1 /*
2  *  RSA/SHA-256 signature creation program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #include "mbedtls/build_info.h"
9 
10 #include "mbedtls/platform.h"
11 /* md.h is included this early since MD_CAN_XXX macros are defined there. */
12 #include "mbedtls/md.h"
13 
14 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
15     !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
16     !defined(MBEDTLS_FS_IO)
main(void)17 int main(void)
18 {
19     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
20                    "MBEDTLS_MD_C and/or "
21                    "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n");
22     mbedtls_exit(0);
23 }
24 #else
25 
26 #include "mbedtls/rsa.h"
27 
28 #include <stdio.h>
29 #include <string.h>
30 
31 
main(int argc,char * argv[])32 int main(int argc, char *argv[])
33 {
34     FILE *f;
35     int ret = 1;
36     int exit_code = MBEDTLS_EXIT_FAILURE;
37     size_t i;
38     mbedtls_rsa_context rsa;
39     unsigned char hash[32];
40     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
41     char filename[512];
42     mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
43 
44     mbedtls_rsa_init(&rsa);
45 
46     mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
47     mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
48     mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
49 
50     if (argc != 2) {
51         mbedtls_printf("usage: rsa_sign <filename>\n");
52 
53 #if defined(_WIN32)
54         mbedtls_printf("\n");
55 #endif
56 
57         goto exit;
58     }
59 
60     mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
61     fflush(stdout);
62 
63     if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
64         mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
65                        "  ! Please run rsa_genkey first\n\n");
66         goto exit;
67     }
68 
69     if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
70         (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
71         (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
72         (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
73         (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
74         (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
75         (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
76         (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
77         mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
78         fclose(f);
79         goto exit;
80     }
81     fclose(f);
82 
83     if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
84         mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
85                        ret);
86         goto exit;
87     }
88 
89     if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
90         mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
91                        ret);
92         goto exit;
93     }
94 
95     mbedtls_printf("\n  . Checking the private key");
96     fflush(stdout);
97     if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
98         mbedtls_printf(" failed\n  ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
99                        (unsigned int) -ret);
100         goto exit;
101     }
102 
103     /*
104      * Compute the SHA-256 hash of the input file,
105      * then calculate the RSA signature of the hash.
106      */
107     mbedtls_printf("\n  . Generating the RSA/SHA-256 signature");
108     fflush(stdout);
109 
110     if ((ret = mbedtls_md_file(
111              mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
112              argv[1], hash)) != 0) {
113         mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[1]);
114         goto exit;
115     }
116 
117     if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
118                                       32, hash, buf)) != 0) {
119         mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
120                        (unsigned int) -ret);
121         goto exit;
122     }
123 
124     /*
125      * Write the signature into <filename>.sig
126      */
127     mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
128 
129     if ((f = fopen(filename, "wb+")) == NULL) {
130         mbedtls_printf(" failed\n  ! Could not create %s\n\n", argv[1]);
131         goto exit;
132     }
133 
134     for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
135         mbedtls_fprintf(f, "%02X%s", buf[i],
136                         (i + 1) % 16 == 0 ? "\r\n" : " ");
137     }
138 
139     fclose(f);
140 
141     mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
142 
143     exit_code = MBEDTLS_EXIT_SUCCESS;
144 
145 exit:
146 
147     mbedtls_rsa_free(&rsa);
148     mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
149     mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
150     mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
151 
152     mbedtls_exit(exit_code);
153 }
154 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
155           MBEDTLS_FS_IO */
156