mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-10-21 14:53:42 +03:00
Merge pull request #10331 from amtkarm1/task-remove-programs-pkey
Removed the programs/pkey directory
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
3
ChangeLog.d/10285.txt
Normal file
3
ChangeLog.d/10285.txt
Normal file
@@ -0,0 +1,3 @@
|
||||
Removals
|
||||
* Removed all public key sample programs from the programs/pkey
|
||||
directory.
|
||||
5
programs/.gitignore
vendored
5
programs/.gitignore
vendored
@@ -8,11 +8,6 @@
|
||||
hash/md5sum
|
||||
hash/sha1sum
|
||||
hash/sha2sum
|
||||
pkey/gen_key
|
||||
pkey/pk_sign
|
||||
pkey/pk_verify
|
||||
pkey/rsa_sign_pss
|
||||
pkey/rsa_verify_pss
|
||||
ssl/dtls_client
|
||||
ssl/dtls_server
|
||||
ssl/mini_client
|
||||
|
||||
@@ -4,7 +4,7 @@ add_custom_target(${programs_target})
|
||||
if (NOT WIN32)
|
||||
add_subdirectory(fuzz)
|
||||
endif()
|
||||
add_subdirectory(pkey)
|
||||
|
||||
add_subdirectory(ssl)
|
||||
add_subdirectory(test)
|
||||
add_subdirectory(util)
|
||||
|
||||
@@ -36,11 +36,6 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs
|
||||
## Note: Variables cannot be used to define an apps path. This cannot be
|
||||
## substituted by the script generate_visualc_files.pl.
|
||||
APPS = \
|
||||
pkey/gen_key \
|
||||
pkey/pk_sign \
|
||||
pkey/pk_verify \
|
||||
pkey/rsa_sign_pss \
|
||||
pkey/rsa_verify_pss \
|
||||
../tf-psa-crypto/programs/psa/aead_demo \
|
||||
../tf-psa-crypto/programs/psa/crypto_examples \
|
||||
../tf-psa-crypto/programs/psa/hmac_demo \
|
||||
@@ -136,26 +131,6 @@ test/query_config.c:
|
||||
echo " Gen $@"
|
||||
$(PERL) ../scripts/generate_query_config.pl
|
||||
|
||||
pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
|
||||
echo " CC pkey/gen_key.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
|
||||
echo " CC pkey/pk_sign.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP)
|
||||
echo " CC pkey/pk_verify.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
|
||||
echo " CC pkey/rsa_sign_pss.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP)
|
||||
echo " CC pkey/rsa_verify_pss.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
|
||||
echo " CC psa/aead_demo.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
@@ -3,16 +3,6 @@ Mbed TLS sample programs
|
||||
|
||||
This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
|
||||
|
||||
### Generic public-key cryptography (`pk`) examples
|
||||
|
||||
* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
|
||||
|
||||
* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
|
||||
|
||||
### ECDSA and RSA signature examples
|
||||
|
||||
* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
|
||||
|
||||
### SSL/TLS sample applications
|
||||
|
||||
* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
set(executables_mbedcrypto
|
||||
gen_key
|
||||
pk_sign
|
||||
pk_verify
|
||||
rsa_sign_pss
|
||||
rsa_verify_pss
|
||||
)
|
||||
add_dependencies(${programs_target} ${executables_mbedcrypto})
|
||||
|
||||
foreach(exe IN LISTS executables_mbedcrypto)
|
||||
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
|
||||
set_base_compile_options(${exe})
|
||||
target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
|
||||
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
|
||||
endforeach()
|
||||
|
||||
install(TARGETS ${executables_mbedcrypto}
|
||||
DESTINATION "bin"
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
||||
@@ -1,2 +0,0 @@
|
||||
P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
|
||||
G = 02
|
||||
@@ -1,478 +0,0 @@
|
||||
/*
|
||||
* Key generation application
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
|
||||
|
||||
#include "tf-psa-crypto/build_info.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
|
||||
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
|
||||
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
|
||||
"MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C "
|
||||
"not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
#include "mbedtls/pk.h"
|
||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||
#include <mbedtls/private/pk_private.h>
|
||||
#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
|
||||
#include "mbedtls/ecdsa.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if !defined(_WIN32)
|
||||
#include <unistd.h>
|
||||
|
||||
#define DEV_RANDOM_THRESHOLD 32
|
||||
|
||||
static int dev_random_entropy_poll(void *data, unsigned char *output,
|
||||
size_t len, size_t *olen)
|
||||
{
|
||||
FILE *file;
|
||||
size_t ret, left = len;
|
||||
unsigned char *p = output;
|
||||
((void) data);
|
||||
|
||||
*olen = 0;
|
||||
|
||||
file = fopen("/dev/random", "rb");
|
||||
if (file == NULL) {
|
||||
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
||||
}
|
||||
|
||||
while (left > 0) {
|
||||
/* /dev/random can return much less than requested. If so, try again */
|
||||
ret = fread(p, 1, left, file);
|
||||
if (ret == 0 && ferror(file)) {
|
||||
fclose(file);
|
||||
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
|
||||
}
|
||||
|
||||
p += ret;
|
||||
left -= ret;
|
||||
sleep(1);
|
||||
}
|
||||
fclose(file);
|
||||
*olen = len;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* !_WIN32 */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
