ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-10 00:49:04 +08:00
Code Issues Releases Wiki Activity

Merge pull request #10000 from bjwtaylor/remove-sample-programs

Browse Source 
Delete some sample programs
This commit is contained in:
David Horstmann 2025-03-27 09:47:10 +00:00 committed by GitHub
commit 06bdb16719
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
31 changed files with 25 additions and 4296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ChangeLog.d/9964.txt Normal file
View File

@ -0,0 +1,25 @@
Removals
* Removal of the following sample programs:
pkey/rsa_genkey.c
pkey/pk_decrypt.c
pkey/dh_genprime.c
pkey/rsa_verify.c
pkey/mpi_demo.c
pkey/rsa_decrypt.c
pkey/key_app.c
pkey/dh_server.c
pkey/ecdh_curve25519.c
pkey/pk_encrypt.c
pkey/rsa_sign.c
pkey/key_app_writer.c
pkey/dh_client.c
pkey/ecdsa.c
pkey/rsa_encrypt.c
wince_main.c
aes/crypt_and_hash.c
random/gen_random_ctr_drbg.c
random/gen_entropy.c
hash/md_hmac_demo.c
hash/hello.c
hash/generic_sum.c
cipher/cipher_aead_demo.c

22
programs/.gitignore vendored
View File

@ -5,36 +5,14 @@
*.sln *.sln
*.vcxproj *.vcxproj
aes/crypt_and_hash
cipher/cipher_aead_demo
hash/generic_sum
hash/hello
hash/md_hmac_demo
hash/md5sum hash/md5sum
hash/sha1sum hash/sha1sum
hash/sha2sum hash/sha2sum
pkey/dh_client
pkey/dh_genprime
pkey/dh_server
pkey/ecdh_curve25519
pkey/ecdsa
pkey/gen_key pkey/gen_key
pkey/key_app
pkey/key_app_writer
pkey/mpi_demo
pkey/pk_decrypt
pkey/pk_encrypt
pkey/pk_sign pkey/pk_sign
pkey/pk_verify pkey/pk_verify
pkey/rsa_decrypt
pkey/rsa_encrypt
pkey/rsa_genkey
pkey/rsa_sign
pkey/rsa_sign_pss pkey/rsa_sign_pss
pkey/rsa_verify
pkey/rsa_verify_pss pkey/rsa_verify_pss
random/gen_entropy
random/gen_random_ctr_drbg
ssl/dtls_client ssl/dtls_client
ssl/dtls_server ssl/dtls_server
ssl/mini_client ssl/mini_client

4
programs/CMakeLists.txt
View File

@ -1,14 +1,10 @@
set(programs_target "${MBEDTLS_TARGET_PREFIX}programs") set(programs_target "${MBEDTLS_TARGET_PREFIX}programs")
add_custom_target(${programs_target}) add_custom_target(${programs_target})
add_subdirectory(aes)
add_subdirectory(cipher)
if (NOT WIN32) if (NOT WIN32)
add_subdirectory(fuzz) add_subdirectory(fuzz)
endif() endif()
add_subdirectory(hash)
add_subdirectory(pkey) add_subdirectory(pkey)
add_subdirectory(random)
add_subdirectory(ssl) add_subdirectory(ssl)
add_subdirectory(test) add_subdirectory(test)
add_subdirectory(util) add_subdirectory(util)

100
programs/Makefile
View File

@ -36,28 +36,10 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs
## Note: Variables cannot be used to define an apps path. This cannot be ## Note: Variables cannot be used to define an apps path. This cannot be
## substituted by the script generate_visualc_files.pl. ## substituted by the script generate_visualc_files.pl.
APPS = \ APPS = \
aes/crypt_and_hash \
cipher/cipher_aead_demo \
hash/generic_sum \
hash/hello \
hash/md_hmac_demo \
pkey/dh_genprime \
pkey/ecdh_curve25519 \
pkey/ecdsa \
pkey/gen_key \ pkey/gen_key \
pkey/key_app \
pkey/key_app_writer \
pkey/mpi_demo \
pkey/pk_decrypt \
pkey/pk_encrypt \
pkey/pk_sign \ pkey/pk_sign \
pkey/pk_verify \ pkey/pk_verify \
pkey/rsa_decrypt \
pkey/rsa_encrypt \
pkey/rsa_genkey \
pkey/rsa_sign \
pkey/rsa_sign_pss \ pkey/rsa_sign_pss \
pkey/rsa_verify \
pkey/rsa_verify_pss \ pkey/rsa_verify_pss \
../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/aead_demo \
../tf-psa-crypto/programs/psa/crypto_examples \ ../tf-psa-crypto/programs/psa/crypto_examples \
@ -65,8 +47,6 @@ APPS = \
../tf-psa-crypto/programs/psa/key_ladder_demo \ ../tf-psa-crypto/programs/psa/key_ladder_demo \
../tf-psa-crypto/programs/psa/psa_constant_names \ ../tf-psa-crypto/programs/psa/psa_constant_names \
../tf-psa-crypto/programs/psa/psa_hash \ ../tf-psa-crypto/programs/psa/psa_hash \
random/gen_entropy \
random/gen_random_ctr_drbg \
ssl/dtls_client \ ssl/dtls_client \
ssl/dtls_server \ ssl/dtls_server \
ssl/mini_client \ ssl/mini_client \
@ -155,62 +135,10 @@ test/query_config.c:
echo " Gen $@" echo " Gen $@"
$(PERL) ../scripts/generate_query_config.pl $(PERL) ../scripts/generate_query_config.pl
aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
echo " CC aes/crypt_and_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP)
echo " CC cipher/cipher_aead_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP)
echo " CC hash/generic_sum.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
hash/hello$(EXEXT): hash/hello.c $(DEP)
echo " CC hash/hello.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP)
echo " CC hash/md_hmac_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
echo " CC pkey/dh_genprime.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
echo " CC pkey/ecdh_curve25519.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP)
echo " CC pkey/ecdsa.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
echo " CC pkey/gen_key.c" echo " CC pkey/gen_key.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/key_app$(EXEXT): pkey/key_app.c $(DEP)
echo " CC pkey/key_app.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP)
echo " CC pkey/key_app_writer.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP)
echo " CC pkey/mpi_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP)
echo " CC pkey/pk_decrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP)
echo " CC pkey/pk_encrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
echo " CC pkey/pk_sign.c" echo " CC pkey/pk_sign.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@ -219,18 +147,6 @@ pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP)
echo " CC pkey/pk_verify.c" echo " CC pkey/pk_verify.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP)
echo " CC pkey/rsa_genkey.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP)
echo " CC pkey/rsa_sign.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP)
echo " CC pkey/rsa_verify.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
echo " CC pkey/rsa_sign_pss.c" echo " CC pkey/rsa_sign_pss.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@ -239,14 +155,6 @@ pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP)
echo " CC pkey/rsa_verify_pss.c" echo " CC pkey/rsa_verify_pss.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP)
echo " CC pkey/rsa_decrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP)
echo " CC pkey/rsa_encrypt.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
echo " CC psa/aead_demo.c" echo " CC psa/aead_demo.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@ -271,14 +179,6 @@ pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP)
echo " CC psa/psa_hash.c" echo " CC psa/psa_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
echo " CC random/gen_entropy.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP)
echo " CC random/gen_random_ctr_drbg.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP) ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP)
echo " CC ssl/dtls_client.c" echo " CC ssl/dtls_client.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

45
programs/README.md
View File

@ -3,61 +3,16 @@ Mbed TLS sample programs
This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
## Symmetric cryptography (AES) examples
* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
## Hash (digest) examples
* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface.
* [`hash/hello.c`](hash/hello.c): hello-world program for MD5.
## Public-key cryptography examples
### Generic public-key cryptography (`pk`) examples ### Generic public-key cryptography (`pk`) examples
* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. * [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content.
* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file.
* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface.
* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. * [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
### ECDSA and RSA signature examples ### ECDSA and RSA signature examples
* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature.
* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface.
* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs.
* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm.
* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. * [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
### Diffie-Hellman key exchange examples
* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.
### Bignum (`mpi`) usage examples
* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters.
* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers.
## Random number generator (RNG) examples
* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data.
Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`.
* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.
## SSL/TLS examples
### SSL/TLS sample applications ### SSL/TLS sample applications
* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response. * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.

