Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign verify demo #14

Merged
merged 2 commits into from
Jul 6, 2020
Merged

Sign verify demo #14

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b2ad166
Finished sign-verify demo.
lundinc2 Jun 26, 2020
aaf539d
Added previous PR's feedback.
lundinc2 Jun 29, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Added previous PR's feedback.
  • Loading branch information
@lundinc2
lundinc2 committed Jul 6, 2020
commit aaf539d6fc640e244f2d580547c12cf6e5e88fc1
13 changes: 9 additions & 4 deletions FreeRTOS-Plus/Demo/FreeRTOS_Plus_PKCS11_Windows_Simulator/examples/objects.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@
/* RSA private key that has been generated off the device.
* This key will be used as an example for importing an object onto the device.
* This is useful when the device itself cannot create credentials.
*
* WARNING: This should never be done in production. This key is only hardcoded
* in this demo for demonstration purposes. It is a major security risk to add
* a private key as a constant, or in readable memory.
*/
#define pkcs11demo_RSA_PRIVATE_KEY \
"" \
Expand Down Expand Up @@ -126,7 +130,7 @@ void vPKCS11ObjectDemo( void )
configPRINTF( ( "\r\nFinished PKCS #11 Objects Demo.\r\n" ) );
}

static void prvObjectImporting()
static void prvObjectImporting( void )
{
configPRINTF( ( "---------Importing Objects---------\r\n" ) );
configPRINTF( ( "Importing RSA Private Key...\r\n" ) );
Expand Down Expand Up @@ -241,8 +245,6 @@ static void prvObjectImporting()

configPRINTF( ( "Creating private key with label: %s \r\n",
pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS ) );
configPRINTF( ( "FreeRTOS_P11_Key.dat has been created in the Visual Studio" \
" Solution directory\r\n" ) );

/* Once the Cryptoki library has finished importing the new RSA private key
* a CK_OBJECT_HANDLE is associated with it. The application can now use this
Expand All @@ -268,6 +270,9 @@ static void prvObjectImporting()
configASSERT( xResult == CKR_OK );
configASSERT( xPrivateKeyHandle != CK_INVALID_HANDLE );

configPRINTF( ( "FreeRTOS_P11_Key.dat has been created in the Visual Studio" \
" Solution directory\r\n" ) );

/* Clean up mbed TLS context that was used to parse the RSA key. */
mbedtls_pk_free( &xMbedPkContext );

Expand All @@ -276,7 +281,7 @@ static void prvObjectImporting()
configPRINTF( ( "---------Finished Importing Objects---------\r\n" ) );
}

static void prvObjectGeneration()
static void prvObjectGeneration( void )
{
configPRINTF( ( "---------Generating Objects---------\r\n" ) );

Expand Down
11 changes: 6 additions & 5 deletions FreeRTOS-Plus/Demo/FreeRTOS_Plus_PKCS11_Windows_Simulator/examples/sign_and_verify.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
#include "iot_pkcs11_config.h"
#include "iot_pkcs11.h"
#include "pkcs11.h"
#include "iot_pki_utils.h"

/* Demo includes. */
#include "demo_helpers.h"
Expand Down Expand Up @@ -78,7 +79,7 @@ void vPKCS11SignVerifyDemo( void )
CK_ULONG ulDerPublicKeyLength = 0;

/* Digest variables. See "mechanisms_and_digests" for an explanation. */
CK_BYTE pxKownMessage[] = { "Hello world" };
CK_BYTE pxKnownMessage[] = { "Hello world" };
CK_BYTE xDigestResult[ pkcs11SHA256_DIGEST_LENGTH ] = { 0 };
CK_ULONG ulDigestLength = pkcs11SHA256_DIGEST_LENGTH;
CK_MECHANISM xDigestMechanism = { 0 };
Expand Down Expand Up @@ -175,9 +176,9 @@ void vPKCS11SignVerifyDemo( void )

/* Pass a pointer to the buffer of bytes to be hashed, and it's size. */
xResult = pxFunctionList->C_DigestUpdate( hSession,
pxKownMessage,
pxKnownMessage,
/* Strip NULL Terminator. */
sizeof( pxKownMessage ) - 1 );
sizeof( pxKnownMessage ) - 1 );
configASSERT( CKR_OK == xResult );

/* Retrieve the digest buffer. Since the mechanism is a SHA-256 algorithm,
Expand All @@ -191,7 +192,7 @@ void vPKCS11SignVerifyDemo( void )

/********************************* Sign **********************************/

configPRINTF( ( "Signing known message:\r\n %s",
configPRINTF( ( "Signing known message:\r\n %s\r\n",
( char * ) pxKnownMessage ) );

/* Initializes the sign operation and sets what mechanism will be used
Expand Down Expand Up @@ -306,7 +307,7 @@ void vPKCS11SignVerifyDemo( void )
* See https://en.wikipedia.org/wiki/ASN.1 for more information about the
* ASN.1 encoding format.
*/
PKI_pkcs11SignatureTombedTLSSignature( xSignature, &xSignatureLength );
PKI_pkcs11SignatureTombedTLSSignature( xSignature, ( size_t * ) &xSignatureLength );


/* The following loop will output the signature in hex.
Expand Down