffers */ ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz, pubKeyBuf, - &pubKeySz); + &pubKeySz); if (ret != 0) return ret; #endif /* set up the file name output buffer */ - finalOutFNm = (char*) XMALLOC( (fOutNmSz + fOutNmAppendSz), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (finalOutFNm == NULL) - return MEMORY_E; + if (ret == 0) { + finalOutFNm = (char*) XMALLOC( (fOutNmSz + fOutNmAppendSz), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (finalOutFNm == NULL) { + ret = MEMORY_E; + } - /* get the first part of the file name setup */ - XMEMSET(finalOutFNm, 0, fOutNmSz + fOutNmAppendSz); - XMEMCPY(finalOutFNm, fOutNm, fOutNmSz); + /* get the first part of the file name setup */ + XMEMSET(finalOutFNm, 0, fOutNmSz + fOutNmAppendSz); + XMEMCPY(finalOutFNm, fOutNm, fOutNmSz); + } switch(directive) { case PRIV_AND_PUB_FILES: @@ -108,16 +116,19 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) WOLFCLU_LOG(WOLFCLU_L0, "finalOutFNm = %s", finalOutFNm); /* open the file for writing the private key */ - file = XFOPEN(finalOutFNm, "wb"); - if (!file) { - XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return OUTPUT_FILE_ERROR; + if (ret == 0) { + file = XFOPEN(finalOutFNm, "wb"); + if (!file) { + ret = OUTPUT_FILE_ERROR; + } } /* determine size for buffer */ - derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, NULL, 0); - if (derSz <= 0) { - ret = MEMORY_E; + if (ret == 0) { + derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, NULL, 0); + if (derSz <= 0) { + ret = MEMORY_E; + } } /* allocate DER buffer */ @@ -153,7 +164,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = OUTPUT_FILE_ERROR; } else { - ret = 0; /* reset ret to 0 if success */ + ret = 0; } } } @@ -165,7 +176,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = OUTPUT_FILE_ERROR; } else { - ret = 0; /* reset ret to 0 if success */ + ret = 0; } } } @@ -182,16 +193,19 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) WOLFCLU_LOG(WOLFCLU_L0, "finalOutFNm = %s", finalOutFNm); /* open the file for writing the public key */ - file = XFOPEN(finalOutFNm, "wb"); - if (!file) { - XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return OUTPUT_FILE_ERROR; + if (ret == 0) { + file = XFOPEN(finalOutFNm, "wb"); + if (!file) { + ret = OUTPUT_FILE_ERROR; + } } /* determine size for buffer */ - derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, NULL, 0, 1); - if (derSz <= 0) { - ret = MEMORY_E; + if (ret == 0) { + derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, NULL, 0, 1); + if (derSz <= 0) { + ret = MEMORY_E; + } } /* allocate DER buffer */ @@ -225,7 +239,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) if (ret != pemSz) { ret = OUTPUT_FILE_ERROR; } else { - ret = 0; /* reset ret to 0 if success */ + ret = 0; } } } @@ -237,28 +251,26 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = OUTPUT_FILE_ERROR; } else { - ret = 0; /* reset ret to 0 if success */ + ret = 0; } } } if (ret != 0) { - XFCLOSE(file); - XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return OUTPUT_FILE_ERROR; + ret = OUTPUT_FILE_ERROR; } XFCLOSE(file); break; default: wolfCLU_LogError("Invalid directive"); - XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; } /* cleanup allocated resources */ - if (file != NULL) + if (file != NULL) { XFCLOSE(file); XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } if (derBuf != NULL) { XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } @@ -266,12 +278,8 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (ret >= 0) { - /* ret >= 0 indicates a successful file write, set to zero for return */ - ret = WOLFCLU_SUCCESS; - } - - return ret; + /* expected ret == WOLFCLU_SUCCESS */ + return (ret >= 0) ? WOLFCLU_SUCCESS : ret; } #endif /* HAVE_ED25519 */ @@ -740,19 +748,19 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int keySz, long exp) { #ifndef NO_RSA - RsaKey key; /* the RSA key structure */ - XFILE file = NULL; /* file stream */ - int ret = WOLFCLU_SUCCESS; /* return value */ - int fNameSz; /* file name without append */ - int fExtSz = 6; /* # of bytes to append to file name */ - char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ - char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ - char* fOutNameBuf = NULL; /* file name + fExt */ - int flagOutputPub = 0; /* set if outputting both priv/pub */ - byte* derBuf = NULL; /* buffer for DER format */ - byte* pemBuf = NULL; /* buffer for PEM format */ - int derBufSz = -1; /* size of DER buffer */ - int pemBufSz = 0; /* size of PEM buffer */ + RsaKey key; /* the RSA key structure */ + XFILE file = NULL; /* file stream */ + int ret = WOLFCLU_SUCCESS; /* return value */ + int fNameSz; /* file name without append */ + int fExtSz = 6; /* # of bytes to append to file name */ + char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ + char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ + char* fOutNameBuf = NULL; /* file name + fExt */ + int flagOutputPub = 0; /* set if outputting both priv/pub */ + byte* derBuf = NULL; /* buffer for DER format */ + byte* pemBuf = NULL; /* buffer for PEM format */ + int derBufSz = -1; /* size of DER buffer */ + int pemBufSz = 0; /* size of PEM buffer */ WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fName); fNameSz = (int)XSTRLEN(fName); @@ -767,14 +775,17 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int /* make RSA key */ if (wc_MakeRsaKey(&key, keySz, exp, rng) != 0) { - ret = WOLFCLU_FAILURE; + wc_FreeRsaKey(&key); + return WOLFCLU_FAILURE; } /* set up the file name output buffer */ fOutNameBuf = (char*) XMALLOC( (fNameSz + fExtSz), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (fOutNameBuf == NULL) + if (fOutNameBuf == NULL) { + wc_FreeRsaKey(&key); return MEMORY_E; + } /* get the first part of the file name setup */ XMEMSET(fOutNameBuf, 0, fNameSz + fExtSz); @@ -795,15 +806,16 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int if (ret == WOLFCLU_SUCCESS) { file = XFOPEN(fOutNameBuf, "wb"); if (!file) { - XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ret = OUTPUT_FILE_ERROR; } } - /* determine size for buffer */ - derBufSz = wc_RsaKeyToDer(&key, NULL, 0); - if (derBufSz < 0) { - ret = MEMORY_E; + /* determine size for buffer */ + if (ret == WOLFCLU_SUCCESS) { + derBufSz = wc_RsaKeyToDer(&key, NULL, 0); + if (derBufSz < 0) { + ret = MEMORY_E; + } } /* allocate DER buffer */ @@ -839,7 +851,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int ret = OUTPUT_FILE_ERROR; } else { - ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + ret = WOLFCLU_SUCCESS; } } } @@ -851,7 +863,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int ret = OUTPUT_FILE_ERROR; } else { - ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + ret = WOLFCLU_SUCCESS; } } } @@ -871,15 +883,16 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int if (ret == WOLFCLU_SUCCESS) { file = XFOPEN(fOutNameBuf, "wb"); if (!file) { - XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ret = OUTPUT_FILE_ERROR; } } /* determine size for buffer */ - derBufSz = wc_RsaKeyToPublicDer(&key, NULL, 0); - if (derBufSz < 0) { - ret = MEMORY_E; + if (ret == WOLFCLU_SUCCESS) { + derBufSz = wc_RsaKeyToPublicDer(&key, NULL, 0); + if (derBufSz < 0) { + ret = MEMORY_E; + } } /* allocate DER buffer */ @@ -915,7 +928,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int ret = OUTPUT_FILE_ERROR; } else { - ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + ret = WOLFCLU_SUCCESS; } } } @@ -927,27 +940,25 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int ret = OUTPUT_FILE_ERROR; } else { - ret = WOLFCLU_SUCCESS; /* reset ret to WOLFCLU_SUCCESS */ + ret = WOLFCLU_SUCCESS; } } } if (ret != WOLFCLU_SUCCESS) { - XFCLOSE(file); - XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return OUTPUT_FILE_ERROR; + ret = OUTPUT_FILE_ERROR; } XFCLOSE(file); break; default: wolfCLU_LogError("Invalid