From ed7058730a60d473fa8ae5b86393ec34bec79681 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 10:51:23 +0100 Subject: [PATCH 1/5] Removed the directory with the programs, and its inclusion in the parent directory CMakeLists.txt file Signed-off-by: Felix Conway --- programs/CMakeLists.txt | 2 +- programs/pkey/CMakeLists.txt | 19 -- programs/pkey/dh_prime.txt | 2 - programs/pkey/gen_key.c | 478 --------------------------------- programs/pkey/pk_sign.c | 154 ----------- programs/pkey/pk_verify.c | 129 --------- programs/pkey/rsa_priv.txt | 8 - programs/pkey/rsa_pub.txt | 2 - programs/pkey/rsa_sign_pss.c | 160 ----------- programs/pkey/rsa_verify_pss.c | 137 ---------- 10 files changed, 1 insertion(+), 1090 deletions(-) delete mode 100644 programs/pkey/CMakeLists.txt delete mode 100644 programs/pkey/dh_prime.txt delete mode 100644 programs/pkey/gen_key.c delete mode 100644 programs/pkey/pk_sign.c delete mode 100644 programs/pkey/pk_verify.c delete mode 100644 programs/pkey/rsa_priv.txt delete mode 100644 programs/pkey/rsa_pub.txt delete mode 100644 programs/pkey/rsa_sign_pss.c delete mode 100644 programs/pkey/rsa_verify_pss.c diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt index 1e5b2a4b67..1aba21b756 100644 --- a/programs/CMakeLists.txt +++ b/programs/CMakeLists.txt @@ -4,7 +4,7 @@ add_custom_target(${programs_target}) if (NOT WIN32) add_subdirectory(fuzz) endif() -add_subdirectory(pkey) + add_subdirectory(ssl) add_subdirectory(test) add_subdirectory(util) diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt deleted file mode 100644 index a2b1836d58..0000000000 --- a/programs/pkey/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -set(executables_mbedcrypto - gen_key - pk_sign - pk_verify - rsa_sign_pss - rsa_verify_pss -) -add_dependencies(${programs_target} ${executables_mbedcrypto}) - -foreach(exe IN LISTS executables_mbedcrypto) - add_executable(${exe} ${exe}.c $) - set_base_compile_options(${exe}) - target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include) -endforeach() - -install(TARGETS ${executables_mbedcrypto} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt deleted file mode 100644 index de0c281483..0000000000 --- a/programs/pkey/dh_prime.txt +++ /dev/null @@ -1,2 +0,0 @@ -P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF -G = 02 diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c deleted file mode 100644 index ba35534388..0000000000 --- a/programs/pkey/gen_key.c +++ /dev/null @@ -1,478 +0,0 @@ -/* - * Key generation application - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" - -#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " - "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C " - "not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ -#include "mbedtls/ecdsa.h" -#include "mbedtls/rsa.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include -#include - -#if !defined(_WIN32) -#include - -#define DEV_RANDOM_THRESHOLD 32 - -static int dev_random_entropy_poll(void *data, unsigned char *output, - size_t len, size_t *olen) -{ - FILE *file; - size_t ret, left = len; - unsigned char *p = output; - ((void) data); - - *olen = 0; - - file = fopen("/dev/random", "rb"); - if (file == NULL) { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - while (left > 0) { - /* /dev/random can return much less than requested. If so, try again */ - ret = fread(p, 1, left, file); - if (ret == 0 && ferror(file)) { - fclose(file); - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } - - p += ret; - left -= ret; - sleep(1); - } - fclose(file); - *olen = len; - - return 0; -} -#endif /* !_WIN32 */ - -#if defined(MBEDTLS_ECP_C) -#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id -#else -#define DFL_EC_CURVE 0 -#endif - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) -#define USAGE_DEV_RANDOM \ - " use_dev_random=0|1 default: 0\n" -#else -#define USAGE_DEV_RANDOM "" -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - -#define FORMAT_PEM 0 -#define FORMAT_DER 1 - -#define DFL_TYPE MBEDTLS_PK_RSA -#define DFL_RSA_KEYSIZE 4096 -#define DFL_FILENAME "keyfile.key" -#define DFL_FORMAT FORMAT_PEM -#define DFL_USE_DEV_RANDOM 0 - -#define USAGE \ - "\n usage: gen_key param=<>...