1 /*
2 * RSA/SHA-256 signature verification program
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "mbedtls/build_info.h"
21
22 #include "mbedtls/platform.h"
23
24 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
25 !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
26 !defined(MBEDTLS_FS_IO)
main(void)27 int main(void)
28 {
29 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
30 "MBEDTLS_MD_C and/or "
31 "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
32 mbedtls_exit(0);
33 }
34 #else
35
36 #include "mbedtls/rsa.h"
37 #include "mbedtls/md.h"
38
39 #include <stdio.h>
40 #include <string.h>
41
42
main(int argc,char * argv[])43 int main(int argc, char *argv[])
44 {
45 FILE *f;
46 int ret = 1;
47 unsigned c;
48 int exit_code = MBEDTLS_EXIT_FAILURE;
49 size_t i;
50 mbedtls_rsa_context rsa;
51 unsigned char hash[32];
52 unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
53 char filename[512];
54
55 mbedtls_rsa_init(&rsa);
56
57 if (argc != 2) {
58 mbedtls_printf("usage: rsa_verify <filename>\n");
59
60 #if defined(_WIN32)
61 mbedtls_printf("\n");
62 #endif
63
64 goto exit;
65 }
66
67 mbedtls_printf("\n . Reading public key from rsa_pub.txt");
68 fflush(stdout);
69
70 if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
71 mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
72 " ! Please run rsa_genkey first\n\n");
73 goto exit;
74 }
75
76 if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 ||
77 (ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) {
78 mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
79 fclose(f);
80 goto exit;
81 }
82
83 rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3;
84
85 fclose(f);
86
87 /*
88 * Extract the RSA signature from the text file
89 */
90 mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
91
92 if ((f = fopen(filename, "rb")) == NULL) {
93 mbedtls_printf("\n ! Could not open %s\n\n", filename);
94 goto exit;
95 }
96
97 i = 0;
98 while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
99 i < (int) sizeof(buf)) {
100 buf[i++] = (unsigned char) c;
101 }
102
103 fclose(f);
104
105 if (i != rsa.MBEDTLS_PRIVATE(len)) {
106 mbedtls_printf("\n ! Invalid RSA signature format\n\n");
107 goto exit;
108 }
109
110 /*
111 * Compute the SHA-256 hash of the input file and
112 * verify the signature
113 */
114 mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
115 fflush(stdout);
116
117 if ((ret = mbedtls_md_file(
118 mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
119 argv[1], hash)) != 0) {
120 mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
121 goto exit;
122 }
123
124 if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
125 32, hash, buf)) != 0) {
126 mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
127 (unsigned int) -ret);
128 goto exit;
129 }
130
131 mbedtls_printf("\n . OK (the signature is valid)\n\n");
132
133 exit_code = MBEDTLS_EXIT_SUCCESS;
134
135 exit:
136
137 mbedtls_rsa_free(&rsa);
138
139 mbedtls_exit(exit_code);
140 }
141 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
142 MBEDTLS_FS_IO */
143
