certcheck.c 6.19 KB
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/unistd.h>
#include <bb_nn.h>
#include <sha1.h>
#include <PR/bbcert.h>
 

#ifdef SK_REAL_ROOT
const BbRsaPublicKey4096 gRootKey = {
 0xd326858d, 0x3b15d8a7, 0xdec64d0f, 0x6ebd9482,
 0x7ebe82a4, 0x3a5ab8cc, 0xdb8dc14a, 0xe9117d95,
 0xe5b91f62, 0x1839e4e1, 0x226e0c35, 0x0414a413,
 0x334cd886, 0xaf984a6b, 0x1dfded15, 0x34782d40,
 0xee2949e8, 0x861a05fe, 0xf7eb1059, 0x3f2b1618,
 0x18a508d1, 0x0072cafc, 0x02ca8625, 0x262290ad,
 0x6fd8a9a3, 0xecc0fb0c, 0xf9dae660, 0x64f6dfba,
 0x67fa4e42, 0x348ceb9f, 0x4c938595, 0xe8feea9a,
 0x4abf5aa7, 0xdcb67be5, 0x1bd5cd20, 0x709374f7,
 0xfc0d15ca, 0x3227f85e, 0x2ddba349, 0x0026054e,
 0xb3e11259, 0x27bde21c, 0x504092b9, 0x01536899,
 0x109494dd, 0x77a45d8f, 0x6dc7b24c, 0x0d82798a,
 0xa47c941c, 0x9e8588e4, 0x711eb76c, 0xd75e4fc0,
 0xbd5c2bb0, 0x04ae9a7f, 0x5a28f7b3, 0xa01ab9e3,
 0xae4f1292, 0xb82abb05, 0x4c7fcf04, 0x3b65d392,
 0x14c62b17, 0x223a35a1, 0x7bb2fb73, 0x8f69b183,
 0x746c5a1f, 0x89cffa66, 0x4adae330, 0xfb57a799,
 0xf46b2972, 0xdcade801, 0x0eb9e03d, 0x403eb087,
 0x55c4e688, 0x42c45a5b, 0xf6dadbbc, 0xa08aa0a2,
 0xee3fffc1, 0x6fa7d154, 0x56341eb7, 0xa4a48028,
 0xd163670d, 0xd1d294cb, 0xc6bc1c30, 0x0c9d29cb,
 0xf82f6ff7, 0xeff961a2, 0x7af776f6, 0xbf7e2567,
 0x79a0d949, 0x9eae778f, 0xfad08294, 0x3700bec9,
 0xc85f3163, 0xade1fe4d, 0x0c504daa, 0xec845bf8,
 0xfaaf2bce, 0x08b201c0, 0x3cd499d1, 0xf7066a6d,
 0xba662eb5, 0x6f3b80a3, 0x31af35df, 0xf5278e0b,
 0x5d3d07e7, 0xfb68ff27, 0x64981bfc, 0xb1715c69,
 0x13b1eccc, 0xc851b68e, 0x18615de1, 0x6d82f559,
 0xa8d091d6, 0xd93ce98d, 0xebdc2e29, 0x7ca56114,
 0x65e3bbc9, 0xbed0fda4, 0x9c645606, 0x9e5aff38,
 0x89bcac2e, 0x52b2e00a, 0xb98f7e62, 0x84ac6fce,
 0x9e896655, 0xe84cad6a, 0x4fe6c5bc, 0xb33c4117,
};

const BbRsaExponent gRootExp = 0x010001;
#else


const BbRsaPublicKey4096 gRootKey = {
 0xb017210d, 0x7e8407f9, 0x2501f90e, 0xf3221b5a,
 0x968f42a3, 0xeafe43c4, 0x92fd68b8, 0xf05c4d98,
 0xda60a36d, 0x924f4e81, 0x90359423, 0x7264568d,
 0x48605182, 0x98e32c39, 0x0a1edd77, 0x89d2744b,
 0x0ed70604, 0x90b38d0c, 0xa111b9ab, 0xeb412a79,
 0x8d5c6bff, 0x7033f69c, 0x5ba0b73c, 0xdebcf2de,
 0x567e8a0a, 0xe166b0d1, 0x7713b97e, 0x94af38e2,
 0x48ddc642, 0x5083546a, 0x2f01ac97, 0xae3d5bf6,
 0x5a3532e0, 0xf3811f43, 0xdf7c7aee, 0xcb1e1072,
 0x935b4475, 0x4118224d, 0x096b4517, 0xd7af52b8,
 0x4e34043b, 0x45aa900d, 0x401d9cd3, 0x9bf250f4,
 0xab8e1d0a, 0xb7224f43, 0x7eb9662f, 0x27ce6f0a,
 0xe6fafaab, 0x9445ada6, 0x69bed5a3, 0xc4822f9f,
 0xdb564af8, 0xffc3ee6b, 0x0ddddb34, 0x36350fbf,
 0xf06678a1, 0x7481645b, 0x6c9e9060, 0x6316d5ff,
 0xfc543262, 0x848d181a, 0x48ac54f2, 0x551f2b53,
 0x40c2eadf, 0xd9b5b3dd, 0xf1d5d488, 0x9f2f732f,
 0xe1fbfd1a, 0x4c62c048, 0x49ac4ad1, 0x87f9cfdd,
 0x30a59bee, 0xe8a6b32e, 0xe91a4c65, 0xc7c637ad,
 0x599cf628, 0x0ab333b1, 0x0c07f097, 0x0c1c5f72,
 0xe18d600e, 0x61af1717, 0x2eb7dd74, 0x916eb8e7,
 0x52a7e86e, 0x511d8abf, 0xe4704d4f, 0xe367d0d2,
 0xaf6a66d7, 0x5c4c5519, 0xedb90959, 0x664f3543,
 0x5c987fc5, 0xc1bd98c9, 0x91d9012b, 0xc9ec8e88,
 0xc7507e94, 0xd63a14e2, 0x6196e1a3, 0xb7c3453c,
 0xfe1e0259, 0xb099c1ea, 0xb35e6ea9, 0x4ca872f2,
 0xffa71101, 0x6e682980, 0xeec41806, 0x73791168,
 0x6490d819, 0x06062ca0, 0x5a72e957, 0x7230a5dc,
 0x0a6a88ad, 0xcf9c1c32, 0xe1de9f69, 0xab86749b,
 0x3f9be9fb, 0xc5f984b2, 0x22788b39, 0x61ca801c,
 0x80b171d6, 0x6b7b642f, 0xdddb67b1, 0x1e420f3b,
 0xa3599d18, 0x4994c9e3, 0xd9f00b0f, 0x7a8b72c5
};
const BbRsaExponent gRootExp = 0x00000003;