15
programs/aes/CMakeLists.txt
View File

@ -1,15 +0,0 @@
set(executables
crypt_and_hash
)
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

578
programs/aes/crypt_and_hash.c
View File

@ -1,578 +0,0 @@
/*
* \brief Generic file encryption program using generic wrappers for configured
* security.
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
defined(MBEDTLS_FS_IO)
#include "mbedtls/cipher.h"
#include "mbedtls/md.h"
#include "mbedtls/platform_util.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#endif
#if defined(_WIN32)
#include <windows.h>
#if !defined(_WIN32_WCE)
#include <io.h>
#endif
#else
#include <sys/types.h>
#include <unistd.h>
#endif
#define MODE_ENCRYPT 0
#define MODE_DECRYPT 1
#define USAGE \
"\n crypt_and_hash <mode> <input filename> <output filename> <cipher> <mbedtls_md> <key>\n" \
"\n <mode>: 0 = encrypt, 1 = decrypt\n" \
"\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
"\n"
#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
int ret = 1, i;
unsigned n;
int exit_code = MBEDTLS_EXIT_FAILURE;
int mode;
size_t keylen, ilen, olen;
FILE *fkey, *fin = NULL, *fout = NULL;
char *p;
unsigned char IV[16];
unsigned char key[512];
unsigned char digest[MBEDTLS_MD_MAX_SIZE];
unsigned char buffer[1024];
unsigned char output[1024];
unsigned char diff;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
mbedtls_cipher_context_t cipher_ctx;
mbedtls_md_context_t md_ctx;
mbedtls_cipher_mode_t cipher_mode;
unsigned int cipher_block_size;
unsigned char md_size;
#if defined(_WIN32_WCE)
long filesize, offset;
#elif defined(_WIN32)
LARGE_INTEGER li_size;
__int64 filesize, offset;
#else
off_t filesize, offset;
#endif
mbedtls_cipher_init(&cipher_ctx);
mbedtls_md_init(&md_ctx);
/*
* Parse the command-line arguments.
*/
if (argc != 7) {
const int *list;
mbedtls_printf(USAGE);
mbedtls_printf("Available ciphers:\n");
list = mbedtls_cipher_list();
while (*list) {
cipher_info = mbedtls_cipher_info_from_type(*list);
const char *name = mbedtls_cipher_info_get_name(cipher_info);
if (name) {
mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info));
}
list++;
}
mbedtls_printf("\nAvailable message digests:\n");
list = mbedtls_md_list();
while (*list) {
md_info = mbedtls_md_info_from_type(*list);
mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
list++;
}
goto exit;
}
mode = atoi(argv[1]);
if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
mbedtls_fprintf(stderr, "invalid operation mode\n");
goto exit;
}
if (strcmp(argv[2], argv[3]) == 0) {
mbedtls_fprintf(stderr, "input and output filenames must differ\n");
goto exit;
}
if ((fin = fopen(argv[2], "rb")) == NULL) {
mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]);
goto exit;
}
if ((fout = fopen(argv[3], "wb+")) == NULL) {
mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]);
goto exit;
}
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf(fin, NULL);
mbedtls_setbuf(fout, NULL);
/*
* Read the Cipher and MD from the command line
*/
cipher_info = mbedtls_cipher_info_from_string(argv[4]);
if (cipher_info == NULL) {
mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]);
goto exit;
}
if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n");
goto exit;
}
md_info = mbedtls_md_info_from_string(argv[5]);
if (md_info == NULL) {
mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]);
goto exit;
}
if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n");
goto exit;
}
/*
* Read the secret key from file or command line
*/
if ((fkey = fopen(argv[6], "rb")) != NULL) {
keylen = fread(key, 1, sizeof(key), fkey);
fclose(fkey);
} else {
if (memcmp(argv[6], "hex:", 4) == 0) {
p = &argv[6][4];
keylen = 0;
while (sscanf(p, "%02X", (unsigned int *) &n) > 0 &&
keylen < (int) sizeof(key)) {
key[keylen++] = (unsigned char) n;
p += 2;
}
} else {
keylen = strlen(argv[6]);
if (keylen > (int) sizeof(key)) {
keylen = (int) sizeof(key);
}
memcpy(key, argv[6], keylen);
}
}
#if defined(_WIN32_WCE)
filesize = fseek(fin, 0L, SEEK_END);
#else
#if defined(_WIN32)
/*
* Support large files (> 2Gb) on Win32
*/
li_size.QuadPart = 0;
li_size.LowPart =
SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)),
li_size.LowPart, &li_size.HighPart, FILE_END);
if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) {
mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n");
goto exit;
}
filesize = li_size.QuadPart;
#else
if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) {
perror("lseek");
goto exit;
}
#endif
#endif
if (fseek(fin, 0, SEEK_SET) < 0) {
mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n");
goto exit;
}
md_size = mbedtls_md_get_size(md_info);
cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx);
if (mode == MODE_ENCRYPT) {
/*
* Generate the initialization vector as:
* IV = MD( filesize || filename )[0..15]
*/
for (i = 0; i < 8; i++) {
buffer[i] = (unsigned char) (filesize >> (i << 3));
}
p = argv[2];
if (mbedtls_md_starts(&md_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
goto exit;
}
if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p))
!= 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if (mbedtls_md_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
goto exit;
}
memcpy(IV, digest, 16);
/*
* Append the IV at the beginning of the output.
*/
if (fwrite(IV, 1, 16, fout) != 16) {
mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16);
goto exit;
}
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset(digest, 0, 32);
memcpy(digest, IV, 16);
for (i = 0; i < 8192; i++) {
if (mbedtls_md_starts(&md_ctx) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_starts() returned error\n");
goto exit;
}
if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_update() returned error\n");
goto exit;
}
if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_update() returned error\n");
goto exit;
}
if (mbedtls_md_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_finish() returned error\n");
goto exit;
}
}
if (mbedtls_cipher_setkey(&cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_ENCRYPT) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
goto exit;
}
/*
* Encrypt and write the ciphertext.
*/
for (offset = 0; offset < filesize; offset += cipher_block_size) {
ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
cipher_block_size : (unsigned int) (filesize - offset);
if (fread(buffer, 1, ilen, fin) != ilen) {
mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen);
goto exit;
}
if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
goto exit;
}
if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
/*
* Finally write the HMAC.
*/
if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
goto exit;
}
if (fwrite(digest, 1, md_size, fout) != md_size) {
mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size);
goto exit;
}
}
if (mode == MODE_DECRYPT) {
/*
* The encrypted file must be structured as follows:
*
* 00 .. 15 Initialization Vector
* 16 .. 31 Encrypted Block #1
* ..
* N*16 .. (N+1)*16 - 1 Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
*/
if (filesize < 16 + md_size) {
mbedtls_fprintf(stderr, "File too short to be encrypted.\n");
goto exit;
}
if (cipher_block_size == 0) {
mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n");
goto exit;
}
/*
* Check the file size.
*/
cipher_mode = mbedtls_cipher_info_get_mode(cipher_info);
if (cipher_mode != MBEDTLS_MODE_GCM &&
cipher_mode != MBEDTLS_MODE_CTR &&
cipher_mode != MBEDTLS_MODE_CFB &&
cipher_mode != MBEDTLS_MODE_OFB &&
((filesize - md_size) % cipher_block_size) != 0) {
mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n",
cipher_block_size);
goto exit;
}
/*
* Subtract the IV + HMAC length.
*/
filesize -= (16 + md_size);
/*
* Read the IV and original filesize modulo 16.
*/
if (fread(buffer, 1, 16, fin) != 16) {
mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16);
goto exit;
}
memcpy(IV, buffer, 16);
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset(digest, 0, 32);
memcpy(digest, IV, 16);
for (i = 0; i < 8192; i++) {
if (mbedtls_md_starts(&md_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
goto exit;
}
if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if (mbedtls_md_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
goto exit;
}
}
if (mbedtls_cipher_setkey(&cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_DECRYPT) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
goto exit;
}
/*
* Decrypt and write the plaintext.
*/
for (offset = 0; offset < filesize; offset += cipher_block_size) {
ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
cipher_block_size : (unsigned int) (filesize - offset);
if (fread(buffer, 1, ilen, fin) != ilen) {
mbedtls_fprintf(stderr, "fread(%u bytes) failed\n",
cipher_block_size);
goto exit;
}
if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output,
&olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
/*
* Verify the message authentication code.
*/
if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
goto exit;
}
if (fread(buffer, 1, md_size, fin) != md_size) {
mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size);
goto exit;
}
/* Use constant-time buffer comparison */
diff = 0;
for (i = 0; i < md_size; i++) {
diff |= digest[i] ^ buffer[i];
}
if (diff != 0) {
mbedtls_fprintf(stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n");
goto exit;
}
/*
* Write the final block of data
*/
if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
goto exit;
}
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if (fin) {
fclose(fin);
}
if (fout) {
fclose(fout);
}
/* Zeroize all command line arguments to also cover
the case when the user has missed or reordered some,
in which case the key might not be in argv[6]. */
for (i = 0; i < argc; i++) {
mbedtls_platform_zeroize(argv[i], strlen(argv[i]));
}
mbedtls_platform_zeroize(IV, sizeof(IV));
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(buffer, sizeof(buffer));
mbedtls_platform_zeroize(output, sizeof(output));
mbedtls_platform_zeroize(digest, sizeof(digest));
mbedtls_cipher_free(&cipher_ctx);
mbedtls_md_free(&md_ctx);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */

15
programs/cipher/CMakeLists.txt
View File

@ -1,15 +0,0 @@
set(executables
cipher_aead_demo
)
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

261
programs/cipher/cipher_aead_demo.c
View File

@ -1,261 +0,0 @@
/**
* Cipher API multi-part AEAD demonstration.
*
* This program AEAD-encrypts a message, using the algorithm and key size
* specified on the command line, using the multi-part API.
*
* It comes with a companion program psa/aead_demo.c, which does the same
* operations with the PSA Crypto API. The goal is that comparing the two
* programs will help people migrating to the PSA Crypto API.
*
* When used with multi-part AEAD operations, the `mbedtls_cipher_context`
* serves a triple purpose (1) hold the key, (2) store the algorithm when no
* operation is active, and (3) save progress information for the current
* operation. With PSA those roles are held by disinct objects: (1) a
* psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
* algorithm, and (3) a psa_operation_t for multi-part progress.
*
* On the other hand, with PSA, the algorithms encodes the desired tag length;
* with Cipher the desired tag length needs to be tracked separately.
*
* This program and its companion psa/aead_demo.c illustrate this by doing the
* same sequence of multi-part AEAD computation with both APIs; looking at the
* two side by side should make the differences and similarities clear.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
* platform definitions that we'll use in this program. Also include
* standard C headers for functions we'll use here. */
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/cipher.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_CIPHER_C) || \
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
!defined(MBEDTLS_CHACHAPOLY_C)
int main(void)
{
printf("MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined\r\n");
return 0;
}
#else
/* The real program starts here. */
const char usage[] =
"Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
const unsigned char iv1[12] = { 0x00 };
const unsigned char add_data1[] = { 0x01, 0x02 };
const unsigned char msg1_part1[] = { 0x03, 0x04 };
const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
/* Dummy data (2nd message) */
const unsigned char iv2[12] = { 0x10 };
const unsigned char add_data2[] = { 0x11, 0x12 };
const unsigned char msg2_part1[] = { 0x13, 0x14 };
const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
/* Maximum total size of the messages */
#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
/* Dummy key material - never do this in production!
* 32-byte is enough to all the key size supported by this program. */
const unsigned char key_bytes[32] = { 0x2a };
/* Print the contents of a buffer in hex */
static void print_buf(const char *title, unsigned char *buf, size_t len)
{
printf("%s:", title);
for (size_t i = 0; i < len; i++) {
printf(" %02x", buf[i]);
}
printf("\n");
}
/* Run an Mbed TLS function and bail out if it fails.
* A string description of the error code can be recovered with:
* programs/util/strerror <value> */
#define CHK(expr) \
do \
{ \
ret = (expr); \
if (ret != 0) \
{ \
printf("Error %d at line %d: %s\n", \
ret, \
__LINE__, \
#expr); \
goto exit; \
} \
} while (0)
/*
* Prepare encryption material:
* - interpret command-line argument
* - set up key
* - outputs: context and tag length, which together hold all the information
*/
static int aead_prepare(const char *info,
mbedtls_cipher_context_t *ctx,
size_t *tag_len)
{
int ret;
/* Convert arg to type + tag_len */
mbedtls_cipher_type_t type;
if (strcmp(info, "aes128-gcm") == 0) {
type = MBEDTLS_CIPHER_AES_128_GCM;
*tag_len = 16;
} else if (strcmp(info, "aes256-gcm") == 0) {
type = MBEDTLS_CIPHER_AES_256_GCM;
*tag_len = 16;
} else if (strcmp(info, "aes128-gcm_8") == 0) {
type = MBEDTLS_CIPHER_AES_128_GCM;
*tag_len = 8;
} else if (strcmp(info, "chachapoly") == 0) {
type = MBEDTLS_CIPHER_CHACHA20_POLY1305;
*tag_len = 16;
} else {
puts(usage);
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/* Prepare context for the given type */
CHK(mbedtls_cipher_setup(ctx,
mbedtls_cipher_info_from_type(type)));
/* Import key */
int key_len = mbedtls_cipher_get_key_bitlen(ctx);
CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT));
exit:
return ret;
}
/*
* Print out some information.
*
* All of this information was present in the command line argument, but his
* function demonstrates how each piece can be recovered from (ctx, tag_len).
*/
static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len)
{
mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx);
const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type);
const char *ciph = mbedtls_cipher_info_get_name(info);
int key_bits = mbedtls_cipher_get_key_bitlen(ctx);
mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx);
const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM"
: mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly"
: "???";
printf("%s, %d, %s, %u\n",
ciph, key_bits, mode_str, (unsigned) tag_len);
}
/*
* Encrypt a 2-part message.
*/
static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *part1, size_t part1_len,
const unsigned char *part2, size_t part2_len)
{
int ret;
size_t olen;
#define MAX_TAG_LENGTH 16
unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH];
unsigned char *p = out;
CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len));
CHK(mbedtls_cipher_reset(ctx));
CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len));
CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen));
p += olen;
CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen));
p += olen;
CHK(mbedtls_cipher_finish(ctx, p, &olen));
p += olen;
CHK(mbedtls_cipher_write_tag(ctx, p, tag_len));
p += tag_len;
olen = p - out;
print_buf("out", out, olen);
exit:
return ret;
}
/*
* AEAD demo: set up key/alg, print out info, encrypt messages.
*/
static int aead_demo(const char *info)
{
int ret = 0;
mbedtls_cipher_context_t ctx;
size_t tag_len;
mbedtls_cipher_init(&ctx);
CHK(aead_prepare(info, &ctx, &tag_len));
aead_info(&ctx, tag_len);
CHK(aead_encrypt(&ctx, tag_len,
iv1, sizeof(iv1), add_data1, sizeof(add_data1),
msg1_part1, sizeof(msg1_part1),
msg1_part2, sizeof(msg1_part2)));
CHK(aead_encrypt(&ctx, tag_len,
iv2, sizeof(iv2), add_data2, sizeof(add_data2),
msg2_part1, sizeof(msg2_part1),
msg2_part2, sizeof(msg2_part2)));
exit:
mbedtls_cipher_free(&ctx);
return ret;
}
/*
* Main function
*/
int main(int argc, char **argv)
{
/* Check usage */
if (argc != 2) {
puts(usage);
return 1;
}
int ret;
/* Run the demo */
CHK(aead_demo(argv[1]));
exit:
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