|
||||
#else
|
||||
#define DFL_EC_CURVE 0
|
||||
#endif
|
||||
|
||||
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
|
||||
#define USAGE_DEV_RANDOM \
|
||||
" use_dev_random=0|1 default: 0\n"
|
||||
#else
|
||||
#define USAGE_DEV_RANDOM ""
|
||||
#endif /* !_WIN32 && MBEDTLS_FS_IO */
|
||||
|
||||
#define FORMAT_PEM 0
|
||||
#define FORMAT_DER 1
|
||||
|
||||
#define DFL_TYPE MBEDTLS_PK_RSA
|
||||
#define DFL_RSA_KEYSIZE 4096
|
||||
#define DFL_FILENAME "keyfile.key"
|
||||
#define DFL_FORMAT FORMAT_PEM
|
||||
#define DFL_USE_DEV_RANDOM 0
|
||||
|
||||
#define USAGE \
|
||||
"\n usage: gen_key param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
" type=rsa|ec default: rsa\n" \
|
||||
" rsa_keysize=%%d default: 4096\n" \
|
||||
" ec_curve=%%s see below\n" \
|
||||
" filename=%%s default: keyfile.key\n" \
|
||||
" format=pem|der default: pem\n" \
|
||||
USAGE_DEV_RANDOM \
|
||||
"\n"
|
||||
|
||||
|
||||
/*
|
||||
* global options
|
||||
*/
|
||||
struct options {
|
||||
int type; /* the type of key to generate */
|
||||
int rsa_keysize; /* length of key in bits */
|
||||
int ec_curve; /* curve identifier for EC keys */
|
||||
const char *filename; /* filename of the key file */
|
||||
int format; /* the output format to use */
|
||||
int use_dev_random; /* use /dev/random as entropy source */
|
||||
} opt;
|
||||
|
||||
static int write_private_key(mbedtls_pk_context *key, const char *output_file)
|
||||
{
|
||||
int ret;
|
||||
FILE *f;
|
||||
unsigned char output_buf[16000];
|
||||
unsigned char *c = output_buf;
|
||||
size_t len = 0;
|
||||
|
||||
memset(output_buf, 0, 16000);
|
||||
if (opt.format == FORMAT_PEM) {
|
||||
if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
len = strlen((char *) output_buf);
|
||||
} else {
|
||||
if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
len = ret;
|
||||
c = output_buf + sizeof(output_buf) - len;
|
||||
}
|
||||
|
||||
if ((f = fopen(output_file, "wb")) == NULL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (fwrite(c, 1, len, f) != len) {
|
||||
fclose(f);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_grp_id(
|
||||
mbedtls_ecp_keypair_get_group_id(ecp));
|
||||
mbedtls_printf("curve: %s\n", curve_info->name);
|
||||
|
||||
mbedtls_ecp_group grp;
|
||||
mbedtls_ecp_group_init(&grp);
|
||||
mbedtls_mpi D;
|
||||
mbedtls_mpi_init(&D);
|
||||
mbedtls_ecp_point pt;
|
||||
mbedtls_ecp_point_init(&pt);
|
||||
mbedtls_mpi X, Y;
|
||||
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
|
||||
|
||||
MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
|
||||
(has_private ? &D : NULL),
|
||||
&pt));
|
||||
|
||||
unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
|
||||
size_t len = 0;
|
||||
MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
|
||||
&grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
|
||||
&len, point_bin, sizeof(point_bin)));
|
||||
switch (mbedtls_ecp_get_type(&grp)) {
|
||||
case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
|
||||
if ((len & 1) == 0 || point_bin[0] != 0x04) {
|
||||
/* Point in an unxepected format. This shouldn't happen. */
|
||||
ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
MBEDTLS_MPI_CHK(
|
||||
mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
|
||||
MBEDTLS_MPI_CHK(
|
||||
mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
|
||||
mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
|
||||
mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
|
||||
break;
|
||||
case MBEDTLS_ECP_TYPE_MONTGOMERY:
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
|
||||
mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
|
||||
break;
|
||||
default:
|
||||
mbedtls_printf(
|
||||
"This program does not yet support listing coordinates for this curve type.\n");
|
||||
break;
|
||||
}
|
||||
|
||||
if (has_private) {
|
||||
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mbedtls_ecp_group_free(&grp);
|
||||
mbedtls_mpi_free(&D);
|
||||
mbedtls_ecp_point_free(&pt);
|
||||
mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
mbedtls_pk_context key;
|
||||
char buf[1024];
|
||||
int i;
|
||||
char *p, *q;
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
const char *pers = "gen_key";
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
const mbedtls_ecp_curve_info *curve_info;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Set to sane values
|
||||
*/
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
|
||||
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
|
||||
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_pk_init(&key);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (argc < 2) {
|
||||
usage:
|
||||
mbedtls_printf(USAGE);
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
mbedtls_printf(" available ec_curve values:\n");
|
||||
curve_info = mbedtls_ecp_curve_list();
|
||||
mbedtls_printf(" %s (default)\n", curve_info->name);
|
||||
while ((++curve_info)->name != NULL) {
|
||||
mbedtls_printf(" %s\n", curve_info->name);
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
goto exit;
|
||||
}
|
||||
|
||||
opt.type = DFL_TYPE;
|
||||
opt.rsa_keysize = DFL_RSA_KEYSIZE;
|
||||
opt.ec_curve = DFL_EC_CURVE;
|
||||
opt.filename = DFL_FILENAME;
|
||||
opt.format = DFL_FORMAT;
|
