1/*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <string.h>
28#include <stdint.h>
29#include <errno.h>
30
31#include "brssl.h"
32#include "bearssl.h"
33
34static unsigned
35rsa_bit_length(const br_rsa_public_key *pk)
36{
37	size_t u;
38	unsigned x, bl;
39
40	for (u = 0; u < pk->nlen; u ++) {
41		if (pk->n[u] != 0) {
42			break;
43		}
44	}
45	if (u == pk->nlen) {
46		return 0;
47	}
48	bl = (unsigned)(pk->nlen - u - 1) << 3;
49	x = pk->n[u];
50	while (x != 0) {
51		bl ++;
52		x >>= 1;
53	}
54	return bl;
55}
56
57static void
58print_rsa(const br_rsa_public_key *pk, int print_text, int print_C)
59{
60	if (print_text) {
61		size_t u;
62
63		printf("n = ");
64		for (u = 0; u < pk->nlen; u ++) {
65			printf("%02X", pk->n[u]);
66		}
67		printf("\n");
68		printf("e = ");
69		for (u = 0; u < pk->elen; u ++) {
70			printf("%02X", pk->e[u]);
71		}
72		printf("\n");
73	}
74	if (print_C) {
75		size_t u;
76
77		printf("\nstatic const unsigned char RSA_N[] = {");
78		for (u = 0; u < pk->nlen; u ++) {
79			if (u != 0) {
80				printf(",");
81			}
82			if (u % 12 == 0) {
83				printf("\n\t");
84			} else {
85				printf(" ");
86			}
87			printf("0x%02X", pk->n[u]);
88		}
89		printf("\n};\n");
90		printf("\nstatic const unsigned char RSA_E[] = {");
91		for (u = 0; u < pk->elen; u ++) {
92			if (u != 0) {
93				printf(",");
94			}
95			if (u % 12 == 0) {
96				printf("\n\t");
97			} else {
98				printf(" ");
99			}
100			printf("0x%02X", pk->e[u]);
101		}
102		printf("\n};\n");
103		printf("\nstatic const br_rsa_public_key RSA = {\n");
104		printf("\t(unsigned char *)RSA_N, sizeof RSA_N,\n");
105		printf("\t(unsigned char *)RSA_E, sizeof RSA_E\n");
106		printf("};\n");
107	}
108}
109
110static void
111print_ec(const br_ec_public_key *pk, int print_text, int print_C)
112{
113	if (print_text) {
114		size_t u;
115
116		printf("Q = ");
117		for (u = 0; u < pk->qlen; u ++) {
118			printf("%02X", pk->q[u]);
119		}
120		printf("\n");
121	}
122	if (print_C) {
123		size_t u;
124
125		printf("\nstatic const unsigned char EC_Q[] = {");
126		for (u = 0; u < pk->qlen; u ++) {
127			if (u != 0) {
128				printf(",");
129			}
130			if (u % 12 == 0) {
131				printf("\n\t");
132			} else {
133				printf(" ");
134			}
135			printf("0x%02X", pk->q[u]);
136		}
137		printf("\n};\n");
138		printf("\nstatic const br_ec_public_key EC = {\n");
139		printf("\t%d,\n", pk->curve);
140		printf("\t(unsigned char *)EC_Q, sizeof EC_Q\n");
141		printf("};\n");
142	}
143}
144
145static void
146usage_verify(void)
147{
148	fprintf(stderr,
149"usage: brssl verify [ options ] file...\n");
150	fprintf(stderr,
151"options:\n");
152	fprintf(stderr,
153"   -q            suppress verbose messages\n");
154	fprintf(stderr,
155"   -sni name     check presence of a specific server name\n");
156	fprintf(stderr,
157"   -CA file      add certificates in 'file' to trust anchors\n");
158	fprintf(stderr,
159"   -text         print public key details (human-readable)\n");
160	fprintf(stderr,
161"   -C            print public key details (C code)\n");
162}
163
164typedef VECTOR(br_x509_certificate) cert_list;
165
166static void
167free_cert_contents(br_x509_certificate *xc)
168{
169	xfree(xc->data);
170}
171
172/* see brssl.h */
173int
174do_verify(int argc, char *argv[])
175{
176	int retcode;
177	int verbose;
178	int i;
179	const char *sni;
180	anchor_list anchors = VEC_INIT;
181	cert_list chain = VEC_INIT;
182	size_t u;
183	br_x509_minimal_context mc;
184	int err;
185	int print_text, print_C;
186	br_x509_pkey *pk;
187	const br_x509_pkey *tpk;
188	unsigned usages;
189
190	retcode = 0;
191	verbose = 1;
192	sni = NULL;
193	print_text = 0;
194	print_C = 0;
195	pk = NULL;
196	for (i = 0; i < argc; i ++) {
197		const char *arg;
198
199		arg = argv[i];
200		if (arg[0] != '-') {
201			br_x509_certificate *xcs;
202			size_t num;
203
204			xcs = read_certificates(arg, &num);
205			if (xcs == NULL) {
206				usage_verify();
207				goto verify_exit_error;
208			}
209			VEC_ADDMANY(chain, xcs, num);
