1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
|
/*
* Copyright (C) 2014 Red Hat, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "../../src/config.h"
#include <sys/types.h>
#include <sys/select.h>
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <talloc.h>
#include <unistd.h>
#include <nss.h>
#include <certt.h>
#include <certdb.h>
#include <cert.h>
#include <cryptohi.h>
#include <keyhi.h>
#include <pk11pub.h>
#include <prerror.h>
#include <secport.h>
#include "../../src/log.h"
#include "../../src/store.h"
#include "../../src/store-int.h"
int
main(int argc, char **argv)
{
int i;
unsigned int len;
unsigned char *p, *q, buf[LINE_MAX];
SECItem encoded;
CERTSignedData signed_data;
CERTCertificate cert;
SECKEYPublicKey *pubkey;
CERTSubjectPublicKeyInfo *spki;
cm_log_set_method(cm_log_stderr);
cm_log_set_level(3);
p = NULL;
len = 0;
if (NSS_Initialize(".", NULL, NULL, NULL,
NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
NSS_INIT_NOMODDB) != SECSuccess) {
printf("error initializing NSS\n");
return 1;
}
while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
q = realloc(p, len + i);
if (q == NULL) {
perror("malloc");
free(p);
return 1;
}
p = q;
memcpy(p + len, buf, i);
len += i;
}
memset(&encoded, 0, sizeof(encoded));
encoded.data = p;
encoded.len = len;
memset(&signed_data, 0, sizeof(signed_data));
if (SEC_ASN1DecodeItem(NULL, &signed_data,
CERT_SignedDataTemplate,
&encoded) != SECSuccess) {
printf("error decoding certificate\n");
return 1;
}
memset(&cert, 0, sizeof(cert));
if (SEC_ASN1DecodeItem(NULL, &cert,
CERT_CertificateTemplate,
&signed_data.data) != SECSuccess) {
printf("error decoding certificate data\n");
return 1;
}
spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&cert.derPublicKey);
if (spki == NULL) {
printf("error decoding public key info\n");
return 1;
}
pubkey = SECKEY_ExtractPublicKey(spki);
if (pubkey == NULL) {
printf("error finding public key\n");
return 1;
}
if (VFY_VerifyDataWithAlgorithmID(signed_data.data.data,
signed_data.data.len,
pubkey,
&signed_data.signature,
&signed_data.signatureAlgorithm,
NULL,
NULL) != SECSuccess) {
printf("error in verification: %s\n",
PR_ErrorToName(PORT_GetError()));
return 1;
}
printf("verification OK\n");
SECKEY_DestroyPublicKey(pubkey);
SECKEY_DestroySubjectPublicKeyInfo(spki);
NSS_Shutdown();
return 0;
}
|