||||
opt.use_dev_random = DFL_USE_DEV_RANDOM;
|
||||
|
||||
for (i = 1; i < argc; i++) {
|
||||
p = argv[i];
|
||||
if ((q = strchr(p, '=')) == NULL) {
|
||||
goto usage;
|
||||
}
|
||||
*q++ = '\0';
|
||||
|
||||
if (strcmp(p, "type") == 0) {
|
||||
if (strcmp(q, "rsa") == 0) {
|
||||
opt.type = MBEDTLS_PK_RSA;
|
||||
} else if (strcmp(q, "ec") == 0) {
|
||||
opt.type = MBEDTLS_PK_ECKEY;
|
||||
} else {
|
||||
goto usage;
|
||||
}
|
||||
} else if (strcmp(p, "format") == 0) {
|
||||
if (strcmp(q, "pem") == 0) {
|
||||
opt.format = FORMAT_PEM;
|
||||
} else if (strcmp(q, "der") == 0) {
|
||||
opt.format = FORMAT_DER;
|
||||
} else {
|
||||
goto usage;
|
||||
}
|
||||
} else if (strcmp(p, "rsa_keysize") == 0) {
|
||||
opt.rsa_keysize = atoi(q);
|
||||
if (opt.rsa_keysize < 1024 ||
|
||||
opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
else if (strcmp(p, "ec_curve") == 0) {
|
||||
if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
|
||||
goto usage;
|
||||
}
|
||||
opt.ec_curve = curve_info->grp_id;
|
||||
}
|
||||
#endif
|
||||
else if (strcmp(p, "filename") == 0) {
|
||||
opt.filename = q;
|
||||
} else if (strcmp(p, "use_dev_random") == 0) {
|
||||
opt.use_dev_random = atoi(q);
|
||||
if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
|
||||
goto usage;
|
||||
}
|
||||
} else {
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
|
||||
if (opt.use_dev_random) {
|
||||
if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
|
||||
NULL, DEV_RANDOM_THRESHOLD,
|
||||
MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n Using /dev/random, so can take a long time! ");
|
||||
fflush(stdout);
|
||||
}
|
||||
#endif /* !_WIN32 && MBEDTLS_FS_IO */
|
||||
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* 1.1. Generate the key
|
||||
*/
|
||||
mbedtls_printf("\n . Generating the private key ...");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_pk_setup(&key,
|
||||
mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
|
||||
if (opt.type == MBEDTLS_PK_RSA) {
|
||||
ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
|
||||
opt.rsa_keysize, 65537);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if (opt.type == MBEDTLS_PK_ECKEY) {
|
||||
ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
|
||||
mbedtls_pk_ec(key),
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
{
|
||||
mbedtls_printf(" failed\n ! key type not supported\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* 1.2 Print the key
|
||||
*/
|
||||
mbedtls_printf(" ok\n . Key information:\n");
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
|
||||
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
|
||||
|
||||
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
|
||||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
|
||||
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
|
||||
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
|
||||
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
|
||||
mbedtls_mpi_write_file("P: ", &P, 16, NULL);
|
||||
mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
|
||||
mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
|
||||
mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
|
||||
mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
|
||||
} else
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
|
||||
if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
|
||||
mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
|
||||
goto exit;
|
||||
}
|
||||
} else
|
||||
#endif
|
||||
mbedtls_printf(" ! key type not supported\n");
|
||||
|
||||
/*
|
||||
* 1.3 Export key
|
||||
*/
|
||||
mbedtls_printf(" . Writing key to file...");
|
||||
|
||||
if ((ret = write_private_key(&key, opt.filename)) != 0) {
|
||||
mbedtls_printf(" failed\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf(" ok\n");
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
|
||||
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
|
||||
#ifdef MBEDTLS_ERROR_C
|
||||
mbedtls_printf("Error code: %d", ret);
|
||||
/* mbedtls_strerror(ret, buf, sizeof(buf));
|
||||
mbedtls_printf(" - %s\n", buf); */
|
||||
#else
|
||||
mbedtls_printf("\n");
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
|
||||
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
|
||||
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
mbedtls_psa_crypto_free();
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* program viability conditions */
|
||||
@@ -1,154 +0,0 @@
|
||||
/*
|
||||
* Public key-based signature creation program
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
|
||||
|
||||
#include "tf-psa-crypto/build_info.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
|
||||
!defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_CTR_DRBG_C)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||
#include <mbedtls/private/pk_private.h>
|
||||
#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
mbedtls_pk_context pk;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
||||
char filename[512];
|
||||
const char *pers = "mbedtls_pk_sign";
|
||||
size_t olen = 0;
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
mbedtls_pk_init(&pk);
|
||||
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf("\n");
|
||||
#endif
