Merge remote-tracking branch 'janos/iotssl-1156-ecdsa-sample-and-doc-clarification' into development

* janos/iotssl-1156-ecdsa-sample-and-doc-clarification: Clarify the use of ECDSA API
2017-06-08 10:16:54 +02:00 · 2017-06-08 10:16:54 +02:00 · c44c3c288d
commit c44c3c288d
parent 8b4cb5481d 0a5154b8a1
3 changed files with 53 additions and 7 deletions
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@ -37,6 +37,7 @@
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/ecdsa.h"
+#include "mbedtls/sha256.h"

 #include <string.h>
 #endif
@ -101,8 +102,10 @@ int main( int argc, char *argv[] )
    mbedtls_ecdsa_context ctx_sign, ctx_verify;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char hash[] = "This should be the hash of a message.";
-    unsigned char sig[512];
+    mbedtls_sha256_context sha256_ctx;
+    unsigned char message[100];
+    unsigned char hash[32];
+    unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
    size_t sig_len;
    const char *pers = "ecdsa";
    ((void) argv);
@ -110,8 +113,10 @@ int main( int argc, char *argv[] )
    mbedtls_ecdsa_init( &ctx_sign );
    mbedtls_ecdsa_init( &ctx_verify );
    mbedtls_ctr_drbg_init( &ctr_drbg );
+    mbedtls_sha256_init( &sha256_ctx );

-    memset(sig, 0, sizeof( sig ) );
+    memset( sig, 0, sizeof( sig ) );
+    memset( message, 0x25, sizeof( message ) );
    ret = 1;

    if( argc != 1 )
@ -155,9 +160,23 @@ int main( int argc, char *argv[] )
    dump_pubkey( "  + Public key: ", &ctx_sign );

    /*
-     * Sign some message hash
+     * Compute message hash
     */
-    mbedtls_printf( "  . Signing message..." );
+    mbedtls_printf( "  . Computing message hash..." );
+    fflush( stdout );
+
+    mbedtls_sha256_starts( &sha256_ctx, 0 );
+    mbedtls_sha256_update( &sha256_ctx, message, sizeof( message ) );
+    mbedtls_sha256_finish( &sha256_ctx, hash );
+
+    mbedtls_printf( " ok\n" );
+
+    dump_buf( "  + Hash: ", hash, sizeof( hash ) );
+
+    /*
+     * Sign message hash
+     */
+    mbedtls_printf( "  . Signing message hash..." );
    fflush( stdout );

    if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
@ -170,7 +189,6 @@ int main( int argc, char *argv[] )
    }
    mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );

-    dump_buf( "  + Hash: ", hash, sizeof hash );
    dump_buf( "  + Signature: ", sig, sig_len );

    /*
@ -224,6 +242,7 @@ exit:
    mbedtls_ecdsa_free( &ctx_sign );
    mbedtls_ctr_drbg_free( &ctr_drbg );
    mbedtls_entropy_free( &entropy );
+    mbedtls_sha256_free( &sha256_ctx );

    return( ret );
 }