xref: /aosp_15_r20/external/vboot_reference/utility/verify_data.c (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2010 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker  * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker  * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker  */
5*8617a60dSAndroid Build Coastguard Worker 
6*8617a60dSAndroid Build Coastguard Worker /* Routines for verifying a file's signature. Useful in testing the core
7*8617a60dSAndroid Build Coastguard Worker  * RSA verification implementation.
8*8617a60dSAndroid Build Coastguard Worker  */
9*8617a60dSAndroid Build Coastguard Worker 
10*8617a60dSAndroid Build Coastguard Worker #include <fcntl.h>
11*8617a60dSAndroid Build Coastguard Worker #include <stdio.h>
12*8617a60dSAndroid Build Coastguard Worker #include <stdlib.h>
13*8617a60dSAndroid Build Coastguard Worker #include <string.h>
14*8617a60dSAndroid Build Coastguard Worker #include <sys/stat.h>
15*8617a60dSAndroid Build Coastguard Worker #include <sys/types.h>
16*8617a60dSAndroid Build Coastguard Worker #include <unistd.h>
17*8617a60dSAndroid Build Coastguard Worker 
18*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
19*8617a60dSAndroid Build Coastguard Worker #include "2rsa.h"
20*8617a60dSAndroid Build Coastguard Worker #include "2sha.h"
21*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
22*8617a60dSAndroid Build Coastguard Worker #include "file_keys.h"
23*8617a60dSAndroid Build Coastguard Worker #include "host_common.h"
24*8617a60dSAndroid Build Coastguard Worker 
25*8617a60dSAndroid Build Coastguard Worker /* ANSI Color coding sequences. */
26*8617a60dSAndroid Build Coastguard Worker #define COL_GREEN "\e[1;32m"
27*8617a60dSAndroid Build Coastguard Worker #define COL_RED "\e[0;31m"
28*8617a60dSAndroid Build Coastguard Worker #define COL_STOP "\e[m"
29*8617a60dSAndroid Build Coastguard Worker 
main(int argc,char * argv[])30*8617a60dSAndroid Build Coastguard Worker int main(int argc, char* argv[])
31*8617a60dSAndroid Build Coastguard Worker {
32*8617a60dSAndroid Build Coastguard Worker 	uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
33*8617a60dSAndroid Build Coastguard Worker 		 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
34*8617a60dSAndroid Build Coastguard Worker 	struct vb2_workbuf wb;
35*8617a60dSAndroid Build Coastguard Worker 	vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
36*8617a60dSAndroid Build Coastguard Worker 
37*8617a60dSAndroid Build Coastguard Worker 	int return_code = 1;  /* Default to error. */
38*8617a60dSAndroid Build Coastguard Worker 	uint8_t digest[VB2_MAX_DIGEST_SIZE];
39*8617a60dSAndroid Build Coastguard Worker 	struct vb2_packed_key *pk = NULL;
40*8617a60dSAndroid Build Coastguard Worker 	uint8_t *signature = NULL;
41*8617a60dSAndroid Build Coastguard Worker 	uint32_t sig_len = 0;
42*8617a60dSAndroid Build Coastguard Worker 
43*8617a60dSAndroid Build Coastguard Worker 	if (argc != 5) {
44*8617a60dSAndroid Build Coastguard Worker 		int i;
45*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr,
46*8617a60dSAndroid Build Coastguard Worker 			"Usage: %s <algorithm> <key file> <signature file>"
47*8617a60dSAndroid Build Coastguard Worker 			" <input file>\n\n", argv[0]);
48*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr,
49*8617a60dSAndroid Build Coastguard Worker 			"where <algorithm> depends on the signature algorithm"
50*8617a60dSAndroid Build Coastguard Worker 			" used:\n");
51*8617a60dSAndroid Build Coastguard Worker 		for (i = 0; i < VB2_ALG_COUNT; i++)
52*8617a60dSAndroid Build Coastguard Worker 			fprintf(stderr, "\t%d for %s\n", i,
53*8617a60dSAndroid Build Coastguard Worker 				vb2_get_crypto_algorithm_name(i));
54*8617a60dSAndroid Build Coastguard Worker 		return -1;