17
programs/hash/CMakeLists.txt
View File

@ -1,17 +0,0 @@
set(executables
generic_sum
hello
md_hmac_demo
)
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

211
programs/hash/generic_sum.c
View File

@ -1,211 +0,0 @@
/*
* generic message digest layer demonstration program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/md.h"
#include <stdio.h>
#include <string.h>
#endif
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum)
{
int ret = mbedtls_md_file(md_info, filename, sum);
if (ret == 1) {
mbedtls_fprintf(stderr, "failed to open: %s\n", filename);
}
if (ret == 2) {
mbedtls_fprintf(stderr, "failed to read: %s\n", filename);
}
return ret;
}
static int generic_print(const mbedtls_md_info_t *md_info, char *filename)
{
int i;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
if (generic_wrapper(md_info, filename, sum) != 0) {
return 1;
}
for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
mbedtls_printf("%02x", sum[i]);
}
mbedtls_printf(" %s\n", filename);
return 0;
}
static int generic_check(const mbedtls_md_info_t *md_info, char *filename)
{
int i;
size_t n;
FILE *f;
int nb_err1, nb_err2;
int nb_tot1, nb_tot2;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
char line[1024];
char diff;
#if defined(__clang_analyzer__)
char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
#else
char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
#endif
if ((f = fopen(filename, "rb")) == NULL) {
mbedtls_printf("failed to open: %s\n", filename);
return 1;
}
nb_err1 = nb_err2 = 0;
nb_tot1 = nb_tot2 = 0;
memset(line, 0, sizeof(line));
n = sizeof(line);
while (fgets(line, (int) n - 1, f) != NULL) {
n = strlen(line);
if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) {
mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
continue;
}
if (line[2 * mbedtls_md_get_size(md_info)] != ' ' ||
line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') {
mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
continue;
}
if (line[n - 1] == '\n') {
n--; line[n] = '\0';
}
if (line[n - 1] == '\r') {
n--; line[n] = '\0';
}
nb_tot1++;
if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) {
nb_err1++;
continue;
}
nb_tot2++;
for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
sprintf(buf + i * 2, "%02x", sum[i]);
}
/* Use constant-time buffer comparison */
diff = 0;
for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) {
diff |= line[i] ^ buf[i];
}
if (diff != 0) {
nb_err2++;
mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66);
}
n = sizeof(line);
}
if (nb_err1 != 0) {
mbedtls_printf("WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1);
}
if (nb_err2 != 0) {
mbedtls_printf("WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2);
}
fclose(f);
return nb_err1 != 0 || nb_err2 != 0;
}
int main(int argc, char *argv[])
{
int ret = 1, i;
int exit_code = MBEDTLS_EXIT_FAILURE;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
mbedtls_md_init(&md_ctx);
if (argc < 2) {
const int *list;
mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
mbedtls_printf("check mode: generic_sum <mbedtls_md> -c <checksum file>\n");
mbedtls_printf("\nAvailable message digests:\n");
list = mbedtls_md_list();
while (*list) {
md_info = mbedtls_md_info_from_type(*list);
mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
list++;
}
mbedtls_exit(exit_code);
}
/*
* Read the MD from the command line
*/
md_info = mbedtls_md_info_from_string(argv[1]);
if (md_info == NULL) {
mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]);
mbedtls_exit(exit_code);
}
if (mbedtls_md_setup(&md_ctx, md_info, 0)) {
mbedtls_fprintf(stderr, "Failed to initialize context.\n");
mbedtls_exit(exit_code);
}
ret = 0;
if (argc == 4 && strcmp("-c", argv[2]) == 0) {
ret |= generic_check(md_info, argv[3]);
goto exit;
}
for (i = 2; i < argc; i++) {
ret |= generic_print(md_info, argv[i]);
}
if (ret == 0) {
exit_code = MBEDTLS_EXIT_SUCCESS;
}
exit:
mbedtls_md_free(&md_ctx);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */

47
programs/hash/hello.c
View File

@ -1,47 +0,0 @@
/*
* Classic "Hello, world" demonstration program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_MD5_C)
#include "mbedtls/md5.h"
#endif
#if !defined(MBEDTLS_MD5_C)
int main(void)
{
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
mbedtls_exit(0);
}
#else
int main(void)
{
int i, ret;
unsigned char digest[16];
char str[] = "Hello, world!";
mbedtls_printf("\n MD5('%s') = ", str);
if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) {
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
for (i = 0; i < 16; i++) {
mbedtls_printf("%02x", digest[i]);
}
mbedtls_printf("\n\n");
mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
}
#endif /* MBEDTLS_MD5_C */

138
programs/hash/md_hmac_demo.c
View File

@ -1,138 +0,0 @@
/**
* MD API multi-part HMAC demonstration.
*
* This programs computes the HMAC of two messages using the multi-part API.
*
* This is a companion to psa/hmac_demo.c, doing the same operations with the
* legacy MD API. The goal is that comparing the two programs will help people
* migrating to the PSA Crypto API.
*
* When it comes to multi-part HMAC operations, the `mbedtls_md_context`
* serves a dual purpose (1) hold the key, and (2) save progress information
* for the current operation. With PSA those roles are held by two disinct
* objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
* multi-part progress.
*
* This program and its companion psa/hmac_demo.c illustrate this by doing the
* same sequence of multi-part HMAC computation with both APIs; looking at the
* two side by side should make the differences and similarities clear.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
* platform definitions that we'll use in this program. Also include
* standard C headers for functions we'll use here. */
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
#include <stdlib.h>
#include <stdio.h>
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_MD_C)
int main(void)
{
printf("MBEDTLS_MD_C not defined\r\n");
return 0;
}
#else
/* The real program starts here. */
/* Dummy inputs for HMAC */
const unsigned char msg1_part1[] = { 0x01, 0x02 };
const unsigned char msg1_part2[] = { 0x03, 0x04 };
const unsigned char msg2_part1[] = { 0x05, 0x05 };
const unsigned char msg2_part2[] = { 0x06, 0x06 };
/* Dummy key material - never do this in production!
* This example program uses SHA-256, so a 32-byte key makes sense. */
const unsigned char key_bytes[32] = { 0 };
/* Print the contents of a buffer in hex */
static void print_buf(const char *title, unsigned char *buf, size_t len)
{
printf("%s:", title);
for (size_t i = 0; i < len; i++) {
printf(" %02x", buf[i]);
}
printf("\n");
}
/* Run an Mbed TLS function and bail out if it fails.
* A string description of the error code can be recovered with:
* programs/util/strerror <value> */
#define CHK(expr) \
do \
{ \
ret = (expr); \
if (ret != 0) \
{ \
printf("Error %d at line %d: %s\n", \
ret, \
__LINE__, \
#expr); \
goto exit; \
} \
} while (0)
/*
* This function demonstrates computation of the HMAC of two messages using
* the multipart API.
*/
static int hmac_demo(void)
{
int ret;
const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;
unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal
mbedtls_md_context_t ctx;
mbedtls_md_init(&ctx);
/* prepare context and load key */
// the last argument to setup is 1 to enable HMAC (not just hashing)
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg);
CHK(mbedtls_md_setup(&ctx, info, 1));
CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes)));
/* compute HMAC(key, msg1_part1 | msg1_part2) */
CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1)));
CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2)));
CHK(mbedtls_md_hmac_finish(&ctx, out));
print_buf("msg1", out, mbedtls_md_get_size(info));
/* compute HMAC(key, msg2_part1 | msg2_part2) */
CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation
CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1)));
CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2)));
CHK(mbedtls_md_hmac_finish(&ctx, out));
print_buf("msg2", out, mbedtls_md_get_size(info));
exit:
mbedtls_md_free(&ctx);
mbedtls_platform_zeroize(out, sizeof(out));
return ret;
}
int main(void)
{
int ret;
CHK(hmac_demo());
exit:
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

