From 1119da3d0f6f8edf3dfa39672a9900ee009c5619 Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 1 Jan 2014 23:41:07 +0000 Subject: Moar --- doc/examples/cert_verify.cpp | 44 ----------------------- doc/examples/dsa_sign.cpp | 73 ------------------------------------- doc/examples/dsa_ver.cpp | 85 -------------------------------------------- doc/examples/ocsp.cpp | 29 --------------- src/apps/apps.h | 4 +++ src/apps/cert_verify.cpp | 43 ++++++++++++++++++++++ src/apps/dsa_sign.cpp | 71 ++++++++++++++++++++++++++++++++++++ src/apps/dsa_ver.cpp | 84 +++++++++++++++++++++++++++++++++++++++++++ src/apps/ocsp.cpp | 38 ++++++++++++++++++++ src/main.cpp | 2 ++ 10 files changed, 242 insertions(+), 231 deletions(-) delete mode 100644 doc/examples/cert_verify.cpp delete mode 100644 doc/examples/dsa_sign.cpp delete mode 100644 doc/examples/dsa_ver.cpp delete mode 100644 doc/examples/ocsp.cpp create mode 100644 src/apps/cert_verify.cpp create mode 100644 src/apps/dsa_sign.cpp create mode 100644 src/apps/dsa_ver.cpp create mode 100644 src/apps/ocsp.cpp diff --git a/doc/examples/cert_verify.cpp b/doc/examples/cert_verify.cpp deleted file mode 100644 index d9b170ef0..000000000 --- a/doc/examples/cert_verify.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* -* Simple example of a certificate validation -* (C) 2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include -#include - -using namespace Botan; - -int main(int argc, char* argv[]) - { - if(argc <= 2) - { - std::cout << "Usage: " << argv[0] << " subject.pem [CA certificates...]\n"; - return 1; - } - - LibraryInitializer init; - X509_Certificate subject_cert(argv[1]); - - Certificate_Store_In_Memory certs; - - for(size_t i = 2; argv[i]; ++i) - certs.add_certificate(X509_Certificate(argv[i])); - - Path_Validation_Restrictions restrictions; - - Path_Validation_Result result = - x509_path_validate(subject_cert, - restrictions, - certs); - - if(result.successful_validation()) - std::cout << "Certificate validated\n"; - else - std::cout << "Certificate did not validate - " << result.result_string() << "\n"; - - return 0; - } diff --git a/doc/examples/dsa_sign.cpp b/doc/examples/dsa_sign.cpp deleted file mode 100644 index 3511eacfa..000000000 --- a/doc/examples/dsa_sign.cpp +++ /dev/null @@ -1,73 +0,0 @@ -#include -#include -#include -#include -#include - -#include -#include -#include -#include -using namespace Botan; - -const std::string SUFFIX = ".sig"; - -int main(int argc, char* argv[]) - { - if(argc != 4) - { - std::cout << "Usage: " << argv[0] << " keyfile messagefile passphrase" - << std::endl; - return 1; - } - - Botan::LibraryInitializer init; - - try { - std::string passphrase(argv[3]); - - std::ifstream message(argv[2], std::ios::binary); - if(!message) - { - std::cout << "Couldn't read the message file." << std::endl; - return 1; - } - - std::string outfile = argv[2] + SUFFIX; - std::ofstream sigfile(outfile.c_str()); - if(!sigfile) - { - std::cout << "Couldn't write the signature to " - << outfile << std::endl; - return 1; - } - - AutoSeeded_RNG rng; - - std::auto_ptr key( - PKCS8::load_key(argv[1], rng, passphrase) - ); - - DSA_PrivateKey* dsakey = dynamic_cast(key.get()); - - if(!dsakey) - { - std::cout << "The loaded key is not a DSA key!\n"; - return 1; - } - - PK_Signer signer(*dsakey, "EMSA1(SHA-1)"); - - DataSource_Stream in(message); - byte buf[4096] = { 0 }; - while(size_t got = in.read(buf, sizeof(buf))) - signer.update(buf, got); - - sigfile << base64_encode(signer.signature(rng)) << "\n"; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - } - return 0; - } diff --git a/doc/examples/dsa_ver.cpp b/doc/examples/dsa_ver.cpp deleted file mode 100644 index e6910a4e1..000000000 --- a/doc/examples/dsa_ver.cpp +++ /dev/null @@ -1,85 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include -#include -#include -using namespace Botan; - -namespace { - -secure_vector b64_decode(const std::string& in) - { - Pipe pipe(new