diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt new file mode 100644 index 0000000000..ca0cc4b48d --- /dev/null +++ b/ChangeLog.d/9964.txt @@ -0,0 +1,25 @@ +Removals + * Removal of the following sample programs: + pkey/rsa_genkey.c + pkey/pk_decrypt.c + pkey/dh_genprime.c + pkey/rsa_verify.c + pkey/mpi_demo.c + pkey/rsa_decrypt.c + pkey/key_app.c + pkey/dh_server.c + pkey/ecdh_curve25519.c + pkey/pk_encrypt.c + pkey/rsa_sign.c + pkey/key_app_writer.c + pkey/dh_client.c + pkey/ecdsa.c + pkey/rsa_encrypt.c + wince_main.c + aes/crypt_and_hash.c + random/gen_random_ctr_drbg.c + random/gen_entropy.c + hash/md_hmac_demo.c + hash/hello.c + hash/generic_sum.c + cipher/cipher_aead_demo.c diff --git a/programs/.gitignore b/programs/.gitignore index 939e405952..7eaf38d85b 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -5,36 +5,14 @@ *.sln *.vcxproj -aes/crypt_and_hash -cipher/cipher_aead_demo -hash/generic_sum -hash/hello -hash/md_hmac_demo hash/md5sum hash/sha1sum hash/sha2sum -pkey/dh_client -pkey/dh_genprime -pkey/dh_server -pkey/ecdh_curve25519 -pkey/ecdsa pkey/gen_key -pkey/key_app -pkey/key_app_writer -pkey/mpi_demo -pkey/pk_decrypt -pkey/pk_encrypt pkey/pk_sign pkey/pk_verify -pkey/rsa_decrypt -pkey/rsa_encrypt -pkey/rsa_genkey -pkey/rsa_sign pkey/rsa_sign_pss -pkey/rsa_verify pkey/rsa_verify_pss -random/gen_entropy -random/gen_random_ctr_drbg ssl/dtls_client ssl/dtls_server ssl/mini_client diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 2c23c48c66..1e5b2a4b67 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -1,14 +1,10 @@ set(programs_target "${MBEDTLS_TARGET_PREFIX}programs") add_custom_target(${programs_target}) -add_subdirectory(aes) -add_subdirectory(cipher) if (NOT WIN32) add_subdirectory(fuzz) endif() -add_subdirectory(hash) add_subdirectory(pkey) -add_subdirectory(random) add_subdirectory(ssl) add_subdirectory(test) add_subdirectory(util) diff --git a/programs/Makefile b/programs/Makefile index 9a4237c3a1..b26429061e 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -36,28 +36,10 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - aes/crypt_and_hash \ - cipher/cipher_aead_demo \ - hash/generic_sum \ - hash/hello \ - hash/md_hmac_demo \ - pkey/dh_genprime \ - pkey/ecdh_curve25519 \ - pkey/ecdsa \ pkey/gen_key \ - pkey/key_app \ - pkey/key_app_writer \ - pkey/mpi_demo \ - pkey/pk_decrypt \ - pkey/pk_encrypt \ pkey/pk_sign \ pkey/pk_verify \ - pkey/rsa_decrypt \ - pkey/rsa_encrypt \ - pkey/rsa_genkey \ - pkey/rsa_sign \ pkey/rsa_sign_pss \ - pkey/rsa_verify \ pkey/rsa_verify_pss \ ../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/crypto_examples \ @@ -65,8 +47,6 @@ APPS = \ ../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_hash \ - random/gen_entropy \ - random/gen_random_ctr_drbg \ ssl/dtls_client \ ssl/dtls_server \ ssl/mini_client \ @@ -155,62 +135,10 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) - echo " CC aes/crypt_and_hash.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP) - echo " CC cipher/cipher_aead_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP) - echo " CC hash/generic_sum.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/hello$(EXEXT): hash/hello.c $(DEP) - echo " CC hash/hello.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP) - echo " CC hash/md_hmac_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP) - echo " CC pkey/dh_genprime.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP) - echo " CC pkey/ecdh_curve25519.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP) - echo " CC pkey/ecdsa.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) echo " CC pkey/gen_key.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/key_app$(EXEXT): pkey/key_app.c $(DEP) - echo " CC pkey/key_app.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP) - echo " CC pkey/key_app_writer.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP) - echo " CC pkey/mpi_demo.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP) - echo " CC pkey/pk_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP) - echo " CC pkey/pk_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) echo " CC pkey/pk_sign.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -219,18 +147,6 @@ pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) echo " CC pkey/pk_verify.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP) - echo " CC pkey/rsa_genkey.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP) - echo " CC pkey/rsa_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP) - echo " CC pkey/rsa_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) echo " CC pkey/rsa_sign_pss.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -239,14 +155,6 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) echo " CC pkey/rsa_verify_pss.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP) - echo " CC pkey/rsa_decrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) - echo " CC pkey/rsa_encrypt.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) echo " CC psa/aead_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -271,14 +179,6 @@ pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP) echo " CC psa/psa_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) - echo " CC random/gen_entropy.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP) - echo " CC random/gen_random_ctr_drbg.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) echo " CC ssl/dtls_client.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/README.md b/programs/README.md index 2d9c187efa..9239e8a603 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,61 +3,16 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -## Symmetric cryptography (AES) examples - -* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. - -## Hash (digest) examples - -* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface. - -* [`hash/hello.c`](hash/hello.c): hello-world program for MD5. - -## Public-key cryptography examples - ### Generic public-key cryptography (`pk`) examples * [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. -* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content. - -* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file. - -* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface. - * [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. ### ECDSA and RSA signature examples -* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature. - -* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface. - -* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs. - -* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm. - * [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. -### Diffie-Hellman key exchange examples - -* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement. - -### Bignum (`mpi`) usage examples - -* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters. - -* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers. - -## Random number generator (RNG) examples - -* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data. - Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`. - -* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data. - -## SSL/TLS examples - ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt deleted file mode 100644 index c5128b1b4d..0000000000 --- a/programs/aes/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - crypt_and_hash -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c deleted file mode 100644 index e3bfb3c615..0000000000 --- a/programs/aes/crypt_and_hash.c +++ /dev/null @@ -1,578 +0,0 @@ -/* - * \brief Generic file encryption program using generic wrappers for configured - * security. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* Enable definition of fileno() even when compiling with -std=c99. Must be - * set before mbedtls_config.h, which pulls in glibc's features.h indirectly. - * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 200112L -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/cipher.h" -#include "mbedtls/md.h" -#include "mbedtls/platform_util.h" - -#include -#include -#include -#endif - -#if defined(_WIN32) -#include -#if !defined(_WIN32_WCE) -#include -#endif -#else -#include -#include -#endif - -#define MODE_ENCRYPT 0 -#define MODE_DECRYPT 1 - -#define USAGE \ - "\n crypt_and_hash \n" \ - "\n : 0 = encrypt, 1 = decrypt\n" \ - "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \ - "\n" - -#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - unsigned n; - int exit_code = MBEDTLS_EXIT_FAILURE; - int mode; - size_t keylen, ilen, olen; - FILE *fkey, *fin = NULL, *fout = NULL; - - char *p; - unsigned char IV[16]; - unsigned char key[512]; - unsigned char digest[MBEDTLS_MD_MAX_SIZE]; - unsigned char buffer[1024]; - unsigned char output[1024]; - unsigned char diff; - - const mbedtls_cipher_info_t *cipher_info; - const mbedtls_md_info_t *md_info; - mbedtls_cipher_context_t cipher_ctx; - mbedtls_md_context_t md_ctx; - mbedtls_cipher_mode_t cipher_mode; - unsigned int cipher_block_size; - unsigned char md_size; -#if defined(_WIN32_WCE) - long filesize, offset; -#elif defined(_WIN32) - LARGE_INTEGER li_size; - __int64 filesize, offset; -#else - off_t filesize, offset; -#endif - - mbedtls_cipher_init(&cipher_ctx); - mbedtls_md_init(&md_ctx); - - /* - * Parse the command-line arguments. - */ - if (argc != 7) { - const int *list; - - mbedtls_printf(USAGE); - - mbedtls_printf("Available ciphers:\n"); - list = mbedtls_cipher_list(); - while (*list) { - cipher_info = mbedtls_cipher_info_from_type(*list); - const char *name = mbedtls_cipher_info_get_name(cipher_info); - - if (name) { - mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info)); - } - list++; - } - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - goto exit; - } - - mode = atoi(argv[1]); - - if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) { - mbedtls_fprintf(stderr, "invalid operation mode\n"); - goto exit; - } - - if (strcmp(argv[2], argv[3]) == 0) { - mbedtls_fprintf(stderr, "input and output filenames must differ\n"); - goto exit; - } - - if ((fin = fopen(argv[2], "rb")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]); - goto exit; - } - - if ((fout = fopen(argv[3], "wb+")) == NULL) { - mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]); - goto exit; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ - mbedtls_setbuf(fin, NULL); - mbedtls_setbuf(fout, NULL); - - /* - * Read the Cipher and MD from the command line - */ - cipher_info = mbedtls_cipher_info_from_string(argv[4]); - if (cipher_info == NULL) { - mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]); - goto exit; - } - if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n"); - goto exit; - } - - md_info = mbedtls_md_info_from_string(argv[5]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]); - goto exit; - } - - if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n"); - goto exit; - } - - /* - * Read the secret key from file or command line - */ - if ((fkey = fopen(argv[6], "rb")) != NULL) { - keylen = fread(key, 1, sizeof(key), fkey); - fclose(fkey); - } else { - if (memcmp(argv[6], "hex:", 4) == 0) { - p = &argv[6][4]; - keylen = 0; - - while (sscanf(p, "%02X", (unsigned int *) &n) > 0 && - keylen < (int) sizeof(key)) { - key[keylen++] = (unsigned char) n; - p += 2; - } - } else { - keylen = strlen(argv[6]); - - if (keylen > (int) sizeof(key)) { - keylen = (int) sizeof(key); - } - - memcpy(key, argv[6], keylen); - } - } - -#if defined(_WIN32_WCE) - filesize = fseek(fin, 0L, SEEK_END); -#else -#if defined(_WIN32) - /* - * Support large files (> 2Gb) on Win32 - */ - li_size.QuadPart = 0; - li_size.LowPart = - SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)), - li_size.LowPart, &li_size.HighPart, FILE_END); - - if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) { - mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n"); - goto exit; - } - - filesize = li_size.QuadPart; -#else - if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) { - perror("lseek"); - goto exit; - } -#endif -#endif - - if (fseek(fin, 0, SEEK_SET) < 0) { - mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n"); - goto exit; - } - - md_size = mbedtls_md_get_size(md_info); - cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx); - - if (mode == MODE_ENCRYPT) { - /* - * Generate the initialization vector as: - * IV = MD( filesize || filename )[0..15] - */ - for (i = 0; i < 8; i++) { - buffer[i] = (unsigned char) (filesize >> (i << 3)); - } - - p = argv[2]; - - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p)) - != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - - memcpy(IV, digest, 16); - - /* - * Append the IV at the beginning of the output. - */ - if (fwrite(IV, 1, 16, fout) != 16) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16); - goto exit; - } - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, - "mbedtls_md_finish() returned error\n"); - goto exit; - } - - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_ENCRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Encrypt and write the ciphertext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen); - goto exit; - } - - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - - /* - * Finally write the HMAC. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fwrite(digest, 1, md_size, fout) != md_size) { - mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size); - goto exit; - } - } - - if (mode == MODE_DECRYPT) { - /* - * The encrypted file must be structured as follows: - * - * 00 .. 15 Initialization Vector - * 16 .. 31 Encrypted Block #1 - * .. - * N*16 .. (N+1)*16 - 1 Encrypted Block #N - * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext) - */ - if (filesize < 16 + md_size) { - mbedtls_fprintf(stderr, "File too short to be encrypted.\n"); - goto exit; - } - - if (cipher_block_size == 0) { - mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n"); - goto exit; - } - - /* - * Check the file size. - */ - cipher_mode = mbedtls_cipher_info_get_mode(cipher_info); - if (cipher_mode != MBEDTLS_MODE_GCM && - cipher_mode != MBEDTLS_MODE_CTR && - cipher_mode != MBEDTLS_MODE_CFB && - cipher_mode != MBEDTLS_MODE_OFB && - ((filesize - md_size) % cipher_block_size) != 0) { - mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n", - cipher_block_size); - goto exit; - } - - /* - * Subtract the IV + HMAC length. - */ - filesize -= (16 + md_size); - - /* - * Read the IV and original filesize modulo 16. - */ - if (fread(buffer, 1, 16, fin) != 16) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16); - goto exit; - } - - memcpy(IV, buffer, 16); - - /* - * Hash the IV and the secret key together 8192 times - * using the result to setup the AES context and HMAC. - */ - memset(digest, 0, 32); - memcpy(digest, IV, 16); - - for (i = 0; i < 8192; i++) { - if (mbedtls_md_starts(&md_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_update(&md_ctx, key, keylen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n"); - goto exit; - } - if (mbedtls_md_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n"); - goto exit; - } - } - - if (mbedtls_cipher_setkey(&cipher_ctx, - digest, - (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), - MBEDTLS_DECRYPT) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n"); - goto exit; - } - - if (mbedtls_cipher_reset(&cipher_ctx) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n"); - goto exit; - } - - if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n"); - goto exit; - } - - /* - * Decrypt and write the plaintext. - */ - for (offset = 0; offset < filesize; offset += cipher_block_size) { - ilen = ((unsigned int) filesize - offset > cipher_block_size) ? - cipher_block_size : (unsigned int) (filesize - offset); - - if (fread(buffer, 1, ilen, fin) != ilen) { - mbedtls_fprintf(stderr, "fread(%u bytes) failed\n", - cipher_block_size); - goto exit; - } - - if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n"); - goto exit; - } - if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, - &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - /* - * Verify the message authentication code. - */ - if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) { - mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n"); - goto exit; - } - - if (fread(buffer, 1, md_size, fin) != md_size) { - mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size); - goto exit; - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < md_size; i++) { - diff |= digest[i] ^ buffer[i]; - } - - if (diff != 0) { - mbedtls_fprintf(stderr, "HMAC check failed: wrong key, " - "or file corrupted.