1 /*
2  *  RSA/SHA-256 signature verification program
3  *
4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27 
28 #if defined(MBEDTLS_PLATFORM_C)
29 #include "mbedtls/platform.h"
30 #else
31 #include <stdio.h>
32 #define mbedtls_printf     printf
33 #define mbedtls_snprintf   snprintf
34 #endif
35 
36 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
37     !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
38     !defined(MBEDTLS_FS_IO)
main(void)39 int main( void )
40 {
41     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
42             "MBEDTLS_MD_C and/or "
43             "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
44     return( 0 );
45 }
46 #else
47 
48 #include "mbedtls/rsa.h"
49 #include "mbedtls/md.h"
50 
51 #include <stdio.h>
52 #include <string.h>
53 
main(int argc,char * argv[])54 int main( int argc, char *argv[] )
55 {
56     FILE *f;
57     int ret, c;
58     size_t i;
59     mbedtls_rsa_context rsa;
60     unsigned char hash[32];
61     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
62     char filename[512];
63 
64     mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
65     ret = 1;
66 
67     if( argc != 2 )
68     {
69         mbedtls_printf( "usage: rsa_verify <filename>\n" );
70 
71 #if defined(_WIN32)
72         mbedtls_printf( "\n" );
73 #endif
74 
75         goto exit;
76     }
77 
78     mbedtls_printf( "\n  . Reading public key from rsa_pub.txt" );
79     fflush( stdout );
80 
81     if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
82     {
83         mbedtls_printf( " failed\n  ! Could not open rsa_pub.txt\n" \
84                 "  ! Please run rsa_genkey first\n\n" );
85         goto exit;
86     }
87 
88     if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 ||
89         ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 )
90     {
91         mbedtls_printf( " failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret );
92         fclose( f );
93         goto exit;
94     }
95 
96     rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3;
97 
98     fclose( f );
99 
100     /*
101      * Extract the RSA signature from the text file
102      */
103     ret = 1;
104     mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
105 
106     if( ( f = fopen( filename, "rb" ) ) == NULL )
107     {
108         mbedtls_printf( "\n  ! Could not open %s\n\n", filename );
109         goto exit;
110     }
111 
112     i = 0;
113     while( fscanf( f, "%02X", &c ) > 0 &&
114            i < (int) sizeof( buf ) )
115         buf[i++] = (unsigned char) c;
116 
117     fclose( f );
118 
119     if( i != rsa.len )
120     {
121         mbedtls_printf( "\n  ! Invalid RSA signature format\n\n" );
122         goto exit;
123     }
124 
125     /*
126      * Compute the SHA-256 hash of the input file and
127      * verify the signature
128      */
129     mbedtls_printf( "\n  . Verifying the RSA/SHA-256 signature" );
130     fflush( stdout );
131 
132     if( ( ret = mbedtls_md_file(
133                     mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
134                     argv[1], hash ) ) != 0 )
135     {
136         mbedtls_printf( " failed\n  ! Could not open or read %s\n\n", argv[1] );
137         goto exit;
138     }
139 
140     if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC,
141                                   MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 )
142     {
143         mbedtls_printf( " failed\n  ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
144         goto exit;
145     }
146 
147     mbedtls_printf( "\n  . OK (the signature is valid)\n\n" );
148 
149     ret = 0;
150 
151 exit:
152 
153     mbedtls_rsa_free( &rsa );
154 
155 #if defined(_WIN32)
156     mbedtls_printf( "  + Press Enter to exit this program.\n" );
157     fflush( stdout ); getchar();
158 #endif
159 
160     return( ret );
161 }
162 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
163           MBEDTLS_FS_IO */
164