Moar

6 files changed, 242 insertions, 0 deletions

diff --git a/src/apps/apps.h b/src/apps/apps.h
index babbea080..18a25b935 100644
--- a/src/apps/apps.h
+++ b/src/apps/apps.h
@@ -17,6 +17,10 @@ DEFINE_EXAMPLE(factor);
 DEFINE_EXAMPLE(fpe);
 DEFINE_EXAMPLE(hash);
 DEFINE_EXAMPLE(keygen);
+DEFINE_EXAMPLE(dsa_sign);
+DEFINE_EXAMPLE(dsa_verify);
+DEFINE_EXAMPLE(cert_verify);
+DEFINE_EXAMPLE(ocsp_check);
 DEFINE_EXAMPLE(pkcs10);
 DEFINE_EXAMPLE(read_ssh);
 DEFINE_EXAMPLE(self_sig);
diff --git a/src/apps/cert_verify.cpp b/src/apps/cert_verify.cpp
new file mode 100644
index 000000000..78d82e9a5
--- /dev/null
+++ b/src/apps/cert_verify.cpp
@@ -0,0 +1,43 @@
+/*
+* Simple example of a certificate validation
+* (C) 2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include "apps.h"
+#include <botan/x509cert.h>
+#include <botan/x509path.h>
+#include <iostream>
+
+using namespace Botan;
+
+int cert_verify(int argc, char* argv[])
+   {
+   if(argc <= 2)
+      {
+      std::cout << "Usage: " << argv[0] << " subject.pem [CA certificates...]\n";
+      return 1;
+      }
+
+   X509_Certificate subject_cert(argv[1]);
+
+   Certificate_Store_In_Memory certs;
+
+   for(size_t i = 2; argv[i]; ++i)
+      certs.add_certificate(X509_Certificate(argv[i]));
+
+   Path_Validation_Restrictions restrictions;
+
+   Path_Validation_Result result =
+      x509_path_validate(subject_cert,
+                         restrictions,
+                         certs);
+
+   if(result.successful_validation())
+      std::cout << "Certificate validated\n";
+   else
+      std::cout << "Certificate did not validate - " << result.result_string() << "\n";
+
+   return 0;
+   }
diff --git a/src/apps/dsa_sign.cpp b/src/apps/dsa_sign.cpp
new file mode 100644
index 000000000..31aaf7aeb
--- /dev/null
+++ b/src/apps/dsa_sign.cpp
@@ -0,0 +1,71 @@
+#include "apps.h"
+#include <iostream>
+#include <iomanip>
+#include <fstream>
+#include <string>
+#include <memory>
+
+#include <botan/pubkey.h>
+#include <botan/dsa.h>
+#include <botan/base64.h>
+using namespace Botan;
+
+const std::string SUFFIX = ".sig";
+
+int dsa_sign(int argc, char* argv[])
+   {
+   if(argc != 4)
+      {
+      std::cout << "Usage: " << argv[0] << " keyfile messagefile passphrase"
+                << std::endl;
+      return 1;
+      }
+
+   try {
+      std::string passphrase(argv[3]);
+
+      std::ifstream message(argv[2], std::ios::binary);
+      if(!message)
+         {
+         std::cout << "Couldn't read the message file." << std::endl;
+         return 1;
+         }
+
+      std::string outfile = argv[2] + SUFFIX;
+      std::ofstream sigfile(outfile.c_str());
+      if(!sigfile)
+         {
+         std::cout << "Couldn't write the signature to "
+                   << outfile << std::endl;
+         return 1;
+         }
+
+      AutoSeeded_RNG rng;
+
+      std::auto_ptr<PKCS8_PrivateKey> key(
+         PKCS8::load_key(argv[1], rng, passphrase)
+         );
+
+      DSA_PrivateKey* dsakey = dynamic_cast<DSA_PrivateKey*>(key.get());
+
+      if(!dsakey)
+         {
+         std::cout << "The loaded key is not a DSA key!\n";
+         return 1;
+         }
+
+      PK_Signer signer(*dsakey, "EMSA1(SHA-1)");
+
+      DataSource_Stream in(message);
+      byte buf[4096] = { 0 };
+      while(size_t got = in.read(buf, sizeof(buf)))
+         signer.update(buf, got);
+
+      sigfile << base64_encode(signer.signature(rng)) << "\n";
+   }
+   catch(std::exception& e)
+      {
+      std::cout << "Exception caught: " << e.what() << std::endl;
+      }