\n" \ - "\n acceptable parameters:\n" \ - " type=rsa|ec default: rsa\n" \ - " rsa_keysize=%%d default: 4096\n" \ - " ec_curve=%%s see below\n" \ - " filename=%%s default: keyfile.key\n" \ - " format=pem|der default: pem\n" \ - USAGE_DEV_RANDOM \ - "\n" - - -/* - * global options - */ -struct options { - int type; /* the type of key to generate */ - int rsa_keysize; /* length of key in bits */ - int ec_curve; /* curve identifier for EC keys */ - const char *filename; /* filename of the key file */ - int format; /* the output format to use */ - int use_dev_random; /* use /dev/random as entropy source */ -} opt; - -static int write_private_key(mbedtls_pk_context *key, const char *output_file) -{ - int ret; - FILE *f; - unsigned char output_buf[16000]; - unsigned char *c = output_buf; - size_t len = 0; - - memset(output_buf, 0, 16000); - if (opt.format == FORMAT_PEM) { - if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) { - return ret; - } - - len = strlen((char *) output_buf); - } else { - if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) { - return ret; - } - - len = ret; - c = output_buf + sizeof(output_buf) - len; - } - - if ((f = fopen(output_file, "wb")) == NULL) { - return -1; - } - - if (fwrite(c, 1, len, f) != len) { - fclose(f); - return -1; - } - - fclose(f); - - return 0; -} - -#if defined(MBEDTLS_ECP_C) -static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private) -{ - int ret = 0; - - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( - mbedtls_ecp_keypair_get_group_id(ecp)); - mbedtls_printf("curve: %s\n", curve_info->name); - - mbedtls_ecp_group grp; - mbedtls_ecp_group_init(&grp); - mbedtls_mpi D; - mbedtls_mpi_init(&D); - mbedtls_ecp_point pt; - mbedtls_ecp_point_init(&pt); - mbedtls_mpi X, Y; - mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); - - MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp, - (has_private ? &D : NULL), - &pt)); - - unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN]; - size_t len = 0; - MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary( - &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, point_bin, sizeof(point_bin))); - switch (mbedtls_ecp_get_type(&grp)) { - case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: - if ((len & 1) == 0 || point_bin[0] != 0x04) { - /* Point in an unxepected format. This shouldn't happen. */ - ret = -1; - goto cleanup; - } - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2)); - MBEDTLS_MPI_CHK( - mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL); - break; - case MBEDTLS_ECP_TYPE_MONTGOMERY: - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len)); - mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL); - break; - default: - mbedtls_printf( - "This program does not yet support listing coordinates for this curve type.\n"); - break; - } - - if (has_private) { - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - } - -cleanup: - mbedtls_ecp_group_free(&grp); - mbedtls_mpi_free(&D); - mbedtls_ecp_point_free(&pt); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); - return ret; -} -#endif - -int main(int argc, char *argv[]) -{ - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context key; - char buf[1024]; - int i; - char *p, *q; -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -#endif /* MBEDTLS_RSA_C */ - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "gen_key"; -#if defined(MBEDTLS_ECP_C) - const mbedtls_ecp_curve_info *curve_info; -#endif - - /* - * Set to sane values - */ -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&key); - mbedtls_ctr_drbg_init(&ctr_drbg); - memset(buf, 0, sizeof(buf)); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc < 2) { -usage: - mbedtls_printf(USAGE); -#if defined(MBEDTLS_ECP_C) - mbedtls_printf(" available ec_curve values:\n"); - curve_info = mbedtls_ecp_curve_list(); - mbedtls_printf(" %s (default)\n", curve_info->name); - while ((++curve_info)->name != NULL) { - mbedtls_printf(" %s\n", curve_info->name); - } -#endif /* MBEDTLS_ECP_C */ - goto exit; - } - - opt.type = DFL_TYPE; - opt.rsa_keysize = DFL_RSA_KEYSIZE; - opt.ec_curve = DFL_EC_CURVE; - opt.filename = DFL_FILENAME; - opt.format = DFL_FORMAT; - opt.use_dev_random = DFL_USE_DEV_RANDOM; - - for (i = 1; i < argc; i++) { - p = argv[i]; - if ((q = strchr(p, '=')) == NULL) { - goto usage; - } - *q++ = '\0'; - - if (strcmp(p, "type") == 0) { - if (strcmp(q, "rsa") == 0) { - opt.type = MBEDTLS_PK_RSA; - } else if (strcmp(q, "ec") == 0) { - opt.type = MBEDTLS_PK_ECKEY; - } else { - goto usage; - } - } else if (strcmp(p, "format") == 0) { - if (strcmp(q, "pem") == 0) { - opt.format = FORMAT_PEM; - } else if (strcmp(q, "der") == 0) { - opt.format = FORMAT_DER; - } else { - goto usage; - } - } else if (strcmp(p, "rsa_keysize") == 0) { - opt.rsa_keysize = atoi(q); - if (opt.rsa_keysize < 1024 || - opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) { - goto usage; - } - } -#if defined(MBEDTLS_ECP_C) - else if (strcmp(p, "ec_curve") == 0) { - if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) { - goto usage; - } - opt.ec_curve = curve_info->grp_id; - } -#endif - else if (strcmp(p, "filename") == 0) { - opt.filename = q; - } else if (strcmp(p, "use_dev_random") == 0) { - opt.use_dev_random = atoi(q); - if (opt.use_dev_random < 0 || opt.use_dev_random > 1) { - goto usage; - } - } else { - goto usage; - } - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - -#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) - if (opt.use_dev_random) { - if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, - NULL, DEV_RANDOM_THRESHOLD, - MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n Using /dev/random, so can take a long time! "); - fflush(stdout); - } -#endif /* !