1 /*
2  *  RSASSA-PSS/SHA-256 signature verification program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "mbedtls/build_info.h"
21 
22 #if defined(MBEDTLS_PLATFORM_C)
23 #include "mbedtls/platform.h"
24 #else
25 #include <stdio.h>
26 #include <stdlib.h>
27 #define mbedtls_snprintf        snprintf
28 #define mbedtls_printf          printf
29 #define mbedtls_exit            exit
30 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
31 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
32 #endif /* MBEDTLS_PLATFORM_C */
33 
34 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
35     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||        \
36     !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
37     !defined(MBEDTLS_CTR_DRBG_C)
main(void)38 int main( void )
39 {
40     mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
41            "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
42            "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
43            "MBEDTLS_CTR_DRBG_C not defined.\n");
44     mbedtls_exit( 0 );
45 }
46 #else
47 
48 #include "mbedtls/md.h"
49 #include "mbedtls/pem.h"
50 #include "mbedtls/pk.h"
51 #include "mbedtls/md.h"
52 
53 #include <stdio.h>
54 #include <string.h>
55 
56 
main(int argc,char * argv[])57 int main( int argc, char *argv[] )
58 {
59     FILE *f;
60     int ret = 1;
61     int exit_code = MBEDTLS_EXIT_FAILURE;
62     size_t i;
63     mbedtls_pk_context pk;
64     unsigned char hash[32];
65     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
66     char filename[512];
67 
68     mbedtls_pk_init( &pk );
69 
70     if( argc != 3 )
71     {
72         mbedtls_printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
73 
74 #if defined(_WIN32)
75         mbedtls_printf( "\n" );
76 #endif
77 
78         goto exit;
79     }
80 
81     mbedtls_printf( "\n  . Reading public key from '%s'", argv[1] );
82     fflush( stdout );
83 
84     if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
85     {
86         mbedtls_printf( " failed\n  ! Could not read key from '%s'\n", argv[1] );
87         mbedtls_printf( "  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
88         goto exit;
89     }
90 
91     if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
92     {
93         mbedtls_printf( " failed\n  ! Key is not an RSA key\n" );
94         goto exit;
95     }
96 
97     if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
98                                          MBEDTLS_RSA_PKCS_V21,
99                                          MBEDTLS_MD_SHA256 ) ) != 0 )
100     {
101         mbedtls_printf( " failed\n  ! Invalid padding\n" );
102         goto exit;
103     }
104 
105     /*
106      * Extract the RSA signature from the file
107      */
108     mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
109 
110     if( ( f = fopen( filename, "rb" ) ) == NULL )
111     {
112         mbedtls_printf( "\n  ! Could not open %s\n\n", filename );
113         goto exit;
114     }
115 
116     i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f );
117 
118     fclose( f );
119 
120     /*
121      * Compute the SHA-256 hash of the input file and
122      * verify the signature
123      */
124     mbedtls_printf( "\n  . Verifying the RSA/SHA-256 signature" );
125     fflush( stdout );
126 
127     if( ( ret = mbedtls_md_file(
128                     mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
129                     argv[2], hash ) ) != 0 )
130     {
131         mbedtls_printf( " failed\n  ! Could not open or read %s\n\n", argv[2] );
132         goto exit;
133     }
134 
135     if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
136                            buf, i ) ) != 0 )
137     {
138         mbedtls_printf( " failed\n  ! mbedtls_pk_verify returned %d\n\n", ret );
139         goto exit;
140     }
141 
142     mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
143 
144     exit_code = MBEDTLS_EXIT_SUCCESS;
145 
146 exit:
147     mbedtls_pk_free( &pk );
148 
149 #if defined(_WIN32)
150     mbedtls_printf( "  + Press Enter to exit this program.\n" );
151     fflush( stdout ); getchar();
152 #endif
153 
154     mbedtls_exit( exit_code );
155 }
156 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
157           MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
158