\n"); - goto exit; - } - - /* - * Write the final block of data - */ - if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) { - mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n"); - goto exit; - } - - if (fwrite(output, 1, olen, fout) != olen) { - mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen); - goto exit; - } - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - if (fin) { - fclose(fin); - } - if (fout) { - fclose(fout); - } - - /* Zeroize all command line arguments to also cover - the case when the user has missed or reordered some, - in which case the key might not be in argv[6]. */ - for (i = 0; i < argc; i++) { - mbedtls_platform_zeroize(argv[i], strlen(argv[i])); - } - - mbedtls_platform_zeroize(IV, sizeof(IV)); - mbedtls_platform_zeroize(key, sizeof(key)); - mbedtls_platform_zeroize(buffer, sizeof(buffer)); - mbedtls_platform_zeroize(output, sizeof(output)); - mbedtls_platform_zeroize(digest, sizeof(digest)); - - mbedtls_cipher_free(&cipher_ctx); - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt deleted file mode 100644 index d6483011a0..0000000000 --- a/programs/cipher/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -set(executables - cipher_aead_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c deleted file mode 100644 index 533af34fc5..0000000000 --- a/programs/cipher/cipher_aead_demo.c +++ /dev/null @@ -1,261 +0,0 @@ -/** - * Cipher API multi-part AEAD demonstration. - * - * This program AEAD-encrypts a message, using the algorithm and key size - * specified on the command line, using the multi-part API. - * - * It comes with a companion program psa/aead_demo.c, which does the same - * operations with the PSA Crypto API. The goal is that comparing the two - * programs will help people migrating to the PSA Crypto API. - * - * When used with multi-part AEAD operations, the `mbedtls_cipher_context` - * serves a triple purpose (1) hold the key, (2) store the algorithm when no - * operation is active, and (3) save progress information for the current - * operation. With PSA those roles are held by disinct objects: (1) a - * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the - * algorithm, and (3) a psa_operation_t for multi-part progress. - * - * On the other hand, with PSA, the algorithms encodes the desired tag length; - * with Cipher the desired tag length needs to be tracked separately. - * - * This program and its companion psa/aead_demo.c illustrate this by doing the - * same sequence of multi-part AEAD computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/cipher.h" - -#include -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_CIPHER_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ - !defined(MBEDTLS_CHACHAPOLY_C) -int main(void) -{ - printf("MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or " - "MBEDTLS_CHACHAPOLY_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -const char usage[] = - "Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; - -/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ -const unsigned char iv1[12] = { 0x00 }; -const unsigned char add_data1[] = { 0x01, 0x02 }; -const unsigned char msg1_part1[] = { 0x03, 0x04 }; -const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; - -/* Dummy data (2nd message) */ -const unsigned char iv2[12] = { 0x10 }; -const unsigned char add_data2[] = { 0x11, 0x12 }; -const unsigned char msg2_part1[] = { 0x13, 0x14 }; -const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; - -/* Maximum total size of the messages */ -#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) -#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) -#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) - -/* Dummy key material - never do this in production! - * 32-byte is enough to all the key size supported by this program. */ -const unsigned char key_bytes[32] = { 0x2a }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * Prepare encryption material: - * - interpret command-line argument - * - set up key - * - outputs: context and tag length, which together hold all the information - */ -static int aead_prepare(const char *info, - mbedtls_cipher_context_t *ctx, - size_t *tag_len) -{ - int ret; - - /* Convert arg to type + tag_len */ - mbedtls_cipher_type_t type; - if (strcmp(info, "aes128-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes256-gcm") == 0) { - type = MBEDTLS_CIPHER_AES_256_GCM; - *tag_len = 16; - } else if (strcmp(info, "aes128-gcm_8") == 0) { - type = MBEDTLS_CIPHER_AES_128_GCM; - *tag_len = 8; - } else if (strcmp(info, "chachapoly") == 0) { - type = MBEDTLS_CIPHER_CHACHA20_POLY1305; - *tag_len = 16; - } else { - puts(usage); - return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; - } - - /* Prepare context for the given type */ - CHK(mbedtls_cipher_setup(ctx, - mbedtls_cipher_info_from_type(type))); - - /* Import key */ - int key_len = mbedtls_cipher_get_key_bitlen(ctx); - CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT)); - -exit: - return ret; -} - -/* - * Print out some information. - * - * All of this information was present in the command line argument, but his - * function demonstrates how each piece can be recovered from (ctx, tag_len). - */ -static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len) -{ - mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx); - const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type); - const char *ciph = mbedtls_cipher_info_get_name(info); - int key_bits = mbedtls_cipher_get_key_bitlen(ctx); - mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx); - - const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM" - : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly" - : "???"; - - printf("%s, %d, %s, %u\n", - ciph, key_bits, mode_str, (unsigned) tag_len); -} - -/* - * Encrypt a 2-part message. - */ -static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *part1, size_t part1_len, - const unsigned char *part2, size_t part2_len) -{ - int ret; - size_t olen; -#define MAX_TAG_LENGTH 16 - unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH]; - unsigned char *p = out; - - CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len)); - CHK(mbedtls_cipher_reset(ctx)); - CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len)); - CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen)); - p += olen; - CHK(mbedtls_cipher_finish(ctx, p, &olen)); - p += olen; - CHK(mbedtls_cipher_write_tag(ctx, p, tag_len)); - p += tag_len; - - olen = p - out; - print_buf("out", out, olen); - -exit: - return ret; -} - -/* - * AEAD demo: set up key/alg, print out info, encrypt messages. - */ -static int aead_demo(const char *info) -{ - int ret = 0; - - mbedtls_cipher_context_t ctx; - size_t tag_len; - - mbedtls_cipher_init(&ctx); - - CHK(aead_prepare(info, &ctx, &tag_len)); - - aead_info(&ctx, tag_len); - - CHK(aead_encrypt(&ctx, tag_len, - iv1, sizeof(iv1), add_data1, sizeof(add_data1), - msg1_part1, sizeof(msg1_part1), - msg1_part2, sizeof(msg1_part2))); - CHK(aead_encrypt(&ctx, tag_len, - iv2, sizeof(iv2), add_data2, sizeof(add_data2), - msg2_part1, sizeof(msg2_part1), - msg2_part2, sizeof(msg2_part2))); - -exit: - mbedtls_cipher_free(&ctx); - - return ret; -} - - -/* - * Main function - */ -int main(int argc, char **argv) -{ - /* Check usage */ - if (argc != 2) { - puts(usage); - return 1; - } - - int ret; - - /* Run the demo */ - CHK(aead_demo(argv[1])); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt deleted file mode 100644 index d23db0443e..0000000000 --- a/programs/hash/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ -set(executables - generic_sum - hello - md_hmac_demo -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c deleted file mode 100644 index ac776deb87..0000000000 --- a/programs/hash/generic_sum.