lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Switch to the new code style

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2023-01-11 14:50:10 +01:00
parent fd13a0f851
commit 449bd8303e
442 changed files with 86735 additions and 89438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

470
programs/aes/crypt_and_hash.c
View File

@ -28,7 +28,7 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
defined(MBEDTLS_FS_IO)
defined(MBEDTLS_FS_IO)
#include "mbedtls/cipher.h"
#include "mbedtls/md.h"
#include "mbedtls/platform_util.h"
@ -59,15 +59,15 @@
#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1, i;
unsigned n;
@ -91,138 +91,121 @@ int main( int argc, char *argv[] )
#if defined(_WIN32_WCE)
long filesize, offset;
#elif defined(_WIN32)
LARGE_INTEGER li_size;
LARGE_INTEGER li_size;
__int64 filesize, offset;
#else
off_t filesize, offset;
off_t filesize, offset;
#endif
mbedtls_cipher_init( &cipher_ctx );
mbedtls_md_init( &md_ctx );
mbedtls_cipher_init(&cipher_ctx);
mbedtls_md_init(&md_ctx);
/*
* Parse the command-line arguments.
*/
if( argc != 7 )
{
if (argc != 7) {
const int *list;
mbedtls_printf( USAGE );
mbedtls_printf(USAGE);
mbedtls_printf( "Available ciphers:\n" );
mbedtls_printf("Available ciphers:\n");
list = mbedtls_cipher_list();
while( *list )
{
cipher_info = mbedtls_cipher_info_from_type( *list );
mbedtls_printf( " %s\n", mbedtls_cipher_info_get_name( cipher_info ) );
while (*list) {
cipher_info = mbedtls_cipher_info_from_type(*list);
mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info));
list++;
}
mbedtls_printf( "\nAvailable message digests:\n" );
mbedtls_printf("\nAvailable message digests:\n");
list = mbedtls_md_list();
while( *list )
{
md_info = mbedtls_md_info_from_type( *list );
mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
while (*list) {
md_info = mbedtls_md_info_from_type(*list);
mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
list++;
}
goto exit;
}
mode = atoi( argv[1] );
mode = atoi(argv[1]);
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
{
mbedtls_fprintf( stderr, "invalid operation mode\n" );
if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
mbedtls_fprintf(stderr, "invalid operation mode\n");
goto exit;
}
if( strcmp( argv[2], argv[3] ) == 0 )
{
mbedtls_fprintf( stderr, "input and output filenames must differ\n" );
if (strcmp(argv[2], argv[3]) == 0) {
mbedtls_fprintf(stderr, "input and output filenames must differ\n");
goto exit;
}
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
{
mbedtls_fprintf( stderr, "fopen(%s,rb) failed\n", argv[2] );
if ((fin = fopen(argv[2], "rb")) == NULL) {
mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]);
goto exit;
}
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
{
mbedtls_fprintf( stderr, "fopen(%s,wb+) failed\n", argv[3] );
if ((fout = fopen(argv[3], "wb+")) == NULL) {
mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]);
goto exit;
}
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( fin, NULL );
mbedtls_setbuf( fout, NULL );
mbedtls_setbuf(fin, NULL);
mbedtls_setbuf(fout, NULL);
/*
* Read the Cipher and MD from the command line
*/
cipher_info = mbedtls_cipher_info_from_string( argv[4] );
if( cipher_info == NULL )
{
mbedtls_fprintf( stderr, "Cipher '%s' not found\n", argv[4] );
cipher_info = mbedtls_cipher_info_from_string(argv[4]);
if (cipher_info == NULL) {
mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]);
goto exit;
}
if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info) ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setup failed\n" );
if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n");
goto exit;
}
md_info = mbedtls_md_info_from_string( argv[5] );
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
md_info = mbedtls_md_info_from_string(argv[5]);
if (md_info == NULL) {
mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]);
goto exit;
}
if( mbedtls_md_setup( &md_ctx, md_info, 1 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_setup failed\n" );
if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n");
goto exit;
}
/*
* Read the secret key from file or command line
*/
if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
{
keylen = fread( key, 1, sizeof( key ), fkey );
fclose( fkey );
}
else
{
if( memcmp( argv[6], "hex:", 4 ) == 0 )
{
if ((fkey = fopen(argv[6], "rb")) != NULL) {
keylen = fread(key, 1, sizeof(key), fkey);
fclose(fkey);
} else {
if (memcmp(argv[6], "hex:", 4) == 0) {
p = &argv[6][4];
keylen = 0;
while( sscanf( p, "%02X", (unsigned int*) &n ) > 0 &&
keylen < (int) sizeof( key ) )
{
while (sscanf(p, "%02X", (unsigned int *) &n) > 0 &&
keylen < (int) sizeof(key)) {
key[keylen++] = (unsigned char) n;
p += 2;
}
}
else
{
keylen = strlen( argv[6] );
} else {
keylen = strlen(argv[6]);
if( keylen > (int) sizeof( key ) )
keylen = (int) sizeof( key );
if (keylen > (int) sizeof(key)) {
keylen = (int) sizeof(key);
}
memcpy( key, argv[6], keylen );
memcpy(key, argv[6], keylen);
}
}
#if defined(_WIN32_WCE)
filesize = fseek( fin, 0L, SEEK_END );
filesize = fseek(fin, 0L, SEEK_END);
#else
#if defined(_WIN32)
/*
@ -230,72 +213,64 @@ int main( int argc, char *argv[] )
*/
li_size.QuadPart = 0;
li_size.LowPart =
SetFilePointer( (HANDLE) _get_osfhandle( _fileno( fin ) ),
li_size.LowPart, &li_size.HighPart, FILE_END );
SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)),
li_size.LowPart, &li_size.HighPart, FILE_END);
if( li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR )
{
mbedtls_fprintf( stderr, "SetFilePointer(0,FILE_END) failed\n" );
if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) {
mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n");
goto exit;
}
filesize = li_size.QuadPart;
#else
if( ( filesize = lseek( fileno( fin ), 0, SEEK_END ) ) < 0 )
{
perror( "lseek" );
if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) {
perror("lseek");
goto exit;
}
#endif
#endif
if( fseek( fin, 0, SEEK_SET ) < 0 )
{
mbedtls_fprintf( stderr, "fseek(0,SEEK_SET) failed\n" );
if (fseek(fin, 0, SEEK_SET) < 0) {
mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n");
goto exit;
}
if( mode == MODE_ENCRYPT )
{
if (mode == MODE_ENCRYPT) {
/*
* Generate the initialization vector as:
* IV = MD( filesize || filename )[0..15]
*/
for( i = 0; i < 8; i++ )
buffer[i] = (unsigned char)( filesize >> ( i << 3 ) );
for (i = 0; i < 8; i++) {
buffer[i] = (unsigned char) (filesize >> (i << 3));
}
p = argv[2];
if( mbedtls_md_starts( &md_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
if (mbedtls_md_starts(&md_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
goto exit;
}
if( mbedtls_md_update( &md_ctx, buffer, 8 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if( mbedtls_md_update( &md_ctx, ( unsigned char * ) p, strlen( p ) )
!= 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p))
!= 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
if (mbedtls_md_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
goto exit;
}
memcpy( IV, digest, 16 );
memcpy(IV, digest, 16);
/*
* Append the IV at the beginning of the output.
*/
if( fwrite( IV, 1, 16, fout ) != 16 )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", 16 );
if (fwrite(IV, 1, 16, fout) != 16) {
mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16);
goto exit;
}
@ -303,131 +278,111 @@ int main( int argc, char *argv[] )
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
memset(digest, 0, 32);
memcpy(digest, IV, 16);
for( i = 0; i < 8192; i++ )
{
if( mbedtls_md_starts( &md_ctx ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_starts() returned error\n" );
for (i = 0; i < 8192; i++) {
if (mbedtls_md_starts(&md_ctx) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_starts() returned error\n");
goto exit;
}
if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_update() returned error\n" );
if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_update() returned error\n");
goto exit;
}
if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_update() returned error\n" );
if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_update() returned error\n");
goto exit;
}
if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr,
"mbedtls_md_finish() returned error\n" );
if (mbedtls_md_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr,
"mbedtls_md_finish() returned error\n");
goto exit;
}
}
if( mbedtls_cipher_setkey( &cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
MBEDTLS_ENCRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
if (mbedtls_cipher_setkey(&cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_ENCRYPT) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n");
if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n");
if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
goto exit;
}
/*
* Encrypt and write the ciphertext.
*/
for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
{
ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
for (offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size(&cipher_ctx)) {
ilen = ((unsigned int) filesize - offset > mbedtls_cipher_get_block_size(&cipher_ctx)) ?
mbedtls_cipher_get_block_size(&cipher_ctx) : (unsigned int) (filesize - offset);
if( fread( buffer, 1, ilen, fin ) != ilen )
{
mbedtls_fprintf( stderr, "fread(%ld bytes) failed\n", (long) ilen );
if (fread(buffer, 1, ilen, fin) != ilen) {
mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen);
goto exit;
}
if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output, &olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n");
if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
goto exit;
}
if( mbedtls_md_hmac_update( &md_ctx, output, olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
/*
* Finally write the HMAC.
*/
if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
goto exit;
}
if( fwrite( digest, 1, mbedtls_md_get_size( md_info ), fout ) != mbedtls_md_get_size( md_info ) )
{
mbedtls_fprintf( stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
if (fwrite(digest, 1, mbedtls_md_get_size(md_info), fout) != mbedtls_md_get_size(md_info)) {
mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size(md_info));
goto exit;
}
}
if( mode == MODE_DECRYPT )
{
if (mode == MODE_DECRYPT) {
/*
* The encrypted file must be structured as follows:
*
@ -437,134 +392,116 @@ int main( int argc, char *argv[] )
* N*16 .. (N+1)*16 - 1 Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
*/
if( filesize < 16 + mbedtls_md_get_size( md_info ) )
{
mbedtls_fprintf( stderr, "File too short to be encrypted.\n" );
if (filesize < 16 + mbedtls_md_get_size(md_info)) {
mbedtls_fprintf(stderr, "File too short to be encrypted.\n");
goto exit;
}
if( mbedtls_cipher_get_block_size( &cipher_ctx ) == 0 )
{
mbedtls_fprintf( stderr, "Invalid cipher block size: 0. \n" );
if (mbedtls_cipher_get_block_size(&cipher_ctx) == 0) {
mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n");
goto exit;
}
/*
* Check the file size.
*/
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
mbedtls_fprintf( stderr, "File content not a multiple of the block size (%u).\n",
mbedtls_cipher_get_block_size( &cipher_ctx ));
if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM &&
((filesize - mbedtls_md_get_size(md_info)) %
mbedtls_cipher_get_block_size(&cipher_ctx)) != 0) {
mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n",
mbedtls_cipher_get_block_size(&cipher_ctx));
goto exit;
}
/*
* Subtract the IV + HMAC length.
*/
filesize -= ( 16 + mbedtls_md_get_size( md_info ) );
filesize -= (16 + mbedtls_md_get_size(md_info));
/*
* Read the IV and original filesize modulo 16.
*/
if( fread( buffer, 1, 16, fin ) != 16 )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", 16 );
if (fread(buffer, 1, 16, fin) != 16) {
mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16);
goto exit;
}
memcpy( IV, buffer, 16 );
memcpy(IV, buffer, 16);
/*
* Hash the IV and the secret key together 8192 times
* using the result to setup the AES context and HMAC.
*/
memset( digest, 0, 32 );
memcpy( digest, IV, 16 );
memset(digest, 0, 32);
memcpy(digest, IV, 16);
for( i = 0; i < 8192; i++ )
{
if( mbedtls_md_starts( &md_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_starts() returned error\n" );
for (i = 0; i < 8192; i++) {
if (mbedtls_md_starts(&md_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
goto exit;
}
if( mbedtls_md_update( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if( mbedtls_md_update( &md_ctx, key, keylen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_update() returned error\n" );
if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
goto exit;
}
if( mbedtls_md_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_finish() returned error\n" );
if (mbedtls_md_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
goto exit;
}
}
if( mbedtls_cipher_setkey( &cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
MBEDTLS_DECRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
if (mbedtls_cipher_setkey(&cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
MBEDTLS_DECRYPT) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
goto exit;
}
if( mbedtls_cipher_set_iv( &cipher_ctx, IV, 16 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_set_iv() returned error\n" );
if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
goto exit;
}
if( mbedtls_cipher_reset( &cipher_ctx ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_reset() returned error\n" );
if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
goto exit;
}
if( mbedtls_md_hmac_starts( &md_ctx, digest, 32 ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_starts() returned error\n" );
if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
goto exit;
}
/*
* Decrypt and write the plaintext.
*/
for( offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size( &cipher_ctx ) )
{
ilen = ( (unsigned int) filesize - offset > mbedtls_cipher_get_block_size( &cipher_ctx ) ) ?
mbedtls_cipher_get_block_size( &cipher_ctx ) : (unsigned int) ( filesize - offset );
for (offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size(&cipher_ctx)) {
ilen = ((unsigned int) filesize - offset > mbedtls_cipher_get_block_size(&cipher_ctx)) ?
mbedtls_cipher_get_block_size(&cipher_ctx) : (unsigned int) (filesize - offset);
if( fread( buffer, 1, ilen, fin ) != ilen )
{
mbedtls_fprintf( stderr, "fread(%u bytes) failed\n",
mbedtls_cipher_get_block_size( &cipher_ctx ) );
if (fread(buffer, 1, ilen, fin) != ilen) {
mbedtls_fprintf(stderr, "fread(%u bytes) failed\n",
mbedtls_cipher_get_block_size(&cipher_ctx));
goto exit;
}
if( mbedtls_md_hmac_update( &md_ctx, buffer, ilen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_update() returned error\n" );
if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
goto exit;
}
if( mbedtls_cipher_update( &cipher_ctx, buffer, ilen, output,
&olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_update() returned error\n" );
if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output,
&olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
@ -572,42 +509,38 @@ int main( int argc, char *argv[] )
/*
* Verify the message authentication code.
*/
if( mbedtls_md_hmac_finish( &md_ctx, digest ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_md_hmac_finish() returned error\n" );
if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
goto exit;
}
if( fread( buffer, 1, mbedtls_md_get_size( md_info ), fin ) != mbedtls_md_get_size( md_info ) )
{
mbedtls_fprintf( stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size( md_info ) );
if (fread(buffer, 1, mbedtls_md_get_size(md_info), fin) != mbedtls_md_get_size(md_info)) {
mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size(md_info));
goto exit;
}
/* Use constant-time buffer comparison */
diff = 0;
for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
diff |= digest[i] ^ buffer[i];
}
if( diff != 0 )
{
mbedtls_fprintf( stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n" );
if (diff != 0) {
mbedtls_fprintf(stderr, "HMAC check failed: wrong key, "
"or file corrupted.\n");
goto exit;
}
/*
* Write the final block of data
*/
if( mbedtls_cipher_finish( &cipher_ctx, output, &olen ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_finish() returned error\n" );
if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
goto exit;
}
if( fwrite( output, 1, olen, fout ) != olen )
{
mbedtls_fprintf( stderr, "fwrite(%ld bytes) failed\n", (long) olen );
if (fwrite(output, 1, olen, fout) != olen) {
mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
goto exit;
}
}
@ -615,26 +548,29 @@ int main( int argc, char *argv[] )
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fin )
fclose( fin );
if( fout )
fclose( fout );
if (fin) {
fclose(fin);
}
if (fout) {
fclose(fout);
}
/* Zeroize all command line arguments to also cover
the case when the user has missed or reordered some,
in which case the key might not be in argv[6]. */
for( i = 0; i < argc; i++ )
mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
for (i = 0; i < argc; i++) {
mbedtls_platform_zeroize(argv[i], strlen(argv[i]));
}
mbedtls_platform_zeroize( IV, sizeof( IV ) );
mbedtls_platform_zeroize( key, sizeof( key ) );
mbedtls_platform_zeroize( buffer, sizeof( buffer ) );
mbedtls_platform_zeroize( output, sizeof( output ) );
mbedtls_platform_zeroize( digest, sizeof( digest ) );
mbedtls_platform_zeroize(IV, sizeof(IV));
mbedtls_platform_zeroize(key, sizeof(key));
mbedtls_platform_zeroize(buffer, sizeof(buffer));
mbedtls_platform_zeroize(output, sizeof(output));
mbedtls_platform_zeroize(digest, sizeof(digest));
mbedtls_cipher_free( &cipher_ctx );
mbedtls_md_free( &md_ctx );
mbedtls_cipher_free(&cipher_ctx);
mbedtls_md_free(&md_ctx);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */

158
programs/cipher/cipher_aead_demo.c
View File

@ -55,19 +55,19 @@
#if !defined(MBEDTLS_CIPHER_C) || \
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
!defined(MBEDTLS_CHACHAPOLY_C)
int main( void )
int main(void)
{
printf( "MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined\r\n" );
return( 0 );
printf("MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined\r\n");
return 0;
}
#else
/* The real program starts here. */
const char usage[] =
"Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
"Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
const unsigned char iv1[12] = { 0x00 };
@ -82,39 +82,40 @@ const unsigned char msg2_part1[] = { 0x13, 0x14 };
const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
/* Maximum total size of the messages */
#define MSG1_SIZE ( sizeof( msg1_part1 ) + sizeof( msg1_part2 ) )
#define MSG2_SIZE ( sizeof( msg2_part1 ) + sizeof( msg2_part2 ) )
#define MSG_MAX_SIZE ( MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE )
#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
/* Dummy key material - never do this in production!
* 32-byte is enough to all the key size supported by this program. */
const unsigned char key_bytes[32] = { 0x2a };
/* Print the contents of a buffer in hex */
void print_buf( const char *title, unsigned char *buf, size_t len )
void print_buf(const char *title, unsigned char *buf, size_t len)
{
printf( "%s:", title );
for( size_t i = 0; i < len; i++ )
printf( " %02x", buf[i] );
printf( "\n" );
printf("%s:", title);
for (size_t i = 0; i < len; i++) {
printf(" %02x", buf[i]);
}
printf("\n");
}
/* Run an Mbed TLS function and bail out if it fails.
* A string description of the error code can be recovered with:
* programs/util/strerror <value> */
#define CHK( expr ) \
#define CHK(expr) \
do \
{ \
ret = ( expr ); \
if( ret != 0 ) \
ret = (expr); \
if (ret != 0) \
{ \
printf( "Error %d at line %d: %s\n", \
ret, \
__LINE__, \
#expr ); \
printf("Error %d at line %d: %s\n", \
ret, \
__LINE__, \
#expr); \
goto exit; \
} \
} while( 0 )
} while (0)
/*
* Prepare encryption material:
@ -122,41 +123,41 @@ void print_buf( const char *title, unsigned char *buf, size_t len )
* - set up key
* - outputs: context and tag length, which together hold all the information
*/
static int aead_prepare( const char *info,
mbedtls_cipher_context_t *ctx,
size_t *tag_len )
static int aead_prepare(const char *info,
mbedtls_cipher_context_t *ctx,
size_t *tag_len)
{
int ret;
/* Convert arg to type + tag_len */
mbedtls_cipher_type_t type;
if( strcmp( info, "aes128-gcm" ) == 0 ) {
if (strcmp(info, "aes128-gcm") == 0) {
type = MBEDTLS_CIPHER_AES_128_GCM;
*tag_len = 16;
} else if( strcmp( info, "aes256-gcm" ) == 0 ) {
} else if (strcmp(info, "aes256-gcm") == 0) {
type = MBEDTLS_CIPHER_AES_256_GCM;
*tag_len = 16;
} else if( strcmp( info, "aes128-gcm_8" ) == 0 ) {
} else if (strcmp(info, "aes128-gcm_8") == 0) {
type = MBEDTLS_CIPHER_AES_128_GCM;
*tag_len = 8;
} else if( strcmp( info, "chachapoly" ) == 0 ) {
} else if (strcmp(info, "chachapoly") == 0) {
type = MBEDTLS_CIPHER_CHACHA20_POLY1305;
*tag_len = 16;
} else {
puts( usage );
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
puts(usage);
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
/* Prepare context for the given type */
CHK( mbedtls_cipher_setup( ctx,
mbedtls_cipher_info_from_type( type ) ) );
CHK(mbedtls_cipher_setup(ctx,
mbedtls_cipher_info_from_type(type)));
/* Import key */
int key_len = mbedtls_cipher_get_key_bitlen( ctx );
CHK( mbedtls_cipher_setkey( ctx, key_bytes, key_len, MBEDTLS_ENCRYPT ) );
int key_len = mbedtls_cipher_get_key_bitlen(ctx);
CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT));
exit:
return( ret );
return ret;
}
/*
@ -165,30 +166,30 @@ exit:
* All of this information was present in the command line argument, but his
* function demonstrates how each piece can be recovered from (ctx, tag_len).
*/
static void aead_info( const mbedtls_cipher_context_t *ctx, size_t tag_len )
static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len)
{
mbedtls_cipher_type_t type = mbedtls_cipher_get_type( ctx );
const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( type );
const char *ciph = mbedtls_cipher_info_get_name( info );
int key_bits = mbedtls_cipher_get_key_bitlen( ctx );
mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode( ctx );
mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx);
const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type);
const char *ciph = mbedtls_cipher_info_get_name(info);
int key_bits = mbedtls_cipher_get_key_bitlen(ctx);
mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx);
const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM"
: mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly"
: "???";
printf( "%s, %d, %s, %u\n",
ciph, key_bits, mode_str, (unsigned) tag_len );
printf("%s, %d, %s, %u\n",
ciph, key_bits, mode_str, (unsigned) tag_len);
}
/*
* Encrypt a 2-part message.
*/
static int aead_encrypt( mbedtls_cipher_context_t *ctx, size_t tag_len,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *part1, size_t part1_len,
const unsigned char *part2, size_t part2_len )
static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *part1, size_t part1_len,
const unsigned char *part2, size_t part2_len)
{
int ret;
size_t olen;
@ -196,76 +197,75 @@ static int aead_encrypt( mbedtls_cipher_context_t *ctx, size_t tag_len,
unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH];
unsigned char *p = out;
CHK( mbedtls_cipher_set_iv( ctx, iv, iv_len ) );
CHK( mbedtls_cipher_reset( ctx ) );
CHK( mbedtls_cipher_update_ad( ctx, ad, ad_len ) );
CHK( mbedtls_cipher_update( ctx, part1, part1_len, p, &olen ) );
CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len));
CHK(mbedtls_cipher_reset(ctx));
CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len));
CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen));
p += olen;
CHK( mbedtls_cipher_update( ctx, part2, part2_len, p, &olen ) );
CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen));
p += olen;
CHK( mbedtls_cipher_finish( ctx, p, &olen ) );
CHK(mbedtls_cipher_finish(ctx, p, &olen));
p += olen;
CHK( mbedtls_cipher_write_tag( ctx, p, tag_len ) );
CHK(mbedtls_cipher_write_tag(ctx, p, tag_len));
p += tag_len;
olen = p - out;
print_buf( "out", out, olen );
print_buf("out", out, olen);
exit:
return( ret );
return ret;
}
/*
* AEAD demo: set up key/alg, print out info, encrypt messages.
*/
static int aead_demo( const char *info )
static int aead_demo(const char *info)
{
int ret = 0;
mbedtls_cipher_context_t ctx;
size_t tag_len;
mbedtls_cipher_init( &ctx );
mbedtls_cipher_init(&ctx);
CHK( aead_prepare( info, &ctx, &tag_len ) );
CHK(aead_prepare(info, &ctx, &tag_len));
aead_info( &ctx, tag_len );
aead_info(&ctx, tag_len);
CHK( aead_encrypt( &ctx, tag_len,
iv1, sizeof( iv1 ), add_data1, sizeof( add_data1 ),
msg1_part1, sizeof( msg1_part1 ),
msg1_part2, sizeof( msg1_part2 ) ) );
CHK( aead_encrypt( &ctx, tag_len,
iv2, sizeof( iv2 ), add_data2, sizeof( add_data2 ),
msg2_part1, sizeof( msg2_part1 ),
msg2_part2, sizeof( msg2_part2 ) ) );
CHK(aead_encrypt(&ctx, tag_len,
iv1, sizeof(iv1), add_data1, sizeof(add_data1),
msg1_part1, sizeof(msg1_part1),
msg1_part2, sizeof(msg1_part2)));
CHK(aead_encrypt(&ctx, tag_len,
iv2, sizeof(iv2), add_data2, sizeof(add_data2),
msg2_part1, sizeof(msg2_part1),
msg2_part2, sizeof(msg2_part2)));
exit:
mbedtls_cipher_free( &ctx );
mbedtls_cipher_free(&ctx);
return( ret );
return ret;
}
/*
* Main function
*/
int main( int argc, char **argv )
int main(int argc, char **argv)
{
/* Check usage */
if( argc != 2 )
{
puts( usage );
return( 1 );
if (argc != 2) {
puts(usage);
return 1;
}
int ret;
/* Run the demo */
CHK( aead_demo( argv[1] ) );
CHK(aead_demo(argv[1]));
exit:
return( ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE );
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

46
programs/fuzz/common.c
View File

@ -6,7 +6,7 @@
#include "mbedtls/ctr_drbg.h"
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
{
(void) time;
return 0x5af2a056;
@ -16,54 +16,54 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
void dummy_init()
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time( dummy_constant_time );
mbedtls_platform_set_time(dummy_constant_time);
#else
fprintf(stderr, "Warning: fuzzing without constant time\n");
#endif
}
int dummy_send( void *ctx, const unsigned char *buf, size_t len )
int dummy_send(void *ctx, const unsigned char *buf, size_t len)
{
//silence warning about unused parameter
(void) ctx;
(void) buf;
//pretends we wrote everything ok
if( len > INT_MAX ) {
return( -1 );
if (len > INT_MAX) {
return -1;
}
return( (int) len );
return (int) len;
}
int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
int fuzz_recv(void *ctx, unsigned char *buf, size_t len)
{
//reads from the buffer from fuzzer
fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx;
if(biomemfuzz->Offset == biomemfuzz->Size) {
if (biomemfuzz->Offset == biomemfuzz->Size) {
//EOF
return( 0 );
return 0;
}
if( len > INT_MAX ) {
return( -1 );
if (len > INT_MAX) {
return -1;
}
if( len + biomemfuzz->Offset > biomemfuzz->Size ) {
if (len + biomemfuzz->Offset > biomemfuzz->Size) {
//do not overflow
len = biomemfuzz->Size - biomemfuzz->Offset;
}
memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
biomemfuzz->Offset += len;
return( (int) len );
return (int) len;
}
int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
int dummy_random(void *p_rng, unsigned char *output, size_t output_len)
{
int ret;
size_t i;
#if defined(MBEDTLS_CTR_DRBG_C)
//mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng
if( p_rng != NULL ) {
if (p_rng != NULL) {
//use mbedtls_ctr_drbg_random to find bugs in it
ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
} else {
@ -74,14 +74,14 @@ int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
(void) p_rng;
ret = 0;
#endif
for (i=0; i<output_len; i++) {
for (i = 0; i < output_len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( ret );
return ret;
}
int dummy_entropy( void *data, unsigned char *output, size_t len )
int dummy_entropy(void *data, unsigned char *output, size_t len)
{
size_t i;
(void) data;
@ -89,15 +89,15 @@ int dummy_entropy( void *data, unsigned char *output, size_t len )
//use mbedtls_entropy_func to find bugs in it
//test performance impact of entropy
//ret = mbedtls_entropy_func(data, output, len);
for (i=0; i<len; i++) {
for (i = 0; i < len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( 0 );
return 0;
}
int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout )
int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
uint32_t timeout)
{
(void) timeout;

17
programs/fuzz/common.h
View File

@ -6,21 +6,20 @@
#include <stddef.h>
#include <stdint.h>
typedef struct fuzzBufferOffset
{
typedef struct fuzzBufferOffset {
const uint8_t *Data;
size_t Size;
size_t Offset;
} fuzzBufferOffset_t;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
void dummy_init();
int dummy_send( void *ctx, const unsigned char *buf, size_t len );
int fuzz_recv( void *ctx, unsigned char *buf, size_t len );
int dummy_random( void *p_rng, unsigned char *output, size_t output_len );
int dummy_entropy( void *data, unsigned char *output, size_t len );
int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout );
int dummy_send(void *ctx, const unsigned char *buf, size_t len);
int fuzz_recv(void *ctx, unsigned char *buf, size_t len);
int dummy_random(void *p_rng, unsigned char *output, size_t output_len);
int dummy_entropy(void *data, unsigned char *output, size_t len);
int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
uint32_t timeout);

94
programs/fuzz/fuzz_client.c
View File

@ -32,7 +32,8 @@ const char *pers = "fuzz_client";
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
@ -48,10 +49,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &cacert );
if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
mbedtls_x509_crt_init(&cacert);
if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
return 1;
}
#endif
alpn_list[0] = "HTTP";
@ -71,98 +73,108 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
//Avoid warnings if compile options imply no options
(void) options;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
}
if( mbedtls_ssl_config_defaults( &conf,
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
}
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (options & 2) {
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
(const unsigned char *) psk_id, sizeof(psk_id) - 1);
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if (options & 4) {
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
} else
#endif
{
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
}
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
mbedtls_ssl_conf_extended_master_secret(&conf,
(options &
0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
mbedtls_ssl_conf_encrypt_then_mac(&conf,
(options &
0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
mbedtls_ssl_conf_renegotiation(&conf,
(options &
0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED );
mbedtls_ssl_conf_session_tickets(&conf,
(options &
0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ALPN)
if (options & 0x200) {
mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
}
#endif
//There may be other options to add :
// mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
srand(1);
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if ((options & 1) == 0) {
if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
goto exit;
}
}
#endif
biomemfuzz.Data = Data;
biomemfuzz.Size = Size-2;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
ret = mbedtls_ssl_handshake(&ssl);
if (ret == 0) {
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
else if( ret <= 0 )
} else if (ret <= 0) {
//EOF or error
break;
}
while( 1 );
}
} while (1);
}
exit:
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
#else
(void) Data;