directive"); - XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; } - if (file != NULL) + if (file != NULL) { XFCLOSE(file); XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } if (derBuf != NULL) { XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index 8943abc8..2abfebfb 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -141,7 +141,7 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, int privFileSz; word32 index = 0; - XFILE privKeyFile; + XFILE privKeyFile = NULL; byte* keyBuf = NULL; RsaKey key; @@ -157,58 +157,52 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, ret = wc_InitRsaKey(&key, NULL); if (ret != 0) { wolfCLU_LogError("Failed to initialize RsaKey\nRET: %d", ret); - return ret; } /* initialize RNG */ - ret = wc_InitRng(&rng); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - return ret; + if (ret == 0) { + ret = wc_InitRng(&rng); + if (ret != 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + } } - /* initialize RNG RSA_BLINDING */ + /* initialize RNG RSA_BLINDING */ + if (ret == 0) { #ifdef WC_RSA_BLINDING - ret = wc_RsaSetRNG(&key, &rng); - if (ret < 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRng(&rng); - return ret; - } + ret = wc_RsaSetRNG(&key, &rng); + if (ret < 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + } #endif + } /* open, read, and store RSA key */ - privKeyFile = XFOPEN(privKey, "rb"); - if (privKeyFile == NULL) { - wolfCLU_LogError("unable to open file %s", privKey); - return BAD_FUNC_ARG; + if (ret == 0) { + privKeyFile = XFOPEN(privKey, "rb"); + if (privKeyFile == NULL) { + wolfCLU_LogError("unable to open file %s", privKey); + ret = BAD_FUNC_ARG; + } } - - XFSEEK(privKeyFile, 0, SEEK_END); - privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(privKeyFile); - return MEMORY_E; + if (ret == 0) { + XFSEEK(privKeyFile, 0, SEEK_END); + privFileSz = (int)XFTELL(privKeyFile); + keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + ret = WOLFCLU_FATAL_ERROR; + } } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); - return WOLFCLU_FATAL_ERROR; - } - XFCLOSE(privKeyFile); - /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - return ret; } else { privFileSz = ret; @@ -217,28 +211,32 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, } /* retrieving private key and storing in the RsaKey */ - ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, privFileSz); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != 0 ) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - return ret; + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, privFileSz); + if (privFileSz < 0) { + wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); + ret = privFileSz; + } } /* setting up output buffer based on key size */ if (ret == 0) { outBufSz = wc_RsaEncryptSize(&key); + if (outBufSz <= 0) { + wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); + ret = WOLFCLU_FATAL_ERROR; + } + } + if (ret == 0) { outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (outBuf == NULL) { - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - return MEMORY_E; + ret = MEMORY_E; } } if (ret == 0) { XMEMSET(outBuf, 0, outBufSz); + /* signing input with RSA priv key to produce signature */ ret = wc_RsaSSL_Sign(data, dataSz, outBuf, (word32)outBufSz, &key, &rng); if (ret >= 0) { @@ -253,9 +251,15 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, } /* cleanup allocated resources */ + XFCLOSE(privKeyFile); + + if (keyBuf!= NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } if (outBuf!= NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } + wc_FreeRsaKey(&key); wc_FreeRng(&rng); @@ -276,7 +280,7 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, word32 outLen; byte* keyBuf = NULL; - XFILE privKeyFile; + XFILE privKeyFile = NULL; ecc_key key; WC_RNG rng; @@ -290,48 +294,43 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, /* initialize ecc key */ ret = wc_ecc_init(&key); if (ret != 0) { - wolfCLU_LogError("Failed to initialize ecc key\nRET: %d", ret); - return ret; + wolfCLU_LogError("Failed to initialize ecc key.\nRET: %d", ret); } /* initialize RNG */ - ret = wc_InitRng(&rng); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - return ret; + if (ret == 0) { + ret = wc_InitRng(&rng); + if (ret != 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + } } /* open, read, and store ecc key */ - privKeyFile = XFOPEN(privKey, "rb"); - if (privKeyFile == NULL) { - wolfCLU_LogError("unable to open file %s", privKey); - wc_FreeRng(&rng); - return BAD_FUNC_ARG; - } - - XFSEEK(privKeyFile, 0, SEEK_END); - privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - wc_FreeRng(&rng); - return MEMORY_E; + if (ret == 0) { + privKeyFile = XFOPEN(privKey, "rb"); + if (privKeyFile == NULL) { + wolfCLU_LogError("unable to open file %s", privKey); + ret = BAD_FUNC_ARG; + } } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + XFSEEK(privKeyFile, 0, SEEK_END); + privFileSz = (int)XFTELL(privKeyFile); + keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + ret = WOLFCLU_FATAL_ERROR; + } } - XFCLOSE(privKeyFile); /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ecc_free(&key); - wc_FreeRng(&rng); - return ret; } else { privFileSz = ret; @@ -340,12 +339,12 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, } /* retrieving private key and storing in the Ecc Key */ - ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, privFileSz); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != 0 ) { - wolfCLU_LogError("Failed to decode Ecc private key.\nRET: %d", ret); - wc_FreeRng(&rng); - return ret; + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, privFileSz); + if (privFileSz < 0) { + wolfCLU_LogError("Failed to decode Ecc private key.\nRET: %d", ret); + ret = privFileSz; + } } /* setting up output buffer based on key size */ @@ -353,9 +352,7 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, outBufSz = wc_ecc_sig_size(&key); outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (outBuf == NULL) { - wc_ecc_free(&key); - wc_FreeRng(&rng); - return MEMORY_E; + ret = MEMORY_E; } } if (ret == 0) { @@ -376,6 +373,11 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, } /* cleanup allocated resources */ + XFCLOSE(privKeyFile); + + if (keyBuf!= NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } if (outBuf!= NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } @@ -399,7 +401,7 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, word32 index = 0; word32 outLen; - XFILE privKeyFile; + XFILE privKeyFile = NULL; byte* keyBuf = NULL; byte* outBuf = NULL; int outBufSz = 0; @@ -414,49 +416,42 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, ret = wc_ed25519_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ed25519 key\nRET: %d", ret); - return ret; } /* initialize RNG */ - ret = wc_InitRng(&rng); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - return ret; + if (ret == 0) { + ret = wc_InitRng(&rng); + if (ret != 0) { + wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); + } } /* open, read, and store ED25519 key */ - privKeyFile = XFOPEN(privKey, "rb"); - if (privKeyFile == NULL) { - wolfCLU_LogError("unable to open file %s", privKey); - wc_FreeRng(&rng); - return BAD_FUNC_ARG; - } - - XFSEEK(privKeyFile, 0, SEEK_END); - privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(privKeyFile); - wc_FreeRng(&rng); - return MEMORY_E; + if (ret == 0) { + privKeyFile = XFOPEN(privKey, "rb"); + if (privKeyFile == NULL) { + wolfCLU_LogError("unable to open file %s", privKey); + ret = BAD_FUNC_ARG; + } } - - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + XFSEEK(privKeyFile, 0, SEEK_END); + privFileSz = (int)XFTELL(privKeyFile); + keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + ret = WOLFCLU_FATAL_ERROR; + } } - XFCLOSE(privKeyFile); /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed25519_free(&key); - wc_FreeRng(&rng); - return ret; } else { privFileSz = ret; @@ -465,16 +460,18 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, } /* decode the private key from the DER-encoded input */ - ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); if (ret == 0) { - /* Calculate the public key */ - ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); if (ret == 0) { - key.pubKeySet = 1; + /* Calculate the public key */ + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; + } + } + else { + wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } - } - else { - wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } /* setting up output buffer based on key size */ @@ -482,10 +479,7 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, outBufSz = ED25519_SIG_SIZE; outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (outBuf == NULL) { - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_ed25519_free(&key); - wc_FreeRng(&rng); - return MEMORY_E; + ret = MEMORY_E; } } if (ret == 0) { @@ -506,12 +500,14 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, } /* cleanup allocated resources */ + XFCLOSE(privKeyFile); + + if (keyBuf!= NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } if (outBuf!= NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - if (keyBuf != NULL) { - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - } wc_ed25519_free(&key); wc_FreeRng(&rng); diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 0de97ec5..2b5e2667 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -35,60 +35,45 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* int privFileSz; word32 index = 0; - XFILE privKeyFile; + XFILE privKeyFile = NULL; byte* keyBuf = NULL; ed25519_key key; - WC_RNG rng; XMEMSET(&key, 0, sizeof(key)); - XMEMSET(&rng, 0, sizeof(rng)); /* initialize ED25519 key */ ret = wc_ed25519_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ed25519 key\nRET: %d", ret); - return ret; } - /* initialize RNG */ - ret = wc_InitRng(&rng); - if (ret != 0) { - wolfCLU_LogError("Failed to initialize rng.\nRET: %d", ret); - return ret; - } - - /* read in and store private key */ - privKeyFile = XFOPEN(privKey, "rb"); - if (privKeyFile == NULL) { - wolfCLU_LogError("unable to open file %s", privKey); - wc_ed25519_free(&key); - wc_FreeRng(&rng); - return BAD_FUNC_ARG; - } - - XFSEEK(privKeyFile, 0, SEEK_END); - privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(privKeyFile); - wc_ed25519_free(&key); - wc_FreeRng(&rng); - return MEMORY_E; + /* open, read, and store ED25519 key */ + if (ret == 0) { + privKeyFile = XFOPEN(privKey, "rb"); + if (privKeyFile == NULL) { + wolfCLU_LogError("unable to open file %s", privKey); + ret = BAD_FUNC_ARG; + } } - if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + XFSEEK(privKeyFile, 0, SEEK_END); + privFileSz = (int)XFTELL(privKeyFile); + keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { + XFCLOSE(privKeyFile); + ret = WOLFCLU_FATAL_ERROR; + } } - XFCLOSE(privKeyFile); /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } else { privFileSz = ret; @@ -97,16 +82,18 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* } /* decode the private key from the DER-encoded input */ - ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); if (ret == 0) { - /* Calculate the public key */ - ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); if (ret == 0) { - key.pubKeySet = 1; + /* Calculate the public key */ + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; + } + } + else { + wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } - } - else { - wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } /* export public key */ @@ -126,12 +113,13 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* } /* cleanup allocated resources */ - if (keyBuf != NULL) { + XFCLOSE(privKeyFile); + + if (keyBuf!= NULL) { XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } wc_ed25519_free(&key); - wc_FreeRng(&rng); /* expected ret == WOLFCLU_SUCCESS */ return (ret >= 0) ? WOLFCLU_SUCCESS : ret; @@ -273,39 +261,34 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, ret = wc_InitRsaKey(&key, NULL); if (ret != 0) { wolfCLU_LogError("Failed to initialize RsaKey.\nRet: %d", ret); - XFREE(&key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } /* open, read, and store RSA key */ - keyPathFile = XFOPEN(keyPath, "rb"); - if (keyPathFile == NULL) { - wolfCLU_LogError("unable to open file %s", keyPath); - return BAD_FUNC_ARG; - } - - XFSEEK(keyPathFile, 0, SEEK_END); - keyFileSz = (int)XFTELL(keyPathFile); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(keyPathFile); - return MEMORY_E; + if (ret == 0) { + keyPathFile = XFOPEN(keyPath, "rb"); + if (keyPathFile == NULL) { + wolfCLU_LogError("unable to open file %s", keyPath); + ret = BAD_FUNC_ARG; + } } - - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + XFSEEK(keyPathFile, 0, SEEK_END); + keyFileSz = (int)XFTELL(keyPathFile); + keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + ret = WOLFCLU_FATAL_ERROR; + } } - XFCLOSE(keyPathFile); /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } else { keyFileSz = ret; @@ -315,58 +298,61 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, if (pubIn == 1) { /* decode public key from DER-encoded input */ - ret = wc_RsaPublicKeyDecode(keyBuf, &index, &key, keyFileSz); - if (ret != 0) { - wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); + } } } else { /* retrieve private key and store in the RsaKey */ - ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, keyFileSz); - if (ret != 0) { - wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); + } } } /* set up output buffer based on key size */ - outBufSz = wc_RsaEncryptSize(&key); - if (outBufSz <= 0) { - wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); - wc_FreeRsaKey(&key); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + outBufSz = wc_RsaEncryptSize(&key); + if (outBufSz <= 0) { + wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); + ret = WOLFCLU_FATAL_ERROR; + } } - - outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (outBuf == NULL) { - wolfCLU_LogError("Failed to malloc output buffer"); - wc_FreeRsaKey(&key); - return MEMORY_E; + if (ret == 0) { + outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (outBuf == NULL) { + ret = MEMORY_E; + } } - XMEMSET(outBuf, 0, outBufSz); + if (ret == 0) { + XMEMSET(outBuf, 0, outBufSz); - /* verify the RSA signature */ - ret = wc_RsaSSL_Verify(sig, sigSz, outBuf, (word32)outBufSz, &key); - if (ret < 0) { - wolfCLU_LogError("Failed to verify data with RSA public key.\nRET: %d", ret); - XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_FreeRsaKey(&key); - return ret; - } + /* verify the RSA signature */ + ret = wc_RsaSSL_Verify(sig, sigSz, outBuf, (word32)outBufSz, &key); + if (ret < 0) { + wolfCLU_LogError("Failed to verify data with pub key.\nRET: %d", ret); + } - /* write the output to the specified file */ - XFILE s = XFOPEN(out, "wb"); - if (s == NULL) { - wolfCLU_LogError("Unable to open file %s", out); - ret = BAD_FUNC_ARG; - } - else { - XFWRITE(outBuf, 1, ret, s); - XFCLOSE(s); + /* write the output to the specified file */ + XFILE s = XFOPEN(out, "wb"); + if (s == NULL) { + wolfCLU_LogError("Unable to open file %s", out); + ret = BAD_FUNC_ARG; + } + else { + XFWRITE(outBuf, 1, ret, s); + XFCLOSE(s); + } } /* Cleanup allocated resources */ + XFCLOSE(keyPathFile); + if (outBuf != NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } @@ -393,7 +379,7 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, int stat = 0; word32 index = 0; - XFILE keyPathFile; + XFILE keyPathFile = NULL; ecc_key key; byte* keyBuf = NULL; byte* outBuf = NULL; @@ -405,39 +391,34 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, ret = wc_ecc_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ecc key.