1 /*
2 * RSASSA-PSS/SHA-256 signature verification program
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include "mbedtls/build_info.h"
21
22 #include "mbedtls/platform.h"
23
24 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
25 !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
26 !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
27 !defined(MBEDTLS_CTR_DRBG_C)
main(void)28 int main(void)
29 {
30 mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
31 "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
32 "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
33 "MBEDTLS_CTR_DRBG_C not defined.\n");
34 mbedtls_exit(0);
35 }
36 #else
37
38 #include "mbedtls/md.h"
39 #include "mbedtls/pem.h"
40 #include "mbedtls/pk.h"
41 #include "mbedtls/md.h"
42
43 #include <stdio.h>
44 #include <string.h>
45
46
main(int argc,char * argv[])47 int main(int argc, char *argv[])
48 {
49 FILE *f;
50 int ret = 1;
51 int exit_code = MBEDTLS_EXIT_FAILURE;
52 size_t i;
53 mbedtls_pk_context pk;
54 unsigned char hash[32];
55 unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
56 char filename[512];
57
58 mbedtls_pk_init(&pk);
59
60 if (argc != 3) {
61 mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
62
63 #if defined(_WIN32)
64 mbedtls_printf("\n");
65 #endif
66
67 goto exit;
68 }
69
70 mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
71 fflush(stdout);
72
73 if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
74 mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
75 mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
76 goto exit;
77 }
78
79 if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
80 mbedtls_printf(" failed\n ! Key is not an RSA key\n");
81 goto exit;
82 }
83
84 if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
85 MBEDTLS_RSA_PKCS_V21,
86 MBEDTLS_MD_SHA256)) != 0) {
87 mbedtls_printf(" failed\n ! Invalid padding\n");
88 goto exit;
89 }
90
91 /*
92 * Extract the RSA signature from the file
93 */
94 mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
95
96 if ((f = fopen(filename, "rb")) == NULL) {
97 mbedtls_printf("\n ! Could not open %s\n\n", filename);
98 goto exit;
99 }
100
101 i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
102
103 fclose(f);
104
105 /*
106 * Compute the SHA-256 hash of the input file and
107 * verify the signature
108 */
109 mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
110 fflush(stdout);
111
112 if ((ret = mbedtls_md_file(
113 mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
114 argv[2], hash)) != 0) {
115 mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
116 goto exit;
117 }
118
119 if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
120 buf, i)) != 0) {
121 mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret);
122 goto exit;
123 }
124
125 mbedtls_printf("\n . OK (the signature is valid)\n\n");
126
127 exit_code = MBEDTLS_EXIT_SUCCESS;
128
129 exit:
130 mbedtls_pk_free(&pk);
131
132 mbedtls_exit(exit_code);
133 }
134 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
135 MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
136