74
programs/fuzz/fuzz_dtlsclient.c
View File

@ -26,7 +26,8 @@ const char *pers = "fuzz_dtlsclient";
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_ENTROPY_C) && \
@ -44,77 +45,80 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &cacert );
if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
mbedtls_x509_crt_init(&cacert);
if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
return 1;
}
#endif
dummy_init();
initialized = 1;
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
srand(1);
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
}
if( mbedtls_ssl_config_defaults( &conf,
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
#endif
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
}
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
goto exit;
}
#endif
biomemfuzz.Data = Data;
biomemfuzz.Size = Size;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
ret = mbedtls_ssl_handshake(&ssl);
if (ret == 0) {
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
else if( ret <= 0 )
} else if (ret <= 0) {
//EOF or error
break;
}
while( 1 );
}
} while (1);
}
exit:
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
#else
(void) Data;

118
programs/fuzz/fuzz_dtlsserver.c
View File

@ -17,10 +17,10 @@
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
( defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) )
(defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
const char *pers = "fuzz_dtlsserver";
const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt srvcert;
@ -29,14 +29,15 @@ static mbedtls_pk_context pkey;
#endif
#endif // MBEDTLS_SSL_PROTO_DTLS
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
( defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) )
(defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA))
int ret;
size_t len;
mbedtls_ssl_context ssl;
@ -48,104 +49,115 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
( const unsigned char * ) pers, strlen( pers ) ) != 0 )
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
}
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len ) != 0)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len) != 0) {
return 1;
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
}
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
dummy_random, &ctr_drbg ) != 0)
dummy_random, &ctr_drbg) != 0) {
return 1;
}
#endif
dummy_init();
initialized = 1;
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_cookie_init( &cookie_ctx );
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ssl_cookie_init(&cookie_ctx);
if( mbedtls_ssl_config_defaults( &conf,
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
}
srand(1);
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
goto exit;
}
#endif
if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) {
goto exit;
}
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
mbedtls_ssl_conf_dtls_cookies(&conf,
mbedtls_ssl_cookie_write,
mbedtls_ssl_cookie_check,
&cookie_ctx);
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
}
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay);
biomemfuzz.Data = Data;
biomemfuzz.Size = Size;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
goto exit;
}
ret = mbedtls_ssl_handshake( &ssl );
ret = mbedtls_ssl_handshake(&ssl);
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
biomemfuzz.Offset = ssl.next_record_offset;
mbedtls_ssl_session_reset( &ssl );
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
mbedtls_ssl_session_reset(&ssl);
mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
goto exit;
}
ret = mbedtls_ssl_handshake( &ssl );
ret = mbedtls_ssl_handshake(&ssl);
if( ret == 0 )
{
if (ret == 0) {
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
do {
len = sizeof(buf) - 1;
ret = mbedtls_ssl_read(&ssl, buf, len);
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
else if( ret <= 0 )
} else if (ret <= 0) {
//EOF or error
break;
}
while( 1 );
}
} while (1);
}
}
exit:
mbedtls_ssl_cookie_free( &cookie_ctx );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_cookie_free(&cookie_ctx);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
#else
(void) Data;

9
programs/fuzz/fuzz_pkcs7.c
View File

@ -1,15 +1,16 @@
#include <stdint.h>
#include "mbedtls/pkcs7.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#ifdef MBEDTLS_PKCS7_C
mbedtls_pkcs7 pkcs7;
mbedtls_pkcs7_init( &pkcs7 );
mbedtls_pkcs7_init(&pkcs7);
mbedtls_pkcs7_parse_der( &pkcs7, Data, Size );
mbedtls_pkcs7_parse_der(&pkcs7, Data, Size);
mbedtls_pkcs7_free( &pkcs7 );
mbedtls_pkcs7_free(&pkcs7);
#else
(void) Data;
(void) Size;

63
programs/fuzz/fuzz_privkey.c
View File

@ -15,7 +15,8 @@
const char *pers = "fuzz_privkey";
#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C)
int ret;
mbedtls_pk_context pk;
@ -27,64 +28,62 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
Size = MAX_LEN;
}
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
( const unsigned char * ) pers, strlen( pers ) ) != 0 )
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
return 1;
}
mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
dummy_random, &ctr_drbg );
mbedtls_pk_init(&pk);
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
dummy_random, &ctr_drbg);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_context *rsa;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
rsa = mbedtls_pk_rsa( pk );
if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) {
rsa = mbedtls_pk_rsa(pk);
if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) {
abort();
}
if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != 0 ) {
if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) {
abort();
}
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
}
else
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY_DH )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
mbedtls_ecp_group_id grp_id = ecp->grp.id;
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id( grp_id );
mbedtls_ecp_curve_info_from_grp_id(grp_id);
/* If the curve is not supported, the key should not have been
* accepted. */
if( curve_info == NULL )
abort( );
}
else
if (curve_info == NULL) {
abort();
}
} else
#endif
{
/* The key is valid but is not of a supported type.
* This should not happen. */
abort( );
abort();
}
}
mbedtls_pk_free( &pk );
mbedtls_pk_free(&pk);
#else
(void) Data;
(void) Size;

59
programs/fuzz/fuzz_pubkey.c
View File

@ -4,70 +4,69 @@
#include <stdlib.h>
#include "mbedtls/pk.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#ifdef MBEDTLS_PK_PARSE_C
int ret;
mbedtls_pk_context pk;
mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_public_key( &pk, Data, Size );
mbedtls_pk_init(&pk);
ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_context *rsa;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
rsa = mbedtls_pk_rsa( pk );
if ( mbedtls_rsa_export( rsa, &N, NULL, NULL, NULL, &E ) != 0 ) {
rsa = mbedtls_pk_rsa(pk);
if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) {
abort();
}
if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) {
if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
abort();
}
if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) {
if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
abort();
}
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
}
else
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY_DH )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
mbedtls_ecp_group_id grp_id = ecp->grp.id;
const mbedtls_ecp_curve_info *curve_info =
mbedtls_ecp_curve_info_from_grp_id( grp_id );
mbedtls_ecp_curve_info_from_grp_id(grp_id);
/* If the curve is not supported, the key should not have been
* accepted. */
if( curve_info == NULL )
abort( );
if (curve_info == NULL) {
abort();
}
/* It's a public key, so the private value should not have
* been changed from its initialization to 0. */
if( mbedtls_mpi_cmp_int( &ecp->d, 0 ) != 0 )
abort( );
}
else
if (mbedtls_mpi_cmp_int(&ecp->d, 0) != 0) {
abort();
}
} else
#endif
{
/* The key is valid but is not of a supported type.
* This should not happen. */
abort( );
abort();
}
}
mbedtls_pk_free( &pk );
mbedtls_pk_free(&pk);
#else
(void) Data;
(void) Size;

120
programs/fuzz/fuzz_server.c
View File

@ -32,7 +32,8 @@ const char psk_id[] = "Client_identity";
#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
@ -55,28 +56,32 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
}
options = Data[Size - 1];
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
( const unsigned char * ) pers, strlen( pers ) ) != 0 )
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
return 1;
}
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len ) != 0)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len) != 0) {
return 1;
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
}
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
}
if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
dummy_random, &ctr_drbg ) != 0)
dummy_random, &ctr_drbg) != 0) {
return 1;
}
#endif
alpn_list[0] = "HTTP";
@ -87,99 +92,108 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
initialized = 1;
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_init( &ticket_ctx );
mbedtls_ssl_ticket_init(&ticket_ctx);
#endif
if( mbedtls_ssl_config_defaults( &conf,
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
goto exit;
}
srand(1);
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
goto exit;
}
#endif
mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
mbedtls_ssl_conf_cert_req_ca_list(&conf,
(options &
0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
#if defined(MBEDTLS_SSL_ALPN)
if (options & 0x2) {
mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
}
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
if( options & 0x4 )
{
if( mbedtls_ssl_ticket_setup( &ticket_ctx,
if (options & 0x4) {
if (mbedtls_ssl_ticket_setup(&ticket_ctx,
dummy_random, &ctr_drbg,
MBEDTLS_CIPHER_AES_256_GCM,
86400 ) != 0 )
86400) != 0) {
goto exit;
}
mbedtls_ssl_conf_session_tickets_cb( &conf,
mbedtls_ssl_conf_session_tickets_cb(&conf,
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
&ticket_ctx );
&ticket_ctx);
}
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
mbedtls_ssl_conf_extended_master_secret(&conf,
(options &
0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
mbedtls_ssl_conf_encrypt_then_mac(&conf,
(options &
0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
if (options & 0x40) {
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
(const unsigned char *) psk_id, sizeof(psk_id) - 1);
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
mbedtls_ssl_conf_renegotiation(&conf,
(options &
0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
#endif
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
goto exit;
}
biomemfuzz.Data = Data;
biomemfuzz.Size = Size-1;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
mbedtls_ssl_session_reset( &ssl );
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
mbedtls_ssl_session_reset(&ssl);
ret = mbedtls_ssl_handshake(&ssl);
if (ret == 0) {
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
continue;
else if( ret <= 0 )
} else if (ret <= 0) {
//EOF or error
break;
}
while( 1 );
}
} while (1);
}
exit:
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_free( &ticket_ctx );
mbedtls_ssl_ticket_free(&ticket_ctx);
#endif
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
#else
(void) Data;

11
programs/fuzz/fuzz_x509crl.c
View File

@ -3,23 +3,24 @@
#include <stdint.h>
#include "mbedtls/x509_crl.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#ifdef MBEDTLS_X509_CRL_PARSE_C
int ret;
mbedtls_x509_crl crl;
unsigned char buf[4096];
mbedtls_x509_crl_init( &crl );
ret = mbedtls_x509_crl_parse( &crl, Data, Size );
mbedtls_x509_crl_init(&crl);
ret = mbedtls_x509_crl_parse(&crl, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
}
#else
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
mbedtls_x509_crl_free( &crl );
mbedtls_x509_crl_free(&crl);
#else
(void) Data;
(void) Size;

11
programs/fuzz/fuzz_x509crt.c
View File

@ -3,23 +3,24 @@
#include <stdint.h>
#include "mbedtls/x509_crt.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#ifdef MBEDTLS_X509_CRT_PARSE_C
int ret;
mbedtls_x509_crt crt;
unsigned char buf[4096];
mbedtls_x509_crt_init( &crt );
ret = mbedtls_x509_crt_parse( &crt, Data, Size );
mbedtls_x509_crt_init(&crt);
ret = mbedtls_x509_crt_parse(&crt, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt);
}
#else
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free(&crt);
#else
(void) Data;
(void) Size;

11
programs/fuzz/fuzz_x509csr.c
View File

@ -3,23 +3,24 @@
#include <stdint.h>
#include "mbedtls/x509_csr.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#ifdef MBEDTLS_X509_CSR_PARSE_C
int ret;
mbedtls_x509_csr csr;
unsigned char buf[4096];
mbedtls_x509_csr_init( &csr );
ret = mbedtls_x509_csr_parse( &csr, Data, Size );
mbedtls_x509_csr_init(&csr);
ret = mbedtls_x509_csr_parse(&csr, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
}
#else
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
mbedtls_x509_csr_free( &csr );
mbedtls_x509_csr_free(&csr);
#else
(void) Data;
(void) Size;

5
programs/fuzz/onefile.c
View File

@ -9,9 +9,9 @@
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int main(int argc, char** argv)
int main(int argc, char **argv)
{
FILE * fp;
FILE *fp;
uint8_t *Data;
size_t Size;
@ -53,4 +53,3 @@ int main(int argc, char** argv)
fclose(fp);
return 0;
}

168
programs/hash/generic_sum.c
View File

@ -29,43 +29,47 @@
#endif
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
static int generic_wrapper( const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum )
static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum)
{
int ret = mbedtls_md_file( md_info, filename, sum );
int ret = mbedtls_md_file(md_info, filename, sum);
if( ret == 1 )
mbedtls_fprintf( stderr, "failed to open: %s\n", filename );
if (ret == 1) {
mbedtls_fprintf(stderr, "failed to open: %s\n", filename);
}
if( ret == 2 )
mbedtls_fprintf( stderr, "failed to read: %s\n", filename );
if (ret == 2) {
mbedtls_fprintf(stderr, "failed to read: %s\n", filename);
}
return( ret );
return ret;
}
static int generic_print( const mbedtls_md_info_t *md_info, char *filename )
static int generic_print(const mbedtls_md_info_t *md_info, char *filename)
{
int i;
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
if( generic_wrapper( md_info, filename, sum ) != 0 )
return( 1 );
if (generic_wrapper(md_info, filename, sum) != 0) {
return 1;
}
for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
mbedtls_printf( "%02x", sum[i] );
for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
mbedtls_printf("%02x", sum[i]);
}
mbedtls_printf( " %s\n", filename );
return( 0 );
mbedtls_printf(" %s\n", filename);
return 0;
}
static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
static int generic_check(const mbedtls_md_info_t *md_info, char *filename)
{
int i;
size_t n;
@ -81,141 +85,137 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
#endif
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
mbedtls_printf( "failed to open: %s\n", filename );
return( 1 );
if ((f = fopen(filename, "rb")) == NULL) {
mbedtls_printf("failed to open: %s\n", filename);
return 1;
}
nb_err1 = nb_err2 = 0;
nb_tot1 = nb_tot2 = 0;
memset( line, 0, sizeof( line ) );
memset(line, 0, sizeof(line));
n = sizeof( line );
n = sizeof(line);
while( fgets( line, (int) n - 1, f ) != NULL )
{
n = strlen( line );
while (fgets(line, (int) n - 1, f) != NULL) {
n = strlen(line);
if( n < (size_t) 2 * mbedtls_md_get_size( md_info ) + 4 )
{
mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name( md_info ));
if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) {
mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
continue;
}
if( line[2 * mbedtls_md_get_size( md_info )] != ' ' || line[2 * mbedtls_md_get_size( md_info ) + 1] != ' ' )
{
mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name( md_info ));
if (line[2 * mbedtls_md_get_size(md_info)] != ' ' ||
line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') {
mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
continue;
}
if( line[n - 1] == '\n' ) { n--; line[n] = '\0'; }
if( line[n - 1] == '\r' ) { n--; line[n] = '\0'; }
if (line[n - 1] == '\n') {
n--; line[n] = '\0';
}
if (line[n - 1] == '\r') {
n--; line[n] = '\0';
}
nb_tot1++;
if( generic_wrapper( md_info, line + 2 + 2 * mbedtls_md_get_size( md_info ), sum ) != 0 )
{
if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) {
nb_err1++;
continue;
}
nb_tot2++;
for( i = 0; i < mbedtls_md_get_size( md_info ); i++ )
sprintf( buf + i * 2, "%02x", sum[i] );
for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
sprintf(buf + i * 2, "%02x", sum[i]);
}
/* Use constant-time buffer comparison */
diff = 0;
for( i = 0; i < 2 * mbedtls_md_get_size( md_info ); i++ )
for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) {
diff |= line[i] ^ buf[i];
if( diff != 0 )
{
nb_err2++;
mbedtls_fprintf( stderr, "wrong checksum: %s\n", line + 66 );
}
n = sizeof( line );
if (diff != 0) {
nb_err2++;
mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66);
}
n = sizeof(line);
}
if( nb_err1 != 0 )
{
mbedtls_printf( "WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1 );
if (nb_err1 != 0) {
mbedtls_printf("WARNING: %d (out of %d) input files could "
"not be read\n", nb_err1, nb_tot1);
}
if( nb_err2 != 0 )
{
mbedtls_printf( "WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2 );
if (nb_err2 != 0) {
mbedtls_printf("WARNING: %d (out of %d) computed checksums did "
"not match\n", nb_err2, nb_tot2);
}
fclose( f );
fclose(f);
return( nb_err1 != 0 || nb_err2 != 0 );
return nb_err1 != 0 || nb_err2 != 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1, i;
int exit_code = MBEDTLS_EXIT_FAILURE;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
mbedtls_md_init( &md_ctx );
mbedtls_md_init(&md_ctx);
if( argc == 1 )
{
if (argc == 1) {
const int *list;
mbedtls_printf( "print mode: generic_sum <mbedtls_md> <file> <file> ...\n" );
mbedtls_printf( "check mode: generic_sum <mbedtls_md> -c <checksum file>\n" );
mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
mbedtls_printf("check mode: generic_sum <mbedtls_md> -c <checksum file>\n");
mbedtls_printf( "\nAvailable message digests:\n" );
mbedtls_printf("\nAvailable message digests:\n");
list = mbedtls_md_list();
while( *list )
{
md_info = mbedtls_md_info_from_type( *list );
mbedtls_printf( " %s\n", mbedtls_md_get_name( md_info ) );
while (*list) {
md_info = mbedtls_md_info_from_type(*list);
mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
list++;
}
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
/*
* Read the MD from the command line
*/
md_info = mbedtls_md_info_from_string( argv[1] );
if( md_info == NULL )
{
mbedtls_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
mbedtls_exit( exit_code );
md_info = mbedtls_md_info_from_string(argv[1]);
if (md_info == NULL) {
mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]);
mbedtls_exit(exit_code);
}
if( mbedtls_md_setup( &md_ctx, md_info, 0 ) )
{
mbedtls_fprintf( stderr, "Failed to initialize context.\n" );
mbedtls_exit( exit_code );
if (mbedtls_md_setup(&md_ctx, md_info, 0)) {
mbedtls_fprintf(stderr, "Failed to initialize context.\n");
mbedtls_exit(exit_code);
}
ret = 0;
if( argc == 4 && strcmp( "-c", argv[2] ) == 0 )
{
ret |= generic_check( md_info, argv[3] );
if (argc == 4 && strcmp("-c", argv[2]) == 0) {
ret |= generic_check(md_info, argv[3]);
goto exit;
}
for( i = 2; i < argc; i++ )
ret |= generic_print( md_info, argv[i] );
for (i = 2; i < argc; i++) {
ret |= generic_print(md_info, argv[i]);
}
if ( ret == 0 )
if (ret == 0) {
exit_code = MBEDTLS_EXIT_SUCCESS;
}
exit:
mbedtls_md_free( &md_ctx );
mbedtls_md_free(&md_ctx);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */

22
programs/hash/hello.c
View File

@ -26,30 +26,32 @@
#endif
#if !defined(MBEDTLS_MD5_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
int main( void )
int main(void)
{
int i, ret;
unsigned char digest[16];
char str[] = "Hello, world!";
mbedtls_printf( "\n MD5('%s') = ", str );
mbedtls_printf("\n MD5('%s') = ", str);
if( ( ret = mbedtls_md5( (unsigned char *) str, 13, digest ) ) != 0 )
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) {
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
for( i = 0; i < 16; i++ )
mbedtls_printf( "%02x", digest[i] );
for (i = 0; i < 16; i++) {
mbedtls_printf("%02x", digest[i]);
}
mbedtls_printf( "\n\n" );
mbedtls_printf("\n\n");
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
}
#endif /* MBEDTLS_MD5_C */

69
programs/hash/md_hmac_demo.c
View File

@ -49,10 +49,10 @@
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_MD_C)
int main( void )
int main(void)
{
printf( "MBEDTLS_MD_C not defined\r\n" );
return( 0 );
printf("MBEDTLS_MD_C not defined\r\n");
return 0;
}
#else
@ -69,30 +69,31 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 };
const unsigned char key_bytes[32] = { 0 };
/* Print the contents of a buffer in hex */
void print_buf( const char *title, unsigned char *buf, size_t len )
void print_buf(const char *title, unsigned char *buf, size_t len)
{
printf( "%s:", title );
for( size_t i = 0; i < len; i++ )
printf( " %02x", buf[i] );
printf( "\n" );
printf("%s:", title);
for (size_t i = 0; i < len; i++) {
printf(" %02x", buf[i]);
}
printf("\n");
}
/* Run an Mbed TLS function and bail out if it fails.
* A string description of the error code can be recovered with:
* programs/util/strerror <value> */
#define CHK( expr ) \
#define CHK(expr) \
do \
{ \
ret = ( expr ); \
if( ret != 0 ) \
ret = (expr); \
if (ret != 0) \
{ \
printf( "Error %d at line %d: %s\n", \
ret, \
__LINE__, \
#expr ); \
printf("Error %d at line %d: %s\n", \
ret, \
__LINE__, \
#expr); \
goto exit; \
} \
} while( 0 )
} while (0)
/*
* This function demonstrates computation of the HMAC of two messages using
@ -106,42 +107,42 @@ int hmac_demo(void)
mbedtls_md_context_t ctx;
mbedtls_md_init( &ctx );
mbedtls_md_init(&ctx);
/* prepare context and load key */
// the last argument to setup is 1 to enable HMAC (not just hashing)
const mbedtls_md_info_t *info = mbedtls_md_info_from_type( alg );
CHK( mbedtls_md_setup( &ctx, info, 1 ) );
CHK( mbedtls_md_hmac_starts( &ctx, key_bytes, sizeof( key_bytes ) ) );
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg);
CHK(mbedtls_md_setup(&ctx, info, 1));
CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes)));
/* compute HMAC(key, msg1_part1 | msg1_part2) */
CHK( mbedtls_md_hmac_update( &ctx, msg1_part1, sizeof( msg1_part1 ) ) );
CHK( mbedtls_md_hmac_update( &ctx, msg1_part2, sizeof( msg1_part2 ) ) );
CHK( mbedtls_md_hmac_finish( &ctx, out ) );
print_buf( "msg1", out, mbedtls_md_get_size( info ) );
CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1)));
CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2)));
CHK(mbedtls_md_hmac_finish(&ctx, out));
print_buf("msg1", out, mbedtls_md_get_size(info));
/* compute HMAC(key, msg2_part1 | msg2_part2) */
CHK( mbedtls_md_hmac_reset( &ctx ) ); // prepare for new operation
CHK( mbedtls_md_hmac_update( &ctx, msg2_part1, sizeof( msg2_part1 ) ) );
CHK( mbedtls_md_hmac_update( &ctx, msg2_part2, sizeof( msg2_part2 ) ) );
CHK( mbedtls_md_hmac_finish( &ctx, out ) );
print_buf( "msg2", out, mbedtls_md_get_size( info ) );
CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation
CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1)));
CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2)));
CHK(mbedtls_md_hmac_finish(&ctx, out));
print_buf("msg2", out, mbedtls_md_get_size(info));
exit:
mbedtls_md_free( &ctx );
mbedtls_platform_zeroize( out, sizeof( out ) );
mbedtls_md_free(&ctx);
mbedtls_platform_zeroize(out, sizeof(out));
return( ret );
return ret;
}
int main(void)
{
int ret;
CHK( hmac_demo() );
CHK(hmac_demo());
exit:
return( ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE );
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

209
programs/pkey/dh_client.c
View File

@ -46,18 +46,18 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_SHA1_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( void )
int main(void)
{
FILE *f;
@ -77,111 +77,102 @@ int main( void )
mbedtls_dhm_context dhm;
mbedtls_aes_context aes;
mbedtls_net_init( &server_fd );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_net_init(&server_fd);
mbedtls_dhm_init(&dhm);
mbedtls_aes_init(&aes);
mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* 1. Setup the RNG
*/
mbedtls_printf( "\n . Seeding the random number generator" );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
/*
* 2. Read the server's public RSA key
*/
mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading public key from rsa_pub.txt");
fflush(stdout);
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
mbedtls_rsa_init( &rsa );
mbedtls_rsa_init(&rsa);
if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
fclose(f);
goto exit;
}
rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3;
fclose( f );
fclose(f);
/*
* 3. Initiate the connection
*/
mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME,
SERVER_PORT );
fflush( stdout );
mbedtls_printf("\n . Connecting to tcp/%s/%s", SERVER_NAME,
SERVER_PORT);
fflush(stdout);
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
/*
* 4a. First get the buffer length
*/
mbedtls_printf( "\n . Receiving the server's DH parameters" );
fflush( stdout );
mbedtls_printf("\n . Receiving the server's DH parameters");
fflush(stdout);
memset( buf, 0, sizeof( buf ) );
memset(buf, 0, sizeof(buf));
if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) {
mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
n = buflen = ( buf[0] << 8 ) | buf[1];
if( buflen < 1 || buflen > sizeof( buf ) )
{
mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" );
n = buflen = (buf[0] << 8) | buf[1];
if (buflen < 1 || buflen > sizeof(buf)) {
mbedtls_printf(" failed\n ! Got an invalid buffer length\n\n");
goto exit;
}
/*
* 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
*/
memset( buf, 0, sizeof( buf ) );
memset(buf, 0, sizeof(buf));
if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) {
mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
p = buf, end = buf + buflen;
if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret );
if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret);
goto exit;
}
n = mbedtls_dhm_get_len( &dhm );
if( n < 64 || n > 512 )
{
mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" );
n = mbedtls_dhm_get_len(&dhm);
if (n < 64 || n > 512) {
mbedtls_printf(" failed\n ! Invalid DHM modulus size\n\n");
goto exit;
}
@ -189,65 +180,60 @@ int main( void )
* 5. Check that the server's RSA signature matches
* the SHA-256 hash of (P,G,Ys)
*/
mbedtls_printf( "\n . Verifying the server's RSA signature" );
fflush( stdout );
mbedtls_printf("\n . Verifying the server's RSA signature");
fflush(stdout);
p += 2;
if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" );
if ((n = (size_t) (end - p)) != rsa.MBEDTLS_PRIVATE(len)) {
mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n");
goto exit;
}
if( ( ret = mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret );
if ((ret = mbedtls_sha1(buf, (int) (p - 2 - buf), hash)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
32, hash, p ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret );
if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
32, hash, p)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret);
goto exit;
}
/*
* 6. Send our public value: Yc = G ^ Xc mod P
*/
mbedtls_printf( "\n . Sending own public value to server" );
fflush( stdout );
mbedtls_printf("\n . Sending own public value to server");
fflush(stdout);
n = mbedtls_dhm_get_len( &dhm );
if( ( ret = mbedtls_dhm_make_public( &dhm, (int) n, buf, n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret );
n = mbedtls_dhm_get_len(&dhm);
if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) {
mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
mbedtls_printf( "\n . Shared secret: " );
fflush( stdout );
mbedtls_printf("\n . Shared secret: ");
fflush(stdout);
if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
goto exit;
}
for( n = 0; n < 16; n++ )
mbedtls_printf( "%02x", buf[n] );
for (n = 0; n < 16; n++) {
mbedtls_printf("%02x", buf[n]);
}
/*
* 8. Setup the AES-256 decryption key
@ -257,40 +243,41 @@ int main( void )
* the keying material for the encryption/decryption keys,
* IVs and MACs.
*/
mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" );
fflush( stdout );
mbedtls_printf("...\n . Receiving and decrypting the ciphertext");
fflush(stdout);
ret = mbedtls_aes_setkey_dec( &aes, buf, 256 );
if( ret != 0 )
goto exit;
memset( buf, 0, sizeof( buf ) );
if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
ret = mbedtls_aes_setkey_dec(&aes, buf, 256);
if (ret != 0) {
goto exit;
}
ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
if( ret != 0 )
memset(buf, 0, sizeof(buf));
if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) {
mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf);
if (ret != 0) {
goto exit;
}
buf[16] = '\0';
mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
mbedtls_printf("\n . Plaintext is \"%s\"\n\n", (char *) buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_net_free( &server_fd );
mbedtls_net_free(&server_fd);
mbedtls_aes_free( &aes );
mbedtls_rsa_free( &rsa );
mbedtls_dhm_free( &dhm );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_aes_free(&aes);
mbedtls_rsa_free(&rsa);
mbedtls_dhm_free(&dhm);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&

121
programs/pkey/dh_genprime.c
View File

@ -24,12 +24,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_GENPRIME)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_GENPRIME not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_GENPRIME not defined.\n");
mbedtls_exit(0);
}
#else
@ -54,7 +54,7 @@ int main( void )
#define GENERATOR "4"
int main( int argc, char **argv )
int main(int argc, char **argv)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -67,116 +67,107 @@ int main( int argc, char **argv )
int i;
char *p, *q;
mbedtls_mpi_init( &G ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "bits" ) == 0 )
{
nbits = atoi( q );
if( nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS )
if (strcmp(p, "bits") == 0) {
nbits = atoi(q);
if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) {
goto usage;
}
else
}
} else {
goto usage;
}
}
if( ( ret = mbedtls_mpi_read_string( &G, 10, GENERATOR ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned %d\n", ret );
if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ! Generating large primes may take minutes!\n" );
mbedtls_printf(" ! Generating large primes may take minutes!\n");
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Generating the modulus, please wait..." );
fflush( stdout );
mbedtls_printf(" ok\n . Generating the modulus, please wait...");
fflush(stdout);
/*
* This can take a long time...
*/
if( ( ret = mbedtls_mpi_gen_prime( &P, nbits, 1,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret );
if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." );
fflush( stdout );
mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime...");
fflush(stdout);
if( ( ret = mbedtls_mpi_sub_int( &Q, &P, 1 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret );
if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret );
if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_mpi_is_prime_ext( &Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret );
if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Exporting the value in dh_prime.txt..." );
fflush( stdout );
mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt...");
fflush(stdout);
if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create dh_prime.txt\n\n" );
if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n");
goto exit;
}
if( ( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 ) ||
( ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) ) != 0 ) )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
fclose( fout );
if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) ||
((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) {
mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
fclose(fout);
goto exit;
}
mbedtls_printf( " ok\n\n" );
fclose( fout );
mbedtls_printf(" ok\n\n");
fclose(fout);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */

247
programs/pkey/dh_server.c
View File

@ -46,18 +46,18 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_SHA1_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( void )
int main(void)
{
FILE *f;
@ -79,195 +79,181 @@ int main( void )
mbedtls_mpi N, P, Q, D, E;
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_dhm_init( &dhm );
mbedtls_aes_init( &aes );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
mbedtls_dhm_init(&dhm);
mbedtls_aes_init(&aes);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
/*
* 1. Setup the RNG
*/
mbedtls_printf( "\n . Seeding the random number generator" );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
/*
* 2a. Read the server's private RSA key
*/
mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading private key from rsa_priv.txt");
fflush(stdout);
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
mbedtls_rsa_init( &rsa );
mbedtls_rsa_init(&rsa);
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret );
fclose( f );
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret);
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret);
goto exit;
}
/*
* 2b. Get the DHM modulus and generator
*/
mbedtls_printf( "\n . Reading DH parameters from dh_prime.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading DH parameters from dh_prime.txt");
fflush(stdout);
if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \
" ! Please run dh_genprime first\n\n" );
if ((f = fopen("dh_prime.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open dh_prime.txt\n" \
" ! Please run dh_genprime first\n\n");
goto exit;
}
if( mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(P), 16, f ) != 0 ||
mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(G), 16, f ) != 0 )
{
mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" );
fclose( f );
if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 ||
mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) {
mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n");
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
/*
* 3. Wait for a client to connect
*/
mbedtls_printf( "\n . Waiting for a remote connection" );
fflush( stdout );
mbedtls_printf("\n . Waiting for a remote connection");
fflush(stdout);
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
/*
* 4. Setup the DH parameters (P,G,Ys)
*/
mbedtls_printf( "\n . Sending the server's DH parameters" );
fflush( stdout );
mbedtls_printf("\n . Sending the server's DH parameters");
fflush(stdout);
memset( buf, 0, sizeof( buf ) );
memset(buf, 0, sizeof(buf));
if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.MBEDTLS_PRIVATE(P) ), buf, &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret );
if ((ret =
mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret);
goto exit;
}
/*
* 5. Sign the parameters and send them
*/
if( ( ret = mbedtls_sha1( buf, n, hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret );
if ((ret = mbedtls_sha1(buf, n, hash)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret);
goto exit;
}
buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 );
buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) );
buf[n] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len) >> 8);
buf[n + 1] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len));
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
32, hash, buf + n + 2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
32, hash, buf + n + 2)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret);
goto exit;
}
buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len);
buf2[0] = (unsigned char)( buflen >> 8 );
buf2[1] = (unsigned char)( buflen );
buf2[0] = (unsigned char) (buflen >> 8);
buf2[1] = (unsigned char) (buflen);
if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 ||
( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen )
{
mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 ||
(ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) {
mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
goto exit;
}
/*
* 6. Get the client's public value: Yc = G ^ Xc mod P
*/
mbedtls_printf( "\n . Receiving the client's public value" );
fflush( stdout );
mbedtls_printf("\n . Receiving the client's public value");
fflush(stdout);
memset( buf, 0, sizeof( buf ) );
memset(buf, 0, sizeof(buf));
n = mbedtls_dhm_get_len( &dhm );
if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n )
{
mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret );
n = mbedtls_dhm_get_len(&dhm);
if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) {
mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_dhm_read_public( &dhm, buf, n ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret );
if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret);
goto exit;
}
/*
* 7. Derive the shared secret: K = Ys ^ Xc mod P
*/
mbedtls_printf( "\n . Shared secret: " );
fflush( stdout );
mbedtls_printf("\n . Shared secret: ");
fflush(stdout);
if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret );
if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
goto exit;
}
for( n = 0; n < 16; n++ )
mbedtls_printf( "%02x", buf[n] );
for (n = 0; n < 16; n++) {
mbedtls_printf("%02x", buf[n]);
}
/*
* 8. Setup the AES-256 encryption key
@ -277,42 +263,43 @@ int main( void )
* the keying material for the encryption/decryption keys
* and MACs.
*/
mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
fflush( stdout );
mbedtls_printf("...\n . Encrypting and sending the ciphertext");
fflush(stdout);
ret = mbedtls_aes_setkey_enc( &aes, buf, 256 );
if( ret != 0 )
ret = mbedtls_aes_setkey_enc(&aes, buf, 256);
if (ret != 0) {
goto exit;
memcpy( buf, PLAINTEXT, 16 );
ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
if( ret != 0 )
goto exit;
if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
{
mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret );
}
memcpy(buf, PLAINTEXT, 16);
ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf);
if (ret != 0) {
goto exit;
}
mbedtls_printf( "\n\n" );
if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) {
mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
goto exit;
}
mbedtls_printf("\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E );
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
mbedtls_aes_free( &aes );
mbedtls_rsa_free( &rsa );
mbedtls_dhm_free( &dhm );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_aes_free(&aes);
mbedtls_rsa_free(&rsa);
mbedtls_dhm_free(&dhm);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&

169
programs/pkey/ecdh_curve25519.c
View File

@ -24,13 +24,13 @@
#if !defined(MBEDTLS_ECDH_C) || \
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_ECDH_C and/or "
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n" );
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_ECDH_C and/or "
"MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined\n");
mbedtls_exit(0);
}
#else
@ -41,7 +41,7 @@ int main( void )
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -60,151 +60,142 @@ int main( int argc, char *argv[] )
((void) argc);
((void) argv);
mbedtls_ecdh_init( &ctx_cli );
mbedtls_ecdh_init( &ctx_srv );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_ecdh_init(&ctx_cli);
mbedtls_ecdh_init(&ctx_srv);
mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* Initialize random number generation
*/
mbedtls_printf( " . Seed the random number generator..." );
fflush( stdout );
mbedtls_printf(" . Seed the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
sizeof pers ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
sizeof pers)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* Client: initialize context and generate keypair
*/
mbedtls_printf( " . Set up client context, generate EC key pair..." );
fflush( stdout );
mbedtls_printf(" . Set up client context, generate EC key pair...");
fflush(stdout);
ret = mbedtls_ecdh_setup( &ctx_cli, MBEDTLS_ECP_DP_CURVE25519 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_setup returned %d\n", ret );
ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret);
goto exit;
}
ret = mbedtls_ecdh_make_params( &ctx_cli, &cli_olen, cli_to_srv,
sizeof( cli_to_srv ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_make_params returned %d\n",
ret );
ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv,
sizeof(cli_to_srv),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n",
ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* Server: initialize context and generate keypair
*/
mbedtls_printf( " . Server: read params, generate public key..." );
fflush( stdout );
mbedtls_printf(" . Server: read params, generate public key...");
fflush(stdout);
ret = mbedtls_ecdh_read_params( &ctx_srv, &p_cli_to_srv,
p_cli_to_srv + sizeof( cli_to_srv ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_read_params returned %d\n",
ret );
ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv,
p_cli_to_srv + sizeof(cli_to_srv));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n",
ret);
goto exit;
}
ret = mbedtls_ecdh_make_public( &ctx_srv, &srv_olen, srv_to_cli,
sizeof( srv_to_cli ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_make_public returned %d\n",
ret );
ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli,
sizeof(srv_to_cli),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n",
ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* Client: read public key
*/
mbedtls_printf( " . Client: read public key..." );
fflush( stdout );
mbedtls_printf(" . Client: read public key...");
fflush(stdout);
ret = mbedtls_ecdh_read_public( &ctx_cli, srv_to_cli,
sizeof( srv_to_cli ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_read_public returned %d\n",
ret );
ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli,
sizeof(srv_to_cli));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n",
ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* Calculate secrets
*/
mbedtls_printf( " . Calculate secrets..." );
fflush( stdout );
mbedtls_printf(" . Calculate secrets...");
fflush(stdout);
ret = mbedtls_ecdh_calc_secret( &ctx_cli, &cli_olen, secret_cli,
sizeof( secret_cli ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
ret );
ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli,
sizeof(secret_cli),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
ret);
goto exit;
}
ret = mbedtls_ecdh_calc_secret( &ctx_srv, &srv_olen, secret_srv,
sizeof( secret_srv ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
ret );
ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv,
sizeof(secret_srv),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* Verification: are the computed secrets equal?
*/
mbedtls_printf( " . Check if both calculated secrets are equal..." );
fflush( stdout );
mbedtls_printf(" . Check if both calculated secrets are equal...");
fflush(stdout);
ret = memcmp( secret_srv, secret_cli, srv_olen );
if( ret != 0 || ( cli_olen != srv_olen ) )
{
mbedtls_printf( " failed\n ! Shared secrets not equal.\n" );
ret = memcmp(secret_srv, secret_cli, srv_olen);
if (ret != 0 || (cli_olen != srv_olen)) {
mbedtls_printf(" failed\n ! Shared secrets not equal.\n");
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ecdh_free( &ctx_srv );
mbedtls_ecdh_free( &ctx_cli );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ecdh_free(&ctx_srv);
mbedtls_ecdh_free(&ctx_cli);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

153
programs/pkey/ecdsa.c
View File

@ -47,46 +47,46 @@
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
mbedtls_exit( 0 );
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
mbedtls_exit(0);
}
#else
#if defined(VERBOSE)
static void dump_buf( const char *title, unsigned char *buf, size_t len )
static void dump_buf(const char *title, unsigned char *buf, size_t len)
{
size_t i;
mbedtls_printf( "%s", title );
for( i = 0; i < len; i++ )
mbedtls_printf("%s", title);
for (i = 0; i < len; i++) {
mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
"0123456789ABCDEF" [buf[i] % 16] );
mbedtls_printf( "\n" );
"0123456789ABCDEF" [buf[i] % 16]);
}
mbedtls_printf("\n");
}
static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key )
static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key)
{
unsigned char buf[300];
size_t len;
if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 )
{
if (mbedtls_ecp_point_write_binary(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf) != 0) {
mbedtls_printf("internal error\n");
return;
}
dump_buf( title, buf, len );
dump_buf(title, buf, len);
}
#else
#define dump_buf( a, b, c )
#define dump_pubkey( a, b )
#define dump_buf(a, b, c)
#define dump_pubkey(a, b)
#endif
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -100,19 +100,18 @@ int main( int argc, char *argv[] )
const char *pers = "ecdsa";
((void) argv);
mbedtls_ecdsa_init( &ctx_sign );
mbedtls_ecdsa_init( &ctx_verify );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_ecdsa_init(&ctx_sign);
mbedtls_ecdsa_init(&ctx_verify);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset( sig, 0, sizeof( sig ) );
memset( message, 0x25, sizeof( message ) );
memset(sig, 0, sizeof(sig));
memset(message, 0x25, sizeof(message));
if( argc != 1 )
{
mbedtls_printf( "usage: ecdsa\n" );
if (argc != 1) {
mbedtls_printf("usage: ecdsa\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
@ -121,65 +120,61 @@ int main( int argc, char *argv[] )
/*
* Generate a key pair for signing
*/
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Generating key pair..." );
fflush( stdout );
mbedtls_printf(" ok\n . Generating key pair...");
fflush(stdout);
if( ( ret = mbedtls_ecdsa_genkey( &ctx_sign, ECPARAMS,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret );
if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits );
mbedtls_printf(" ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits);
dump_pubkey( " + Public key: ", &ctx_sign );
dump_pubkey(" + Public key: ", &ctx_sign);
/*
* Compute message hash
*/
mbedtls_printf( " . Computing message hash..." );
fflush( stdout );
mbedtls_printf(" . Computing message hash...");
fflush(stdout);
if( ( ret = mbedtls_sha256( message, sizeof( message ), hash, 0 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_sha256 returned %d\n", ret );
if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
dump_buf( " + Hash: ", hash, sizeof( hash ) );
dump_buf(" + Hash: ", hash, sizeof(hash));
/*
* Sign message hash
*/
mbedtls_printf( " . Signing message hash..." );
fflush( stdout );
mbedtls_printf(" . Signing message hash...");
fflush(stdout);
if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
hash, sizeof( hash ),
sig, sizeof( sig ), &sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret );
if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256,
hash, sizeof(hash),
sig, sizeof(sig), &sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len );
mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len);
dump_buf( " + Signature: ", sig, sig_len );
dump_buf(" + Signature: ", sig, sig_len);
/*
* Transfer public information to verifying context
@ -188,47 +183,47 @@ int main( int argc, char *argv[] )
* chose to use a new one in order to make it clear that the verifying
* context only needs the public key (Q), and not the private key (d).
*/
mbedtls_printf( " . Preparing verification context..." );
fflush( stdout );
mbedtls_printf(" . Preparing verification context...");
fflush(stdout);
if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret );
if ((ret =
mbedtls_ecp_group_copy(&ctx_verify.MBEDTLS_PRIVATE(grp),
&ctx_sign.MBEDTLS_PRIVATE(grp))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecp_group_copy returned %d\n", ret);
goto exit;
}
if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret );
if ((ret =
mbedtls_ecp_copy(&ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecp_copy returned %d\n", ret);
goto exit;
}
/*
* Verify signature
*/
mbedtls_printf( " ok\n . Verifying signature..." );
fflush( stdout );
mbedtls_printf(" ok\n . Verifying signature...");
fflush(stdout);
if( ( ret = mbedtls_ecdsa_read_signature( &ctx_verify,
hash, sizeof( hash ),
sig, sig_len ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret );
if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify,
hash, sizeof(hash),
sig, sig_len)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ecdsa_free( &ctx_verify );
mbedtls_ecdsa_free( &ctx_sign );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ecdsa_free(&ctx_verify);
mbedtls_ecdsa_free(&ctx_sign);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
ECPARAMS */

