1 /*
2  *  RSA/SHA-256 signature verification program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #include "mbedtls/build_info.h"
21 
22 #if defined(MBEDTLS_PLATFORM_C)
23 #include "mbedtls/platform.h"
24 #else
25 #include <stdio.h>
26 #include <stdlib.h>
27 #define mbedtls_printf          printf
28 #define mbedtls_snprintf        snprintf
29 #define mbedtls_exit            exit
30 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
31 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
32 #endif /* MBEDTLS_PLATFORM_C */
33 
34 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
35     !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
36     !defined(MBEDTLS_FS_IO)
main(void)37 int main( void )
38 {
39     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
40             "MBEDTLS_MD_C and/or "
41             "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
42     mbedtls_exit( 0 );
43 }
44 #else
45 
46 #include "mbedtls/rsa.h"
47 #include "mbedtls/md.h"
48 
49 #include <stdio.h>
50 #include <string.h>
51 
52 
main(int argc,char * argv[])53 int main( int argc, char *argv[] )
54 {
55     FILE *f;
56     int ret = 1;
57     unsigned c;
58     int exit_code = MBEDTLS_EXIT_FAILURE;
59     size_t i;
60     mbedtls_rsa_context rsa;
61     unsigned char hash[32];
62     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
63     char filename[512];
64 
65     mbedtls_rsa_init( &rsa );
66 
67     if( argc != 2 )
68     {
69         mbedtls_printf( "usage: rsa_verify <filename>\n" );
70 
71 #if defined(_WIN32)
72         mbedtls_printf( "\n" );
73 #endif
74 
75         goto exit;
76     }
77 
78     mbedtls_printf( "\n  . Reading public key from rsa_pub.txt" );
79     fflush( stdout );
80 
81     if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
82     {
83         mbedtls_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
84                 "  ! Please run rsa_genkey first\n\n" );
85         goto exit;
86     }
87 
88     if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
89         ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
90     {
91         mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret );
92         fclose( f );
93         goto exit;
94     }
95 
96     rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
97 
98     fclose( f );
99 
100     /*
101      * Extract the RSA signature from the text file
102      */
103     mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
104 
105     if( ( f = fopen( filename, "rb" ) ) == NULL )
106     {
107         mbedtls_printf( "\n  ! Could not open %s\n\n", filename );
108         goto exit;
109     }
110 
111     i = 0;
112     while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
113            i < (int) sizeof( buf ) )
114         buf[i++] = (unsigned char) c;
115 
116     fclose( f );
117 
118     if( i != rsa.MBEDTLS_PRIVATE(len) )
119     {
120         mbedtls_printf( "\n  ! Invalid RSA signature format\n\n" );
121         goto exit;
122     }
123 
124     /*
125      * Compute the SHA-256 hash of the input file and
126      * verify the signature
127      */
128     mbedtls_printf( "\n  . Verifying the RSA/SHA-256 signature" );
129     fflush( stdout );
130 
131     if( ( ret = mbedtls_md_file(
132                     mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
133                     argv[1], hash ) ) != 0 )
134     {
135         mbedtls_printf( " failed\n  ! Could not open or read %s\n\n", argv[1] );
136         goto exit;
137     }
138 
139     if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
140                                           32, hash, buf ) ) != 0 )
141     {
142         mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
143         goto exit;
144     }
145 
146     mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
147 
148     exit_code = MBEDTLS_EXIT_SUCCESS;
149 
150 exit:
151 
152     mbedtls_rsa_free( &rsa );
153 
154 #if defined(_WIN32)
155     mbedtls_printf( "  + Press Enter to exit this program.\n" );
156     fflush( stdout ); getchar();
157 #endif
158 
159     mbedtls_exit( exit_code );
160 }
161 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
162           MBEDTLS_FS_IO */
163