Added stand-alone RSA/PSS implementation.
[BearSSL] / tools / verify.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30
31 #include "brssl.h"
32 #include "bearssl.h"
33
34 static unsigned
35 rsa_bit_length(const br_rsa_public_key *pk)
36 {
37 size_t u;
38 unsigned x, bl;
39
40 for (u = 0; u < pk->nlen; u ++) {
41 if (pk->n[u] != 0) {
42 break;
43 }
44 }
45 if (u == pk->nlen) {
46 return 0;
47 }
48 bl = (unsigned)(pk->nlen - u - 1) << 3;
49 x = pk->n[u];
50 while (x != 0) {
51 bl ++;
52 x >>= 1;
53 }
54 return bl;
55 }
56
57 static void
58 print_rsa(const br_rsa_public_key *pk, int print_text, int print_C)
59 {
60 if (print_text) {
61 size_t u;
62
63 printf("n = ");
64 for (u = 0; u < pk->nlen; u ++) {
65 printf("%02X", pk->n[u]);
66 }
67 printf("\n");
68 printf("e = ");
69 for (u = 0; u < pk->elen; u ++) {
70 printf("%02X", pk->e[u]);
71 }
72 printf("\n");
73 }
74 if (print_C) {
75 size_t u;
76
77 printf("\nstatic const unsigned char RSA_N[] = {");
78 for (u = 0; u < pk->nlen; u ++) {
79 if (u != 0) {
80 printf(",");
81 }
82 if (u % 12 == 0) {
83 printf("\n\t");
84 } else {
85 printf(" ");
86 }
87 printf("0x%02X", pk->n[u]);
88 }
89 printf("\n};\n");
90 printf("\nstatic const unsigned char RSA_E[] = {");
91 for (u = 0; u < pk->elen; u ++) {
92 if (u != 0) {
93 printf(",");
94 }
95 if (u % 12 == 0) {
96 printf("\n\t");
97 } else {
98 printf(" ");
99 }
100 printf("0x%02X", pk->e[u]);
101 }
102 printf("\n};\n");
103 printf("\nstatic const br_rsa_public_key RSA = {\n");
104 printf("\t(unsigned char *)RSA_N, sizeof RSA_N,\n");
105 printf("\t(unsigned char *)RSA_E, sizeof RSA_E\n");
106 printf("};\n");
107 }
108 }
109
110 static void
111 print_ec(const br_ec_public_key *pk, int print_text, int print_C)
112 {
113 if (print_text) {
114 size_t u;
115
116 printf("Q = ");
117 for (u = 0; u < pk->qlen; u ++) {
118 printf("%02X", pk->q[u]);
119 }
120 printf("\n");
121 }
122 if (print_C) {
123 size_t u;
124
125 printf("\nstatic const unsigned char EC_Q[] = {");
126 for (u = 0; u < pk->qlen; u ++) {
127 if (u != 0) {
128 printf(",");
129 }
130 if (u % 12 == 0) {
131 printf("\n\t");
132 } else {
133 printf(" ");
134 }
135 printf("0x%02X", pk->q[u]);
136 }
137 printf("\n};\n");
138 printf("\nstatic const br_ec_public_key EC = {\n");
139 printf("\t%d,\n", pk->curve);
140 printf("\t(unsigned char *)EC_Q, sizeof EC_Q\n");
141 printf("};\n");
142 }
143 }
144
145 static void
146 usage_verify(void)
147 {
148 fprintf(stderr,
149 "usage: brssl verify [ options ] file...\n");
150 fprintf(stderr,
151 "options:\n");
152 fprintf(stderr,
153 " -q suppress verbose messages\n");
154 fprintf(stderr,
155 " -sni name check presence of a specific server name\n");
156 fprintf(stderr,
157 " -CA file add certificates in 'file' to trust anchors\n");
158 fprintf(stderr,
159 " -text print public key details (human-readable)\n");
160 fprintf(stderr,
161 " -C print public key details (C code)\n");
162 }
163
164 typedef VECTOR(br_x509_certificate) cert_list;
165
166 static void
167 free_cert_contents(br_x509_certificate *xc)
168 {
169 xfree(xc->data);
170 }
171
172 /* see brssl.h */
173 int
174 do_verify(int argc, char *argv[])
175 {
176 int retcode;
177 int verbose;
178 int i;
179 const char *sni;
180 anchor_list anchors = VEC_INIT;
181 cert_list chain = VEC_INIT;
182 size_t u;
183 br_x509_minimal_context mc;
184 int err;
185 int print_text, print_C;
186 br_x509_pkey *pk;
187 const br_x509_pkey *tpk;
188 unsigned usages;
189
190 retcode = 0;
191 verbose = 1;
192 sni = NULL;
193 print_text = 0;
194 print_C = 0;
195 pk = NULL;
196 for (i = 0; i < argc; i ++) {
197 const char *arg;
198
199 arg = argv[i];
200 if (arg[0] != '-') {
201 br_x509_certificate *xcs;
202 size_t num;
203
204 xcs = read_certificates(arg, &num);
205 if (xcs == NULL) {
206 usage_verify();
207 goto verify_exit_error;
208 }