55*8617a60dSAndroid Build Coastguard Worker 	}
56*8617a60dSAndroid Build Coastguard Worker 
57*8617a60dSAndroid Build Coastguard Worker 	int algorithm = atoi(argv[1]);
58*8617a60dSAndroid Build Coastguard Worker 	if (algorithm >= VB2_ALG_COUNT) {
59*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Invalid algorithm %d\n", algorithm);
60*8617a60dSAndroid Build Coastguard Worker 		goto error;
61*8617a60dSAndroid Build Coastguard Worker 	}
62*8617a60dSAndroid Build Coastguard Worker 
63*8617a60dSAndroid Build Coastguard Worker 	pk = vb2_read_packed_keyb(argv[2], algorithm, 0);
64*8617a60dSAndroid Build Coastguard Worker 	if (!pk) {
65*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Can't read RSA public key.\n");
66*8617a60dSAndroid Build Coastguard Worker 		goto error;
67*8617a60dSAndroid Build Coastguard Worker 	}
68*8617a60dSAndroid Build Coastguard Worker 
69*8617a60dSAndroid Build Coastguard Worker 	struct vb2_public_key k2;
70*8617a60dSAndroid Build Coastguard Worker 	if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
71*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Can't unpack RSA public key.\n");
72*8617a60dSAndroid Build Coastguard Worker 		goto error;
73*8617a60dSAndroid Build Coastguard Worker 	}
74*8617a60dSAndroid Build Coastguard Worker 
75*8617a60dSAndroid Build Coastguard Worker 	if (VB2_SUCCESS != vb2_read_file(argv[3], &signature, &sig_len)) {
76*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Can't read signature.\n");
77*8617a60dSAndroid Build Coastguard Worker 		goto error;
78*8617a60dSAndroid Build Coastguard Worker 	}
79*8617a60dSAndroid Build Coastguard Worker 
80*8617a60dSAndroid Build Coastguard Worker 	uint32_t expect_sig_size =
81*8617a60dSAndroid Build Coastguard Worker 			vb2_rsa_sig_size(vb2_crypto_to_signature(algorithm));
82*8617a60dSAndroid Build Coastguard Worker 	if (sig_len != expect_sig_size) {
83*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Expected signature size %u, got %u\n",
84*8617a60dSAndroid Build Coastguard Worker 			expect_sig_size, sig_len);
85*8617a60dSAndroid Build Coastguard Worker 		goto error;
86*8617a60dSAndroid Build Coastguard Worker 	}
87*8617a60dSAndroid Build Coastguard Worker 
88*8617a60dSAndroid Build Coastguard Worker 	if (VB2_SUCCESS != DigestFile(argv[4], vb2_crypto_to_hash(algorithm),
89*8617a60dSAndroid Build Coastguard Worker 				       digest, sizeof(digest))) {
90*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Error calculating digest.\n");
91*8617a60dSAndroid Build Coastguard Worker 		goto error;
92*8617a60dSAndroid Build Coastguard Worker 	}
93*8617a60dSAndroid Build Coastguard Worker 
94*8617a60dSAndroid Build Coastguard Worker 	if (VB2_SUCCESS == vb2_rsa_verify_digest(&k2, signature, digest, &wb)) {
95*8617a60dSAndroid Build Coastguard Worker 		return_code = 0;
96*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Signature Verification "
97*8617a60dSAndroid Build Coastguard Worker 			COL_GREEN "SUCCEEDED" COL_STOP "\n");
98*8617a60dSAndroid Build Coastguard Worker 	} else {
99*8617a60dSAndroid Build Coastguard Worker 		fprintf(stderr, "Signature Verification "
100*8617a60dSAndroid Build Coastguard Worker 			COL_RED "FAILED" COL_STOP "\n");
101*8617a60dSAndroid Build Coastguard Worker 	}
102*8617a60dSAndroid Build Coastguard Worker 
103*8617a60dSAndroid Build Coastguard Worker error:
104*8617a60dSAndroid Build Coastguard Worker 	if (pk)
105*8617a60dSAndroid Build Coastguard Worker 		free(pk);
106*8617a60dSAndroid Build Coastguard Worker 	if (signature)
107*8617a60dSAndroid Build Coastguard Worker 		free(signature);
108*8617a60dSAndroid Build Coastguard Worker 
109*8617a60dSAndroid Build Coastguard Worker 	return return_code;
110*8617a60dSAndroid Build Coastguard Worker }
111