_WIN32 && MBEDTLS_FS_IO */ - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * 1.1. Generate the key - */ - mbedtls_printf("\n . Generating the private key ..."); - fflush(stdout); - - if ((ret = mbedtls_pk_setup(&key, - mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret); - goto exit; - } - -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) - if (opt.type == MBEDTLS_PK_RSA) { - ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg, - opt.rsa_keysize, 65537); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_C) - if (opt.type == MBEDTLS_PK_ECKEY) { - ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve, - mbedtls_pk_ec(key), - mbedtls_ctr_drbg_random, &ctr_drbg); - if (ret != 0) { - mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x", - (unsigned int) -ret); - goto exit; - } - } else -#endif /* MBEDTLS_ECP_C */ - { - mbedtls_printf(" failed\n ! key type not supported\n"); - goto exit; - } - - /* - * 1.2 Print the key - */ - mbedtls_printf(" ok\n . Key information:\n"); - -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key); - - if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 || - (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) { - mbedtls_printf(" failed\n ! could not export RSA parameters\n\n"); - goto exit; - } - - mbedtls_mpi_write_file("N: ", &N, 16, NULL); - mbedtls_mpi_write_file("E: ", &E, 16, NULL); - mbedtls_mpi_write_file("D: ", &D, 16, NULL); - mbedtls_mpi_write_file("P: ", &P, 16, NULL); - mbedtls_mpi_write_file("Q: ", &Q, 16, NULL); - mbedtls_mpi_write_file("DP: ", &DP, 16, NULL); - mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL); - mbedtls_mpi_write_file("QP: ", &QP, 16, NULL); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) { - mbedtls_printf(" failed\n ! could not export ECC parameters\n\n"); - goto exit; - } - } else -#endif - mbedtls_printf(" ! key type not supported\n"); - - /* - * 1.3 Export key - */ - mbedtls_printf(" . Writing key to file..."); - - if ((ret = write_private_key(&key, opt.filename)) != 0) { - mbedtls_printf(" failed\n"); - goto exit; - } - - mbedtls_printf(" ok\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - - if (exit_code != MBEDTLS_EXIT_SUCCESS) { -#ifdef MBEDTLS_ERROR_C - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, buf, sizeof(buf)); - mbedtls_printf(" - %s\n", buf); */ -#else - mbedtls_printf("\n"); -#endif - } - -#if defined(MBEDTLS_RSA_C) - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); -#endif /* MBEDTLS_RSA_C */ - - mbedtls_pk_free(&key); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* program viability conditions */ diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c deleted file mode 100644 index 4ddb473c0f..0000000000 --- a/programs/pkey/pk_sign.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Public key-based signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - const char *pers = "mbedtls_pk_sign"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_sign \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the signature of the hash. - */ - mbedtls_printf("\n . Generating the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c deleted file mode 100644 index 27aff441a1..0000000000 --- a/programs/pkey/pk_verify.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Public key-based signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ - !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) || \ - !defined(MBEDTLS_FS_IO) -int main(void) -{ - mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " - "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or " - "MBEDTLS_FS_IO not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: mbedtls_pk_verify \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", - (unsigned int) -ret); - goto exit; - } - - /* - * Extract the signature from the file - */ - mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, sizeof(buf), f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_psa_crypto_free(); - -#if defined(MBEDTLS_ERROR_C) - if (exit_code != MBEDTLS_EXIT_SUCCESS) { - mbedtls_printf("Error code: %d", ret); - /* mbedtls_strerror(ret, (char *) buf, sizeof(buf)); - mbedtls_printf(" ! Last error was: %s\n", buf); */ - } -#endif - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt deleted file mode 100644 index 254fcf8522..0000000000 --- a/programs/pkey/rsa_priv.txt +++ /dev/null @@ -1,8 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 -D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 -P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 -Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 -DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 -DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 -QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt deleted file mode 100644 index 1e7ae0c9c9..0000000000 --- a/programs/pkey/rsa_pub.txt +++ /dev/null @@ -1,2 +0,0 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c deleted file mode 100644 index d94daf3977..0000000000 --- a/programs/pkey/rsa_sign_pss.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature creation program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/rsa.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - mbedtls_pk_context pk; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - const char *pers = "rsa_sign_pss"; - size_t olen = 0; - - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - mbedtls_ctr_drbg_init(&ctr_drbg); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: rsa_sign_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Seeding the random number generator..."); - fflush(stdout); - - if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen(pers))) != 0) { - mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); - goto exit; - } - - mbedtls_printf("\n . Reading private key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Padding not supported\n"); - goto exit; - } - - /* - * Compute the SHA-256 hash of the input file, - * then calculate the RSA signature of the hash. - */ - mbedtls_printf("\n . Generating the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, sizeof(buf), &olen)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret); - goto exit; - } - - /* - * Write the signature into .sig - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "wb+")) == NULL) { - mbedtls_printf(" failed\n ! Could not create %s\n\n", filename); - goto exit; - } - - if (fwrite(buf, 1, olen, f) != olen) { - mbedtls_printf("failed\n ! fwrite failed\n\n"); - fclose(f); - goto exit; - } - - fclose(f); - - mbedtls_printf("\n . Done (created \"%s\")\n\n", filename); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && - PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && - MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c deleted file mode 100644 index 15049203ee..0000000000 --- a/programs/pkey/rsa_verify_pss.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * RSASSA-PSS/SHA-256 signature verification program - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "tf-psa-crypto/build_info.h" - -#include "mbedtls/platform.h" -/* md.h is included this early since MD_CAN_XXX macros are defined there. */ -#include "mbedtls/md.h" - -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) -int main(void) -{ - mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " - "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); - mbedtls_exit(0); -} -#else - -#include "mbedtls/md.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ - -#include -#include - - -int main(int argc, char *argv[]) -{ - FILE *f; - int ret = 1; - int exit_code = MBEDTLS_EXIT_FAILURE; - size_t i; - mbedtls_pk_context pk; - unsigned char hash[32]; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - char filename[512]; - - mbedtls_pk_init(&pk); - - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n", - (int) status); - goto exit; - } - - if (argc != 3) { - mbedtls_printf("usage: rsa_verify_pss \n"); - -#if defined(_WIN32) - mbedtls_printf("\n"); -#endif - - goto exit; - } - - mbedtls_printf("\n . Reading public key from '%s'", argv[1]); - fflush(stdout); - - if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) { - mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]); - mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret); - goto exit; - } - - if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) { - mbedtls_printf(" failed\n ! Key is not an RSA key\n"); - goto exit; - } - - if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), - MBEDTLS_RSA_PKCS_V21, - MBEDTLS_MD_SHA256)) != 0) { - mbedtls_printf(" failed\n ! Invalid padding\n"); - goto exit; - } - - /* - * Extract the RSA signature from the file - */ - mbedtls_snprintf(filename, 512, "%s.sig", argv[2]); - - if ((f = fopen(filename, "rb")) == NULL) { - mbedtls_printf("\n ! Could not open %s\n\n", filename); - goto exit; - } - - i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f); - - fclose(f); - - /* - * Compute the SHA-256 hash of the input file and - * verify