13
programs/pkey/CMakeLists.txt
View File

@ -1,21 +1,8 @@
set(executables_mbedcrypto set(executables_mbedcrypto
dh_genprime
ecdh_curve25519
ecdsa
gen_key gen_key
key_app
key_app_writer
mpi_demo
pk_encrypt
pk_decrypt
pk_sign pk_sign
pk_verify pk_verify
rsa_decrypt
rsa_encrypt
rsa_genkey
rsa_sign
rsa_sign_pss rsa_sign_pss
rsa_verify
rsa_verify_pss rsa_verify_pss
) )
add_dependencies(${programs_target} ${executables_mbedcrypto}) add_dependencies(${programs_target} ${executables_mbedcrypto})

163
programs/pkey/dh_genprime.c
View File

@ -1,163 +0,0 @@
/*
* Diffie-Hellman-Merkle key exchange (prime generation)
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_GENPRIME)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_GENPRIME not defined.\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/bignum.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h>
#include <string.h>
#define USAGE \
"\n usage: dh_genprime param=<>...\n" \
"\n acceptable parameters:\n" \
" bits=%%d default: 2048\n"
#define DFL_BITS 2048
/*
* Note: G = 4 is always a quadratic residue mod P,
* so it is a generator of order Q (with P = 2*Q+1).
*/
#define GENERATOR "4"
int main(int argc, char **argv)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi G, P, Q;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "dh_genprime";
FILE *fout;
int nbits = DFL_BITS;
int i;
char *p, *q;
mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
for (i = 1; i < argc; i++) {
p = argv[i];
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if (strcmp(p, "bits") == 0) {
nbits = atoi(q);
if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) {
goto usage;
}
} else {
goto usage;
}
}
if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ! Generating large primes may take minutes!\n");
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Generating the modulus, please wait...");
fflush(stdout);
/*
* This can take a long time...
*/
if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime...");
fflush(stdout);
if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret);
goto exit;
}
if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret);
goto exit;
}
if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt...");
fflush(stdout);
if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n");
goto exit;
}
if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) ||
((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) {
mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
fclose(fout);
goto exit;
}
mbedtls_printf(" ok\n\n");
fclose(fout);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */

191
programs/pkey/ecdh_curve25519.c
View File

@ -1,191 +0,0 @@
/*
* Example ECDHE with Curve25519 program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_ECDH_C) || \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ECDH_C and/or "
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ecdh.h"
#include <string.h>
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdh_context ctx_cli, ctx_srv;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char cli_to_srv[36], srv_to_cli[33];
const char pers[] = "ecdh";
size_t srv_olen;
size_t cli_olen;
unsigned char secret_cli[32] = { 0 };
unsigned char secret_srv[32] = { 0 };
const unsigned char *p_cli_to_srv = cli_to_srv;
((void) argc);
((void) argv);
mbedtls_ecdh_init(&ctx_cli);
mbedtls_ecdh_init(&ctx_srv);
mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* Initialize random number generation
*/
mbedtls_printf(" . Seed the random number generator...");
fflush(stdout);
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
sizeof(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* Client: initialize context and generate keypair
*/
mbedtls_printf(" . Set up client context, generate EC key pair...");
fflush(stdout);
ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret);
goto exit;
}
ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv,
sizeof(cli_to_srv),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n",
ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* Server: initialize context and generate keypair
*/
mbedtls_printf(" . Server: read params, generate public key...");
fflush(stdout);
ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv,
p_cli_to_srv + sizeof(cli_to_srv));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n",
ret);
goto exit;
}
ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli,
sizeof(srv_to_cli),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n",
ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* Client: read public key
*/
mbedtls_printf(" . Client: read public key...");
fflush(stdout);
ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli,
sizeof(srv_to_cli));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n",
ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* Calculate secrets
*/
mbedtls_printf(" . Calculate secrets...");
fflush(stdout);
ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli,
sizeof(secret_cli),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
ret);
goto exit;
}
ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv,
sizeof(secret_srv),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* Verification: are the computed secrets equal?
*/
mbedtls_printf(" . Check if both calculated secrets are equal...");
fflush(stdout);
ret = memcmp(secret_srv, secret_cli, srv_olen);
if (ret != 0 || (cli_olen != srv_olen)) {
mbedtls_printf(" failed\n ! Shared secrets not equal.\n");
goto exit;
}
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ecdh_free(&ctx_srv);
mbedtls_ecdh_free(&ctx_cli);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

222
programs/pkey/ecdsa.c
View File

@ -1,222 +0,0 @@
/*
* Example ECDSA program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_ECDSA_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/sha256.h"
#include <string.h>
#endif
/*
* Uncomment to show key and signature details
*/
#define VERBOSE
/*
* Uncomment to force use of a specific curve
*/
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
#if !defined(ECPARAMS)
#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
#endif
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
mbedtls_exit(0);
}
#else
#if defined(VERBOSE)
static void dump_buf(const char *title, unsigned char *buf, size_t len)
{
size_t i;
mbedtls_printf("%s", title);
for (i = 0; i < len; i++) {
mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
"0123456789ABCDEF" [buf[i] % 16]);
}
mbedtls_printf("\n");
}
static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key)
{
unsigned char buf[300];
size_t len;
if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, buf, sizeof(buf)) != 0) {
mbedtls_printf("internal error\n");
return;
}
dump_buf(title, buf, len);
}
#else
#define dump_buf(a, b, c)
#define dump_pubkey(a, b)
#endif
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ecdsa_context ctx_sign, ctx_verify;
mbedtls_ecp_point Q;
mbedtls_ecp_point_init(&Q);
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char message[100];
unsigned char hash[32];
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
size_t sig_len;
const char *pers = "ecdsa";
((void) argv);
mbedtls_ecdsa_init(&ctx_sign);
mbedtls_ecdsa_init(&ctx_verify);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(sig, 0, sizeof(sig));
memset(message, 0x25, sizeof(message));
if (argc != 1) {
mbedtls_printf("usage: ecdsa\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
goto exit;
}
/*
* Generate a key pair for signing
*/
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Generating key pair...");
fflush(stdout);
if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret);
goto exit;
}
mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign);
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(grp_id);
mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size);
dump_pubkey(" + Public key: ", &ctx_sign);
/*
* Compute message hash
*/
mbedtls_printf(" . Computing message hash...");
fflush(stdout);
if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
dump_buf(" + Hash: ", hash, sizeof(hash));
/*
* Sign message hash
*/
mbedtls_printf(" . Signing message hash...");
fflush(stdout);
if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256,
hash, sizeof(hash),
sig, sizeof(sig), &sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len);
dump_buf(" + Signature: ", sig, sig_len);
/*
* Transfer public information to verifying context
*
* We could use the same context for verification and signatures, but we
* chose to use a new one in order to make it clear that the verifying
* context only needs the public key (Q), and not the private key (d).
*/
mbedtls_printf(" . Preparing verification context...");
fflush(stdout);
if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret);
goto exit;
}
if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret);
goto exit;
}
/*
* Verify signature
*/
mbedtls_printf(" ok\n . Verifying signature...");
fflush(stdout);
if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify,
hash, sizeof(hash),
sig, sig_len)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ecdsa_free(&ctx_verify);
mbedtls_ecdsa_free(&ctx_sign);
mbedtls_ecp_point_free(&Q);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */

369
programs/pkey/key_app.c
View File

@ -1,369 +0,0 @@
/*
* Key reading application
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/rsa.h"
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h>
#endif
#define MODE_NONE 0
#define MODE_PRIVATE 1
#define MODE_PUBLIC 2
#define DFL_MODE MODE_NONE
#define DFL_FILENAME "keyfile.key"
#define DFL_PASSWORD ""
#define DFL_PASSWORD_FILE ""
#define DFL_DEBUG_LEVEL 0
#define USAGE \
"\n usage: key_app param=<>...\n" \
"\n acceptable parameters:\n" \
" mode=private|public default: none\n" \
" filename=%%s default: keyfile.key\n" \
" password=%%s default: \"\"\n" \
" password_file=%%s default: \"\"\n" \
"\n"
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
#if defined(MBEDTLS_ECP_C)
static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
{
int ret = 0;
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(
mbedtls_ecp_keypair_get_group_id(ecp));
mbedtls_printf("curve: %s\n", curve_info->name);
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
mbedtls_mpi D;
mbedtls_mpi_init(&D);
mbedtls_ecp_point pt;
mbedtls_ecp_point_init(&pt);
mbedtls_mpi X, Y;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
(has_private ? &D : NULL),
&pt));
unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
size_t len = 0;
MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
&grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, point_bin, sizeof(point_bin)));
switch (mbedtls_ecp_get_type(&grp)) {
case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
if ((len & 1) == 0 || point_bin[0] != 0x04) {
/* Point in an unxepected format. This shouldn't happen. */
ret = -1;
goto cleanup;
}
MBEDTLS_MPI_CHK(
mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
MBEDTLS_MPI_CHK(
mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
break;
case MBEDTLS_ECP_TYPE_MONTGOMERY:
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
break;
default:
mbedtls_printf(
"This program does not yet support listing coordinates for this curve type.\n");
break;
}
if (has_private) {
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
}
cleanup:
mbedtls_ecp_group_free(&grp);
mbedtls_mpi_free(&D);
mbedtls_ecp_point_free(&pt);
mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
return ret;
}
#endif
/*
* global options
*/
struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
const char *password; /* password for the private key */
const char *password_file; /* password_file for the private key */
} opt;
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
char buf[1024];
int i;
char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context pk;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/*
* Set to sane values
*/
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto cleanup;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
}
opt.mode = DFL_MODE;
opt.filename = DFL_FILENAME;
opt.password = DFL_PASSWORD;
opt.password_file = DFL_PASSWORD_FILE;
for (i = 1; i < argc; i++) {
p = argv[i];
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if (strcmp(p, "mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
} else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
} else {
goto usage;
}
} else if (strcmp(p, "filename") == 0) {
opt.filename = q;
} else if (strcmp(p, "password") == 0) {
opt.password = q;
} else if (strcmp(p, "password_file") == 0) {
opt.password_file = q;
} else {
goto usage;
}
}
if (opt.mode == MODE_PRIVATE) {
if (strlen(opt.password) && strlen(opt.password_file)) {
mbedtls_printf("Error: cannot have both password and password_file\n");
goto usage;
}
if (strlen(opt.password_file)) {
FILE *f;
mbedtls_printf("\n . Loading the password file ...");
if ((f = fopen(opt.password_file, "rb")) == NULL) {
mbedtls_printf(" failed\n ! fopen returned NULL\n");
goto cleanup;
}
if (fgets(buf, sizeof(buf), f) == NULL) {
fclose(f);
mbedtls_printf("Error: fgets() failed to retrieve password\n");
goto cleanup;
}
fclose(f);
i = (int) strlen(buf);
if (buf[i - 1] == '\n') {
buf[i - 1] = '\0';
}
if (buf[i - 2] == '\r') {
buf[i - 2] = '\0';
}
opt.password = buf;
}
/*
* 1.1. Load the key
*/
mbedtls_printf("\n . Loading the private key ...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL));
} else
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) {
mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
goto cleanup;
}
} else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
} else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
mbedtls_printf("\n . Loading the public key ...");
fflush(stdout);
ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
mbedtls_printf(" ok\n");
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
} else
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) {
mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
goto cleanup;
}
} else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
} else {
goto usage;
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_printf("Error code: %d", ret);
/* mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf); */
}
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_pk_free(&pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

