1/*
2 *  Public key-based signature verification program
3 *
4 *  Copyright The Mbed TLS Contributors
5 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8#include "mbedtls/build_info.h"
9
10#include "mbedtls/platform.h"
11/* md.h is included this early since MD_CAN_XXX macros are defined there. */
12#include "mbedtls/md.h"
13
14#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
15    !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_PK_PARSE_C) ||   \
16    !defined(MBEDTLS_FS_IO)
17int main(void)
18{
19    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
20                   "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_PK_PARSE_C and/or "
21                   "MBEDTLS_FS_IO not defined.\n");
22    mbedtls_exit(0);
23}
24#else
25
26#include "mbedtls/error.h"
27#include "mbedtls/pk.h"
28
29#include <stdio.h>
30#include <string.h>
31
32
33int main(int argc, char *argv[])
34{
35    FILE *f;
36    int ret = 1;
37    int exit_code = MBEDTLS_EXIT_FAILURE;
38    size_t i;
39    mbedtls_pk_context pk;
40    unsigned char hash[32];
41    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
42    char filename[512];
43
44    mbedtls_pk_init(&pk);
45
46#if defined(MBEDTLS_USE_PSA_CRYPTO)
47    psa_status_t status = psa_crypto_init();
48    if (status != PSA_SUCCESS) {
49        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
50                        (int) status);
51        goto exit;
52    }
53#endif /* MBEDTLS_USE_PSA_CRYPTO */
54
55    if (argc != 3) {
56        mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
57
58#if defined(_WIN32)
59        mbedtls_printf("\n");
60#endif
61
62        goto exit;
63    }
64
65    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
66    fflush(stdout);
67
68    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
69        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
70                       (unsigned int) -ret);
71        goto exit;
72    }
73
74    /*
75     * Extract the signature from the file
76     */
77    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
78
79    if ((f = fopen(filename, "rb")) == NULL) {
80        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
81        goto exit;
82    }
83
84    i = fread(buf, 1, sizeof(buf), f);
85
86    fclose(f);
87
88    /*
89     * Compute the SHA-256 hash of the input file and
90     * verify the signature
91     */
92    mbedtls_printf("\n  . Verifying the SHA-256 signature");
93    fflush(stdout);
94
95    if ((ret = mbedtls_md_file(
96             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
97             argv[2], hash)) != 0) {
98        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
99        goto exit;
100    }
101
102    if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
103                                 buf, i)) != 0) {
104        mbedtls_printf(" failed\n  ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
105        goto exit;
106    }
107
108    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
109
110    exit_code = MBEDTLS_EXIT_SUCCESS;
111
112exit:
113    mbedtls_pk_free(&pk);
114#if defined(MBEDTLS_USE_PSA_CRYPTO)
115    mbedtls_psa_crypto_free();
116#endif /* MBEDTLS_USE_PSA_CRYPTO */
117
118#if defined(MBEDTLS_ERROR_C)
119    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
120        mbedtls_strerror(ret, (char *) buf, sizeof(buf));
121        mbedtls_printf("  !  Last error was: %s\n", buf);
122    }
123#endif
124
125    mbedtls_exit(exit_code);
126}
127#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_MD_CAN_SHA256 &&
128          MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
129