210			xfree(xcs);
211			continue;
212		}
213		if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
214			verbose = 1;
215		} else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
216			verbose = 0;
217		} else if (eqstr(arg, "-sni")) {
218			if (++ i >= argc) {
219				fprintf(stderr,
220					"ERROR: no argument for '-sni'\n");
221				usage_verify();
222				goto verify_exit_error;
223			}
224			if (sni != NULL) {
225				fprintf(stderr, "ERROR: duplicate SNI\n");
226				usage_verify();
227				goto verify_exit_error;
228			}
229			sni = argv[i];
230			continue;
231		} else if (eqstr(arg, "-CA")) {
232			if (++ i >= argc) {
233				fprintf(stderr,
234					"ERROR: no argument for '-CA'\n");
235				usage_verify();
236				goto verify_exit_error;
237			}
238			arg = argv[i];
239			if (read_trust_anchors(&anchors, arg) == 0) {
240				usage_verify();
241				goto verify_exit_error;
242			}
243			continue;
244		} else if (eqstr(arg, "-text")) {
245			print_text = 1;
246		} else if (eqstr(arg, "-C")) {
247			print_C = 1;
248		} else {
249			fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
250			usage_verify();
251			goto verify_exit_error;
252		}
253	}
254	if (VEC_LEN(chain) == 0) {
255		fprintf(stderr, "ERROR: no certificate chain provided\n");
256		usage_verify();
257		goto verify_exit_error;
258	}
259	br_x509_minimal_init(&mc, &br_sha256_vtable,
260		&VEC_ELT(anchors, 0), VEC_LEN(anchors));
261	br_x509_minimal_set_hash(&mc, br_sha1_ID, &br_sha1_vtable);
262	br_x509_minimal_set_hash(&mc, br_sha224_ID, &br_sha224_vtable);
263	br_x509_minimal_set_hash(&mc, br_sha256_ID, &br_sha256_vtable);
264	br_x509_minimal_set_hash(&mc, br_sha384_ID, &br_sha384_vtable);
265	br_x509_minimal_set_hash(&mc, br_sha512_ID, &br_sha512_vtable);
266	br_x509_minimal_set_rsa(&mc, &br_rsa_i31_pkcs1_vrfy);
267	br_x509_minimal_set_ecdsa(&mc,
268		&br_ec_prime_i31, &br_ecdsa_i31_vrfy_asn1);
269
270	mc.vtable->start_chain(&mc.vtable, sni);
271	for (u = 0; u < VEC_LEN(chain); u ++) {
272		br_x509_certificate *xc;
273
274		xc = &VEC_ELT(chain, u);
275		mc.vtable->start_cert(&mc.vtable, xc->data_len);
276		mc.vtable->append(&mc.vtable, xc->data, xc->data_len);
277		mc.vtable->end_cert(&mc.vtable);
278	}
279	err = mc.vtable->end_chain(&mc.vtable);
280	tpk = mc.vtable->get_pkey(&mc.vtable, &usages);
281	if (tpk != NULL) {
282		pk = xpkeydup(tpk);
283	}
284
285	if (err == 0) {
286		if (verbose) {
287			int hkx;
288
289			fprintf(stderr, "Validation success; usages:");
290			hkx = 0;
291			if (usages & BR_KEYTYPE_KEYX) {
292				fprintf(stderr, " key exchange");
293				hkx = 1;
294			}
295			if (usages & BR_KEYTYPE_SIGN) {
296				if (hkx) {
297					fprintf(stderr, ",");
298				}
299				fprintf(stderr, " signature");
300			}
301			fprintf(stderr, "\n");
302		}
303	} else {
304		if (verbose) {
305			const char *errname, *errmsg;
306
307			fprintf(stderr, "Validation failed, err = %d", err);
308			errname = find_error_name(err, &errmsg);
309			if (errname != NULL) {
310				fprintf(stderr, " (%s): %s\n", errname, errmsg);
311			} else {
312				fprintf(stderr, " (unknown)\n");
313			}
314		}
315		retcode = -1;
316	}
317	if (pk != NULL) {
318		switch (pk->key_type) {
319		case BR_KEYTYPE_RSA:
320			if (verbose) {
321				fprintf(stderr, "Key type: RSA (%u bits)\n",
322					rsa_bit_length(&pk->key.rsa));
323			}
324			print_rsa(&pk->key.rsa, print_text, print_C);
325			break;
326		case BR_KEYTYPE_EC:
327			if (verbose) {
328				fprintf(stderr, "Key type: EC (%s)\n",
329					ec_curve_name(pk->key.ec.curve));
330			}
331			print_ec(&pk->key.ec, print_text, print_C);
332			break;
333		default:
334			if (verbose) {
335				fprintf(stderr, "Unknown key type\n");
336				break;
337			}
338		}
339	}
340
341	/*
342	 * Release allocated structures.
343	 */
344verify_exit:
345	VEC_CLEAREXT(anchors, &free_ta_contents);
346	VEC_CLEAREXT(chain, &free_cert_contents);
347	xfreepkey(pk);
348	return retcode;
349
350verify_exit_error:
351	retcode = -1;
352	goto verify_exit;
353}
354