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * generic message digest layer demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/md.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum) -{ - int ret = mbedtls_md_file(md_info, filename, sum); - - if (ret == 1) { - mbedtls_fprintf(stderr, "failed to open: %s\n", filename); - } - - if (ret == 2) { - mbedtls_fprintf(stderr, "failed to read: %s\n", filename); - } - - return ret; -} - -static int generic_print(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - - if (generic_wrapper(md_info, filename, sum) != 0) { - return 1; - } - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - mbedtls_printf("%02x", sum[i]); - } - - mbedtls_printf(" %s\n", filename); - return 0; -} - -static int generic_check(const mbedtls_md_info_t *md_info, char *filename) -{ - int i; - size_t n; - FILE *f; - int nb_err1, nb_err2; - int nb_tot1, nb_tot2; - unsigned char sum[MBEDTLS_MD_MAX_SIZE]; - char line[1024]; - char diff; -#if defined(__clang_analyzer__) - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }; -#else - char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1]; -#endif - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("failed to open: %s\n", filename); - return 1; - } - - nb_err1 = nb_err2 = 0; - nb_tot1 = nb_tot2 = 0; - - memset(line, 0, sizeof(line)); - - n = sizeof(line); - - while (fgets(line, (int) n - 1, f) != NULL) { - n = strlen(line); - - if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[2 * mbedtls_md_get_size(md_info)] != ' ' || - line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') { - mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info)); - continue; - } - - if (line[n - 1] == '\n') { - n--; line[n] = '\0'; - } - if (line[n - 1] == '\r') { - n--; line[n] = '\0'; - } - - nb_tot1++; - - if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) { - nb_err1++; - continue; - } - - nb_tot2++; - - for (i = 0; i < mbedtls_md_get_size(md_info); i++) { - sprintf(buf + i * 2, "%02x", sum[i]); - } - - /* Use constant-time buffer comparison */ - diff = 0; - for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) { - diff |= line[i] ^ buf[i]; - } - - if (diff != 0) { - nb_err2++; - mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66); - } - - n = sizeof(line); - } - - if (nb_err1 != 0) { - mbedtls_printf("WARNING: %d (out of %d) input files could " - "not be read\n", nb_err1, nb_tot1); - } - - if (nb_err2 != 0) { - mbedtls_printf("WARNING: %d (out of %d) computed checksums did " - "not match\n", nb_err2, nb_tot2); - } - - fclose(f); - - return nb_err1 != 0 || nb_err2 != 0; -} - -int main(int argc, char *argv[]) -{ - int ret = 1, i; - int exit_code = MBEDTLS_EXIT_FAILURE; - const mbedtls_md_info_t *md_info; - mbedtls_md_context_t md_ctx; - - mbedtls_md_init(&md_ctx); - - if (argc < 2) { - const int *list; - - mbedtls_printf("print mode: generic_sum ...\n"); - mbedtls_printf("check mode: generic_sum -c \n"); - - mbedtls_printf("\nAvailable message digests:\n"); - list = mbedtls_md_list(); - while (*list) { - md_info = mbedtls_md_info_from_type(*list); - mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info)); - list++; - } - - mbedtls_exit(exit_code); - } - - /* - * Read the MD from the command line - */ - md_info = mbedtls_md_info_from_string(argv[1]); - if (md_info == NULL) { - mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]); - mbedtls_exit(exit_code); - } - if (mbedtls_md_setup(&md_ctx, md_info, 0)) { - mbedtls_fprintf(stderr, "Failed to initialize context.\n"); - mbedtls_exit(exit_code); - } - - ret = 0; - if (argc == 4 && strcmp("-c", argv[2]) == 0) { - ret |= generic_check(md_info, argv[3]); - goto exit; - } - - for (i = 2; i < argc; i++) { - ret |= generic_print(md_info, argv[i]); - } - - if (ret == 0) { - exit_code = MBEDTLS_EXIT_SUCCESS; - } - -exit: - mbedtls_md_free(&md_ctx); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */ diff --git a/programs/hash/hello.c b/programs/hash/hello.c deleted file mode 100644 index 19408f37fe..0000000000 --- a/programs/hash/hello.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Classic "Hello, world" demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_MD5_C) -#include "mbedtls/md5.h" -#endif - -#if !defined(MBEDTLS_MD5_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD5_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int i, ret; - unsigned char digest[16]; - char str[] = "Hello, world!"; - - mbedtls_printf("\n MD5('%s') = ", str); - - if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) { - mbedtls_exit(MBEDTLS_EXIT_FAILURE); - } - - for (i = 0; i < 16; i++) { - mbedtls_printf("%02x", digest[i]); - } - - mbedtls_printf("\n\n"); - - mbedtls_exit(MBEDTLS_EXIT_SUCCESS); -} -#endif /* MBEDTLS_MD5_C */ diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c deleted file mode 100644 index 0fe0700ce4..0000000000 --- a/programs/hash/md_hmac_demo.c +++ /dev/null @@ -1,138 +0,0 @@ -/** - * MD API multi-part HMAC demonstration. - * - * This programs computes the HMAC of two messages using the multi-part API. - * - * This is a companion to psa/hmac_demo.c, doing the same operations with the - * legacy MD API. The goal is that comparing the two programs will help people - * migrating to the PSA Crypto API. - * - * When it comes to multi-part HMAC operations, the `mbedtls_md_context` - * serves a dual purpose (1) hold the key, and (2) save progress information - * for the current operation. With PSA those roles are held by two disinct - * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for - * multi-part progress. - * - * This program and its companion psa/hmac_demo.c illustrate this by doing the - * same sequence of multi-part HMAC computation with both APIs; looking at the - * two side by side should make the differences and similarities clear. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/md.h" - -#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize - -#include -#include - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_MD_C) -int main(void) -{ - printf("MBEDTLS_MD_C not defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - -/* Dummy inputs for HMAC */ -const unsigned char msg1_part1[] = { 0x01, 0x02 }; -const unsigned char msg1_part2[] = { 0x03, 0x04 }; -const unsigned char msg2_part1[] = { 0x05, 0x05 }; -const unsigned char msg2_part2[] = { 0x06, 0x06 }; - -/* Dummy key material - never do this in production! - * This example program uses SHA-256, so a 32-byte key makes sense. */ -const unsigned char key_bytes[32] = { 0 }; - -/* Print the contents of a buffer in hex */ -static void print_buf(const char *title, unsigned char *buf, size_t len) -{ - printf("%s:", title); - for (size_t i = 0; i < len; i++) { - printf(" %02x", buf[i]); - } - printf("\n"); -} - -/* Run an Mbed TLS function and bail out if it fails. - * A string description of the error code can be recovered with: - * programs/util/strerror */ -#define CHK(expr) \ - do \ - { \ - ret = (expr); \ - if (ret != 0) \ - { \ - printf("Error %d at line %d: %s\n", \ - ret, \ - __LINE__, \ - #expr); \ - goto exit; \ - } \ - } while (0) - -/* - * This function demonstrates computation of the HMAC of two messages using - * the multipart API. - */ -static int hmac_demo(void) -{ - int ret; - const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; - unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal - - mbedtls_md_context_t ctx; - - mbedtls_md_init(&ctx); - - /* prepare context and load key */ - // the last argument to setup is 1 to enable HMAC (not just hashing) - const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg); - CHK(mbedtls_md_setup(&ctx, info, 1)); - CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes))); - - /* compute HMAC(key, msg1_part1 | msg1_part2) */ - CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg1", out, mbedtls_md_get_size(info)); - - /* compute HMAC(key, msg2_part1 | msg2_part2) */ - CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation - CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1))); - CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2))); - CHK(mbedtls_md_hmac_finish(&ctx, out)); - print_buf("msg2", out, mbedtls_md_get_size(info)); - -exit: - mbedtls_md_free(&ctx); - mbedtls_platform_zeroize(out, sizeof(out)); - - return ret; -} - -int main(void) -{ - int ret; - - CHK(hmac_demo()); - -exit: - return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; -} - -#endif diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index df63ffc89c..a2b1836d58 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,21 +1,8 @@ set(executables_mbedcrypto - dh_genprime - ecdh_curve25519 - ecdsa gen_key - key_app - key_app_writer - mpi_demo - pk_encrypt - pk_decrypt pk_sign pk_verify - rsa_decrypt - rsa_encrypt - rsa_genkey - rsa_sign rsa_sign_pss - rsa_verify rsa_verify_pss ) add_dependencies(${programs_target} ${executables_mbedcrypto}) diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c deleted file mode 100644 index ebaf9265f3..0000000000 --- a/programs/pkey/dh_genprime.c +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Diffie-Hellman-Merkle key exchange (prime generation) - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_GENPRIME) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_GENPRIME not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/bignum.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#define USAGE \ - "\n usage: dh_genprime param=<>...\n" \ - "\n acceptable parameters:\n" \ - " bits=%%d default: 2048\n" - -#define DFL_BITS 2048 - -/* - * Note: G = 4 is always a quadratic residue mod P, - * so it is a generator of order Q (with P = 2*Q+1). - */ -#define GENERATOR "4" - - -int main(int argc, char **argv) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi G, P, Q; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "dh_genprime"; - FILE *fout; - int nbits = DFL_BITS; - int i; - char *p, *q; - - mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "bits") == 0) { - nbits = atoi(q); - if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } else { - goto usage; - } - } - - if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ! Generating large primes may take minutes!\n"); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the modulus, please wait..."); - fflush(stdout); - - /* - * This can take a long time... - */ - if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime..."); - fflush(stdout); - - if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret); - goto exit; - } - - if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt..."); - fflush(stdout); - - if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n"); - goto exit; - } - - if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) || - ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - fclose(fout); - goto exit; - } - - mbedtls_printf(" ok\n\n"); - fclose(fout); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c deleted file mode 100644 index 952d487c9e..0000000000 --- a/programs/pkey/ecdh_curve25519.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Example ECDHE with Curve25519 program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_ECDH_C) || \ - !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDH_C and/or " - "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " - "not defined\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdh.h" - -#include - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdh_context ctx_cli, ctx_srv; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char cli_to_srv[36], srv_to_cli[33]; - const char pers[] = "ecdh"; - - size_t srv_olen; - size_t cli_olen; - unsigned char secret_cli[32] = { 0 }; - unsigned char secret_srv[32] = { 0 }; - const unsigned char *p_cli_to_srv = cli_to_srv; - - ((void) argc); - ((void) argv); - - mbedtls_ecdh_init(&ctx_cli); - mbedtls_ecdh_init(&ctx_srv); - mbedtls_ctr_drbg_init(&ctr_drbg); - - /* - * Initialize random number generation - */ - mbedtls_printf(" . Seed the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, - (const unsigned char *) pers, - sizeof(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: initialize context and generate keypair - */ - mbedtls_printf(" . Set up client context, generate EC key pair..."); - fflush(stdout); - - ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret); - goto exit; - } - - ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv, - sizeof(cli_to_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Server: initialize context and generate keypair - */ - mbedtls_printf(" . Server: read params, generate public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv, - p_cli_to_srv + sizeof(cli_to_srv)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli, - sizeof(srv_to_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Client: read public key - */ - mbedtls_printf(" . Client: read public key..."); - fflush(stdout); - - ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli, - sizeof(srv_to_cli)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Calculate secrets - */ - mbedtls_printf(" . Calculate secrets..."); - fflush(stdout); - - ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli, - sizeof(secret_cli), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv, - sizeof(secret_srv), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n", - ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * Verification: are the computed secrets equal? - */ - mbedtls_printf(" . Check if both calculated secrets are equal..."); - fflush(stdout); - - ret = memcmp(secret_srv, secret_cli, srv_olen); - if (ret != 0 || (cli_olen != srv_olen)) { - mbedtls_printf(" failed\n ! Shared secrets not equal.\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdh_free(&ctx_srv); - mbedtls_ecdh_free(&ctx_cli); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c deleted file mode 100644 index a4988b0b48..0000000000 --- a/programs/pkey/ecdsa.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Example ECDSA program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ECDSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/sha256.h" - -#include -#endif - -/* - * Uncomment to show key and signature details - */ -#define VERBOSE - -/* - * Uncomment to force use of a specific curve - */ -#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 - -#if !defined(ECPARAMS) -#define ECPARAMS mbedtls_ecp_curve_list()->grp_id -#endif - -#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); - mbedtls_exit(0); -} -#else -#if defined(VERBOSE) -static void dump_buf(const char *title, unsigned char *buf, size_t len) -{ - size_t i; - - mbedtls_printf("%s", title); - for (i = 0; i < len; i++) { - mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16], - "0123456789ABCDEF" [buf[i] % 16]); - } - mbedtls_printf("\n"); -} - -static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key) -{ - unsigned char buf[300]; - size_t len; - - if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof(buf)) != 0) { - mbedtls_printf("internal error\n"); - return; - } - - dump_buf(title, buf, len); -} -#else -#define dump_buf(a, b, c) -#define dump_pubkey(a, b) -#endif - - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ecdsa_context ctx_sign, ctx_verify; - mbedtls_ecp_point Q; - mbedtls_ecp_point_init(&Q); - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char message[100]; - unsigned char hash[32]; - unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - size_t sig_len; - const char *pers = "ecdsa"; - ((void) argv); - - mbedtls_ecdsa_init(&ctx_sign); - mbedtls_ecdsa_init(&ctx_verify); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(sig, 0, sizeof(sig)); - memset(message, 0x25, sizeof(message)); - - if (argc != 1) { - mbedtls_printf("usage: ecdsa\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - /* - * Generate a key pair for signing - */ - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating key pair..