209 VEC_ADDMANY(chain, xcs, num);
210 xfree(xcs);
211 continue;
212 }
213 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
214 verbose = 1;
215 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
216 verbose = 0;
217 } else if (eqstr(arg, "-sni")) {
218 if (++ i >= argc) {
219 fprintf(stderr,
220 "ERROR: no argument for '-sni'\n");
221 usage_verify();
222 goto verify_exit_error;
223 }
224 if (sni != NULL) {
225 fprintf(stderr, "ERROR: duplicate SNI\n");
226 usage_verify();
227 goto verify_exit_error;
228 }
229 sni = argv[i];
230 continue;
231 } else if (eqstr(arg, "-CA")) {
232 if (++ i >= argc) {
233 fprintf(stderr,
234 "ERROR: no argument for '-CA'\n");
235 usage_verify();
236 goto verify_exit_error;
237 }
238 arg = argv[i];
239 if (read_trust_anchors(&anchors, arg) == 0) {
240 usage_verify();
241 goto verify_exit_error;
242 }
243 continue;
244 } else if (eqstr(arg, "-text")) {
245 print_text = 1;
246 } else if (eqstr(arg, "-C")) {
247 print_C = 1;
248 } else {
249 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
250 usage_verify();
251 goto verify_exit_error;
252 }
253 }
254 if (VEC_LEN(chain) == 0) {
255 fprintf(stderr, "ERROR: no certificate chain provided\n");
256 usage_verify();
257 goto verify_exit_error;
258 }
259 br_x509_minimal_init(&mc, &br_sha256_vtable,
260 &VEC_ELT(anchors, 0), VEC_LEN(anchors));
261 br_x509_minimal_set_hash(&mc, br_sha1_ID, &br_sha1_vtable);
262 br_x509_minimal_set_hash(&mc, br_sha224_ID, &br_sha224_vtable);
263 br_x509_minimal_set_hash(&mc, br_sha256_ID, &br_sha256_vtable);
264 br_x509_minimal_set_hash(&mc, br_sha384_ID, &br_sha384_vtable);
265 br_x509_minimal_set_hash(&mc, br_sha512_ID, &br_sha512_vtable);
266 br_x509_minimal_set_rsa(&mc, &br_rsa_i31_pkcs1_vrfy);
267 br_x509_minimal_set_ecdsa(&mc,
268 &br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
269
270 mc.vtable->start_chain(&mc.vtable, sni);
271 for (u = 0; u < VEC_LEN(chain); u ++) {
272 br_x509_certificate *xc;
273
274 xc = &VEC_ELT(chain, u);
275 mc.vtable->start_cert(&mc.vtable, xc->data_len);
276 mc.vtable->append(&mc.vtable, xc->data, xc->data_len);
277 mc.vtable->end_cert(&mc.vtable);
278 }
279 err = mc.vtable->end_chain(&mc.vtable);
280 tpk = mc.vtable->get_pkey(&mc.vtable, &usages);
281 if (tpk != NULL) {
282 pk = xpkeydup(tpk);
283 }
284
285 if (err == 0) {
286 if (verbose) {
287 int hkx;
288
289 fprintf(stderr, "Validation success; usages:");
290 hkx = 0;
291 if (usages & BR_KEYTYPE_KEYX) {
292 fprintf(stderr, " key exchange");
293 hkx = 1;
294 }
295 if (usages & BR_KEYTYPE_SIGN) {
296 if (hkx) {
297 fprintf(stderr, ",");
298 }
299 fprintf(stderr, " signature");
300 }
301 fprintf(stderr, "\n");
302 }
303 } else {
304 if (verbose) {
305 const char *errname, *errmsg;
306
307 fprintf(stderr, "Validation failed, err = %d", err);
308 errname = find_error_name(err, &errmsg);
309 if (errname != NULL) {
310 fprintf(stderr, " (%s): %s\n", errname, errmsg);
311 } else {
312 fprintf(stderr, " (unknown)\n");
313 }
314 }
315 retcode = -1;
316 }
317 if (pk != NULL) {
318 switch (pk->key_type) {
319 case BR_KEYTYPE_RSA:
320 if (verbose) {
321 fprintf(stderr, "Key type: RSA (%u bits)\n",
322 rsa_bit_length(&pk->key.rsa));
323 }
324 print_rsa(&pk->key.rsa, print_text, print_C);
325 break;
326 case BR_KEYTYPE_EC:
327 if (verbose) {
328 fprintf(stderr, "Key type: EC (%s)\n",
329 ec_curve_name(pk->key.ec.curve));
330 }
331 print_ec(&pk->key.ec, print_text, print_C);
332 break;
333 default:
334 if (verbose) {
335 fprintf(stderr, "Unknown key type\n");
336 break;
337 }
338 }
339 }
340
341 /*
342 * Release allocated structures.
343 */
344 verify_exit:
345 VEC_CLEAREXT(anchors, &free_ta_contents);
346 VEC_CLEAREXT(chain, &free_cert_contents);
347 xfreepkey(pk);
348 return retcode;
349
350 verify_exit_error:
351 retcode = -1;
352 goto verify_exit;
353 }