/* * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. * * http://www.apache.org/licenses/LICENSE-2.0 */ #include #include #include #include #include #include static const char *options = "(-pubkey pem | -cert pem) [-id str] [-in file] -sig file"; int sm2verify_main(int argc, char **argv) { int ret = 1; char *prog = argv[0]; char *id = SM2_DEFAULT_ID; char *pubkeyfile = NULL; char *certfile = NULL; char *infile = NULL; char *sigfile = NULL; FILE *pubkeyfp = NULL; FILE *certfp = NULL; FILE *infp = stdin; FILE *sigfp = NULL; SM2_KEY key; SM2_SIGN_CTX verify_ctx; uint8_t cert[1024]; size_t certlen; uint8_t buf[4096]; size_t len; uint8_t sig[SM2_MAX_SIGNATURE_SIZE]; size_t siglen; int vr; argc--; argv++; if (argc < 1) { fprintf(stderr, "usage: %s %s\n", prog, options); return 1; } while (argc > 0) { if (!strcmp(*argv, "-help")) { printf("usage: %s %s\n", prog, options); ret = 0; goto end; } else if (!strcmp(*argv, "-pubkey")) { if (certfile) { fprintf(stderr, "%s: options '-pubkey' '-cert' conflict\n", prog); goto end; } if (--argc < 1) goto bad; pubkeyfile = *(++argv); if (!(pubkeyfp = fopen(pubkeyfile, "rb"))) { fprintf(stderr, "%s: open '%s' failure : %s\n", prog, pubkeyfile, strerror(errno)); goto end; } } else if (!strcmp(*argv, "-cert")) { if (pubkeyfile) { fprintf(stderr, "%s: options '-pubkey' '-cert' conflict\n", prog); goto end; } if (--argc < 1) goto bad; certfile = *(++argv); if (!(certfp = fopen(certfile, "rb"))) { fprintf(stderr, "%s: open '%s' failure : %s\n", prog, certfile, strerror(errno)); goto end; } } else if (!strcmp(*argv, "-id")) { if (--argc < 1) goto bad; id = *(++argv); } else if (!strcmp(*argv, "-in")) { if (--argc < 1) goto bad; infile = *(++argv); if (!(infp = fopen(infile, "rb"))) { fprintf(stderr, "%s: open '%s' failure : %s\n", prog, infile, strerror(errno)); goto end; } } else if (!strcmp(*argv, "-sig")) { if (--argc < 1) goto bad; sigfile = *(++argv); if (!(sigfp = fopen(sigfile, "rb"))) { fprintf(stderr, "%s: open '%s' failure : %s\n", prog, sigfile, strerror(errno)); goto end; } } else { fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); goto end; bad: fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); goto end; } argc--; argv++; } if (!sigfile) { fprintf(stderr, "%s: '-sig' option required\n", prog); goto end; } if ((siglen = fread(sig, 1, sizeof(sig), sigfp)) <= 0) { fprintf(stderr, "%s: read signature error : %s\n", prog, strerror(errno)); goto end; } if (pubkeyfile) { if (sm2_public_key_info_from_pem(&key, pubkeyfp) != 1) { fprintf(stderr, "%s: parse public key failed\n", prog); goto end; } } else if (certfile) { if (x509_cert_from_pem(cert, &certlen, sizeof(cert), certfp) != 1 || x509_cert_get_subject_public_key(cert, certlen, &key) != 1) { fprintf(stderr, "%s: parse certificate failed\n", prog); goto end; } } else { fprintf(stderr, "%s: '-pubkey' or '-cert' option required\n", prog); goto end; } if (sm2_verify_init(&verify_ctx, &key, id, strlen(id)) != 1) { fprintf(stderr, "%s: inner error\n", prog); goto end; } while ((len = fread(buf, 1, sizeof(buf), infp)) > 0) { if (sm2_verify_update(&verify_ctx, buf, len) != 1) { fprintf(stderr, "%s: inner error\n", prog); goto end; } } if ((vr = sm2_verify_finish(&verify_ctx, sig, siglen)) < 0) { fprintf(stderr, "%s: inner error\n", prog); goto end; } fprintf(stdout, "verify : %s\n", vr == 1 ? "success" : "failure"); if (vr == 1) { ret = 0; } end: if (infile && infp) fclose(infp); if (pubkeyfp) fclose(pubkeyfp); if (certfp) fclose(certfp); if (sigfp) fclose(sigfp); return ret; }