xref: /aosp_15_r20/external/mbedtls/programs/pkey/pk_sign.c (revision 62c56f9862f102b96d72393aff6076c951fb8148) 
1 /*
2  *  Public key-based signature creation program
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #include "mbedtls/build_info.h"
9 
10 #include "mbedtls/platform.h"
11 /* md.h is included this early since MD_CAN_XXX macros are defined there. */
12 #include "mbedtls/md.h"
13 
14 #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
15     !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
16     !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
17     !defined(MBEDTLS_CTR_DRBG_C)
main(void)18 int main(void)
19 {
20     mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
21                    "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_MD_C and/or "
22                    "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
23                    "MBEDTLS_CTR_DRBG_C not defined.\n");
24     mbedtls_exit(0);
25 }
26 #else
27 
28 #include "mbedtls/error.h"
29 #include "mbedtls/entropy.h"
30 #include "mbedtls/ctr_drbg.h"
31 #include "mbedtls/pk.h"
32 
33 #include <stdio.h>
34 #include <string.h>
35 
main(int argc,char * argv[])36 int main(int argc, char *argv[])
37 {
38     FILE *f;
39     int ret = 1;
40     int exit_code = MBEDTLS_EXIT_FAILURE;
41     mbedtls_pk_context pk;
42     mbedtls_entropy_context entropy;
43     mbedtls_ctr_drbg_context ctr_drbg;
44     unsigned char hash[32];
45     unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
46     char filename[512];
47     const char *pers = "mbedtls_pk_sign";
48     size_t olen = 0;
49 
50     mbedtls_entropy_init(&entropy);
51     mbedtls_ctr_drbg_init(&ctr_drbg);
52     mbedtls_pk_init(&pk);
53 
54 #if defined(MBEDTLS_USE_PSA_CRYPTO)
55     psa_status_t status = psa_crypto_init();
56     if (status != PSA_SUCCESS) {
57         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
58                         (int) status);
59         goto exit;
60     }
61 #endif /* MBEDTLS_USE_PSA_CRYPTO */
62 
63     if (argc != 3) {
64         mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
65 
66 #if defined(_WIN32)
67         mbedtls_printf("\n");
68 #endif
69 
70         goto exit;
71     }
72 
73     mbedtls_printf("\n  . Seeding the random number generator...");
74     fflush(stdout);
75 
76     if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
77                                      (const unsigned char *) pers,
78                                      strlen(pers))) != 0) {
79         mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
80                        (unsigned int) -ret);
81         goto exit;
82     }
83 
84     mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
85     fflush(stdout);
86 
87     if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
88                                         mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
89         mbedtls_printf(" failed\n  ! Could not parse '%s'\n", argv[1]);
90         goto exit;
91     }
92 
93     /*
94      * Compute the SHA-256 hash of the input file,
95      * then calculate the signature of the hash.
96      */
97     mbedtls_printf("\n  . Generating the SHA-256 signature");
98     fflush(stdout);
99 
100     if ((ret = mbedtls_md_file(
101              mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
102              argv[2], hash)) != 0) {
103         mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
104         goto exit;
105     }
106 
107     if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
108                                buf, sizeof(buf), &olen,
109                                mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
110         mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
111         goto exit;
112     }
113 
114     /*
115      * Write the signature into <filename>.sig
116      */
117     mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
118 
119     if ((f = fopen(filename, "wb+")) == NULL) {
120         mbedtls_printf(" failed\n  ! Could not create %s\n\n", filename);
121         goto exit;
122     }
123 
124     if (fwrite(buf, 1, olen, f) != olen) {
125         mbedtls_printf("failed\n  ! fwrite failed\n\n");
126         fclose(f);
127         goto exit;
128     }
129 
130     fclose(f);
131 
132     mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
133 
134     exit_code = MBEDTLS_EXIT_SUCCESS;
135 
136 exit:
137     mbedtls_pk_free(&pk);
138     mbedtls_ctr_drbg_free(&ctr_drbg);
139     mbedtls_entropy_free(&entropy);
140 #if defined(MBEDTLS_USE_PSA_CRYPTO)
141     mbedtls_psa_crypto_free();
142 #endif /* MBEDTLS_USE_PSA_CRYPTO */
143 
144 #if defined(MBEDTLS_ERROR_C)
145     if (exit_code != MBEDTLS_EXIT_SUCCESS) {
146         mbedtls_strerror(ret, (char *) buf, sizeof(buf));
147         mbedtls_printf("  !  Last error was: %s\n", buf);
148     }
149 #endif
150 
151     mbedtls_exit(exit_code);
152 }
153 #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
154           MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
155           MBEDTLS_CTR_DRBG_C */
156