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file,
|
||||
* then calculate the signature of the hash.
|
||||
*/
|
||||
mbedtls_printf("\n . Generating the SHA-256 signature");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_md_file(
|
||||
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
argv[2], hash)) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||
buf, sizeof(buf), &olen)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Write the signature into <filename>.sig
|
||||
*/
|
||||
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
|
||||
|
||||
if ((f = fopen(filename, "wb+")) == NULL) {
|
||||
mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (fwrite(buf, 1, olen, f) != olen) {
|
||||
mbedtls_printf("failed\n ! fwrite failed\n\n");
|
||||
fclose(f);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
|
||||
mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
mbedtls_psa_crypto_free();
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
|
||||
mbedtls_printf("Error code: %d", ret);
|
||||
/* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
|
||||
mbedtls_printf(" ! Last error was: %s\n", buf); */
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
|
||||
PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
MBEDTLS_CTR_DRBG_C */
|
||||
@@ -1,129 +0,0 @@
|
||||
/*
|
||||
* Public key-based signature verification program
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
|
||||
|
||||
#include "tf-psa-crypto/build_info.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
|
||||
!defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) || \
|
||||
!defined(MBEDTLS_FS_IO)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
|
||||
"PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or "
|
||||
"MBEDTLS_FS_IO not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
#include "mbedtls/pk.h"
|
||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||
#include <mbedtls/private/pk_private.h>
|
||||
#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
size_t i;
|
||||
mbedtls_pk_context pk;
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf("\n");
|
||||
#endif
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Extract the signature from the file
|
||||
*/
|
||||
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
|
||||
|
||||
if ((f = fopen(filename, "rb")) == NULL) {
|
||||
mbedtls_printf("\n ! Could not open %s\n\n", filename);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
i = fread(buf, 1, sizeof(buf), f);
|
||||
|
||||
fclose(f);
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file and
|
||||
* verify the signature
|
||||
*/
|
||||
mbedtls_printf("\n . Verifying the SHA-256 signature");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_md_file(
|
||||
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
argv[2], hash)) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||
buf, i)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . OK (the signature is valid)\n\n");
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_psa_crypto_free();
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
|
||||
mbedtls_printf("Error code: %d", ret);
|
||||
/* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
|
||||
mbedtls_printf(" ! Last error was: %s\n", buf); */
|
||||
}
|
||||
#endif
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 &&
|
||||
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
|
||||
@@ -1,8 +0,0 @@
|
||||
N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
|
||||
E = 010001
|
||||
D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
|
||||
P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
|
||||
Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
|
||||
DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
|
||||
DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
|
||||
QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
|
||||
@@ -1,2 +0,0 @@
|
||||
N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
|
||||
E = 010001
|
||||
@@ -1,160 +0,0 @@
|
||||
/*
|
||||
* RSASSA-PSS/SHA-256 signature creation program
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
|
||||
|
||||
#include "tf-psa-crypto/build_info.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
|
||||
!defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_CTR_DRBG_C)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||
#include <mbedtls/private/pk_private.h>
|
||||
#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
mbedtls_pk_context pk;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
const char *pers = "rsa_sign_pss";
|
||||
size_t olen = 0;
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_pk_init(&pk);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf("\n");
|
||||
#endif
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen(pers))) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
|
||||
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
|
||||
mbedtls_printf(" failed\n ! Key is not an RSA key\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
|
||||
MBEDTLS_RSA_PKCS_V21,
|
||||
MBEDTLS_MD_SHA256)) != 0) {
|
||||
mbedtls_printf(" failed\n ! Padding not supported\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file,
|
||||
* then calculate the RSA signature of the hash.