the signature - */ - mbedtls_printf("\n . Verifying the RSA/SHA-256 signature"); - fflush(stdout); - - if ((ret = mbedtls_md_file( - mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), - argv[2], hash)) != 0) { - mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]); - goto exit; - } - - if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0, - buf, i)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret); - goto exit; - } - - mbedtls_printf("\n . OK (the signature is valid)\n\n"); - - exit_code = MBEDTLS_EXIT_SUCCESS; - -exit: - mbedtls_pk_free(&pk); - mbedtls_psa_crypto_free(); - - mbedtls_exit(exit_code); -} -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 && - MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ From 87ae4e6a14c4db5301c78ddb480783ac148d802e Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 30 Jul 2025 05:46:28 +0200 Subject: [PATCH 2/5] Added a changelog entry for the removal Signed-off-by: Anton Matkin --- ChangeLog.d/10285.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/10285.txt diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt new file mode 100644 index 0000000000..dae7e330cd --- /dev/null +++ b/ChangeLog.d/10285.txt @@ -0,0 +1,3 @@ +Removals + * Removed the programs/pkey directory. These will be moved to the + TF-PSA-Crypto repository later. \ No newline at end of file From 5b49f31956c89d7253563fb2237d710b86bc04e8 Mon Sep 17 00:00:00 2001 From: Anton Matkin Date: Wed, 30 Jul 2025 12:14:30 +0200 Subject: [PATCH 3/5] Adjusted the Makefile in the programs directory - removed the pkey programs Signed-off-by: Anton Matkin --- programs/Makefile | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index a043fe1912..f99021aa69 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -36,11 +36,6 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs ## Note: Variables cannot be used to define an apps path. This cannot be ## substituted by the script generate_visualc_files.pl. APPS = \ - pkey/gen_key \ - pkey/pk_sign \ - pkey/pk_verify \ - pkey/rsa_sign_pss \ - pkey/rsa_verify_pss \ ../tf-psa-crypto/programs/psa/aead_demo \ ../tf-psa-crypto/programs/psa/crypto_examples \ ../tf-psa-crypto/programs/psa/hmac_demo \ @@ -136,26 +131,6 @@ test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl -pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP) - echo " CC pkey/gen_key.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP) - echo " CC pkey/pk_sign.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP) - echo " CC pkey/pk_verify.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP) - echo " CC pkey/rsa_sign_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - -pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP) - echo " CC pkey/rsa_verify_pss.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP) echo " CC psa/aead_demo.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ From 3962284de6e0bf6fe52666a4030db74145822af3 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 11:00:01 +0100 Subject: [PATCH 4/5] Update & fix changelog Signed-off-by: Felix Conway --- ChangeLog.d/10285.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt index dae7e330cd..2ac05ab90f 100644 --- a/ChangeLog.d/10285.txt +++ b/ChangeLog.d/10285.txt @@ -1,3 +1,3 @@ Removals - * Removed the programs/pkey directory. These will be moved to the - TF-PSA-Crypto repository later. \ No newline at end of file + * Removed all public key sample programs from the programs/pkey + directory. From 1cf9a1590bf51790af0c30c97d5807e995962221 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 20 Aug 2025 11:00:59 +0100 Subject: [PATCH 5/5] Remove programs from gitignore and documentation Signed-off-by: Felix Conway --- programs/.gitignore | 5 ----- programs/README.md | 10 ---------- 2 files changed, 15 deletions(-) diff --git a/programs/.gitignore b/programs/.gitignore index 7eaf38d85b..004dcf22f7 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -8,11 +8,6 @@ hash/md5sum hash/sha1sum hash/sha2sum -pkey/gen_key -pkey/pk_sign -pkey/pk_verify -pkey/rsa_sign_pss -pkey/rsa_verify_pss ssl/dtls_client ssl/dtls_server ssl/mini_client diff --git a/programs/README.md b/programs/README.md index 9239e8a603..b9260bffe9 100644 --- a/programs/README.md +++ b/programs/README.md @@ -3,16 +3,6 @@ Mbed TLS sample programs This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs. -### Generic public-key cryptography (`pk`) examples - -* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs. - -* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string. - -### ECDSA and RSA signature examples - -* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm. - ### SSL/TLS sample applications * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.