334
programs/pkey/gen_key.c
View File

@ -40,8 +40,8 @@
#define DEV_RANDOM_THRESHOLD 32
int dev_random_entropy_poll( void *data, unsigned char *output,
size_t len, size_t *olen )
int dev_random_entropy_poll(void *data, unsigned char *output,
size_t len, size_t *olen)
{
FILE *file;
size_t ret, left = len;
@ -50,28 +50,27 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
*olen = 0;
file = fopen( "/dev/random", "rb" );
if( file == NULL )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
file = fopen("/dev/random", "rb");
if (file == NULL) {
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
while( left > 0 )
{
while (left > 0) {
/* /dev/random can return much less than requested. If so, try again */
ret = fread( p, 1, left, file );
if( ret == 0 && ferror( file ) )
{
fclose( file );
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
ret = fread(p, 1, left, file);
if (ret == 0 && ferror(file)) {
fclose(file);
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
}
p += ret;
left -= ret;
sleep( 1 );
sleep(1);
}
fclose( file );
fclose(file);
*olen = len;
return( 0 );
return 0;
}
#endif /* !_WIN32 */
#endif
@ -112,13 +111,13 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_PEM_WRITE_C"
"not defined.\n" );
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_PEM_WRITE_C"
"not defined.\n");
mbedtls_exit(0);
}
#else
@ -126,8 +125,7 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
int type; /* the type of key to generate */
int rsa_keysize; /* length of key in bits */
int ec_curve; /* curve identifier for EC keys */
@ -136,7 +134,7 @@ struct options
int use_dev_random; /* use /dev/random as entropy source */
} opt;
static int write_private_key( mbedtls_pk_context *key, const char *output_file )
static int write_private_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
@ -145,37 +143,36 @@ static int write_private_key( mbedtls_pk_context *key, const char *output_file )
size_t len = 0;
memset(output_buf, 0, 16000);
if( opt.format == FORMAT_PEM )
{
if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
return( ret );
if (opt.format == FORMAT_PEM) {
if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
return ret;
}
len = strlen( (char *) output_buf );
}
else
{
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
return( ret );
len = strlen((char *) output_buf);
} else {
if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
return ret;
}
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
if( ( f = fopen( output_file, "wb" ) ) == NULL )
return( -1 );
if( fwrite( c, 1, len, f ) != len )
{
fclose( f );
return( -1 );
if ((f = fopen(output_file, "wb")) == NULL) {
return -1;
}
fclose( f );
if (fwrite(c, 1, len, f) != len) {
fclose(f);
return -1;
}
return( 0 );
fclose(f);
return 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -195,24 +192,24 @@ int main( int argc, char *argv[] )
* Set to sane values
*/
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
mbedtls_pk_init( &key );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( buf, 0, sizeof( buf ) );
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
mbedtls_printf(" available ec_curve values:\n");
curve_info = mbedtls_ecp_curve_list();
mbedtls_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
mbedtls_printf( " %s\n", curve_info->name );
mbedtls_printf(" %s (default)\n", curve_info->name);
while ((++curve_info)->name != NULL) {
mbedtls_printf(" %s\n", curve_info->name);
}
#endif /* MBEDTLS_ECP_C */
goto exit;
}
@ -224,209 +221,194 @@ int main( int argc, char *argv[] )
opt.format = DFL_FORMAT;
opt.use_dev_random = DFL_USE_DEV_RANDOM;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "type" ) == 0 )
{
if( strcmp( q, "rsa" ) == 0 )
if (strcmp(p, "type") == 0) {
if (strcmp(q, "rsa") == 0) {
opt.type = MBEDTLS_PK_RSA;
else if( strcmp( q, "ec" ) == 0 )
} else if (strcmp(q, "ec") == 0) {
opt.type = MBEDTLS_PK_ECKEY;
else
} else {
goto usage;
}
else if( strcmp( p, "format" ) == 0 )
{
if( strcmp( q, "pem" ) == 0 )
}
} else if (strcmp(p, "format") == 0) {
if (strcmp(q, "pem") == 0) {
opt.format = FORMAT_PEM;
else if( strcmp( q, "der" ) == 0 )
} else if (strcmp(q, "der") == 0) {
opt.format = FORMAT_DER;
else
} else {
goto usage;
}
else if( strcmp( p, "rsa_keysize" ) == 0 )
{
opt.rsa_keysize = atoi( q );
if( opt.rsa_keysize < 1024 ||
opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS )
}
} else if (strcmp(p, "rsa_keysize") == 0) {
opt.rsa_keysize = atoi(q);
if (opt.rsa_keysize < 1024 ||
opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
goto usage;
}
}
#if defined(MBEDTLS_ECP_C)
else if( strcmp( p, "ec_curve" ) == 0 )
{
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
else if (strcmp(p, "ec_curve") == 0) {
if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
goto usage;
}
opt.ec_curve = curve_info->grp_id;
}
#endif
else if( strcmp( p, "filename" ) == 0 )
else if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "use_dev_random" ) == 0 )
{
opt.use_dev_random = atoi( q );
if( opt.use_dev_random < 0 || opt.use_dev_random > 1 )
} else if (strcmp(p, "use_dev_random") == 0) {
opt.use_dev_random = atoi(q);
if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
goto usage;
}
else
}
} else {
goto usage;
}
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
mbedtls_entropy_init(&entropy);
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
if( opt.use_dev_random )
{
if( ( ret = mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll,
NULL, DEV_RANDOM_THRESHOLD,
MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", (unsigned int) -ret );
if (opt.use_dev_random) {
if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
NULL, DEV_RANDOM_THRESHOLD,
MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf("\n Using /dev/random, so can take a long time! " );
fflush( stdout );
mbedtls_printf("\n Using /dev/random, so can take a long time! ");
fflush(stdout);
}
#endif /* !_WIN32 && MBEDTLS_FS_IO */
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
/*
* 1.1. Generate the key
*/
mbedtls_printf( "\n . Generating the private key ..." );
fflush( stdout );
mbedtls_printf("\n . Generating the private key ...");
fflush(stdout);
if( ( ret = mbedtls_pk_setup( &key,
mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret );
if ((ret = mbedtls_pk_setup(&key,
mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
goto exit;
}
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if( opt.type == MBEDTLS_PK_RSA )
{
ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg,
opt.rsa_keysize, 65537 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", (unsigned int) -ret );
if (opt.type == MBEDTLS_PK_RSA) {
ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
opt.rsa_keysize, 65537);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x",
(unsigned int) -ret);
goto exit;
}
}
else
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( opt.type == MBEDTLS_PK_ECKEY )
{
ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve,
mbedtls_pk_ec( key ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int) -ret );
if (opt.type == MBEDTLS_PK_ECKEY) {
ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
mbedtls_pk_ec(key),
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
(unsigned int) -ret);
goto exit;
}
}
else
} else
#endif /* MBEDTLS_ECP_C */
{
mbedtls_printf( " failed\n ! key type not supported\n" );
mbedtls_printf(" failed\n ! key type not supported\n");
goto exit;
}
/*
* 1.2 Print the key
*/
mbedtls_printf( " ok\n . Key information:\n" );
mbedtls_printf(" ok\n . Key information:\n");
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
mbedtls_mpi_write_file( "D: ", &D, 16, NULL );
mbedtls_mpi_write_file( "P: ", &P, 16, NULL );
mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL );
mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL );
mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL );
mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL );
}
else
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
mbedtls_mpi_write_file("P: ", &P, 16, NULL);
mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name );
mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
mbedtls_printf("curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id(ecp->MBEDTLS_PRIVATE(grp).id)->name);
mbedtls_mpi_write_file("X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
mbedtls_mpi_write_file("Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
mbedtls_mpi_write_file("D: ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL);
} else
#endif
mbedtls_printf(" ! key type not supported\n");
mbedtls_printf(" ! key type not supported\n");
/*
* 1.3 Export key
*/
mbedtls_printf( " . Writing key to file..." );
mbedtls_printf(" . Writing key to file...");
if( ( ret = write_private_key( &key, opt.filename ) ) != 0 )
{
mbedtls_printf( " failed\n" );
if ((ret = write_private_key(&key, opt.filename)) != 0) {
mbedtls_printf(" failed\n");
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " - %s\n", buf );
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_pk_free( &key );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO &&
* MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

266
programs/pkey/key_app.c
View File

@ -55,12 +55,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -68,15 +68,14 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
const char *password; /* password for the private key */
const char *password_file; /* password_file for the private key */
} opt;
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -94,20 +93,19 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init( &pk );
memset( buf, 0, sizeof(buf) );
mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
}
@ -116,206 +114,204 @@ int main( int argc, char *argv[] )
opt.password = DFL_PASSWORD;
opt.password_file = DFL_PASSWORD_FILE;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "mode" ) == 0 )
{
if( strcmp( q, "private" ) == 0 )
if (strcmp(p, "mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
else if( strcmp( q, "public" ) == 0 )
} else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
else
} else {
goto usage;
}
else if( strcmp( p, "filename" ) == 0 )
}
} else if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "password" ) == 0 )
} else if (strcmp(p, "password") == 0) {
opt.password = q;
else if( strcmp( p, "password_file" ) == 0 )
} else if (strcmp(p, "password_file") == 0) {
opt.password_file = q;
else
} else {
goto usage;
}
}
if( opt.mode == MODE_PRIVATE )
{
if( strlen( opt.password ) && strlen( opt.password_file ) )
{
mbedtls_printf( "Error: cannot have both password and password_file\n" );
if (opt.mode == MODE_PRIVATE) {
if (strlen(opt.password) && strlen(opt.password_file)) {
mbedtls_printf("Error: cannot have both password and password_file\n");
goto usage;
}
if( strlen( opt.password_file ) )
{
if (strlen(opt.password_file)) {
FILE *f;
mbedtls_printf( "\n . Loading the password file ..." );
if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! fopen returned NULL\n" );
mbedtls_printf("\n . Loading the password file ...");
if ((f = fopen(opt.password_file, "rb")) == NULL) {
mbedtls_printf(" failed\n ! fopen returned NULL\n");
goto cleanup;
}
if( fgets( buf, sizeof(buf), f ) == NULL )
{
fclose( f );
mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
if (fgets(buf, sizeof(buf), f) == NULL) {
fclose(f);
mbedtls_printf("Error: fgets() failed to retrieve password\n");
goto cleanup;
}
fclose( f );
fclose(f);
i = (int) strlen( buf );
if( buf[i - 1] == '\n' ) buf[i - 1] = '\0';
if( buf[i - 2] == '\r' ) buf[i - 2] = '\0';
i = (int) strlen(buf);
if (buf[i - 1] == '\n') {
buf[i - 1] = '\0';
}
if (buf[i - 2] == '\r') {
buf[i - 2] = '\0';
}
opt.password = buf;
}
/*
* 1.1. Load the key
*/
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the private key ...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf( " . Key information ...\n" );
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D: ", &D, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P: ", &P, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ) );
}
else
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL));
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ) );
}
else
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL));
} else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n" );
mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
}
else if( opt.mode == MODE_PUBLIC )
{
} else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
mbedtls_printf( "\n . Loading the public key ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the public key ...");
fflush(stdout);
ret = mbedtls_pk_parse_public_keyfile( &pk, opt.filename );
ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
mbedtls_printf( " . Key information ...\n" );
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL,
NULL, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
}
else
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) );
}
else
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16,
NULL));
} else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n" );
mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
}
else
} else {
goto usage;
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_pk_free( &pk );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_pk_free(&pk);
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

342
programs/pkey/key_app_writer.c
View File

@ -83,12 +83,12 @@
!defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_FS_IO not defined.\n" );
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
@ -96,8 +96,7 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
int output_mode; /* the output mode to use */
@ -105,7 +104,7 @@ struct options
int output_format; /* the output format to use */
} opt;
static int write_public_key( mbedtls_pk_context *key, const char *output_file )
static int write_public_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
@ -116,38 +115,38 @@ static int write_public_key( mbedtls_pk_context *key, const char *output_file )
memset(output_buf, 0, 16000);
#if defined(MBEDTLS_PEM_WRITE_C)
if( opt.output_format == OUTPUT_FORMAT_PEM )
{
if( ( ret = mbedtls_pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 )
return( ret );
if (opt.output_format == OUTPUT_FORMAT_PEM) {
if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) {
return ret;
}
len = strlen( (char *) output_buf );
}
else
len = strlen((char *) output_buf);
} else
#endif
{
if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 )
return( ret );
if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) {
return ret;
}
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
if( ( f = fopen( output_file, "w" ) ) == NULL )
return( -1 );
if( fwrite( c, 1, len, f ) != len )
{
fclose( f );
return( -1 );
if ((f = fopen(output_file, "w")) == NULL) {
return -1;
}
fclose( f );
if (fwrite(c, 1, len, f) != len) {
fclose(f);
return -1;
}
return( 0 );
fclose(f);
return 0;
}
static int write_private_key( mbedtls_pk_context *key, const char *output_file )
static int write_private_key(mbedtls_pk_context *key, const char *output_file)
{
int ret;
FILE *f;
@ -158,38 +157,38 @@ static int write_private_key( mbedtls_pk_context *key, const char *output_file )
memset(output_buf, 0, 16000);
#if defined(MBEDTLS_PEM_WRITE_C)
if( opt.output_format == OUTPUT_FORMAT_PEM )
{
if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 )
return( ret );
if (opt.output_format == OUTPUT_FORMAT_PEM) {
if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
return ret;
}
len = strlen( (char *) output_buf );
}
else
len = strlen((char *) output_buf);
} else
#endif
{
if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 )
return( ret );
if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
return ret;
}
len = ret;
c = output_buf + sizeof(output_buf) - len;
}
if( ( f = fopen( output_file, "w" ) ) == NULL )
return( -1 );
if( fwrite( c, 1, len, f ) != len )
{
fclose( f );
return( -1 );
if ((f = fopen(output_file, "w")) == NULL) {
return -1;
}
fclose( f );
if (fwrite(c, 1, len, f) != len) {
fclose(f);
return -1;
}
return( 0 );
fclose(f);
return 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -209,22 +208,21 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init( &key );
mbedtls_pk_init(&key);
#if defined(MBEDTLS_ERROR_C)
memset( buf, 0, sizeof( buf ) );
memset(buf, 0, sizeof(buf));
#endif
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
@ -234,218 +232,198 @@ int main( int argc, char *argv[] )
opt.output_file = DFL_OUTPUT_FILENAME;
opt.output_format = DFL_OUTPUT_FORMAT;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "mode" ) == 0 )
{
if( strcmp( q, "private" ) == 0 )
if (strcmp(p, "mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
else if( strcmp( q, "public" ) == 0 )
} else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
else
} else {
goto usage;
}
else if( strcmp( p, "output_mode" ) == 0 )
{
if( strcmp( q, "private" ) == 0 )
}
} else if (strcmp(p, "output_mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.output_mode = OUTPUT_MODE_PRIVATE;
else if( strcmp( q, "public" ) == 0 )
} else if (strcmp(q, "public") == 0) {
opt.output_mode = OUTPUT_MODE_PUBLIC;
else
} else {
goto usage;
}
else if( strcmp( p, "output_format" ) == 0 )
{
}
} else if (strcmp(p, "output_format") == 0) {
#if defined(MBEDTLS_PEM_WRITE_C)
if( strcmp( q, "pem" ) == 0 )
if (strcmp(q, "pem") == 0) {
opt.output_format = OUTPUT_FORMAT_PEM;
else
} else
#endif
if( strcmp( q, "der" ) == 0 )
if (strcmp(q, "der") == 0) {
opt.output_format = OUTPUT_FORMAT_DER;
else
} else {
goto usage;
}
else if( strcmp( p, "filename" ) == 0 )
}
} else if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "output_file" ) == 0 )
} else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
else
} else {
goto usage;
}
}
if( opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE )
{
mbedtls_printf( "\nCannot output a key without reading one.\n");
if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) {
mbedtls_printf("\nCannot output a key without reading one.\n");
goto exit;
}
if( opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE )
{
mbedtls_printf( "\nCannot output a private key from a public key.\n");
if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) {
mbedtls_printf("\nCannot output a private key from a public key.\n");
goto exit;
}
if( opt.mode == MODE_PRIVATE )
{
if (opt.mode == MODE_PRIVATE) {
/*
* 1.1. Load the key
*/
mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the private key ...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret );
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf( " . Key information ...\n" );
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
mbedtls_mpi_write_file( "D: ", &D, 16, NULL );
mbedtls_mpi_write_file( "P: ", &P, 16, NULL );
mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL );
mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL );
mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL );
mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL );
}
else
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
mbedtls_mpi_write_file("D: ", &D, 16, NULL);
mbedtls_mpi_write_file("P: ", &P, 16, NULL);
mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
}
else
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL);
mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL);
} else
#endif
mbedtls_printf("key type not supported yet\n");
mbedtls_printf("key type not supported yet\n");
}
else if( opt.mode == MODE_PUBLIC )
{
} else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
mbedtls_printf( "\n . Loading the public key ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the public key ...");
fflush(stdout);
ret = mbedtls_pk_parse_public_keyfile( &key, opt.filename );
ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", (unsigned int) -ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf( " . Key information ...\n" );
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL,
NULL, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
mbedtls_mpi_write_file( "N: ", &N, 16, NULL );
mbedtls_mpi_write_file( "E: ", &E, 16, NULL );
}
else
mbedtls_mpi_write_file("N: ", &N, 16, NULL);
mbedtls_mpi_write_file("E: ", &E, 16, NULL);
} else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL );
}
else
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
mbedtls_mpi_write_file("Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL);
mbedtls_mpi_write_file("Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL);
mbedtls_mpi_write_file("Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL);
} else
#endif
mbedtls_printf("key type not supported yet\n");
}
else
mbedtls_printf("key type not supported yet\n");
} else {
goto usage;
if( opt.output_mode == OUTPUT_MODE_PUBLIC )
{
write_public_key( &key, opt.output_file );
}
if( opt.output_mode == OUTPUT_MODE_PRIVATE )
{
write_private_key( &key, opt.output_file );
if (opt.output_mode == OUTPUT_MODE_PUBLIC) {
write_public_key(&key, opt.output_file);
}
if (opt.output_mode == OUTPUT_MODE_PRIVATE) {
write_private_key(&key, opt.output_file);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " - %s\n", buf );
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_pk_free( &key );
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