495
programs/pkey/key_app_writer.c
View File

@ -1,495 +0,0 @@
/*
* Key writing application
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_PK_WRITE_C) || \
!defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_BIGNUM_C)
int main(void)
{
mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h>
#include <string.h>
#if defined(MBEDTLS_PEM_WRITE_C)
#define USAGE_OUT \
" output_file=%%s default: keyfile.pem\n" \
" output_format=pem|der default: pem\n"
#else
#define USAGE_OUT \
" output_file=%%s default: keyfile.der\n" \
" output_format=der default: der\n"
#endif
#if defined(MBEDTLS_PEM_WRITE_C)
#define DFL_OUTPUT_FILENAME "keyfile.pem"
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
#else
#define DFL_OUTPUT_FILENAME "keyfile.der"
#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
#endif
#define DFL_MODE MODE_NONE
#define DFL_FILENAME "keyfile.key"
#define DFL_DEBUG_LEVEL 0
#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
#define MODE_NONE 0
#define MODE_PRIVATE 1
#define MODE_PUBLIC 2
#define OUTPUT_MODE_NONE 0
#define OUTPUT_MODE_PRIVATE 1
#define OUTPUT_MODE_PUBLIC 2
#define OUTPUT_FORMAT_PEM 0
#define OUTPUT_FORMAT_DER 1
#define USAGE \
"\n usage: key_app_writer param=<>...\n" \
"\n acceptable parameters:\n" \
" mode=private|public default: none\n" \
" filename=%%s default: keyfile.key\n" \
" output_mode=private|public default: none\n" \
USAGE_OUT \
"\n"
/*
* global options
*/
struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
int output_mode; /* the output mode to use */
const char *output_file; /* where to store the constructed key file */
int output_format; /* the output format to use */
} opt;
static int write_public_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
unsigned char output_buf[16000];
unsigned char *c = output_buf;
size_t len = 0;
memset(output_buf, 0, 16000);
#if defined(MBEDTLS_PEM_WRITE_C)
if (opt.output_format == OUTPUT_FORMAT_PEM) {
if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) {
return ret;
}
len = strlen((char *) output_buf);
} else
#endif
{
if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) {
return ret;
}
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
if ((f = fopen(output_file, "w")) == NULL) {
return -1;
}
if (fwrite(c, 1, len, f) != len) {
fclose(f);
return -1;
}
fclose(f);
return 0;
}
static int write_private_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
unsigned char output_buf[16000];
unsigned char *c = output_buf;
size_t len = 0;
memset(output_buf, 0, 16000);
#if defined(MBEDTLS_PEM_WRITE_C)
if (opt.output_format == OUTPUT_FORMAT_PEM) {
if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
return ret;
}
len = strlen((char *) output_buf);
} else
#endif
{
if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
return ret;
}
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
if ((f = fopen(output_file, "w")) == NULL) {
return -1;
}
if (fwrite(c, 1, len, f) != len) {
fclose(f);
return -1;
}
fclose(f);
return 0;
}
#if defined(MBEDTLS_ECP_C)
static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
{
int ret = 0;
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id(
mbedtls_ecp_keypair_get_group_id(ecp));
mbedtls_printf("curve: %s\n", curve_info->name);
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
mbedtls_mpi D;
mbedtls_mpi_init(&D);
mbedtls_ecp_point pt;
mbedtls_ecp_point_init(&pt);
mbedtls_mpi X, Y;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
(has_private ? &D : NULL),
&pt));
unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
size_t len = 0;
MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
&grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, point_bin, sizeof(point_bin)));
switch (mbedtls_ecp_get_type(&grp)) {
case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
if ((len & 1) == 0 || point_bin[0] != 0x04) {
/* Point in an unxepected format. This shouldn't happen. */
ret = -1;
goto cleanup;
}
MBEDTLS_MPI_CHK(
mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
MBEDTLS_MPI_CHK(
mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
break;
case MBEDTLS_ECP_TYPE_MONTGOMERY:
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
break;
default:
mbedtls_printf(
"This program does not yet support listing coordinates for this curve type.\n");
break;
}
if (has_private) {
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
}
cleanup:
mbedtls_ecp_group_free(&grp);
mbedtls_mpi_free(&D);
mbedtls_ecp_point_free(&pt);
mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
return ret;
}
#endif
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
#if defined(MBEDTLS_ERROR_C)
char buf[200];
#endif
int i;
char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context key;
#if defined(MBEDTLS_RSA_C)
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
#endif /* MBEDTLS_RSA_C */
/*
* Set to sane values
*/
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&key);
#if defined(MBEDTLS_ERROR_C)
memset(buf, 0, sizeof(buf));
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
#endif /* MBEDTLS_RSA_C */
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
opt.mode = DFL_MODE;
opt.filename = DFL_FILENAME;
opt.output_mode = DFL_OUTPUT_MODE;
opt.output_file = DFL_OUTPUT_FILENAME;
opt.output_format = DFL_OUTPUT_FORMAT;
for (i = 1; i < argc; i++) {
p = argv[i];
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if (strcmp(p, "mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
} else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
} else {
goto usage;
}
} else if (strcmp(p, "output_mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.output_mode = OUTPUT_MODE_PRIVATE;
} else if (strcmp(q, "public") == 0) {
opt.output_mode = OUTPUT_MODE_PUBLIC;
} else {
goto usage;
}
} else if (strcmp(p, "output_format") == 0) {
#if defined(MBEDTLS_PEM_WRITE_C)
if (strcmp(q, "pem") == 0) {
opt.output_format = OUTPUT_FORMAT_PEM;
} else
#endif
if (strcmp(q, "der") == 0) {
opt.output_format = OUTPUT_FORMAT_DER;
} else {
goto usage;
}
} else if (strcmp(p, "filename") == 0) {
opt.filename = q;
} else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
} else {
goto usage;
}
}
if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) {
mbedtls_printf("\nCannot output a key without reading one.\n");
goto exit;
}
if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) {
mbedtls_printf("\nCannot output a private key from a public key.\n");
goto exit;
}
if (opt.mode == MODE_PRIVATE) {
/*
* 1.1. Load the key
*/
mbedtls_printf("\n . Loading the private key ...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
mbedtls_mpi_write_file("P: ", &P, 16, NULL);
mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
} else
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
goto exit;
}
} else
#endif
mbedtls_printf("key type not supported yet\n");
} else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
mbedtls_printf("\n . Loading the public key ...");
fflush(stdout);
ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
} else
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) {
mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
goto exit;
}
} else
#endif
mbedtls_printf("key type not supported yet\n");
} else {
goto usage;
}
if (opt.output_mode == OUTPUT_MODE_PUBLIC) {
write_public_key(&key, opt.output_file);
}
if (opt.output_mode == OUTPUT_MODE_PRIVATE) {
write_private_key(&key, opt.output_file);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
mbedtls_printf("Error code: %d", ret);
/* mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" - %s\n", buf); */
#else
mbedtls_printf("\n");
#endif
}
#if defined(MBEDTLS_RSA_C)
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
#endif /* MBEDTLS_RSA_C */
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
#endif /* program viability conditions */

86
programs/pkey/mpi_demo.c
View File

@ -1,86 +0,0 @@
/*
* Simple MPI demonstration program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/bignum.h"
#include <stdio.h>
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
int main(void)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N);
mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
mbedtls_mpi_init(&Z);
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789"));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203"));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257"));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q));
mbedtls_printf("\n Public key:\n\n");
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL));
mbedtls_printf("\n Private key:\n\n");
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL));
#if defined(MBEDTLS_GENPRIME)
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q));
MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H));
mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ",
&D, 10, NULL);
#else
mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
#endif
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555"));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL));
mbedtls_printf("\n RSA operation:\n\n");
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL));
mbedtls_printf("\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N);
mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
mbedtls_mpi_free(&Z);
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_printf("\nAn error occurred.\n");
}
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */

153
programs/pkey/pk_decrypt.c
View File

@ -1,153 +0,0 @@
/*
* Public key-based simple decryption program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h>
#include <string.h>
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char result[1024];
unsigned char buf[512];
const char *pers = "mbedtls_pk_decrypt";
((void) argv);
mbedtls_pk_init(&pk);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(result, 0, sizeof(result));
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc != 2) {
mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
/*
* Extract the RSA encrypted value from the text file
*/
if ((f = fopen("result-enc.txt", "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
ret = 1;
goto exit;
}
i = 0;
while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
fclose(f);
/*
* Decrypt the encrypted RSA data and print the result.
*/
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf("\n . OK\n\n");
mbedtls_printf("The decrypted result is: '%s'\n\n", result);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_printf("Error code: %d", ret);
/* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf); */
}
#endif
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

155
programs/pkey/pk_encrypt.c
View File

@ -1,155 +0,0 @@
/*
* RSA simple data encryption program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h>
#include <string.h>
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i, olen = 0;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char input[1024];
unsigned char buf[512];
const char *pers = "mbedtls_pk_encrypt";
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto exit;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
fflush(stdout);
if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
if (strlen(argv[2]) > 100) {
mbedtls_printf(" Input data larger than 100 characters.\n\n");
goto exit;
}
memcpy(input, argv[2], strlen(argv[2]));
/*
* Calculate the RSA encryption of the hash.
*/
mbedtls_printf("\n . Generating the encrypted value");
fflush(stdout);
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
buf, &olen, sizeof(buf))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
/*
* Write the signature into result-enc.txt
*/
if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n",
"result-enc.txt");
ret = 1;
goto exit;
}
for (i = 0; i < olen; i++) {
mbedtls_fprintf(f, "%02X%s", buf[i],
(i + 1) % 16 == 0 ? "\r\n" : " ");
}
fclose(f);
mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_printf("Error code: %d", ret);
/* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf); */
}
#endif
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

174
programs/pkey/rsa_decrypt.c
View File

@ -1,174 +0,0 @@
/*
* RSA simple decryption program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/rsa.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h>
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned c;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char result[1024];
unsigned char buf[512];
const char *pers = "rsa_decrypt";
((void) argv);
memset(result, 0, sizeof(result));
if (argc != 1) {
mbedtls_printf("usage: rsa_decrypt\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
mbedtls_exit(exit_code);
}
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_rsa_init(&rsa);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
}
mbedtls_printf("\n . Reading private key from rsa_priv.txt");
fflush(stdout);
if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret);
fclose(f);
goto exit;
}
fclose(f);
if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret);
goto exit;
}
/*
* Extract the RSA encrypted value from the text file
*/
if ((f = fopen("result-enc.txt", "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
goto exit;
}
i = 0;
while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
fclose(f);
if (i != mbedtls_rsa_get_len(&rsa)) {
mbedtls_printf("\n ! Invalid RSA signature format\n\n");
goto exit;
}
/*
* Decrypt the encrypted RSA data and print the result.
*/
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, &i,
buf, result, 1024);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
ret);
goto exit;
}
mbedtls_printf("\n . OK\n\n");
mbedtls_printf("The decrypted result is: '%s'\n\n", result);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_rsa_free(&rsa);
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */

151
programs/pkey/rsa_encrypt.c
View File

@ -1,151 +0,0 @@
/*
* RSA simple data encryption program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/rsa.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h>
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char input[1024];
unsigned char buf[512];
const char *pers = "rsa_encrypt";
mbedtls_mpi N, E;
if (argc != 2) {
mbedtls_printf("usage: rsa_encrypt <string of max 100 characters>\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
mbedtls_exit(exit_code);
}
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
mbedtls_rsa_init(&rsa);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
}
mbedtls_printf("\n . Reading public key from rsa_pub.txt");
fflush(stdout);
if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret);
fclose(f);
goto exit;
}
fclose(f);
if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if (strlen(argv[1]) > 100) {
mbedtls_printf(" Input data larger than 100 characters.\n\n");
goto exit;
}
memcpy(input, argv[1], strlen(argv[1]));
/*
* Calculate the RSA encryption of the hash.
*/
mbedtls_printf("\n . Generating the RSA encrypted value");
fflush(stdout);
ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, strlen(argv[1]), input, buf);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
ret);
goto exit;
}
/*
* Write the signature into result-enc.txt
*/
if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt");
goto exit;
}
for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
mbedtls_fprintf(f, "%02X%s", buf[i],
(i + 1) % 16 == 0 ? "\r\n" : " ");
}
fclose(f);
mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_rsa_free(&rsa);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

143
programs/pkey/rsa_genkey.c
View File

@ -1,143 +0,0 @@
/*
* Example RSA key generation program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/bignum.h"
#include "mbedtls/rsa.h"
#include <stdio.h>
#include <string.h>
#endif
#define KEY_SIZE 2048
#define EXPONENT 65537
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main(void)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_rsa_context rsa;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
FILE *fpub = NULL;
FILE *fpriv = NULL;
const char *pers = "rsa_genkey";
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_rsa_init(&rsa);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE);
fflush(stdout);
if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
EXPONENT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt....");
fflush(stdout);
if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n");
goto exit;
}
if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 ||
(ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt...");
fflush(stdout);
if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n");
goto exit;
}
if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
goto exit;
}
mbedtls_printf(" ok\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if (fpub != NULL) {
fclose(fpub);
}
if (fpriv != NULL) {
fclose(fpriv);
}
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_rsa_free(&rsa);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

157
programs/pkey/rsa_sign.c
View File

@ -1,157 +0,0 @@
/*
* RSA/SHA-256 signature creation program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
#include "mbedtls/md.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/rsa.h"
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_init(&rsa);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
if (argc != 2) {
mbedtls_printf("usage: rsa_sign <filename>\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf("\n . Reading private key from rsa_priv.txt");
fflush(stdout);
if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
fclose(f);
goto exit;
}
fclose(f);
if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret);
goto exit;
}
mbedtls_printf("\n . Checking the private key");
fflush(stdout);
if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
(unsigned int) -ret);
goto exit;
}
/*
* Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
fflush(stdout);
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[1], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
goto exit;
}
if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
32, hash, buf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
(unsigned int) -ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
if ((f = fopen(filename, "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]);
goto exit;
}
for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
mbedtls_fprintf(f, "%02X%s", buf[i],
(i + 1) % 16 == 0 ? "\r\n" : " ");
}
fclose(f);
mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_rsa_free(&rsa);
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
MBEDTLS_FS_IO */

136
programs/pkey/rsa_verify.c
View File

@ -1,136 +0,0 @@
/*
* RSA/SHA-256 signature verification program
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
#include "mbedtls/md.h"
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
#include "mbedtls/rsa.h"
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
unsigned c;
int exit_code = MBEDTLS_EXIT_FAILURE;
size_t i;
mbedtls_rsa_context rsa;
mbedtls_mpi N, E;
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
mbedtls_rsa_init(&rsa);
mbedtls_mpi_init(&N);
mbedtls_mpi_init(&E);
if (argc != 2) {
mbedtls_printf("usage: rsa_verify <filename>\n");
#if defined(_WIN32)
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf("\n . Reading public key from rsa_pub.txt");
fflush(stdout);
if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
(ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
fclose(f);
goto exit;
}
fclose(f);
/*
* Extract the RSA signature from the text file
*/
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
if ((f = fopen(filename, "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
i = 0;
while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
fclose(f);
if (i != mbedtls_rsa_get_len(&rsa)) {
mbedtls_printf("\n ! Invalid RSA signature format\n\n");
goto exit;
}
/*
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
fflush(stdout);
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[1], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
goto exit;
}
if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
32, hash, buf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_rsa_free(&rsa);
mbedtls_mpi_free(&N);
mbedtls_mpi_free(&E);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
MBEDTLS_FS_IO */

16
programs/random/CMakeLists.txt
View File

@ -1,16 +0,0 @@
set(executables
gen_entropy
gen_random_ctr_drbg
)
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

77
programs/random/gen_entropy.c
View File

@ -1,77 +0,0 @@
/**
* \brief Use and generate multiple entropies calls into a file
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/entropy.h"
#include <stdio.h>
#endif
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
FILE *f;
int i, k, ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if (argc < 2) {
mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
mbedtls_exit(exit_code);
}
if ((f = fopen(argv[1], "wb+")) == NULL) {
mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
mbedtls_exit(exit_code);
}
mbedtls_entropy_init(&entropy);
for (i = 0, k = 768; i < k; i++) {
ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n",
(unsigned int) ret);
goto cleanup;
}
fwrite(buf, 1, sizeof(buf), f);
mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r",
(long) (sizeof(buf) * k / 1024),
argv[1],
(100 * (float) (i + 1)) / k);
fflush(stdout);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf("\n");
fclose(f);
mbedtls_entropy_free(&entropy);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ENTROPY_C */

109
programs/random/gen_random_ctr_drbg.c
View File

@ -1,109 +0,0 @@
/**
* \brief Use and generate random data into a file via the CTR_DBRG based on AES
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_FS_IO)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h>
#endif
#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
int main(int argc, char *argv[])
{
FILE *f;
int i, k, ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
unsigned char buf[1024];
mbedtls_ctr_drbg_init(&ctr_drbg);
if (argc < 2) {
mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
mbedtls_exit(exit_code);
}
if ((f = fopen(argv[1], "wb+")) == NULL) {
mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
mbedtls_exit(exit_code);
}
mbedtls_entropy_init(&entropy);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg,
mbedtls_entropy_func,
&entropy,
(const unsigned char *) "RANDOM_GEN",
10);
if (ret != 0) {
mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret);
goto cleanup;
}
mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF);
#if defined(MBEDTLS_FS_IO)
ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile");
if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) {
mbedtls_printf("Failed to open seedfile. Generating one.\n");
ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile");
if (ret != 0) {
mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret);
goto cleanup;
}
} else if (ret != 0) {
mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret);
goto cleanup;
}
#endif
for (i = 0, k = 768; i < k; i++) {
ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf));
if (ret != 0) {
mbedtls_printf("failed!\n");
goto cleanup;
}
fwrite(buf, 1, sizeof(buf), f);
mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r",
(long) (sizeof(buf) * k / 1024),
argv[1],
(100 * (float) (i + 1)) / k);
fflush(stdout);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf("\n");
fclose(f);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */

33
programs/wince_main.c
View File

@ -1,33 +0,0 @@
/*
* Windows CE console application entry point
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(_WIN32_WCE)
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
#include <windows.h>
extern int main(int, const char **);
int _tmain(int argc, _TCHAR *targv[])
{
char **argv;
int i;
argv = (char **) calloc(argc, sizeof(char *));
for (i = 0; i < argc; i++) {
size_t len;
len = _tcslen(targv[i]) + 1;
argv[i] = (char *) calloc(len, sizeof(char));
wcstombs(argv[i], targv[i], len);
}
return main(argc, argv);
}
#endif /* defined(_WIN32_WCE) */