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret); - goto exit; - } - - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size); - - dump_pubkey(" + Public key: ", &ctx_sign); - - /* - * Compute message hash - */ - mbedtls_printf(" . Computing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - dump_buf(" + Hash: ", hash, sizeof(hash)); - - /* - * Sign message hash - */ - mbedtls_printf(" . Signing message hash..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256, - hash, sizeof(hash), - sig, sizeof(sig), &sig_len, - mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret); - goto exit; - } - mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len); - - dump_buf(" + Signature: ", sig, sig_len); - - /* - * Transfer public information to verifying context - * - * We could use the same context for verification and signatures, but we - * chose to use a new one in order to make it clear that the verifying - * context only needs the public key (Q), and not the private key (d). - */ - mbedtls_printf(" . Preparing verification context..."); - fflush(stdout); - - if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret); - goto exit; - } - - if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret); - goto exit; - } - - /* - * Verify signature - */ - mbedtls_printf(" ok\n . Verifying signature..."); - fflush(stdout); - - if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify, - hash, sizeof(hash), - sig, sig_len)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_ecdsa_free(&ctx_verify); - mbedtls_ecdsa_free(&ctx_sign); - mbedtls_ecp_point_free(&Q); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && - ECPARAMS */ diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c deleted file mode 100644 index 2be584266a..0000000000 --- a/programs/pkey/key_app.c +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Key reading application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && \ - defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_PASSWORD "" -#define DFL_PASSWORD_FILE "" -#define DFL_DEBUG_LEVEL 0 - -#define USAGE \ - "\n usage: key_app param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " password=%%s default: \"\"\n" \ - " password_file=%%s default: \"\"\n" \ - "\n" - -#if !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - const char *password; /* password for the private key */ - const char *password_file; /* password_file for the private key */ -} opt; - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - char buf[1024]; - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context pk; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&pk); - memset(buf, 0, sizeof(buf)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto cleanup; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto cleanup; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.password = DFL_PASSWORD; - opt.password_file = DFL_PASSWORD_FILE; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "password") == 0) { - opt.password = q; - } else if (strcmp(p, "password_file") == 0) { - opt.password_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_PRIVATE) { - if (strlen(opt.password) && strlen(opt.password_file)) { - mbedtls_printf("Error: cannot have both password and password_file\n"); - goto usage; - } - - if (strlen(opt.password_file)) { - FILE *f; - - mbedtls_printf("\n . Loading the password file ..."); - if ((f = fopen(opt.password_file, "rb")) == NULL) { - mbedtls_printf(" failed\n ! fopen returned NULL\n"); - goto cleanup; - } - if (fgets(buf, sizeof(buf), f) == NULL) { - fclose(f); - mbedtls_printf("Error: fgets() failed to retrieve password\n"); - goto cleanup; - } - fclose(f); - - i = (int) strlen(buf); - if (buf[i - 1] == '\n') { - buf[i - 1] = '\0'; - } - if (buf[i - 2] == '\r') { - buf[i - 2] = '\0'; - } - opt.password = buf; - } - - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto cleanup; - } - - mbedtls_printf(" ok\n"); - - mbedtls_printf(" . Key information ...\n"); -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto cleanup; - } - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL)); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto cleanup; - } - } else -#endif - { - mbedtls_printf("Do not know how to print key information for this type\n"); - goto cleanup; - } - } else { - goto usage; - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c deleted file mode 100644 index e36130bcd1..0000000000 --- a/programs/pkey/key_app_writer.c +++ /dev/null @@ -1,495 +0,0 @@ -/* - * Key writing application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#if defined(MBEDTLS_PEM_WRITE_C) -#define USAGE_OUT \ - " output_file=%%s default: keyfile.pem\n" \ - " output_format=pem|der default: pem\n" -#else -#define USAGE_OUT \ - " output_file=%%s default: keyfile.der\n" \ - " output_format=der default: der\n" -#endif - -#if defined(MBEDTLS_PEM_WRITE_C) -#define DFL_OUTPUT_FILENAME "keyfile.pem" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM -#else -#define DFL_OUTPUT_FILENAME "keyfile.der" -#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER -#endif - -#define DFL_MODE MODE_NONE -#define DFL_FILENAME "keyfile.key" -#define DFL_DEBUG_LEVEL 0 -#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE - -#define MODE_NONE 0 -#define MODE_PRIVATE 1 -#define MODE_PUBLIC 2 - -#define OUTPUT_MODE_NONE 0 -#define OUTPUT_MODE_PRIVATE 1 -#define OUTPUT_MODE_PUBLIC 2 - -#define OUTPUT_FORMAT_PEM 0 -#define OUTPUT_FORMAT_DER 1 - -#define USAGE \ - "\n usage: key_app_writer param=<>...\n" \ - "\n acceptable parameters:\n" \ - " mode=private|public default: none\n" \ - " filename=%%s default: keyfile.key\n" \ - " output_mode=private|public default: none\n" \ - USAGE_OUT \ - "\n" - - -/* - * global options - */ -struct options { - int mode; /* the mode to run the application in */ - const char *filename; /* filename of the key file */ - int output_mode; /* the output mode to use */ - const char *output_file; /* where to store the constructed key file */ - int output_format; /* the output format to use */ -} opt; - -static int write_public_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - -#if defined(MBEDTLS_PEM_WRITE_C) - if (opt.output_format == OUTPUT_FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else -#endif - { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "w")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; -#if defined(MBEDTLS_ERROR_C) - char buf[200]; -#endif - int i; - char *p, *q; - - const char *pers = "pkey/key_app"; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_pk_context key; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - - /* - * Set to sane values - */ - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - mbedtls_pk_init(&key); -#if defined(MBEDTLS_ERROR_C) - memset(buf, 0, sizeof(buf)); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); - goto exit; - } - - opt.mode = DFL_MODE; - opt.filename = DFL_FILENAME; - opt.output_mode = DFL_OUTPUT_MODE; - opt.output_file = DFL_OUTPUT_FILENAME; - opt.output_format = DFL_OUTPUT_FORMAT; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.mode = MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.mode = MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_mode") == 0) { - if (strcmp(q, "private") == 0) { - opt.output_mode = OUTPUT_MODE_PRIVATE; - } else if (strcmp(q, "public") == 0) { - opt.output_mode = OUTPUT_MODE_PUBLIC; - } else { - goto usage; - } - } else if (strcmp(p, "output_format") == 0) { -#if defined(MBEDTLS_PEM_WRITE_C) - if (strcmp(q, "pem") == 0) { - opt.output_format = OUTPUT_FORMAT_PEM; - } else -#endif - if (strcmp(q, "der") == 0) { - opt.output_format = OUTPUT_FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "output_file") == 0) { - opt.output_file = q; - } else { - goto usage; - } - } - - if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) { - mbedtls_printf("\nCannot output a key without reading one.