Use actual sha256 digest of message in ECC demos

AlexLanzano · AlexLanzano · commit 9a56ded8c47e · 2025-11-14T12:54:20.000-05:00
diff --git a/examples/demo/client/wh_demo_client_crypto.c b/examples/demo/client/wh_demo_client_crypto.c
@@ -492,12 +492,17 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext)
     WC_RNG     rng[1];
     byte       sharedOne[32];
     byte       sharedTwo[32];
-    const char plainMessage[WC_MAX_DIGEST_SIZE] = "message example";
-    byte       message[sizeof(plainMessage)];
+    const byte plainMessage[] = "The quick brown fox jumps over the lazy dog.";
+    byte       hash[WC_MAX_DIGEST_SIZE];
     byte       signature[128];
 
-    /* Set the message to the test string */
-    strcpy((char*)message, plainMessage);
+    /* Hash the plainMessage using SHA256 for signing and verification */
+    ret = wc_Hash(WC_HASH_TYPE_SHA256, plainMessage, sizeof(plainMessage), 
+                  hash, sizeof(hash));
+    if (ret != 0) {
+        WOLFHSM_CFG_PRINTF("Failed to wc_Hash %d\n", ret);
+        goto exit;
+    }
 
     /* Initialize the rng to make the ecc keys */
     ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID);
@@ -557,9 +562,9 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext)
         WOLFHSM_CFG_PRINTF("ECC shared secrets match\n");
     }
 
-    /* Sign the plaintext using the private component of Alice's key */
+    /* Sign the hash of the plaintext using the private component of Alice's key */
     outLen = sizeof(signature);
-    ret    = wc_ecc_sign_hash(message, sizeof(message), (void*)signature,
+    ret    = wc_ecc_sign_hash(hash, sizeof(hash), (void*)signature,
                               (word32*)&outLen, rng, aliceKey);
     if (ret != 0) {
         WOLFHSM_CFG_PRINTF("Failed to wc_ecc_sign_hash %d\n", ret);
@@ -570,8 +575,8 @@ int wh_DemoClient_CryptoEcc(whClientContext* clientContext)
      * the keys generated for Alice and Bob contain both public and private
      * parts. In a real scenario, the signing and verifying would occur at
      * separate times, and only the public key would be distributed */
-    ret = wc_ecc_verify_hash((void*)signature, outLen, (void*)message,
-                             sizeof(message), &res, aliceKey);
+    ret = wc_ecc_verify_hash((void*)signature, outLen, (void*)hash,
+                             sizeof(hash), &res, aliceKey);
     if (ret != 0) {
         WOLFHSM_CFG_PRINTF("Failed to wc_ecc_verify_hash %d\n", ret);
         goto exit;
@@ -621,13 +626,18 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext)
     WC_RNG     rng[1];
     byte       sharedOne[32];
     byte       sharedTwo[32];
-    const char plainMessage[WC_MAX_DIGEST_SIZE] = "message example";
-    byte       message[sizeof(plainMessage)];
+    const byte plainMessage[] = "The quick brown fox jumps over the lazy dog.";
+    byte       hash[WC_MAX_DIGEST_SIZE];
     byte       signature[128];
     uint8_t    keyBuf[256];
 
-    /* Set the message to the test string */
-    strcpy((char*)message, plainMessage);
+    /* Hash the plainMessage using SHA256 for signing and verification */
+    ret = wc_Hash(WC_HASH_TYPE_SHA256, plainMessage, sizeof(plainMessage), 
+                  hash, sizeof(hash));
+    if (ret != 0) {
+        WOLFHSM_CFG_PRINTF("Failed to wc_Hash %d\n", ret);
+        goto exit;
+    }
 
     /* Initialize the rng for signature signing */
     ret = wc_InitRng_ex(rng, NULL, WH_DEV_ID);
@@ -757,9 +767,9 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext)
         WOLFHSM_CFG_PRINTF("ECC shared secrets match with imported keys\n");
     }
 
-    /* Sign the plaintext with Alice's private key */
+    /* Sign the hash of the plaintext with Alice's private key */
     sigLen = sizeof(signature);
-    ret    = wc_ecc_sign_hash(message, sizeof(message), (void*)signature,
+    ret    = wc_ecc_sign_hash(hash, sizeof(hash), (void*)signature,
                               (word32*)&sigLen, rng, aliceKey);
     if (ret != 0) {
         WOLFHSM_CFG_PRINTF("Failed to wc_ecc_sign_hash %d\n", ret);
@@ -770,8 +780,8 @@ int wh_DemoClient_CryptoEccImport(whClientContext* clientContext)
      * HSM contains both public and private parts. In a real scenario, the
      * signing and verifying would occur at separate times, and only the public
      * key would be distributed */
-    ret = wc_ecc_verify_hash((void*)signature, sigLen, (void*)message,
-                             sizeof(message), &res, aliceKey);
+    ret = wc_ecc_verify_hash((void*)signature, sigLen, (void*)hash,
+                             sizeof(hash), &res, aliceKey);
     if (ret != 0) {
         WOLFHSM_CFG_PRINTF("Failed to wc_ecc_verify_hash %d\n", ret);
         goto exit;