+   return 0;
+   }
diff --git a/src/apps/dsa_ver.cpp b/src/apps/dsa_ver.cpp
new file mode 100644
index 000000000..9cf0ed969
--- /dev/null
+++ b/src/apps/dsa_ver.cpp
@@ -0,0 +1,84 @@
+#include "apps.h"
+#include <iostream>
+#include <iomanip>
+#include <fstream>
+#include <cstdlib>
+#include <string>
+#include <memory>
+
+#include <botan/pubkey.h>
+#include <botan/dsa.h>
+#include <botan/b64_filt.h>
+using namespace Botan;
+
+namespace {
+
+secure_vector<byte> b64_decode(const std::string& in)
+   {
+   Pipe pipe(new Base64_Decoder);
+   pipe.process_msg(in);
+   return pipe.read_all();
+   }
+
+}
+
+int dsa_verify(int argc, char* argv[])
+   {
+   if(argc != 4)
+      {
+      std::cout << "Usage: " << argv[0]
+                << " keyfile messagefile sigfile" << std::endl;
+      return 1;
+      }
+
+
+   try {
+      std::ifstream message(argv[2], std::ios::binary);
+      if(!message)
+         {
+         std::cout << "Couldn't read the message file." << std::endl;
+         return 1;
+         }
+
+      std::ifstream sigfile(argv[3]);
+      if(!sigfile)
+         {
+         std::cout << "Couldn't read the signature file." << std::endl;
+         return 1;
+         }
+
+      std::string sigstr;
+      getline(sigfile, sigstr);
+
+      std::auto_ptr<X509_PublicKey> key(X509::load_key(argv[1]));
+      DSA_PublicKey* dsakey = dynamic_cast<DSA_PublicKey*>(key.get());
+
+      if(!dsakey)
+         {
+         std::cout << "The loaded key is not a DSA key!\n";
+         return 1;
+         }
+
+      secure_vector<byte> sig = b64_decode(sigstr);
+
+      PK_Verifier ver(*dsakey, "EMSA1(SHA-1)");
+
+      DataSource_Stream in(message);
+      byte buf[4096] = { 0 };
+      while(size_t got = in.read(buf, sizeof(buf)))
+         ver.update(buf, got);
+
+      const bool ok = ver.check_signature(sig);
+
+      if(ok)
+         std::cout << "Signature verified\n";
+      else
+         std::cout << "Signature did NOT verify\n";
+   }
+   catch(std::exception& e)
+      {
+      std::cout << "Exception caught: " << e.what() << std::endl;
+      return 1;
+      }
+   return 0;
+   }
diff --git a/src/apps/ocsp.cpp b/src/apps/ocsp.cpp
new file mode 100644
index 000000000..853debbe3
--- /dev/null
+++ b/src/apps/ocsp.cpp
@@ -0,0 +1,38 @@
+#include "apps.h"
+#include <botan/x509cert.h>
+#include <botan/certstor.h>
+#include <botan/x509path.h>
+#include <botan/ocsp.h>
+
+#include <iostream>
+
+using namespace Botan;
+
+int ocsp_check(int argc, char* argv[])
+   {
+   if(argc != 2)
+      {
+      std::cout << "Usage: ocsp subject.pem issuer.pem";
+      return 2;
+      }
+
+   X509_Certificate subject(argv[1]);
+   X509_Certificate issuer(argv[2]);
+
+   Certificate_Store_In_Memory cas;
+   cas.add_certificate(issuer);
+   OCSP::Response resp = OCSP::online_check(issuer, subject, &cas);
+
+   auto status = resp.status_for(issuer, subject);
+
+   if(status == Certificate_Status_Code::VERIFIED)
+      {
+      std::cout << "OCSP check OK\n";
+      return 0;
+      }
+   else
+      {
+      std::cout << "OCSP check failed " << Path_Validation_Result::status_string(status) << "\n";
+      return 1;
+      }
+   }
diff --git a/src/main.cpp b/src/main.cpp
index 956413d4c..f1451becf 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -155,6 +155,8 @@ int main(int argc, char* argv[])
       CALL_CMD(fpe);
       CALL_CMD(hash);
       CALL_CMD(keygen);
+      CALL_CMD(dsa_sign);
+      CALL_CMD(dsa_verify);
       CALL_CMD(pkcs10);
       CALL_CMD(read_ssh);
       CALL_CMD(self_sig);