73
programs/pkey/mpi_demo.c
View File

@ -28,70 +28,69 @@
#endif
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
int main( void )
int main(void)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N );
mbedtls_mpi_init( &H ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
mbedtls_mpi_init( &Z );
mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N);
mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
mbedtls_mpi_init(&Z);
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P, 10, "2789" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Q, 10, "3203" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 10, "257" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &N, &P, &Q ) );
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789"));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203"));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257"));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q));
mbedtls_printf( "\n Public key:\n\n" );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " N = ", &N, 10, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " E = ", &E, 10, NULL ) );
mbedtls_printf("\n Public key:\n\n");
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL));
mbedtls_printf( "\n Private key:\n\n" );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " P = ", &P, 10, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Q = ", &Q, 10, NULL ) );
mbedtls_printf("\n Private key:\n\n");
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL));
#if defined(MBEDTLS_GENPRIME)
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P, &P, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q, &Q, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P, &Q ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &D, &E, &H ) );
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1));
MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q));
MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H));
mbedtls_mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ",
&D, 10, NULL );
mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ",
&D, 10, NULL);
#else
mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
#endif
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &X, 10, "55555" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Y, &X, &E, &N, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Z, &Y, &D, &N, NULL ) );
MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555"));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL));
mbedtls_printf( "\n RSA operation:\n\n" );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " X (plaintext) = ", &X, 10, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) );
mbedtls_printf( "\n" );
mbedtls_printf("\n RSA operation:\n\n");
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL));
mbedtls_printf("\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N );
mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
mbedtls_mpi_free( &Z );
mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N);
mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
mbedtls_mpi_free(&Z);
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_printf( "\nAn error occurred.\n" );
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_printf("\nAn error occurred.\n");
}
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */

96
programs/pkey/pk_decrypt.c
View File

@ -36,17 +36,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -61,99 +61,93 @@ int main( int argc, char *argv[] )
const char *pers = "mbedtls_pk_decrypt";
((void) argv);
mbedtls_pk_init( &pk );
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init(&pk);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(result, 0, sizeof( result ) );
memset(result, 0, sizeof(result));
if( argc != 2 )
{
mbedtls_printf( "usage: mbedtls_pk_decrypt <key_file>\n" );
if (argc != 2) {
mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
/*
* Extract the RSA encrypted value from the text file
*/
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
if ((f = fopen("result-enc.txt", "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
ret = 1;
goto exit;
}
i = 0;
while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
i < (int) sizeof( buf ) )
{
while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
fclose( f );
fclose(f);
/*
* Decrypt the encrypted RSA data and print the result.
*/
mbedtls_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result),
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret );
if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( "\n . OK\n\n" );
mbedtls_printf("\n . OK\n\n");
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
mbedtls_printf("The decrypted result is: '%s'\n\n", result);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_strerror(ret, (char *) buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

103
programs/pkey/pk_encrypt.c
View File

@ -36,17 +36,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -59,103 +59,96 @@ int main( int argc, char *argv[] )
unsigned char buf[512];
const char *pers = "mbedtls_pk_encrypt";
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_pk_init( &pk );
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pk);
if( argc != 3 )
{
mbedtls_printf( "usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n" );
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
fflush(stdout);
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
if( strlen( argv[2] ) > 100 )
{
mbedtls_printf( " Input data larger than 100 characters.\n\n" );
if (strlen(argv[2]) > 100) {
mbedtls_printf(" Input data larger than 100 characters.\n\n");
goto exit;
}
memcpy( input, argv[2], strlen( argv[2] ) );
memcpy(input, argv[2], strlen(argv[2]));
/*
* Calculate the RSA encryption of the hash.
*/
mbedtls_printf( "\n . Generating the encrypted value" );
fflush( stdout );
mbedtls_printf("\n . Generating the encrypted value");
fflush(stdout);
if( ( ret = mbedtls_pk_encrypt( &pk, input, strlen( argv[2] ),
buf, &olen, sizeof(buf),
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret );
if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
buf, &olen, sizeof(buf),
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
/*
* Write the signature into result-enc.txt
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create %s\n\n",
"result-enc.txt" );
if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n",
"result-enc.txt");
ret = 1;
goto exit;
}
for( i = 0; i < olen; i++ )
{
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
for (i = 0; i < olen; i++) {
mbedtls_fprintf(f, "%02X%s", buf[i],
(i + 1) % 16 == 0 ? "\r\n" : " ");
}
fclose( f );
fclose(f);
mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof( buf ) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_strerror(ret, (char *) buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

105
programs/pkey/pk_sign.c
View File

@ -25,13 +25,13 @@
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -44,7 +44,7 @@ int main( void )
#include <stdio.h>
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -58,39 +58,37 @@ int main( int argc, char *argv[] )
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init( &pk );
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
if( argc != 3 )
{
mbedtls_printf( "usage: mbedtls_pk_sign <key_file> <filename>\n" );
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
goto exit;
}
@ -98,63 +96,58 @@ int main( int argc, char *argv[] )
* Compute the SHA-256 hash of the input file,
* then calculate the signature of the hash.
*/
mbedtls_printf( "\n . Generating the SHA-256 signature" );
fflush( stdout );
mbedtls_printf("\n . Generating the SHA-256 signature");
fflush(stdout);
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[2], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[2], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0,
buf, sizeof( buf ), &olen,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
buf, sizeof(buf), &olen,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
if ((f = fopen(filename, "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
if (fwrite(buf, 1, olen, f) != olen) {
mbedtls_printf("failed\n ! fwrite failed\n\n");
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_strerror(ret, (char *) buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&

73
programs/pkey/pk_verify.c
View File

@ -24,12 +24,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or "
"MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
@ -41,7 +41,7 @@ int main( void )
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -52,81 +52,76 @@ int main( int argc, char *argv[] )
unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
mbedtls_pk_init( &pk );
mbedtls_pk_init(&pk);
if( argc != 3 )
{
mbedtls_printf( "usage: mbedtls_pk_verify <key_file> <filename>\n" );
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
fflush(stdout);
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
/*
* Extract the signature from the file
*/
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
if ((f = fopen(filename, "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
i = fread( buf, 1, sizeof(buf), f );
i = fread(buf, 1, sizeof(buf), f);
fclose( f );
fclose(f);
/*
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf( "\n . Verifying the SHA-256 signature" );
fflush( stdout );
mbedtls_printf("\n . Verifying the SHA-256 signature");
fflush(stdout);
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[2], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[2], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
buf, i ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret );
if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
buf, i)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
goto exit;
}
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_pk_free(&pk);
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_strerror(ret, (char *) buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */

152
programs/pkey/rsa_decrypt.c
View File

@ -35,17 +35,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -61,132 +61,124 @@ int main( int argc, char *argv[] )
const char *pers = "rsa_decrypt";
((void) argv);
memset(result, 0, sizeof( result ) );
memset(result, 0, sizeof(result));
if( argc != 1 )
{
mbedtls_printf( "usage: rsa_decrypt\n" );
if (argc != 1) {
mbedtls_printf("usage: rsa_decrypt\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_rsa_init(&rsa);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret );
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
}
mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading private key from rsa_priv.txt");
fflush(stdout);
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret );
fclose( f );
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret);
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret);
goto exit;
}
/*
* Extract the RSA encrypted value from the text file
*/
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
if ((f = fopen("result-enc.txt", "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
goto exit;
}
i = 0;
while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
i < (int) sizeof( buf ) )
while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
fclose( f );
fclose(f);
if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
if (i != rsa.MBEDTLS_PRIVATE(len)) {
mbedtls_printf("\n ! Invalid RSA signature format\n\n");
goto exit;
}
/*
* Decrypt the encrypted RSA data and print the result.
*/
mbedtls_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
mbedtls_printf("\n . Decrypting the encrypted data");
fflush(stdout);
ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, &i,
buf, result, 1024 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
ret );
ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, &i,
buf, result, 1024);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
ret);
goto exit;
}
mbedtls_printf( "\n . OK\n\n" );
mbedtls_printf("\n . OK\n\n");
mbedtls_printf( "The decrypted result is: '%s'\n\n", result );
mbedtls_printf("The decrypted result is: '%s'\n\n", result);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_rsa_free( &rsa );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_rsa_free(&rsa);
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */

123
programs/pkey/rsa_encrypt.c
View File

@ -34,17 +34,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -58,111 +58,104 @@ int main( int argc, char *argv[] )
const char *pers = "rsa_encrypt";
mbedtls_mpi N, E;
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" );
if (argc != 2) {
mbedtls_printf("usage: rsa_encrypt <string of max 100 characters>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
mbedtls_rsa_init( &rsa );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
mbedtls_rsa_init(&rsa);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret );
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen(pers));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
}
mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading public key from rsa_pub.txt");
fflush(stdout);
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if( ( ret = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret );
fclose( f );
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
ret);
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
if( ( ret = mbedtls_rsa_import( &rsa, &N, NULL, NULL, NULL, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if( strlen( argv[1] ) > 100 )
{
mbedtls_printf( " Input data larger than 100 characters.\n\n" );
if (strlen(argv[1]) > 100) {
mbedtls_printf(" Input data larger than 100 characters.\n\n");
goto exit;
}
memcpy( input, argv[1], strlen( argv[1] ) );
memcpy(input, argv[1], strlen(argv[1]));
/*
* Calculate the RSA encryption of the hash.
*/
mbedtls_printf( "\n . Generating the RSA encrypted value" );
fflush( stdout );
mbedtls_printf("\n . Generating the RSA encrypted value");
fflush(stdout);
ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, strlen( argv[1] ), input, buf );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
ret );
ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random,
&ctr_drbg, strlen(argv[1]), input, buf);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
ret);
goto exit;
}
/*
* Write the signature into result-enc.txt
*/
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" );
if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt");
goto exit;
}
for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
for (i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++) {
mbedtls_fprintf(f, "%02X%s", buf[i],
(i + 1) % 16 == 0 ? "\r\n" : " ");
}
fclose( f );
fclose(f);
mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" );
mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_rsa_free( &rsa );
mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_rsa_free(&rsa);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

123
programs/pkey/rsa_genkey.c
View File

@ -39,17 +39,17 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
"MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
int main( void )
int main(void)
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -61,98 +61,93 @@ int main( void )
FILE *fpriv = NULL;
const char *pers = "rsa_genkey";
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_rsa_init( &rsa );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_rsa_init(&rsa);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE );
fflush( stdout );
mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE);
fflush(stdout);
if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
EXPONENT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret );
if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
EXPONENT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Exporting the public key in rsa_pub.txt...." );
fflush( stdout );
mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt....");
fflush(stdout);
if( ( ret = mbedtls_rsa_export ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 )
{
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto exit;
}
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" );
if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n");
goto exit;
}
if( ( ret = mbedtls_mpi_write_file( "N = ", &N, 16, fpub ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "E = ", &E, 16, fpub ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 ||
(ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n . Exporting the private key in rsa_priv.txt..." );
fflush( stdout );
mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt...");
fflush(stdout);
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! could not open rsa_priv.txt for writing\n" );
if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) {
mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n");
goto exit;
}
if( ( ret = mbedtls_mpi_write_file( "N = " , &N , 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "E = " , &E , 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "D = " , &D , 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "P = " , &P , 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "Q = " , &Q , 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "DP = ", &DP, 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "DQ = ", &DQ, 16, fpriv ) ) != 0 ||
( ret = mbedtls_mpi_write_file( "QP = ", &QP, 16, fpriv ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 ||
(ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n\n" );
mbedtls_printf(" ok\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( fpub != NULL )
fclose( fpub );
if (fpub != NULL) {
fclose(fpub);
}
if( fpriv != NULL )
fclose( fpriv );
if (fpriv != NULL) {
fclose(fpriv);
}
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_rsa_free( &rsa );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_rsa_free(&rsa);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

132
programs/pkey/rsa_sign.c
View File

@ -24,12 +24,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
@ -40,7 +40,7 @@ int main( void )
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -52,67 +52,62 @@ int main( int argc, char *argv[] )
char filename[512];
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_init( &rsa );
mbedtls_rsa_init(&rsa);
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_sign <filename>\n" );
if (argc != 2) {
mbedtls_printf("usage: rsa_sign <filename>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading private key from rsa_priv.txt");
fflush(stdout);
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
ret);
goto exit;
}
if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret );
if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
ret);
goto exit;
}
mbedtls_printf( "\n . Checking the private key" );
fflush( stdout );
if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", (unsigned int) -ret );
mbedtls_printf("\n . Checking the private key");
fflush(stdout);
if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
(unsigned int) -ret);
goto exit;
}
@ -120,53 +115,52 @@ int main( int argc, char *argv[] )
* Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
fflush(stdout);
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[1], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[1], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
goto exit;
}
if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
32, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
32, hash, buf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
(unsigned int) -ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] );
if ((f = fopen(filename, "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]);
goto exit;
}
for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ )
mbedtls_fprintf( f, "%02X%s", buf[i],
( i + 1 ) % 16 == 0 ? "\r\n" : " " );
for (i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++) {
mbedtls_fprintf(f, "%02X%s", buf[i],
(i + 1) % 16 == 0 ? "\r\n" : " ");
}
fclose( f );
fclose(f);
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_rsa_free( &rsa );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
mbedtls_rsa_free(&rsa);
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */

113
programs/pkey/rsa_sign_pss.c
View File

@ -25,13 +25,13 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -45,7 +45,7 @@ int main( void )
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -59,54 +59,49 @@ int main( int argc, char *argv[] )
const char *pers = "rsa_sign_pss";
size_t olen = 0;
mbedtls_entropy_init( &entropy );
mbedtls_pk_init( &pk );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pk);
mbedtls_ctr_drbg_init(&ctr_drbg);
if( argc != 3 )
{
mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
if (argc != 3) {
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
fflush(stdout);
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
}
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
mbedtls_printf(" failed\n ! Key is not an RSA key\n");
goto exit;
}
if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! Padding not supported\n" );
if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256)) != 0) {
mbedtls_printf(" failed\n ! Padding not supported\n");
goto exit;
}
@ -114,55 +109,51 @@ int main( int argc, char *argv[] )
* Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
fflush(stdout);
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[2], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[2], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0,
buf, sizeof( buf ), &olen,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned %d\n\n", ret );
if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
buf, sizeof(buf), &olen,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
if ((f = fopen(filename, "wb+")) == NULL) {
mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
if (fwrite(buf, 1, olen, f) != olen) {
mbedtls_printf("failed\n ! fwrite failed\n\n");
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&

