1 /*
2  *  RSASSA-PSS/SHA-256 signature creation program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 
20 #if !defined(MBEDTLS_CONFIG_FILE)
21 #include "mbedtls/config.h"
22 #else
23 #include MBEDTLS_CONFIG_FILE
24 #endif
25 
26 #if defined(MBEDTLS_PLATFORM_C)
27 #include "mbedtls/platform.h"
28 #else
29 #include <stdio.h>
30 #include <stdlib.h>
31 #define mbedtls_snprintf        snprintf
32 #define mbedtls_printf          printf
33 #define mbedtls_exit            exit
34 #define MBEDTLS_EXIT_SUCCESS    EXIT_SUCCESS
35 #define MBEDTLS_EXIT_FAILURE    EXIT_FAILURE
36 #endif /* MBEDTLS_PLATFORM_C */
37 
38 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
39     !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) ||        \
40     !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
41     !defined(MBEDTLS_CTR_DRBG_C)
main(void)42 int main( void )
43 {
44     mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
45            "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
46            "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
47            "MBEDTLS_CTR_DRBG_C not defined.\n");
48     mbedtls_exit( 0 );
49 }
50 #else
51 
52 #include "mbedtls/entropy.h"
53 #include "mbedtls/ctr_drbg.h"
54 #include "mbedtls/md.h"
55 #include "mbedtls/rsa.h"
56 #include "mbedtls/pk.h"
57 
58 #include <stdio.h>
59 #include <string.h>
60 
61 
main(int argc,char * argv[])62 int main( int argc, char *argv[] )
63 {
64     FILE *f;
65     int ret = 1;
66     int exit_code = MBEDTLS_EXIT_FAILURE;
67     mbedtls_pk_context pk;
68     mbedtls_entropy_context entropy;
69     mbedtls_ctr_drbg_context ctr_drbg;
70     unsigned char hash[32];
71     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
72     char filename[512];
73     const char *pers = "rsa_sign_pss";
74     size_t olen = 0;
75 
76     mbedtls_entropy_init( &entropy );
77     mbedtls_pk_init( &pk );
78     mbedtls_ctr_drbg_init( &ctr_drbg );
79 
80     if( argc != 3 )
81     {
82         mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
83 
84 #if defined(_WIN32)
85         mbedtls_printf( "\n" );
86 #endif
87 
88         goto exit;
89     }
90 
91     mbedtls_printf( "\n  . Seeding the random number generator..." );
92     fflush( stdout );
93 
94     if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
95                                (const unsigned char *) pers,
96                                strlen( pers ) ) ) != 0 )
97     {
98         mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
99         goto exit;
100     }
101 
102     mbedtls_printf( "\n  . Reading private key from '%s'", argv[1] );
103     fflush( stdout );
104 
105     if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
106     {
107         mbedtls_printf( " failed\n  ! Could not read key from '%s'\n", argv[1] );
108         mbedtls_printf( "  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
109         goto exit;
110     }
111 
112     if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
113     {
114         mbedtls_printf( " failed\n  ! Key is not an RSA key\n" );
115         goto exit;
116     }
117 
118     mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
119 
120     /*
121      * Compute the SHA-256 hash of the input file,
122      * then calculate the RSA signature of the hash.
123      */
124     mbedtls_printf( "\n  . Generating the RSA/SHA-256 signature" );
125     fflush( stdout );
126 
127     if( ( ret = mbedtls_md_file(
128                     mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
129                     argv[2], hash ) ) != 0 )
130     {
131         mbedtls_printf( " failed\n  ! Could not open or read %s\n\n", argv[2] );
132         goto exit;
133     }
134 
135     if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
136                          mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
137     {
138         mbedtls_printf( " failed\n  ! mbedtls_pk_sign returned %d\n\n", ret );
139         goto exit;
140     }
141 
142     /*
143      * Write the signature into <filename>.sig
144      */
145     mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
146 
147     if( ( f = fopen( filename, "wb+" ) ) == NULL )
148     {
149         mbedtls_printf( " failed\n  ! Could not create %s\n\n", filename );
150         goto exit;
151     }
152 
153     if( fwrite( buf, 1, olen, f ) != olen )
154     {
155         mbedtls_printf( "failed\n  ! fwrite failed\n\n" );
156         fclose( f );
157         goto exit;
158     }
159 
160     fclose( f );
161 
162     mbedtls_printf( "\n  . Done (created \"%s\")\n\n", filename );
163 
164     exit_code = MBEDTLS_EXIT_SUCCESS;
165 
166 exit:
167     mbedtls_pk_free( &pk );
168     mbedtls_ctr_drbg_free( &ctr_drbg );
169     mbedtls_entropy_free( &entropy );
170 
171 #if defined(_WIN32)
172     mbedtls_printf( "  + Press Enter to exit this program.\n" );
173     fflush( stdout ); getchar();
174 #endif
175 
176     mbedtls_exit( exit_code );
177 }
178 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
179           MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
180           MBEDTLS_CTR_DRBG_C */
181