1 /*
2 * Public key-based signature verification program
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8 #include "mbedtls/build_info.h"
9
10 #include "mbedtls/platform.h"
11 /* md.h is included this early since MD_CAN_XXX macros are defined there. */
12 #include "mbedtls/md.h"
13
14 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
15 !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_PK_PARSE_C) || \
16 !defined(MBEDTLS_FS_IO)
main(void)17 int main(void)
18 {
19 mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
20 "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_PK_PARSE_C and/or "
21 "MBEDTLS_FS_IO not defined.\n");
22 mbedtls_exit(0);
23 }
24 #else
25
26 #include "mbedtls/error.h"
27 #include "mbedtls/pk.h"
28
29 #include <stdio.h>
30 #include <string.h>
31
32
main(int argc,char * argv[])33 int main(int argc, char *argv[])
34 {
35 FILE *f;
36 int ret = 1;
37 int exit_code = MBEDTLS_EXIT_FAILURE;
38 size_t i;
39 mbedtls_pk_context pk;
40 unsigned char hash[32];
41 unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
42 char filename[512];
43
44 mbedtls_pk_init(&pk);
45
46 #if defined(MBEDTLS_USE_PSA_CRYPTO)
47 psa_status_t status = psa_crypto_init();
48 if (status != PSA_SUCCESS) {
49 mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
50 (int) status);
51 goto exit;
52 }
53 #endif /* MBEDTLS_USE_PSA_CRYPTO */
54
55 if (argc != 3) {
56 mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
57
58 #if defined(_WIN32)
59 mbedtls_printf("\n");
60 #endif
61
62 goto exit;
63 }
64
65 mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
66 fflush(stdout);
67
68 if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
69 mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
70 (unsigned int) -ret);
71 goto exit;
72 }
73
74 /*
75 * Extract the signature from the file
76 */
77 mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
78
79 if ((f = fopen(filename, "rb")) == NULL) {
80 mbedtls_printf("\n ! Could not open %s\n\n", filename);
81 goto exit;
82 }
83
84 i = fread(buf, 1, sizeof(buf), f);
85
86 fclose(f);
87
88 /*
89 * Compute the SHA-256 hash of the input file and
90 * verify the signature
91 */
92 mbedtls_printf("\n . Verifying the SHA-256 signature");
93 fflush(stdout);
94
95 if ((ret = mbedtls_md_file(
96 mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
97 argv[2], hash)) != 0) {
98 mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
99 goto exit;
100 }
101
102 if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
103 buf, i)) != 0) {
104 mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
105 goto exit;
106 }
107
108 mbedtls_printf("\n . OK (the signature is valid)\n\n");
109
110 exit_code = MBEDTLS_EXIT_SUCCESS;
111
112 exit:
113 mbedtls_pk_free(&pk);
114 #if defined(MBEDTLS_USE_PSA_CRYPTO)
115 mbedtls_psa_crypto_free();
116 #endif /* MBEDTLS_USE_PSA_CRYPTO */
117
118 #if defined(MBEDTLS_ERROR_C)
119 if (exit_code != MBEDTLS_EXIT_SUCCESS) {
120 mbedtls_strerror(ret, (char *) buf, sizeof(buf));
121 mbedtls_printf(" ! Last error was: %s\n", buf);
122 }
123 #endif
124
125 mbedtls_exit(exit_code);
126 }
127 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_MD_CAN_SHA256 &&
128 MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
129