\nRet: %d", ret); - XFREE(&key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } /* open, read, and store Ecc key */ - keyPathFile = XFOPEN(keyPath, "rb"); - if (keyPathFile == NULL) { - wolfCLU_LogError("unable to open file %s", keyPath); - return BAD_FUNC_ARG; - } - - XFSEEK(keyPathFile, 0, SEEK_END); - keyFileSz = (int)XFTELL(keyPathFile); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(keyPathFile); - return MEMORY_E; + if (ret == 0) { + keyPathFile = XFOPEN(keyPath, "rb"); + if (keyPathFile == NULL) { + wolfCLU_LogError("unable to open file %s", keyPath); + ret = BAD_FUNC_ARG; + } } - - if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || - (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + XFSEEK(keyPathFile, 0, SEEK_END); + keyFileSz = (int)XFTELL(keyPathFile); + keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + ret = WOLFCLU_FATAL_ERROR; + } } - XFCLOSE(keyPathFile); /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } else { keyFileSz = ret; @@ -447,59 +428,64 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, if (pubIn == 1) { /* retrieve public key and store in the Ecc key */ - ret = wc_EccPublicKeyDecode(keyBuf, &index, &key, keyFileSz); - if (ret < 0 ) { - wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + if (ret == 0) { + ret = wc_EccPublicKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret < 0 ) { + wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); + } } - } else { /* retrieve private key and store in the Ecc Key */ - ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, keyFileSz); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != 0 ) { - wolfCLU_LogError("Failed to decode Ecc private key.\nRET: %d", ret); - wc_ecc_free(&key); - return ret; + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret != 0 ) { + wolfCLU_LogError("Failed to decode Ecc private key.\nRET: %d", ret); + } } } /* setting up output buffer based on key size */ - outBufSz = wc_ecc_sig_size(&key); - if (outBufSz <= 0) { - wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); - wc_ecc_free(&key); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + outBufSz = wc_ecc_sig_size(&key); + if (outBufSz <= 0) { + wolfCLU_LogError("Invalid output buffer size: %d", outBufSz); + ret = WOLFCLU_FATAL_ERROR; + } } - outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (outBuf == NULL) { - wolfCLU_LogError("Failed to malloc output buffer"); - wc_ecc_free(&key); - return MEMORY_E; + if (ret == 0) { + outBuf = (byte*)XMALLOC(outBufSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (outBuf == NULL) { + ret = MEMORY_E; + } } - XMEMSET(outBuf, 0, outBufSz); + if (ret == 0) { + XMEMSET(outBuf, 0, outBufSz); - /* verify data with Ecc public key */ - ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &stat, &key); - if (ret < 0) { - wolfCLU_LogError("Failed to verify data with Ecc public key.\nRET: %d", ret); - return ret; - } - else if (stat == 1) { - WOLFCLU_LOG(WOLFCLU_L0, "Valid Signature."); - } - else { - wolfCLU_LogError("Invalid Signature."); + /* verify data with Ecc public key */ + ret = wc_ecc_verify_hash(sig, sigSz, hash, hashSz, &stat, &key); + if (ret < 0) { + wolfCLU_LogError("Failed to verify data with pub key.\nRET: %d", ret); + } + else if (stat == 1) { + WOLFCLU_LOG(WOLFCLU_L0, "Valid Signature."); + } + else { + wolfCLU_LogError("Invalid Signature."); + } } - /* Cleanup allocated resources */ + /* cleanup allocated resources */ + XFCLOSE(keyPathFile); + if (outBuf != NULL) { XFREE(outBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } + if (keyBuf != NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } - wc_ecc_free(&key); + wc_ecc_free(&key); /* expected ret == WOLFCLU_SUCCESS */ return (ret >= 0) ? WOLFCLU_SUCCESS : ret; @@ -517,13 +503,13 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, word32 index = 0; int keyFileSz = 0; - XFILE keyPathFile; + XFILE keyPathFile = NULL; ed25519_key key; byte* keyBuf = (byte*)XMALLOC(ED25519_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { wolfCLU_LogError("malloc failed"); - return MEMORY_E; + ret = MEMORY_E; } XMEMSET(&key, 0, sizeof(key)); @@ -533,41 +519,34 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, ret = wc_ed25519_init(&key); if (ret != 0) { wolfCLU_LogError("Failed to initialize ED25519 key.\nRet: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } /* open, read, and store ED25519 key */ - keyPathFile = XFOPEN(keyPath, "rb"); - if (keyPathFile == NULL) { - wolfCLU_LogError("unable to open file %s", keyPath); - return BAD_FUNC_ARG; - } - - XFSEEK(keyPathFile, 0, SEEK_END); - keyFileSz = (int)XFTELL(keyPathFile); - XFSEEK(keyPathFile, 0, SEEK_SET); - - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - XFCLOSE(keyPathFile); - return MEMORY_E; + if (ret == 0) { + keyPathFile = XFOPEN(keyPath, "rb"); + if (keyPathFile == NULL) { + wolfCLU_LogError("unable to open file %s", keyPath); + ret = BAD_FUNC_ARG; + } } - - if ((int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { - XFCLOSE(keyPathFile); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFCLU_FATAL_ERROR; + if (ret == 0) { + XFSEEK(keyPathFile, 0, SEEK_END); + keyFileSz = (int)XFTELL(keyPathFile); + XFSEEK(keyPathFile, 0, SEEK_SET); + keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (keyBuf == NULL) { + ret = MEMORY_E; + } + else if ((int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + ret = WOLFCLU_FATAL_ERROR; + } } - XFCLOSE(keyPathFile); /* convert PEM to DER if necessary */ - if (inForm == PEM_FORM) { + if (inForm == PEM_FORM && ret == 0) { ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } else { keyFileSz = ret; @@ -577,11 +556,11 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, if (pubIn == 1) { /* decode public key from DER-encoded input */ - ret = wc_Ed25519PublicKeyDecode(keyBuf, &index, &key, keyFileSz); - if (ret != 0) { - wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + if (ret == 0) { + ret = wc_Ed25519PublicKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); + } } } else { @@ -593,35 +572,40 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, ret = 0; } else { - wolfCLU_LogError("Failed to verify data with ed25519 public key.\nRET: %d", ret); - return ret; + wolfCLU_LogError("Failed to verify data with pub key.\nRET: %d", ret); } } /* decode public key */ - ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); - if (ret != 0) { - wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - return ret; + if (ret == 0) { + ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); + if (ret != 0) { + wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); + } } } /* verify data with ED25519 public key */ - ret = wc_ed25519_verify_msg(sig, sigSz, hash, hashSz, &stat, &key); - if (ret < 0) { - wolfCLU_LogError("Failed to verify data with ED25519 public key.\nRET: %d", ret); - return ret; - } - else if (stat == 1) { - WOLFCLU_LOG(WOLFCLU_L0, "Valid Signature."); + if (ret == 0) { + ret = wc_ed25519_verify_msg(sig, sigSz, hash, hashSz, &stat, &key); + if (ret < 0) { + wolfCLU_LogError("Failed to verify data with ED25519 public key.\nRET: %d", ret); + } + else if (stat == 1) { + WOLFCLU_LOG(WOLFCLU_L0, "Valid Signature."); + } + else { + wolfCLU_LogError("Invalid Signature."); + } } - else { - wolfCLU_LogError("Invalid Signature."); + + /* cleanup allocated resources */ + XFCLOSE(keyPathFile); + + if (keyBuf != NULL) { + XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } - /* Cleanup allocated resources */ - XFREE(keyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_ed25519_free(&key); /* expected ret == WOLFCLU_SUCCESS */ From ed84f56edb5508d880a2e995ec68a493aa0ff190 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Wed, 7 Aug 2024 16:29:49 -0700 Subject: [PATCH 5/8] test fix - `finalOutFm` may be uninitialized --- src/genkey/clu_genkey.