1 /*
2  *  Public key-based signature creation program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
9 
10 #include "tf-psa-crypto/build_info.h"
11 
12 #include "mbedtls/platform.h"
13 /* md.h is included this early since MD_CAN_XXX macros are defined there. */
14 #include "mbedtls/md.h"
15 
16 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
17     !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
18     !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
19     !defined(MBEDTLS_CTR_DRBG_C)
main(void)20 int main(void)
21 {
22     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
23                    "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or "
24                    "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
25                    "MBEDTLS_CTR_DRBG_C not defined.\n");
26     mbedtls_exit(0);
27 }
28 #else
29 
30 #include "mbedtls/entropy.h"
31 #include "mbedtls/ctr_drbg.h"
32 #include "mbedtls/pk.h"
33 #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
34 #include <mbedtls/private/pk_private.h>
35 #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
36 
37 #include <stdio.h>
38 #include <string.h>
39 
main(int argc,char * argv[])40 int main(int argc, char *argv[])
41 {
42     FILE *f;
43     int ret = 1;
44     int exit_code = MBEDTLS_EXIT_FAILURE;
45     mbedtls_pk_context pk;
46     mbedtls_entropy_context entropy;
47     mbedtls_ctr_drbg_context ctr_drbg;
48     unsigned char hash[32];
49     unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
50     char filename[512];
51     const char *pers = "mbedtls_pk_sign";
52     size_t olen = 0;
53 
54     mbedtls_entropy_init(&entropy);
55     mbedtls_ctr_drbg_init(&ctr_drbg);
56     mbedtls_pk_init(&pk);
57 
58     psa_status_t status = psa_crypto_init();
59     if (status != PSA_SUCCESS) {
60         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
61                         (int) status);
62         goto exit;
63     }
64 
65     if (argc != 3) {
66         mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
67 
68 #if defined(_WIN32)
69         mbedtls_printf("\n");
70 #endif
71 
72         goto exit;
73     }
74 
75     mbedtls_printf("\n  . Seeding the random number generator...");
76     fflush(stdout);
77 
78     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
79                                      (const unsigned char *) pers,
80                                      strlen(pers))) != 0) {
81         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
82                        (unsigned int) -ret);
83         goto exit;
84     }
85 
86     mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
87     fflush(stdout);
88 
89     if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
90         mbedtls_printf(" failed\n  ! Could not parse '%s'\n", argv[1]);
91         goto exit;
92     }
93 
94     /*
95      * Compute the SHA-256 hash of the input file,
96      * then calculate the signature of the hash.
97      */
98     mbedtls_printf("\n  . Generating the SHA-256 signature");
99     fflush(stdout);
100 
101     if ((ret = mbedtls_md_file(
102              mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
103              argv[2], hash)) != 0) {
104         mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
105         goto exit;
106     }
107 
108     if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
109                                buf, sizeof(buf), &olen)) != 0) {
110         mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
111         goto exit;
112     }
113 
114     /*
115      * Write the signature into <filename>.sig
116      */
117     mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
118 
119     if ((f = fopen(filename, "wb+")) == NULL) {
120         mbedtls_printf(" failed\n  ! Could not create %s\n\n", filename);
121         goto exit;
122     }
123 
124     if (fwrite(buf, 1, olen, f) != olen) {
125         mbedtls_printf("failed\n  ! fwrite failed\n\n");
126         fclose(f);
127         goto exit;
128     }
129 
130     fclose(f);
131 
132     mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
133 
134     exit_code = MBEDTLS_EXIT_SUCCESS;
135 
136 exit:
137     mbedtls_pk_free(&pk);
138     mbedtls_ctr_drbg_free(&ctr_drbg);
139     mbedtls_entropy_free(&entropy);
140     mbedtls_psa_crypto_free();
141 
142 #if defined(MBEDTLS_ERROR_C)
143     if (exit_code != MBEDTLS_EXIT_SUCCESS) {
144         mbedtls_printf("Error code: %d", ret);
145         /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
146            mbedtls_printf("  !  Last error was: %s\n", buf); */
147     }
148 #endif
149 
150     mbedtls_exit(exit_code);
151 }
152 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
153           PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
154           MBEDTLS_CTR_DRBG_C */
155