|
||||
*/
|
||||
mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_md_file(
|
||||
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
argv[2], hash)) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||
buf, sizeof(buf), &olen)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Write the signature into <filename>.sig
|
||||
*/
|
||||
mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
|
||||
|
||||
if ((f = fopen(filename, "wb+")) == NULL) {
|
||||
mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (fwrite(buf, 1, olen, f) != olen) {
|
||||
mbedtls_printf("failed\n ! fwrite failed\n\n");
|
||||
fclose(f);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
|
||||
mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_ctr_drbg_free(&ctr_drbg);
|
||||
mbedtls_entropy_free(&entropy);
|
||||
mbedtls_psa_crypto_free();
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
|
||||
PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
|
||||
MBEDTLS_CTR_DRBG_C */
|
||||
@@ -1,137 +0,0 @@
|
||||
/*
|
||||
* RSASSA-PSS/SHA-256 signature verification program
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
|
||||
|
||||
#include "tf-psa-crypto/build_info.h"
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
/* md.h is included this early since MD_CAN_XXX macros are defined there. */
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
|
||||
!defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_CTR_DRBG_C)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
|
||||
"MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or "
|
||||
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
|
||||
"MBEDTLS_CTR_DRBG_C not defined.\n");
|
||||
mbedtls_exit(0);
|
||||
}
|
||||
#else
|
||||
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/pem.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||
#include <mbedtls/private/pk_private.h>
|
||||
#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
size_t i;
|
||||
mbedtls_pk_context pk;
|
||||
unsigned char hash[32];
|
||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
|
||||
char filename[512];
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
|
||||
psa_status_t status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||
(int) status);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (argc != 3) {
|
||||
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
|
||||
|
||||
#if defined(_WIN32)
|
||||
mbedtls_printf("\n");
|
||||
#endif
|
||||
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
|
||||
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
|
||||
mbedtls_printf(" failed\n ! Key is not an RSA key\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
|
||||
MBEDTLS_RSA_PKCS_V21,
|
||||
MBEDTLS_MD_SHA256)) != 0) {
|
||||
mbedtls_printf(" failed\n ! Invalid padding\n");
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/*
|
||||
* Extract the RSA signature from the file
|
||||
*/
|
||||
mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
|
||||
|
||||
if ((f = fopen(filename, "rb")) == NULL) {
|
||||
mbedtls_printf("\n ! Could not open %s\n\n", filename);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
|
||||
|
||||
fclose(f);
|
||||
|
||||
/*
|
||||
* Compute the SHA-256 hash of the input file and
|
||||
* verify the signature
|
||||
*/
|
||||
mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
|
||||
fflush(stdout);
|
||||
|
||||
if ((ret = mbedtls_md_file(
|
||||
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
|
||||
argv[2], hash)) != 0) {
|
||||
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
|
||||
buf, i)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_printf("\n . OK (the signature is valid)\n\n");
|
||||
|
||||
exit_code = MBEDTLS_EXIT_SUCCESS;
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_psa_crypto_free();
|
||||
|
||||
mbedtls_exit(exit_code);
|
||||
}
|
||||
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
|
||||
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
|
||||
Reference in New Issue
Block a user