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 08c4141f..45716ed2 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -49,7 +49,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) word32 pubKeySz; /* size of public key */ #endif ed25519_key edKeyOut; /* the ed25519 key structure */ - char* finalOutFNm; /* file name + append */ + char* finalOutFNm = NULL; /* file name + append */ XFILE file = NULL; /* file stream */ byte* derBuf = NULL; /* buffer for DER format */ byte* pemBuf = NULL; /* buffer for PEM format */ @@ -748,19 +748,19 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int keySz, long exp) { #ifndef NO_RSA - RsaKey key; /* the RSA key structure */ - XFILE file = NULL; /* file stream */ - int ret = WOLFCLU_SUCCESS; /* return value */ - int fNameSz; /* file name without append */ - int fExtSz = 6; /* # of bytes to append to file name */ - char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ - char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ - char* fOutNameBuf = NULL; /* file name + fExt */ - int flagOutputPub = 0; /* set if outputting both priv/pub */ - byte* derBuf = NULL; /* buffer for DER format */ - byte* pemBuf = NULL; /* buffer for PEM format */ - int derBufSz = -1; /* size of DER buffer */ - int pemBufSz = 0; /* size of PEM buffer */ + RsaKey key; /* the RSA key structure */ + XFILE file = NULL; /* file stream */ + int ret = WOLFCLU_SUCCESS; /* return value */ + int fNameSz; /* file name without append */ + int fExtSz = 6; /* # of bytes to append to file name */ + char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ + char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ + char* fOutNameBuf = NULL; /* file name + fExt */ + int flagOutputPub = 0; /* set if outputting both priv/pub */ + byte* derBuf = NULL; /* buffer for DER format */ + byte* pemBuf = NULL; /* buffer for PEM format */ + int derBufSz = -1; /* size of DER buffer */ + int pemBufSz = 0; /* size of PEM buffer */ WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fName); fNameSz = (int)XSTRLEN(fName); From 027687a0103f84b3899cb997f5264202626ccf2f Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 8 Aug 2024 10:22:25 -0700 Subject: [PATCH 6/8] fix warnings - disable possible NULL pointer --- src/genkey/clu_genkey.c | 48 ++++++++++++------- tests/genkey_sign_ver/genkey-sign-ver-test.sh | 26 +++++----- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 45716ed2..afe50908 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -56,10 +56,6 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) int derSz; /* size of DER buffer */ int pemSz; /* size of PEM buffer */ - - WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fOutNm); - fOutNmSz = (int)XSTRLEN(fOutNm); - /* initialize ed25519 key */ ret = wc_ed25519_init(&edKeyOut); if (ret != 0) { @@ -74,6 +70,16 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) } } + if (ret == 0) { + if (fOutNm == NULL) { + ret = BAD_FUNC_ARG; + } + else { + WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fOutNm); + fOutNmSz = (int)XSTRLEN(fOutNm); + } + } + #if 0 /* get key size */ privKeySz = wc_ed25519_priv_size(&edKeyOut); @@ -97,14 +103,15 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) DYNAMIC_TYPE_TMP_BUFFER); if (finalOutFNm == NULL) { ret = MEMORY_E; + } else { + /* get the first part of the file name setup */ + XMEMSET(finalOutFNm, 0, fOutNmSz + fOutNmAppendSz); + XMEMCPY(finalOutFNm, fOutNm, fOutNmSz); } - - /* get the first part of the file name setup */ - XMEMSET(finalOutFNm, 0, fOutNmSz + fOutNmAppendSz); - XMEMCPY(finalOutFNm, fOutNm, fOutNmSz); } - switch(directive) { + if (ret == 0) { + switch(directive) { case PRIV_AND_PUB_FILES: flagOutputPub = 1; @@ -215,6 +222,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = MEMORY_E; } } + /* convert Key to DER */ if (ret == 0) { derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, derBuf, derSz, 1); @@ -222,6 +230,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) ret = derSz; } } + if (ret != 0) break; @@ -264,6 +273,7 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) default: wolfCLU_LogError("Invalid directive"); ret = BAD_FUNC_ARG; + } /* switch */ } /* cleanup allocated resources */ @@ -752,7 +762,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int XFILE file = NULL; /* file stream */ int ret = WOLFCLU_SUCCESS; /* return value */ int fNameSz; /* file name without append */ - int fExtSz = 6; /* # of bytes to append to file name */ + int fExtSz = 6; /* number of bytes to append to file name */ char fExtPriv[6] = ".priv\0"; /* last part of the priv file name */ char fExtPub[6] = ".pub\0\0"; /* last part of the pub file name*/ char* fOutNameBuf = NULL; /* file name + fExt */ @@ -762,12 +772,12 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int int derBufSz = -1; /* size of DER buffer */ int pemBufSz = 0; /* size of PEM buffer */ - WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fName); - fNameSz = (int)XSTRLEN(fName); - if (rng == NULL || fName == NULL) return BAD_FUNC_ARG; + WOLFCLU_LOG(WOLFCLU_L0, "fOutNm = %s", fName); + fNameSz = (int)XSTRLEN(fName); + /* init RSA key */ if (wc_InitRsaKey(&key, HEAP_HINT) != 0) { return WOLFCLU_FAILURE; @@ -786,12 +796,15 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int wc_FreeRsaKey(&key); return MEMORY_E; } + else { + /* get the first part of the file name setup */ + XMEMSET(fOutNameBuf, 0, fNameSz + fExtSz); + XMEMCPY(fOutNameBuf, fName, fNameSz); - /* get the first part of the file name setup */ - XMEMSET(fOutNameBuf, 0, fNameSz + fExtSz); - XMEMCPY(fOutNameBuf, fName, fNameSz); + } - switch (directive) { + if (ret == WOLFCLU_SUCCESS) { + switch (directive) { case PRIV_AND_PUB_FILES: flagOutputPub = 1; @@ -953,6 +966,7 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int default: wolfCLU_LogError("Invalid directive"); ret = BAD_FUNC_ARG; + } /* switch */ } if (file != NULL) { diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh index 8b600384..c4c30b35 100755 --- a/tests/genkey_sign_ver/genkey-sign-ver-test.sh +++ b/tests/genkey_sign_ver/genkey-sign-ver-test.sh @@ -156,23 +156,23 @@ VERIFYOUTNAME="rsa-sigout" gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} # TODO - raw support -ALGORITHM="ed25519" -KEYFILENAME="edkey" -SIGOUTNAME="ed-signed.sig" -DERPEMRAW="raw" +# ALGORITHM="ed25519" +# KEYFILENAME="edkey" +# SIGOUTNAME="ed-signed.sig" +# DERPEMRAW="raw" # gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} -ALGORITHM="ecc" -KEYFILENAME="ecckey" -SIGOUTNAME="ecc-signed.sig" -DERPEMRAW="raw" +# ALGORITHM="ecc" +# KEYFILENAME="ecckey" +# SIGOUTNAME="ecc-signed.sig" +# DERPEMRAW="raw" # gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} -ALGORITHM="rsa" -KEYFILENAME="rsakey" -SIGOUTNAME="rsa-signed.sig" -DERPEMRAW="raw" -VERIFYOUTNAME="rsa-sigout" +# ALGORITHM="rsa" +# KEYFILENAME="rsakey" +# SIGOUTNAME="rsa-signed.sig" +# DERPEMRAW="raw" +# VERIFYOUTNAME="rsa-sigout" # gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} From 32ba538084735c6fbab1e27716d7d61b9483d9f6 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 8 Aug 2024 13:45:11 -0700 Subject: [PATCH 7/8] refactor cleanup --- src/genkey/clu_genkey.c | 36 +++++++++++++++++++++----- src/sign-verify/clu_sign.c | 40 +++++++++++++++++------------ src/sign-verify/clu_verify.c | 47 +++++++++++++++++++--------------- wolfclu/sign-verify/clu_sign.h | 2 +- 4 files changed, 80 insertions(+), 45 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index afe50908..2408a7a5 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -193,6 +193,14 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) if (flagOutputPub == 0) { break; } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1 */ + + XFCLOSE(file); + file = NULL; + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pemBuf = NULL; + FALL_THROUGH; case PUB_ONLY_FILE: /* add on the final part of the file name ".pub" */ @@ -268,7 +276,6 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) if (ret != 0) { ret = OUTPUT_FILE_ERROR; } - XFCLOSE(file); break; default: wolfCLU_LogError("Invalid