\n"); - goto exit; - } - - if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) { - mbedtls_printf("\nCannot output a private key from a public key.\n"); - goto exit; - } - - if (opt.mode == MODE_PRIVATE) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - - } else if (opt.mode == MODE_PUBLIC) { - /* - * 1.1. Load the key - */ - mbedtls_printf("\n . Loading the public key ..."); - fflush(stdout); - - ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename); - - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf(" ok\n"); - - /* - * 1.2 Print the key - */ - mbedtls_printf(" . Key information ...\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, - NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf("key type not supported yet\n"); - } else { - goto usage; - } - - if (opt.output_mode == OUTPUT_MODE_PUBLIC) { - write_public_key(&key, opt.output_file); - } - if (opt.output_mode == OUTPUT_MODE_PRIVATE) { - write_private_key(&key, opt.output_file); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c deleted file mode 100644 index a9c3190bf3..0000000000 --- a/programs/pkey/mpi_demo.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Simple MPI demonstration program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/bignum.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_mpi E, P, Q, N, H, D, X, Y, Z; - - mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N); - mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - mbedtls_mpi_init(&Z); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203")); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257")); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q)); - - mbedtls_printf("\n Public key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL)); - - mbedtls_printf("\n Private key:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL)); - -#if defined(MBEDTLS_GENPRIME) - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q)); - MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H)); - - mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ", - &D, 10, NULL); -#else - mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n"); -#endif - MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555")); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL)); - - mbedtls_printf("\n RSA operation:\n\n"); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL)); - mbedtls_printf("\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N); - mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - mbedtls_mpi_free(&Z); - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("\nAn error occurred.\n"); - } - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c deleted file mode 100644 index d2bfde50f0..0000000000 --- a/programs/pkey/pk_decrypt.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Public key-based simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_decrypt"; - ((void) argv); - - mbedtls_pk_init(&pk); - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - - memset(result, 0, sizeof(result)); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 2) { - mbedtls_printf("usage: mbedtls_pk_decrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - ret = 1; - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c deleted file mode 100644 index 1ab2a3d60e..0000000000 --- a/programs/pkey/pk_encrypt.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i, olen = 0; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "mbedtls_pk_encrypt"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - if (strlen(argv[2]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[2], strlen(argv[2])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the encrypted value"); - fflush(stdout); - - if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]), - buf, &olen, sizeof(buf))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", - "result-enc.txt"); - ret = 1; - goto exit; - } - - for (i = 0; i < olen; i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_pk_free(&pk); - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c deleted file mode 100644 index c2c313ac1a..0000000000 --- a/programs/pkey/rsa_decrypt.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * RSA simple decryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include - -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - unsigned c; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char result[1024]; - unsigned char buf[512]; - const char *pers = "rsa_decrypt"; - ((void) argv); - - memset(result, 0, sizeof(result)); - - if (argc != 1) { - mbedtls_printf("usage: rsa_decrypt\n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - /* - * Extract the RSA encrypted value from the text file - */ - if ((f = fopen("result-enc.txt", "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt"); - goto exit; - } - - i = 0; - - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Decrypt the encrypted RSA data and print the result. - */ - mbedtls_printf("\n . Decrypting the encrypted data"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, &i, - buf, result, 1024); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . OK\n\n"); - - mbedtls_printf("The decrypted result is: '%s'\n\n", result); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c deleted file mode 100644 index e1ed252bb2..0000000000 --- a/programs/pkey/rsa_encrypt.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * RSA simple data encryption program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ - defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ - defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char input[1024]; - unsigned char buf[512]; - const char *pers = "rsa_encrypt"; - mbedtls_mpi N, E; - - if (argc != 2) { - mbedtls_printf("usage: rsa_encrypt \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - mbedtls_exit(exit_code); - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&E); - mbedtls_rsa_init(&rsa); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, - &entropy, (const unsigned char *) pers, - strlen(pers)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", - ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if (strlen(argv[1]) > 100) { - mbedtls_printf(" Input data larger than 100 characters.\n\n"); - goto exit; - } - - memcpy(input, argv[1], strlen(argv[1])); - - /* - * Calculate the RSA encryption of the hash. - */ - mbedtls_printf("\n . Generating the RSA encrypted value"); - fflush(stdout); - - ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, strlen(argv[1]), input, buf); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", - ret); - goto exit; - } - - /* - * Write the signature into result-enc.txt - */ - if ((f = fopen("result-enc.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt"); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_mpi_free(&N); mbedtls_mpi_free(&E); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_rsa_free(&rsa); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && - MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c deleted file mode 100644 index 3dfa8529eb..0000000000 --- a/programs/pkey/rsa_genkey.