Base64_Decoder); - pipe.process_msg(in); - return pipe.read_all(); - } - -} - -int main(int argc, char* argv[]) - { - if(argc != 4) - { - std::cout << "Usage: " << argv[0] - << " keyfile messagefile sigfile" << std::endl; - return 1; - } - - - try { - Botan::LibraryInitializer init; - - std::ifstream message(argv[2], std::ios::binary); - if(!message) - { - std::cout << "Couldn't read the message file." << std::endl; - return 1; - } - - std::ifstream sigfile(argv[3]); - if(!sigfile) - { - std::cout << "Couldn't read the signature file." << std::endl; - return 1; - } - - std::string sigstr; - getline(sigfile, sigstr); - - std::auto_ptr key(X509::load_key(argv[1])); - DSA_PublicKey* dsakey = dynamic_cast(key.get()); - - if(!dsakey) - { - std::cout << "The loaded key is not a DSA key!\n"; - return 1; - } - - secure_vector sig = b64_decode(sigstr); - - PK_Verifier ver(*dsakey, "EMSA1(SHA-1)"); - - DataSource_Stream in(message); - byte buf[4096] = { 0 }; - while(size_t got = in.read(buf, sizeof(buf))) - ver.update(buf, got); - - const bool ok = ver.check_signature(sig); - - if(ok) - std::cout << "Signature verified\n"; - else - std::cout << "Signature did NOT verify\n"; - } - catch(std::exception& e) - { - std::cout << "Exception caught: " << e.what() << std::endl; - return 1; - } - return 0; - } diff --git a/doc/examples/ocsp.cpp b/doc/examples/ocsp.cpp deleted file mode 100644 index 81cfa198b..000000000 --- a/doc/examples/ocsp.cpp +++ /dev/null @@ -1,29 +0,0 @@ -#include -#include -#include -#include -#include - -#include - -using namespace Botan; - -int main(int argc, char* argv[]) - { - if(argc != 2) - std::cout << "Usage: ocsp subject.pem issuer.pem"; - - X509_Certificate subject(argv[1]); - X509_Certificate issuer(argv[2]); - - Certificate_Store_In_Memory cas; - cas.add_certificate(issuer); - OCSP::Response resp = OCSP::online_check(issuer, subject, &cas); - - auto status = resp.status_for(issuer, subject); - - if(status == Certificate_Status_Code::VERIFIED) - std::cout << "OCSP check OK\n"; - else - std::cout << "OCSP check failed " << Path_Validation_Result::status_string(status) << "\n"; - } diff --git a/src/apps/apps.h b/src/apps/apps.h index babbea080..18a25b935 100644 --- a/src/apps/apps.h +++ b/src/apps/apps.h @@ -17,6 +17,10 @@ DEFINE_EXAMPLE(factor); DEFINE_EXAMPLE(fpe); DEFINE_EXAMPLE(hash); DEFINE_EXAMPLE(keygen); +DEFINE_EXAMPLE(dsa_sign); +DEFINE_EXAMPLE(dsa_verify); +DEFINE_EXAMPLE(cert_verify); +DEFINE_EXAMPLE(ocsp_check); DEFINE_EXAMPLE(pkcs10); DEFINE_EXAMPLE(read_ssh); DEFINE_EXAMPLE(self_sig); diff --git a/src/apps/cert_verify.cpp b/src/apps/cert_verify.cpp new file mode 100644 index 000000000..78d82e9a5 --- /dev/null +++ b/src/apps/cert_verify.cpp @@ -0,0 +1,43 @@ +/* +* Simple example of a certificate validation +* (C) 2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include "apps.h" +#include +#include +#include + +using namespace Botan; + +int cert_verify(int argc, char* argv[]) + { + if(argc <= 2) + { + std::cout << "Usage: " << argv[0] << " subject.pem [CA certificates...]\n"; + return 1; + } + + X509_Certificate subject_cert(argv[1]); + + Certificate_Store_In_Memory certs; + + for(size_t i = 2; argv[i]; ++i) + certs.add_certificate(X509_Certificate(argv[i])); + + Path_Validation_Restrictions restrictions; + + Path_Validation_Result result = + x509_path_validate(subject_cert, + restrictions, + certs); + + if(result.successful_validation()) + std::cout << "Certificate validated\n"; + else + std::cout << "Certificate did not validate - " << result.result_string() << "\n"; + + return 0; + } diff --git a/src/apps/dsa_sign.cpp b/src/apps/dsa_sign.cpp new file mode 100644 index 000000000..31aaf7aeb --- /dev/null +++ b/src/apps/dsa_sign.cpp @@ -0,0 +1,71 @@ +#include "apps.h" +#include +#include +#include +#include +#include + +#include +#include +#include +using namespace Botan; + +const std::string SUFFIX = ".sig"; + +int dsa_sign(int argc, char* argv[]) + { + if(argc != 4) + { + std::cout << "Usage: " << argv[0] << " keyfile messagefile passphrase" + << std::endl; + return 1; + } + + try { + std::string passphrase(argv[3]); + + std::ifstream message(argv[2], std::ios::binary); + if(!message) + { + std::cout << "Couldn't read the message file." << std::endl; + return 1; + } + + std::string outfile = argv[2] + SUFFIX; + std::ofstream sigfile(outfile.c_str()); + if(!sigfile) + { + std::cout << "Couldn't write the signature to " + << outfile << std::endl; + return 1; + } + + AutoSeeded_RNG rng; + + std::auto_ptr key( + PKCS8::load_key(argv[1], rng, passphrase) + ); + + DSA_PrivateKey* dsakey = dynamic_cast(key.get()); + + if(!dsakey) + { + std::cout << "The loaded key is not a DSA key!\n"; + return 1; + } + + PK_Signer signer(*dsakey, "EMSA1(SHA-1)"); + + DataSource_Stream in(message); + byte buf[4096] = { 0 }; + while(size_t got = in.read(buf, sizeof(buf))) + signer.update(buf, got); + + sigfile << base64_encode(signer.signature(rng)) << "\n"; + } + catch(std::exception& e) + { + std::cout << "Exception caught: " << e.what() << std::endl; + } + return 0; + } diff --git a/src/apps/dsa_ver.cpp b/src/apps/dsa_ver.cpp new file mode 100644 index 000000000..9cf0ed969 --- /dev/null +++ b/src/apps/dsa_ver.cpp @@ -0,0 +1,84 @@ +#include "apps.h" +#include +#include +#include +#include +#include +#include + +#include +#include +#include +using namespace Botan; + +namespace { + +secure_vector b64_decode(const std::string& in) + { + Pipe pipe(new Base64_Decoder); + pipe.process_msg(in); + return pipe.read_all(); + } + +} + +int dsa_verify(int argc, char* argv[]) + { + if(argc != 4) + { + std::cout << "Usage: " << argv[0] + << " keyfile messagefile sigfile" << std::endl; + return 1; + } + + + try { + std::ifstream message(argv[2], std::ios::binary); + if(!message) + { + std::cout << "Couldn't read the message file." << std::endl; + return 1; + } + + std::ifstream sigfile(argv[3]); + if(!sigfile) + { + std::cout << "Couldn't read the signature file." << std::endl; + return 1; + } + + std::string sigstr; + getline(sigfile, sigstr); + + std::auto_ptr key(X509::load_key(argv[1])); + DSA_PublicKey* dsakey = dynamic_cast(key.get()); + + if(!dsakey) + { + std::cout << "The loaded key is not a DSA key!\n"; + return 1; + } + + secure_vector sig = b64_decode(sigstr); + + PK_Verifier ver(*dsakey, "EMSA1(SHA-1)"); + + DataSource_Stream in(message); + byte buf[4096] = { 0 }; + while(size_t got = in.read(buf, sizeof(buf))) + ver.update(buf, got); + + const bool ok = ver.check_signature(sig); + + if(ok) + std::cout << "Signature verified\n"; + else + std::cout << "Signature did NOT verify\n"; + } + catch(std::exception& e) + { + std::cout << "Exception caught: " << e.what() << std::endl; + return 1; + } + return 0; + } diff --git a/src/apps/ocsp.cpp b/src/apps/ocsp.cpp new file mode 100644 index 000000000..853debbe3 --- /dev/null +++ b/src/apps/ocsp.cpp @@ -0,0 +1,38 @@ +#include "apps.h" +#include +#include +#include +#include + +#include + +using namespace Botan; + +int ocsp_check(int argc, char* argv[]) + { + if(argc != 2) + { + std::cout << "Usage: ocsp subject.pem issuer.pem"; + return 2; + } + + X509_Certificate subject(argv[1]); + X509_Certificate issuer(argv[2]); + + Certificate_Store_In_Memory cas; + cas.add_certificate(issuer); + OCSP::Response resp = OCSP::online_check(issuer, subject, &cas); + + auto status = resp.status_for(issuer, subject); + + if(status == Certificate_Status_Code::VERIFIED) + { + std::cout << "OCSP check OK\n"; + return 0; + } + else + { + std::cout << "OCSP check failed " << Path_Validation_Result::status_string(status) << "\n"; + return 1; + } + } diff --git a/src/main.cpp b/src/main.cpp index 956413d4c..f1451becf 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -155,6 +155,8 @@ int main(int argc, char* argv[]) CALL_CMD(fpe); CALL_CMD(hash); CALL_CMD(keygen); + CALL_CMD(dsa_sign); + CALL_CMD(dsa_verify); CALL_CMD(pkcs10); CALL_CMD(read_ssh); CALL_CMD(self_sig); -- cgit v1.2.3