directive"); @@ -277,9 +284,9 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) } /* cleanup allocated resources */ - if (file != NULL) { - XFCLOSE(file); + if (finalOutFNm != NULL) { XFREE(finalOutFNm, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + finalOutFNm = NULL; } if (derBuf != NULL) { XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -287,6 +294,10 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) if (pemBuf != NULL) { XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } + if (file != NULL) { + XFCLOSE(file); + file = NULL; + } /* expected ret == WOLFCLU_SUCCESS */ return (ret >= 0) ? WOLFCLU_SUCCESS : ret; @@ -886,6 +897,14 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int if (flagOutputPub == 0) { break; } /* else fall through to PUB_ONLY_FILE if flagOutputPub == 1 */ + + XFCLOSE(file); + file = NULL; + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + pemBuf = NULL; + FALL_THROUGH; case PUB_ONLY_FILE: /* add on the final part of the file name ".pub" */ @@ -961,7 +980,6 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int if (ret != WOLFCLU_SUCCESS) { ret = OUTPUT_FILE_ERROR; } - XFCLOSE(file); break; default: wolfCLU_LogError("Invalid directive"); @@ -969,9 +987,10 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int } /* switch */ } - if (file != NULL) { - XFCLOSE(file); + /* cleanup allocated resources */ + if (fOutNameBuf != NULL) { XFREE(fOutNameBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + fOutNameBuf = NULL; } if (derBuf != NULL) { XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -979,6 +998,11 @@ int wolfCLU_genKey_RSA(WC_RNG* rng, char* fName, int directive, int fmt, int if (pemBuf != NULL) { XFREE(pemBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } + if (file != NULL) { + XFCLOSE(file); + file = NULL; + } + wc_FreeRsaKey(&key); return ret; diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index 2abfebfb..bf57e9e4 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -26,14 +26,13 @@ #ifndef WOLFCLU_NO_FILESYSTEM -int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { +int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pkeySz, int pubIn) { int ret = 0; byte* der = NULL; - const unsigned char* keyBuf = *pkeyBuf; if (pubIn == 0) { - ret = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, 0, NULL); + ret = wc_KeyPemToDer(keyBuf, pkeySz, NULL, 0, NULL); if (ret > 0) { int derSz = ret; der = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -41,8 +40,7 @@ int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { ret = MEMORY_E; } else { - ret = wc_KeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), der, - derSz, NULL); + ret = wc_KeyPemToDer(keyBuf, pkeySz, der, derSz, NULL); if (ret > 0) { /* replace incoming pkeyBuf with new der buf */ XFREE(*pkeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -56,7 +54,7 @@ int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { } } else { - ret = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), NULL, 0); + ret = wc_PubKeyPemToDer(keyBuf, pkeySz, NULL, 0); if (ret > 0) { int derSz = ret; der = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -64,8 +62,7 @@ int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn) { ret = MEMORY_E; } else { - ret = wc_PubKeyPemToDer(keyBuf, (int)XSTRLEN((char*)keyBuf), - der, derSz); + ret = wc_PubKeyPemToDer(keyBuf, pkeySz, der, derSz); if (ret > 0) { /* replace incoming pkeyBuf with new der buf */ XFREE(*pkeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -188,11 +185,14 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, if (ret == 0) { XFSEEK(privKeyFile, 0, SEEK_END); privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(privFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + } + if (ret == 0) { + XMEMSET(keyBuf, 0, privFileSz+1); + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { ret = WOLFCLU_FATAL_ERROR; } @@ -200,7 +200,7 @@ int wolfCLU_sign_data_rsa(byte* data, char* out, word32 dataSz, char* privKey, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + ret = wolfCLU_KeyPemToDer(&keyBuf, privFileSz, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } @@ -316,11 +316,14 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, if (ret == 0) { XFSEEK(privKeyFile, 0, SEEK_END); privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(privFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + } + if (ret == 0) { + XMEMSET(keyBuf, 0, privFileSz+1); + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { ret = WOLFCLU_FATAL_ERROR; } @@ -328,7 +331,7 @@ int wolfCLU_sign_data_ecc(byte* data, char* out, word32 fSz, char* privKey, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + ret = wolfCLU_KeyPemToDer(&keyBuf, privFileSz, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } @@ -437,11 +440,14 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, if (ret == 0) { XFSEEK(privKeyFile, 0, SEEK_END); privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(privFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + } + if (ret == 0) { + XMEMSET(keyBuf, 0, privFileSz+1); + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { ret = WOLFCLU_FATAL_ERROR; } @@ -449,7 +455,7 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + ret = wolfCLU_KeyPemToDer(&keyBuf, privFileSz, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 2b5e2667..31557605 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -58,20 +58,22 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* if (ret == 0) { XFSEEK(privKeyFile, 0, SEEK_END); privFileSz = (int)XFTELL(privKeyFile); - keyBuf = (byte*)XMALLOC(privFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(privFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || + } + if (ret == 0) { + XMEMSET(keyBuf, 0, privFileSz+1); + if (XFSEEK(privKeyFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, privFileSz, privKeyFile) != privFileSz) { - XFCLOSE(privKeyFile); ret = WOLFCLU_FATAL_ERROR; } } /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, 0); + ret = wolfCLU_KeyPemToDer(&keyBuf, privFileSz, 0); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } @@ -274,11 +276,14 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, if (ret == 0) { XFSEEK(keyPathFile, 0, SEEK_END); keyFileSz = (int)XFTELL(keyPathFile); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(keyFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + } + if (ret == 0) { + XMEMSET(keyBuf, 0, keyFileSz+1); + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { ret = WOLFCLU_FATAL_ERROR; } @@ -286,7 +291,7 @@ int wolfCLU_verify_signature_rsa(byte* sig, char* out, int sigSz, char* keyPath, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + ret = wolfCLU_KeyPemToDer(&keyBuf, keyFileSz, pubIn); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } @@ -404,11 +409,14 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, if (ret == 0) { XFSEEK(keyPathFile, 0, SEEK_END); keyFileSz = (int)XFTELL(keyPathFile); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(keyFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + } + if (ret == 0) { + XMEMSET(keyBuf, 0, keyFileSz+1); + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { ret = WOLFCLU_FATAL_ERROR; } @@ -416,7 +424,7 @@ int wolfCLU_verify_signature_ecc(byte* sig, int sigSz, byte* hash, int hashSz, /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + ret = wolfCLU_KeyPemToDer(&keyBuf, keyFileSz, pubIn); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } @@ -505,15 +513,9 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, XFILE keyPathFile = NULL; ed25519_key key; - byte* keyBuf = (byte*)XMALLOC(ED25519_KEY_SIZE, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); - if (keyBuf == NULL) { - wolfCLU_LogError("malloc failed"); - ret = MEMORY_E; - } + byte* keyBuf = NULL; XMEMSET(&key, 0, sizeof(key)); - XMEMSET(keyBuf, 0, ED25519_KEY_SIZE); /* initialize ED25519 key */ ret = wc_ed25519_init(&key); @@ -532,19 +534,22 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, if (ret == 0) { XFSEEK(keyPathFile, 0, SEEK_END); keyFileSz = (int)XFTELL(keyPathFile); - XFSEEK(keyPathFile, 0, SEEK_SET); - keyBuf = (byte*)XMALLOC(keyFileSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + keyBuf = (byte*)XMALLOC(keyFileSz+1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (keyBuf == NULL) { ret = MEMORY_E; } - else if ((int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { + } + if (ret == 0) { + XMEMSET(keyBuf, 0, keyFileSz+1); + if (XFSEEK(keyPathFile, 0, SEEK_SET) != 0 || + (int)XFREAD(keyBuf, 1, keyFileSz, keyPathFile) != keyFileSz) { ret = WOLFCLU_FATAL_ERROR; } } /* convert PEM to DER if necessary */ if (inForm == PEM_FORM && ret == 0) { - ret = wolfCLU_KeyPemToDer(&keyBuf, pubIn); + ret = wolfCLU_KeyPemToDer(&keyBuf, keyFileSz, pubIn); if (ret < 0) { wolfCLU_LogError("Failed to convert PEM to DER.