#endif


int main(int argc, char **argv){
  /* run_tests(iterations, bit length ) */
  FILE *bbcertptr;
  FILE *signerptr;
  BbEccCert bbcert;
  BbRsaCert rsacert;
  BbRsaCert signercert;
  struct stat statbuf;
  int numcerts;
  u8 *n_string;
  unsigned long certexponent;
  int n_size, i, count;
  int subjectsize, signinglen;
  BbRsaPublicKey4096 gRootKeySwap;
  u32 gRootExpSwap;
  int iter, result;

  if(argc <3){
    fprintf(stderr,"usage: %s cert signer <any number of certs> \n", argv[0]);
    exit(1);
  }
  numcerts = argc - 1;

  /* deal with root sign last */
  for(iter = 0; iter < numcerts-1; iter++){
    bbcertptr = fopen(argv[iter+1], "r");
    signerptr = fopen(argv[iter+2], "r");

    if((bbcertptr ==0) ||(signerptr ==0)){
      fprintf(stderr,"cert file not found \n");
      exit(1);
    }
    stat(argv[iter+1], &statbuf);
    subjectsize = (long) statbuf.st_size;
    
    /* subject could be ECC or RSA */
    if(subjectsize == sizeof(BbEccCert)){
      fread(&bbcert, subjectsize, 1, bbcertptr);
      /* read in signer */
      fread(&signercert, sizeof(BbRsaCert), 1, signerptr);
      /* check subject with signercert */
      certexponent = signercert.exponent;
      n_string = (u8 *)(signercert.publicKey);
      n_size = 2048/8;
      result = verifyCertSign((BbEccCert *)&bbcert, sizeof(BbEccCert), 
		     signercert.exponent, n_string, n_size);  
    }
    else{
      signinglen = BB_RSA_CERT_SIGNED_BYTES;
      fread(&rsacert, subjectsize, 1, bbcertptr);
      /* read in signer */
      fread(&signercert, sizeof(BbRsaCert), 1, signerptr);
      certexponent = signercert.exponent;
      n_string = (u8 *)(signercert.publicKey);
      n_size = 2048/8;
      result = verifyCertSign((BbEccCert *)&rsacert, sizeof(BbRsaCert), 
		     signercert.exponent, n_string, n_size);  
    }
   
    if(result ==0){
      printf("OK PASS test checking sign on cert %d \n", iter);
    }
    else {
      printf("NOT OK FAIL test checking sign on cert %d\n", iter);
    }
  }

  /* last cert: root sign is hardcoded, treated differently */
  bbcertptr = fopen(argv[iter+1], "r");

  if(bbcertptr ==0){
    fprintf(stderr,"cert file not found \n");
    exit(1);
  }
  stat(argv[iter+1], &statbuf);
  subjectsize = (long) statbuf.st_size;
      
  fread(&rsacert, subjectsize, 1, bbcertptr);
  gRootExpSwap  = htonl(gRootExp);
  count = 0;
  n_size = 4096/8;
  for(i=0; i< n_size; i=i+4){
    gRootKeySwap[count] = htonl(gRootKey[count]);
    count++;
  }
  n_string = (u8 *)gRootKeySwap;
  
  result = verifyCertSign((BbRsaCert *)&rsacert, sizeof(BbRsaCert), 
		     gRootExpSwap, n_string, n_size);  
  if(result ==0){
    printf("OK PASS test checking sign on cert %d\n", iter);
  }
  else {
    printf("NOT OK FAIL test checking sign on cert %d\n", iter);
  }
  return 0;
}