1 /*
2 * Example ECDSA program
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "mbedtls/build_info.h"
21
22 #if defined(MBEDTLS_PLATFORM_C)
23 #include "mbedtls/platform.h"
24 #else
25 #include <stdio.h>
26 #include <stdlib.h>
27 #define mbedtls_printf printf
28 #define mbedtls_exit exit
29 #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
30 #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
31 #endif /* MBEDTLS_PLATFORM_C */
32
33 #if defined(MBEDTLS_ECDSA_C) && \
34 defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
35 #include "mbedtls/entropy.h"
36 #include "mbedtls/ctr_drbg.h"
37 #include "mbedtls/ecdsa.h"
38 #include "mbedtls/sha256.h"
39
40 #include <string.h>
41 #endif
42
43 /*
44 * Uncomment to show key and signature details
45 */
46 #define VERBOSE
47
48 /*
49 * Uncomment to force use of a specific curve
50 */
51 #define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
52
53 #if !defined(ECPARAMS)
54 #define ECPARAMS mbedtls_ecp_curve_list()->grp_id
55 #endif
56
57 #if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
58 !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
main(void)59 int main( void )
60 {
61 mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
62 "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
63 mbedtls_exit( 0 );
64 }
65 #else
66 #if defined(VERBOSE)
dump_buf(const char * title,unsigned char * buf,size_t len)67 static void dump_buf( const char *title, unsigned char *buf, size_t len )
68 {
69 size_t i;
70
71 mbedtls_printf( "%s", title );
72 for( i = 0; i < len; i++ )
73 mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
74 "0123456789ABCDEF" [buf[i] % 16] );
75 mbedtls_printf( "\n" );
76 }
77
dump_pubkey(const char * title,mbedtls_ecdsa_context * key)78 static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
79 {
80 unsigned char buf[300];
81 size_t len;
82
83 if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
84 MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
85 {
86 mbedtls_printf("internal error\n");
87 return;
88 }
89
90 dump_buf( title, buf, len );
91 }
92 #else
93 #define dump_buf( a, b, c )
94 #define dump_pubkey( a, b )
95 #endif
96
97
main(int argc,char * argv[])98 int main( int argc, char *argv[] )
99 {
100 int ret = 1;
101 int exit_code = MBEDTLS_EXIT_FAILURE;
102 mbedtls_ecdsa_context ctx_sign, ctx_verify;
103 mbedtls_entropy_context entropy;
104 mbedtls_ctr_drbg_context ctr_drbg;
105 unsigned char message[100];
106 unsigned char hash[32];
107 unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
108 size_t sig_len;
109 const char *pers = "ecdsa";
110 ((void) argv);
111
112 mbedtls_ecdsa_init( &ctx_sign );
113 mbedtls_ecdsa_init( &ctx_verify );
114 mbedtls_ctr_drbg_init( &ctr_drbg );
115
116 memset( sig, 0, sizeof( sig ) );
117 memset( message, 0x25, sizeof( message ) );
118
119 if( argc != 1 )
120 {
121 mbedtls_printf( "usage: ecdsa\n" );
122
123 #if defined(_WIN32)
124 mbedtls_printf( "\n" );
125 #endif
126
127 goto exit;
128 }
129
130 /*
131 * Generate a key pair for signing
132 */
133 mbedtls_printf( "\n . Seeding the random number generator..." );
134 fflush( stdout );
135
136 mbedtls_entropy_init( &entropy );
137 if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
138 (const unsigned char *) pers,
139 strlen( pers ) ) ) != 0 )
140 {
141 mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
142 goto exit;
143 }
144
145 mbedtls_printf( " ok\n . Generating key pair..." );
146 fflush( stdout );
147
148 if( ( ret = mbedtls_ecdsa_genkey( &ctx_sign, ECPARAMS,
149 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
150 {
151 mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
152 goto exit;
153 }
154
155 mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits );
156
157 dump_pubkey( " + Public key: ", &ctx_sign );
158
159 /*
160 * Compute message hash
161 */
162 mbedtls_printf( " . Computing message hash..." );
163 fflush( stdout );
164
165 if( ( ret = mbedtls_sha256( message, sizeof( message ), hash, 0 ) ) != 0 )
166 {
167 mbedtls_printf( " failed\n ! mbedtls_sha256 returned %d\n", ret );
168 goto exit;
169 }
170
171 mbedtls_printf( " ok\n" );
172
173 dump_buf( " + Hash: ", hash, sizeof( hash ) );
174
175 /*
176 * Sign message hash
177 */
178 mbedtls_printf( " . Signing message hash..." );
179 fflush( stdout );
180
181 if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
182 hash, sizeof( hash ),
183 sig, sizeof( sig ), &sig_len,
184 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
185 {
186 mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
187 goto exit;
188 }
189 mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
190
191 dump_buf( " + Signature: ", sig, sig_len );
192
193 /*
194 * Transfer public information to verifying context
195 *
196 * We could use the same context for verification and signatures, but we
197 * chose to use a new one in order to make it clear that the verifying
198 * context only needs the public key (Q), and not the private key (d).
199 */
200 mbedtls_printf( " . Preparing verification context..." );
201 fflush( stdout );
202
203 if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 )
204 {
205 mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
206 goto exit;
207 }
208
209 if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 )
210 {
211 mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
212 goto exit;
213 }
214
215 /*
216 * Verify signature
217 */
218 mbedtls_printf( " ok\n . Verifying signature..." );
219 fflush( stdout );
220
221 if( ( ret = mbedtls_ecdsa_read_signature( &ctx_verify,
222 hash, sizeof( hash ),
223 sig, sig_len ) ) != 0 )
224 {
225 mbedtls_printf( " failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret );
226 goto exit;
227 }
228
229 mbedtls_printf( " ok\n" );
230
231 exit_code = MBEDTLS_EXIT_SUCCESS;
232
233 exit:
234
235 #if defined(_WIN32)
236 mbedtls_printf( " + Press Enter to exit this program.\n" );
237 fflush( stdout ); getchar();
238 #endif
239
240 mbedtls_ecdsa_free( &ctx_verify );
241 mbedtls_ecdsa_free( &ctx_sign );
242 mbedtls_ctr_drbg_free( &ctr_drbg );
243 mbedtls_entropy_free( &entropy );
244
245 mbedtls_exit( exit_code );
246 }
247 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
248 ECPARAMS */
249