\nRET: %d", ret); } diff --git a/wolfclu/sign-verify/clu_sign.h b/wolfclu/sign-verify/clu_sign.h index cf041793..d7dac5de 100644 --- a/wolfclu/sign-verify/clu_sign.h +++ b/wolfclu/sign-verify/clu_sign.h @@ -46,5 +46,5 @@ int wolfCLU_sign_data_rsa(byte*, char*, word32, char*, int); int wolfCLU_sign_data_ecc(byte*, char*, word32, char*, int); int wolfCLU_sign_data_ed25519(byte*, char*, word32, char*, int); -int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pubIn); +int wolfCLU_KeyPemToDer(unsigned char** pkeyBuf, int pkeySz, int pubIn); From 625022dfb94d9ad583efeb16b24abb8899a12cc6 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 8 Aug 2024 16:22:21 -0700 Subject: [PATCH 8/8] ed25519 raw support genkey, sign, and verify --- src/genkey/clu_genkey.c | 218 ++++++++++-------- src/genkey/clu_genkey_setup.c | 8 +- src/sign-verify/clu_sign.c | 30 ++- src/sign-verify/clu_verify.c | 45 ++-- src/tools/clu_funcs.c | 14 +- tests/genkey_sign_ver/genkey-sign-ver-test.sh | 27 +-- wolfclu/x509/clu_cert.h | 1 + 7 files changed, 189 insertions(+), 154 deletions(-) diff --git a/src/genkey/clu_genkey.c b/src/genkey/clu_genkey.c index 2408a7a5..add1a9a8 100644 --- a/src/genkey/clu_genkey.c +++ b/src/genkey/clu_genkey.c @@ -42,12 +42,10 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) int flagOutputPub = 0; /* set if outputting both priv/pub */ char privAppend[6] = ".priv\0"; /* last part of the priv file name */ char pubAppend[6] = ".pub\0\0"; /* last part of the pub file name*/ -#if 0 byte privKeyBuf[ED25519_KEY_SIZE*2]; /* will hold public & private parts */ byte pubKeyBuf[ED25519_KEY_SIZE]; /* holds just the public key part */ word32 privKeySz; /* size of private key */ word32 pubKeySz; /* size of public key */ -#endif ed25519_key edKeyOut; /* the ed25519 key structure */ char* finalOutFNm = NULL; /* file name + append */ XFILE file = NULL; /* file stream */ @@ -80,22 +78,20 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) } } -#if 0 - /* get key size */ - privKeySz = wc_ed25519_priv_size(&edKeyOut); - if (privKeySz <= 0) - return WC_KEY_SIZE_E; + if (format == RAW_FORM && ret == 0) { + /* get key size */ + privKeySz = wc_ed25519_priv_size(&edKeyOut); + if (privKeySz <= 0) + ret = WC_KEY_SIZE_E; - pubKeySz = wc_ed25519_pub_size(&edKeyOut); - if (pubKeySz <= 0) - return WC_KEY_SIZE_E; + pubKeySz = wc_ed25519_pub_size(&edKeyOut); + if (pubKeySz <= 0) + ret = WC_KEY_SIZE_E; - /* export keys to buffers */ - ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz, pubKeyBuf, - &pubKeySz); - if (ret != 0) - return ret; -#endif + /* export keys to buffers */ + ret = wc_ed25519_export_key(&edKeyOut, privKeyBuf, &privKeySz, + pubKeyBuf, &pubKeySz); + } /* set up the file name output buffer */ if (ret == 0) { @@ -130,60 +126,70 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) } } - /* determine size for buffer */ - if (ret == 0) { - derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, NULL, 0); - if (derSz <= 0) { - ret = MEMORY_E; + /* write RAW format to the file */ + if (format == RAW_FORM && ret == 0) { + if (XFWRITE(privKeyBuf, 1, privKeySz, file) != privKeySz) { + ret = OUTPUT_FILE_ERROR; } } - - /* allocate DER buffer */ - if (ret == 0) { - derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - ret = MEMORY_E; + else { /* DER and PEM */ + /* determine size for buffer */ + if (ret == 0) { + derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, NULL, 0); + if (derSz <= 0) { + ret = MEMORY_E; + } } - } - /* convert Key to DER */ - if (ret == 0) { - derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, derBuf, derSz); - if (derSz < 0) { - ret = derSz; + /* allocate DER buffer */ + if (ret == 0) { + derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + ret = MEMORY_E; + } } - } - if (ret != 0) - break; - /* convert DER to PEM if necessary */ - if (format == PEM_FORM) { + /* convert Key to DER */ if (ret == 0) { - pemSz = wolfCLU_KeyDerToPem(derBuf, derSz, &pemBuf, PRIVATEKEY_TYPE, - DYNAMIC_TYPE_TMP_BUFFER); - if (pemSz < 0) { - ret = pemSz; + derSz = wc_Ed25519PrivateKeyToDer(&edKeyOut, derBuf, derSz); + if (derSz < 0) { + ret = derSz; } } - if (ret == 0) { - ret = (int)XFWRITE(pemBuf, 1, pemSz, file); - if (ret != pemSz) { - ret = OUTPUT_FILE_ERROR; + if (ret != 0) + break; + + /* convert DER to PEM if necessary */ + if (format == PEM_FORM) { + if (ret == 0) { + pemSz = wolfCLU_KeyDerToPem(derBuf, derSz, &pemBuf, + PRIVATEKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER); + if (pemSz < 0) { + ret = pemSz; + } } - else { - ret = 0; + /* write PEM format to the file */ + if (ret == 0) { + ret = (int)XFWRITE(pemBuf, 1, pemSz, file); + if (ret != pemSz) { + ret = OUTPUT_FILE_ERROR; + } + else { + ret = 0; + } } } - } - else { - /* write DER format to the file */ - if (ret == 0) { - ret = (int)XFWRITE(derBuf, 1, derSz, file); - if (ret != derSz) { - ret = OUTPUT_FILE_ERROR; - } - else { - ret = 0; + else { + /* write DER format to the file */ + if (ret == 0) { + ret = (int)XFWRITE(derBuf, 1, derSz, file); + if (ret != derSz) { + ret = OUTPUT_FILE_ERROR; + } + else { + ret = 0; + } } } } @@ -215,60 +221,70 @@ int wolfCLU_genKey_ED25519(WC_RNG* rng, char* fOutNm, int directive, int format) } } - /* determine size for buffer */ - if (ret == 0) { - derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, NULL, 0, 1); - if (derSz <= 0) { - ret = MEMORY_E; - } - } - - /* allocate DER buffer */ - if (ret == 0) { - derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - ret = MEMORY_E; + /* write RAW format to the file */ + if (format == RAW_FORM && ret == 0) { + if (XFWRITE(pubKeyBuf, 1, pubKeySz, file) != pubKeySz) { + ret = OUTPUT_FILE_ERROR; } } - - /* convert Key to DER */ - if (ret == 0) { - derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, derBuf, derSz, 1); - if (derSz < 0) { - ret = derSz; + else { /* DER and PEM */ + /* determine size for buffer */ + if (ret == 0) { + derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, NULL, 0, 1); + if (derSz <= 0) { + ret = MEMORY_E; + } } - } - - if (ret != 0) - break; - /* convert DER to PEM if necessary */ - if (format == PEM_FORM) { + /* allocate DER buffer */ if (ret == 0) { - pemSz = wolfCLU_KeyDerToPem(derBuf, derSz, &pemBuf, PUBLICKEY_TYPE, - DYNAMIC_TYPE_TMP_BUFFER); - if (pemSz < 0) { - ret = pemSz; + derBuf = (byte*)XMALLOC(derSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + ret = MEMORY_E; } } + + /* convert Key to DER */ if (ret == 0) { - ret = (int)XFWRITE(pemBuf, 1, pemSz, file); - if (ret != pemSz) { - ret = OUTPUT_FILE_ERROR; - } else { - ret = 0; + derSz = wc_Ed25519PublicKeyToDer(&edKeyOut, derBuf, derSz, 1); + if (derSz < 0) { + ret = derSz; } } - } - else { - /* write DER format to the file */ - if (ret == 0) { - ret = (int)XFWRITE(derBuf, 1, derSz, file); - if (ret != derSz) { - ret = OUTPUT_FILE_ERROR; + + if (ret != 0) + break; + + /* convert DER to PEM if necessary */ + if (format == PEM_FORM) { + if (ret == 0) { + pemSz = wolfCLU_KeyDerToPem(derBuf, derSz, &pemBuf, + PUBLICKEY_TYPE, DYNAMIC_TYPE_TMP_BUFFER); + if (pemSz < 0) { + ret = pemSz; + } } - else { - ret = 0; + /* write PEM format to the file */ + if (ret == 0) { + ret = (int)XFWRITE(pemBuf, 1, pemSz, file); + if (ret != pemSz) { + ret = OUTPUT_FILE_ERROR; + } else { + ret = 0; + } + } + } + else { + /* write DER format to the file */ + if (ret == 0) { + ret = (int)XFWRITE(derBuf, 1, derSz, file); + if (ret != derSz) { + ret = OUTPUT_FILE_ERROR; + } + else { + ret = 0; + } } } } diff --git a/src/genkey/clu_genkey_setup.c b/src/genkey/clu_genkey_setup.c index 644f1b26..957062d3 100644 --- a/src/genkey/clu_genkey_setup.c +++ b/src/genkey/clu_genkey_setup.c @@ -79,8 +79,12 @@ int wolfCLU_genKeySetup(int argc, char** argv) format = argv[ret+1]; } ret = wolfCLU_checkOutform(format); - if (ret == PEM_FORM || ret == DER_FORM) { - WOLFCLU_LOG(WOLFCLU_L0, "OUTPUT A %s FILE", (ret == PEM_FORM)? "PEM": "DER"); + if (ret == PEM_FORM || ret == DER_FORM || ret == RAW_FORM) { + const char* formatStr = (ret == PEM_FORM) ? "PEM" : + (ret == DER_FORM) ? "DER" : + "RAW"; + + WOLFCLU_LOG(WOLFCLU_L0, "OUTPUT A %s FILE", formatStr); formatArg = ret; } else { diff --git a/src/sign-verify/clu_sign.c b/src/sign-verify/clu_sign.c index bf57e9e4..bc11ee15 100644 --- a/src/sign-verify/clu_sign.c +++ b/src/sign-verify/clu_sign.c @@ -465,18 +465,30 @@ int wolfCLU_sign_data_ed25519 (byte* data, char* out, word32 fSz, char* privKey, } } - /* decode the private key from the DER-encoded input */ - if (ret == 0) { - ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); + /* retrieve RAW private key and store in the ED25519 Key */ + if (inForm == RAW_FORM && ret == 0) { + ret = wc_ed25519_import_private_key(keyBuf, + ED25519_KEY_SIZE, + keyBuf + ED25519_KEY_SIZE, + ED25519_KEY_SIZE, &key); + if (ret != 0 ) { + wolfCLU_LogError("Failed to import RAW private key.\nRET: %d", ret); + } + } + else { + /* decode the private key from the DER-encoded input */ if (ret == 0) { - /* Calculate the public key */ - ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, privFileSz); if (ret == 0) { - key.pubKeySet = 1; + /* Calculate the public key */ + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; + } + } + else { + wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } - } - else { - wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } } diff --git a/src/sign-verify/clu_verify.c b/src/sign-verify/clu_verify.c index 31557605..351547e0 100644 --- a/src/sign-verify/clu_verify.c +++ b/src/sign-verify/clu_verify.c @@ -27,6 +27,7 @@ * and ED25519_SIG_VER */ #ifndef WOLFCLU_NO_FILESYSTEM +# if 0 static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* outBuf, word32 outLen) { @@ -129,7 +130,7 @@ static int wolfCLU_generate_public_key_ed25519(char* privKey, int inForm, byte* return NOT_COMPILED_IN; #endif } - +#endif int wolfCLU_verify_signature(char* sig, char* hashFile, char* out, char* keyPath, int keyType, int pubIn, @@ -559,33 +560,45 @@ int wolfCLU_verify_signature_ed25519(byte* sig, int sigSz, } } - if (pubIn == 1) { + if (pubIn == 1 && ret == 0) { + /* decode public key from RAW-encoded input */ + if (inForm == RAW_FORM) { + ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); + if (ret != 0) { + wolfCLU_LogError("Failed to import raw public key.\nRET: %d", ret); + } + } /* decode public key from DER-encoded input */ - if (ret == 0) { + else { ret = wc_Ed25519PublicKeyDecode(keyBuf, &index, &key, keyFileSz); if (ret != 0) { wolfCLU_LogError("Failed to decode public key from DER.\nRET: %d", ret); } } } - else { - /* derive public key from private key */ - if (ret == 0) { - ret = wolfCLU_generate_public_key_ed25519(keyPath, inForm, keyBuf, - ED25519_KEY_SIZE); - if (ret == WOLFCLU_SUCCESS) { - ret = 0; + else if (ret == 0) { + /* handle private key decoding and public key derivation */ + if (inForm == RAW_FORM) { + ret = wc_ed25519_import_private_key(keyBuf, + ED25519_KEY_SIZE, + keyBuf + ED25519_KEY_SIZE, + ED25519_KEY_SIZE, &key); + if (ret < 0) { + wolfCLU_LogError("Failed to decode private key.\nRET: %d", ret); } - else { - wolfCLU_LogError("Failed to verify data with pub key.\nRET: %d", ret); + } + else { + ret = wc_Ed25519PrivateKeyDecode(keyBuf, &index, &key, keyFileSz); + if (ret != 0) { + wolfCLU_LogError("Failed to import private key.\nRET: %d", ret); } } - /* decode public key */ + /* calculate the public key */ if (ret == 0) { - ret = wc_ed25519_import_public(keyBuf, ED25519_KEY_SIZE, &key); - if (ret != 0) { - wolfCLU_LogError("Failed to decode public key.\nRET: %d", ret); + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; } } } diff --git a/src/tools/clu_funcs.c b/src/tools/clu_funcs.c index d1c93b07..95f82b37 100644 --- a/src/tools/clu_funcs.c +++ b/src/tools/clu_funcs.c @@ -1098,7 +1098,7 @@ int wolfCLU_checkForArg(const char* searchTerm, int length, int argc, int wolfCLU_checkOutform(char* outform) { if (outform == NULL) { - WOLFCLU_LOG(WOLFCLU_L0, "Usage: -outform [PEM/DER]"); + WOLFCLU_LOG(WOLFCLU_L0, "Usage: -outform [PEM/DER/RAW]"); WOLFCLU_LOG(WOLFCLU_L0, "missing outform required argument"); return USER_INPUT_ERROR; } @@ -1110,8 +1110,11 @@ int wolfCLU_checkOutform(char* outform) else if (XSTRNCMP(outform, "der", 3) == 0) { return DER_FORM; } + else if (XSTRNCMP(outform, "raw", 3) == 0) { + return RAW_FORM; + } else { - WOLFCLU_LOG(WOLFCLU_L0, "Usage: -outform [PEM/DER]"); + WOLFCLU_LOG(WOLFCLU_L0, "Usage: -outform [PEM/DER/RAW]"); WOLFCLU_LOG(WOLFCLU_L0, "\"%s\" is not a valid output format", outform); } return USER_INPUT_ERROR; @@ -1120,7 +1123,7 @@ int wolfCLU_checkOutform(char* outform) int wolfCLU_checkInform(char* inform) { if (inform == NULL) { - WOLFCLU_LOG(WOLFCLU_L0, "Usage: -inform [PEM/DER]"); + WOLFCLU_LOG(WOLFCLU_L0, "Usage: -inform [PEM/DER/RAW]"); WOLFCLU_LOG(WOLFCLU_L0, "missing inform required argument"); return USER_INPUT_ERROR; } @@ -1132,8 +1135,11 @@ int wolfCLU_checkInform(char* inform) else if (XSTRNCMP(inform, "der", 3) == 0) { return DER_FORM; } + else if (XSTRNCMP(inform, "raw", 3) == 0) { + return RAW_FORM; + } else { - WOLFCLU_LOG(WOLFCLU_L0, "Usage: -inform [PEM/DER]"); + WOLFCLU_LOG(WOLFCLU_L0, "Usage: -inform [PEM/DER/RAW]"); WOLFCLU_LOG(WOLFCLU_L0, "\"%s\" is not a valid input format", inform); } return USER_INPUT_ERROR; diff --git a/tests/genkey_sign_ver/genkey-sign-ver-test.sh b/tests/genkey_sign_ver/genkey-sign-ver-test.sh index c4c30b35..b869d8ae 100755 --- a/tests/genkey_sign_ver/genkey-sign-ver-test.sh +++ b/tests/genkey_sign_ver/genkey-sign-ver-test.sh @@ -23,8 +23,6 @@ #/ # -set -x - # Skip test if filesystem disabled FILESYSTEM=`cat config.log | grep "disable\-filesystem"` if [ "$FILESYSTEM" != "" ] @@ -155,25 +153,10 @@ DERPEMRAW="pem" VERIFYOUTNAME="rsa-sigout" gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} -# TODO - raw support -# ALGORITHM="ed25519" -# KEYFILENAME="edkey" -# SIGOUTNAME="ed-signed.sig" -# DERPEMRAW="raw" -# gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} - -# ALGORITHM="ecc" -# KEYFILENAME="ecckey" -# SIGOUTNAME="ecc-signed.sig" -# DERPEMRAW="raw" -# gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} - -# ALGORITHM="rsa" -# KEYFILENAME="rsakey" -# SIGOUTNAME="rsa-signed.sig" -# DERPEMRAW="raw" -# VERIFYOUTNAME="rsa-sigout" -# gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} ${VERIFYOUTNAME} - +ALGORITHM="ed25519" +KEYFILENAME="edkey" +SIGOUTNAME="ed-signed.sig" +DERPEMRAW="raw" +gen_key_sign_ver_test ${ALGORITHM} ${KEYFILENAME} ${SIGOUTNAME} ${DERPEMRAW} exit 0 diff --git a/wolfclu/x509/clu_cert.h b/wolfclu/x509/clu_cert.h index feda6371..79f5fee3 100644 --- a/wolfclu/x509/clu_cert.h +++ b/wolfclu/x509/clu_cert.h @@ -24,6 +24,7 @@ #define PEM_FORM 1 #define DER_FORM 2 +#define RAW_FORM 3 /* handles incoming arguments for certificate generation */ int wolfCLU_certSetup(int argc, char** argv);