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Example RSA key generation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/bignum.h" -#include "mbedtls/rsa.h" - -#include -#include -#endif - -#define KEY_SIZE 2048 -#define EXPONENT 65537 - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " - "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(void) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_rsa_context rsa; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - FILE *fpub = NULL; - FILE *fpriv = NULL; - const char *pers = "rsa_genkey"; - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - mbedtls_entropy_init(&entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE); - fflush(stdout); - - if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, - EXPONENT)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt...."); - fflush(stdout); - - if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt..."); - fflush(stdout); - - if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) { - mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 || - (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret); - goto exit; - } - mbedtls_printf(" ok\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (fpub != NULL) { - fclose(fpub); - } - - if (fpriv != NULL) { - fclose(fpriv); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - mbedtls_rsa_free(&rsa); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c deleted file mode 100644 index e88e4e33b6..0000000000 --- a/programs/pkey/rsa_sign.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * RSA/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - - mbedtls_rsa_init(&rsa); - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - if (argc != 2) { - mbedtls_printf("usage: rsa_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading private key from rsa_priv.txt"); - fflush(stdout); - - if ((f = fopen("rsa_priv.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n", - ret); - goto exit; - } - - if ((ret = mbedtls_rsa_complete(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n", - ret); - goto exit; - } - - mbedtls_printf("\n . Checking the private key"); - fflush(stdout); - if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]); - goto exit; - } - - for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { - mbedtls_fprintf(f, "%02X%s", buf[i], - (i + 1) % 16 == 0 ? "\r\n" : " "); - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c deleted file mode 100644 index af6156cdba..0000000000 --- a/programs/pkey/rsa_verify.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * RSA/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/rsa.h" - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - unsigned c; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_rsa_context rsa; - mbedtls_mpi N, E; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_rsa_init(&rsa); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&E); - - if (argc != 2) { - mbedtls_printf("usage: rsa_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from rsa_pub.txt"); - fflush(stdout); - - if ((f = fopen("rsa_pub.txt", "rb")) == NULL) { - mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \ - " ! Please run rsa_genkey first\n\n"); - goto exit; - } - - if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || - (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { - mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); - fclose(f); - goto exit; - } - fclose(f); - - /* - * Extract the RSA signature from the text file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = 0; - while (fscanf(f, "%02X", (unsigned int *) &c) > 0 && - i < (int) sizeof(buf)) { - buf[i++] = (unsigned char) c; - } - - fclose(f); - - if (i != mbedtls_rsa_get_len(&rsa)) { - mbedtls_printf("\n ! Invalid RSA signature format\n\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[1], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]); - goto exit; - } - - if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - 32, hash, buf)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - mbedtls_rsa_free(&rsa); - mbedtls_mpi_free(&N); - mbedtls_mpi_free(&E); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_FS_IO */ diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt deleted file mode 100644 index 76cb8407af..0000000000 --- a/programs/random/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set(executables - gen_entropy - gen_random_ctr_drbg -) -add_dependencies(${programs_target} ${executables}) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c deleted file mode 100644 index eb85b62690..0000000000 --- a/programs/random/gen_entropy.c +++ /dev/null @@ -1,77 +0,0 @@ -/** - * \brief Use and generate multiple entropies calls into a file - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" - -#include -#endif - -#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_entropy_context entropy; - unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n", - (unsigned int) ret); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_ENTROPY_C */ diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c deleted file mode 100644 index 793c8ac88c..0000000000 --- a/programs/random/gen_random_ctr_drbg.c +++ /dev/null @@ -1,109 +0,0 @@ -/** - * \brief Use and generate random data into a file via the CTR_DBRG based on AES - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "mbedtls/build_info.h" - -#include "mbedtls/platform.h" - -#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_FS_IO) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#endif - -#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - - -int main(int argc, char *argv[]) -{ - FILE *f; - int i, k, ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[1024]; - - mbedtls_ctr_drbg_init(&ctr_drbg); - - if (argc < 2) { - mbedtls_fprintf(stderr, "usage: %s \n", argv[0]); - mbedtls_exit(exit_code); - } - - if ((f = fopen(argv[1], "wb+")) == NULL) { - mbedtls_printf("failed to open '%s' for writing.\n", argv[1]); - mbedtls_exit(exit_code); - } - - mbedtls_entropy_init(&entropy); - ret = mbedtls_ctr_drbg_seed(&ctr_drbg, - mbedtls_entropy_func, - &entropy, - (const unsigned char *) "RANDOM_GEN", - 10); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret); - goto cleanup; - } - mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF); - -#if defined(MBEDTLS_FS_IO) - ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile"); - - if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) { - mbedtls_printf("Failed to open seedfile. Generating one.\n"); - ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile"); - if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret); - goto cleanup; - } - } else if (ret != 0) { - mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret); - goto cleanup; - } -#endif - - for (i = 0, k = 768; i < k; i++) { - ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf)); - if (ret != 0) { - mbedtls_printf("failed!\n"); - goto cleanup; - } - - fwrite(buf, 1, sizeof(buf), f); - - mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \ - "%% done\r", - (long) (sizeof(buf) * k / 1024), - argv[1], - (100 * (float) (i + 1)) / k); - fflush(stdout); - } - - exit_code = MBEDTLS_EXIT_SUCCESS; - -cleanup: - mbedtls_printf("\n"); - - fclose(f); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */ diff --git a/programs/wince_main.c b/programs/wince_main.c deleted file mode 100644 index de11162291..0000000000 --- a/programs/wince_main.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Windows CE console application entry point - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#if defined(_WIN32_WCE) - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include - -extern int main(int, const char **); - -int _tmain(int argc, _TCHAR *targv[]) -{ - char **argv; - int i; - - argv = (char **) calloc(argc, sizeof(char *)); - - for (i = 0; i < argc; i++) { - size_t len; - len = _tcslen(targv[i]) + 1; - argv[i] = (char *) calloc(len, sizeof(char)); - wcstombs(argv[i], targv[i], len); - } - - return main(argc, argv); -} - -#endif /* defined(_WIN32_WCE) */