89
programs/pkey/rsa_verify.c
View File

@ -24,12 +24,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_MD_C and/or "
"MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit(0);
}
#else
@ -40,7 +40,7 @@ int main( void )
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -52,62 +52,58 @@ int main( int argc, char *argv[] )
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
mbedtls_rsa_init( &rsa );
mbedtls_rsa_init(&rsa);
if( argc != 2 )
{
mbedtls_printf( "usage: rsa_verify <filename>\n" );
if (argc != 2) {
mbedtls_printf("usage: rsa_verify <filename>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Reading public key from rsa_pub.txt" );
fflush( stdout );
mbedtls_printf("\n . Reading public key from rsa_pub.txt");
fflush(stdout);
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n" );
if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
" ! Please run rsa_genkey first\n\n");
goto exit;
}
if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 ||
( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret );
fclose( f );
if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 ||
(ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
fclose(f);
goto exit;
}
rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3;
rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3;
fclose( f );
fclose(f);
/*
* Extract the RSA signature from the text file
*/
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] );
mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
if ((f = fopen(filename, "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
i = 0;
while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 &&
i < (int) sizeof( buf ) )
while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
i < (int) sizeof(buf)) {
buf[i++] = (unsigned char) c;
}
fclose( f );
fclose(f);
if( i != rsa.MBEDTLS_PRIVATE(len) )
{
mbedtls_printf( "\n ! Invalid RSA signature format\n\n" );
if (i != rsa.MBEDTLS_PRIVATE(len)) {
mbedtls_printf("\n ! Invalid RSA signature format\n\n");
goto exit;
}
@ -115,33 +111,32 @@ int main( int argc, char *argv[] )
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
fflush(stdout);
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[1], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] );
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[1], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
goto exit;
}
if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, MBEDTLS_MD_SHA256,
32, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret );
if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
32, hash, buf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_rsa_free( &rsa );
mbedtls_rsa_free(&rsa);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_FS_IO */

83
programs/pkey/rsa_verify_pss.c
View File

@ -25,13 +25,13 @@
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -44,7 +44,7 @@ int main( void )
#include <string.h>
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int ret = 1;
@ -55,88 +55,81 @@ int main( int argc, char *argv[] )
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
mbedtls_pk_init( &pk );
mbedtls_pk_init(&pk);
if( argc != 3 )
{
mbedtls_printf( "usage: rsa_verify_pss <key_file> <filename>\n" );
if (argc != 3) {
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
#if defined(_WIN32)
mbedtls_printf( "\n" );
mbedtls_printf("\n");
#endif
goto exit;
}
mbedtls_printf( "\n . Reading public key from '%s'", argv[1] );
fflush( stdout );
mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
fflush(stdout);
if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
goto exit;
}
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
mbedtls_printf(" failed\n ! Key is not an RSA key\n");
goto exit;
}
if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ),
MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256 ) ) != 0 )
{
mbedtls_printf( " failed\n ! Invalid padding\n" );
if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
MBEDTLS_RSA_PKCS_V21,
MBEDTLS_MD_SHA256)) != 0) {
mbedtls_printf(" failed\n ! Invalid padding\n");
goto exit;
}
/*
* Extract the RSA signature from the file
*/
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
if( ( f = fopen( filename, "rb" ) ) == NULL )
{
mbedtls_printf( "\n ! Could not open %s\n\n", filename );
if ((f = fopen(filename, "rb")) == NULL) {
mbedtls_printf("\n ! Could not open %s\n\n", filename);
goto exit;
}
i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f );
i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
fclose( f );
fclose(f);
/*
* Compute the SHA-256 hash of the input file and
* verify the signature
*/
mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" );
fflush( stdout );
mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
fflush(stdout);
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[2], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
if ((ret = mbedtls_md_file(
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
argv[2], hash)) != 0) {
mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
goto exit;
}
if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0,
buf, i ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_verify returned %d\n\n", ret );
if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
buf, i)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( "\n . OK (the signature is valid)\n\n" );
mbedtls_printf("\n . OK (the signature is valid)\n\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_pk_free(&pk);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C &&
MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */

170
programs/psa/aead_demo.c
View File

@ -57,20 +57,20 @@
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
!defined(MBEDTLS_CHACHAPOLY_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
int main(void)
{
printf( "MBEDTLS_PSA_CRYPTO_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined, and/or "
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n" );
return( 0 );
printf("MBEDTLS_PSA_CRYPTO_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined, and/or "
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
return 0;
}
#else
/* The real program starts here. */
const char usage[] =
"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
const unsigned char iv1[12] = { 0x00 };
@ -85,40 +85,41 @@ const unsigned char msg2_part1[] = { 0x13, 0x14 };
const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
/* Maximum total size of the messages */
#define MSG1_SIZE ( sizeof( msg1_part1 ) + sizeof( msg1_part2 ) )
#define MSG2_SIZE ( sizeof( msg2_part1 ) + sizeof( msg2_part2 ) )
#define MSG_MAX_SIZE ( MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE )
#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
/* Dummy key material - never do this in production!
* 32-byte is enough to all the key size supported by this program. */
const unsigned char key_bytes[32] = { 0x2a };
/* Print the contents of a buffer in hex */
void print_buf( const char *title, uint8_t *buf, size_t len )
void print_buf(const char *title, uint8_t *buf, size_t len)
{
printf( "%s:", title );
for( size_t i = 0; i < len; i++ )
printf( " %02x", buf[i] );
printf( "\n" );
printf("%s:", title);
for (size_t i = 0; i < len; i++) {
printf(" %02x", buf[i]);
}
printf("\n");
}
/* Run a PSA function and bail out if it fails.
* The symbolic name of the error code can be recovered using:
* programs/psa/psa_constant_name status <value> */
#define PSA_CHECK( expr ) \
#define PSA_CHECK(expr) \
do \
{ \
status = ( expr ); \
if( status != PSA_SUCCESS ) \
status = (expr); \
if (status != PSA_SUCCESS) \
{ \
printf( "Error %d at line %d: %s\n", \
(int) status, \
__LINE__, \
#expr ); \
printf("Error %d at line %d: %s\n", \
(int) status, \
__LINE__, \
#expr); \
goto exit; \
} \
} \
while( 0 )
while (0)
/*
* Prepare encryption material:
@ -126,48 +127,48 @@ void print_buf( const char *title, uint8_t *buf, size_t len )
* - set up key
* - outputs: key and algorithm, which together hold all the information
*/
static psa_status_t aead_prepare( const char *info,
psa_key_id_t *key,
psa_algorithm_t *alg )
static psa_status_t aead_prepare(const char *info,
psa_key_id_t *key,
psa_algorithm_t *alg)
{
psa_status_t status;
/* Convert arg to alg + key_bits + key_type */
size_t key_bits;
psa_key_type_t key_type;
if( strcmp( info, "aes128-gcm" ) == 0 ) {
if (strcmp(info, "aes128-gcm") == 0) {
*alg = PSA_ALG_GCM;
key_bits = 128;
key_type = PSA_KEY_TYPE_AES;
} else if( strcmp( info, "aes256-gcm" ) == 0 ) {
} else if (strcmp(info, "aes256-gcm") == 0) {
*alg = PSA_ALG_GCM;
key_bits = 256;
key_type = PSA_KEY_TYPE_AES;
} else if( strcmp( info, "aes128-gcm_8" ) == 0 ) {
} else if (strcmp(info, "aes128-gcm_8") == 0) {
*alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8);
key_bits = 128;
key_type = PSA_KEY_TYPE_AES;
} else if( strcmp( info, "chachapoly" ) == 0 ) {
} else if (strcmp(info, "chachapoly") == 0) {
*alg = PSA_ALG_CHACHA20_POLY1305;
key_bits = 256;
key_type = PSA_KEY_TYPE_CHACHA20;
} else {
puts( usage );
return( PSA_ERROR_INVALID_ARGUMENT );
puts(usage);
return PSA_ERROR_INVALID_ARGUMENT;
}
/* Prepare key attributes */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
psa_set_key_algorithm( &attributes, *alg );
psa_set_key_type( &attributes, key_type );
psa_set_key_bits( &attributes, key_bits ); // optional
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
psa_set_key_algorithm(&attributes, *alg);
psa_set_key_type(&attributes, key_type);
psa_set_key_bits(&attributes, key_bits); // optional
/* Import key */
PSA_CHECK( psa_import_key( &attributes, key_bytes, key_bits / 8, key ) );
PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key));
exit:
return( status );
return status;
}
/*
@ -176,14 +177,14 @@ exit:
* All of this information was present in the command line argument, but his
* function demonstrates how each piece can be recovered from (key, alg).
*/
static void aead_info( psa_key_id_t key, psa_algorithm_t alg )
static void aead_info(psa_key_id_t key, psa_algorithm_t alg)
{
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
(void) psa_get_key_attributes( key, &attr );
psa_key_type_t key_type = psa_get_key_type( &attr );
size_t key_bits = psa_get_key_bits( &attr );
psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
size_t tag_len = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
(void) psa_get_key_attributes(key, &attr);
psa_key_type_t key_type = psa_get_key_type(&attr);
size_t key_bits = psa_get_key_bits(&attr);
psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg);
const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES"
: key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha"
@ -192,102 +193,101 @@ static void aead_info( psa_key_id_t key, psa_algorithm_t alg )
: base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly"
: "???";
printf( "%s, %u, %s, %u\n",
type_str, (unsigned) key_bits, base_str, (unsigned) tag_len );
printf("%s, %u, %s, %u\n",
type_str, (unsigned) key_bits, base_str, (unsigned) tag_len);
}
/*
* Encrypt a 2-part message.
*/
static int aead_encrypt( psa_key_id_t key, psa_algorithm_t alg,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *part1, size_t part1_len,
const unsigned char *part2, size_t part2_len )
static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg,
const unsigned char *iv, size_t iv_len,
const unsigned char *ad, size_t ad_len,
const unsigned char *part1, size_t part1_len,
const unsigned char *part2, size_t part2_len)
{
psa_status_t status;
size_t olen, olen_tag;
unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)];
unsigned char *p = out, *end = out + sizeof( out );
unsigned char *p = out, *end = out + sizeof(out);
unsigned char tag[PSA_AEAD_TAG_MAX_SIZE];
psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT;
PSA_CHECK( psa_aead_encrypt_setup( &op, key, alg ) );
PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg));
PSA_CHECK( psa_aead_set_nonce( &op, iv, iv_len ) );
PSA_CHECK( psa_aead_update_ad( &op, ad, ad_len ) );
PSA_CHECK( psa_aead_update( &op, part1, part1_len, p, end - p, &olen ) );
PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len));
PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len));
PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen));
p += olen;
PSA_CHECK( psa_aead_update( &op, part2, part2_len, p, end - p, &olen ) );
PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen));
p += olen;
PSA_CHECK( psa_aead_finish( &op, p, end - p, &olen,
tag, sizeof( tag ), &olen_tag ) );
PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen,
tag, sizeof(tag), &olen_tag));
p += olen;
memcpy( p, tag, olen_tag );
memcpy(p, tag, olen_tag);
p += olen_tag;
olen = p - out;
print_buf( "out", out, olen );
print_buf("out", out, olen);
exit:
psa_aead_abort( &op ); // required on errors, harmless on success
return( status );
psa_aead_abort(&op); // required on errors, harmless on success
return status;
}
/*
* AEAD demo: set up key/alg, print out info, encrypt messages.
*/
static psa_status_t aead_demo( const char *info )
static psa_status_t aead_demo(const char *info)
{
psa_status_t status;
psa_key_id_t key;
psa_algorithm_t alg;
PSA_CHECK( aead_prepare( info, &key, &alg ) );
PSA_CHECK(aead_prepare(info, &key, &alg));
aead_info( key, alg );
aead_info(key, alg);
PSA_CHECK( aead_encrypt( key, alg,
iv1, sizeof( iv1 ), add_data1, sizeof( add_data1 ),
msg1_part1, sizeof( msg1_part1 ),
msg1_part2, sizeof( msg1_part2 ) ) );
PSA_CHECK( aead_encrypt( key, alg,
iv2, sizeof( iv2 ), add_data2, sizeof( add_data2 ),
msg2_part1, sizeof( msg2_part1 ),
msg2_part2, sizeof( msg2_part2 ) ) );
PSA_CHECK(aead_encrypt(key, alg,
iv1, sizeof(iv1), add_data1, sizeof(add_data1),
msg1_part1, sizeof(msg1_part1),
msg1_part2, sizeof(msg1_part2)));
PSA_CHECK(aead_encrypt(key, alg,
iv2, sizeof(iv2), add_data2, sizeof(add_data2),
msg2_part1, sizeof(msg2_part1),
msg2_part2, sizeof(msg2_part2)));
exit:
psa_destroy_key( key );
psa_destroy_key(key);
return( status );
return status;
}
/*
* Main function
*/
int main( int argc, char **argv )
int main(int argc, char **argv)
{
psa_status_t status = PSA_SUCCESS;
/* Check usage */
if( argc != 2 )
{
puts( usage );
return( EXIT_FAILURE );
if (argc != 2) {
puts(usage);
return EXIT_FAILURE;
}
/* Initialize the PSA crypto library. */
PSA_CHECK( psa_crypto_init( ) );
PSA_CHECK(psa_crypto_init());
/* Run the demo */
PSA_CHECK( aead_demo( argv[1] ) );
PSA_CHECK(aead_demo(argv[1]));
/* Deinitialize the PSA crypto library. */
mbedtls_psa_crypto_free( );
mbedtls_psa_crypto_free();
exit:
return( status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

332
programs/psa/crypto_examples.c
View File

@ -20,146 +20,145 @@
#include <stdio.h>
#include <stdlib.h>
#define ASSERT( predicate ) \
#define ASSERT(predicate) \
do \
{ \
if( ! ( predicate ) ) \
if (!(predicate)) \
{ \
printf( "\tassertion failed at %s:%d - '%s'\r\n", \
__FILE__, __LINE__, #predicate); \
printf("\tassertion failed at %s:%d - '%s'\r\n", \
__FILE__, __LINE__, #predicate); \
goto exit; \
} \
} while ( 0 )
} while (0)
#define ASSERT_STATUS( actual, expected ) \
#define ASSERT_STATUS(actual, expected) \
do \
{ \
if( ( actual ) != ( expected ) ) \
if ((actual) != (expected)) \
{ \
printf( "\tassertion failed at %s:%d - " \
"actual:%d expected:%d\r\n", __FILE__, __LINE__, \
(psa_status_t) actual, (psa_status_t) expected ); \
printf("\tassertion failed at %s:%d - " \
"actual:%d expected:%d\r\n", __FILE__, __LINE__, \
(psa_status_t) actual, (psa_status_t) expected); \
goto exit; \
} \
} while ( 0 )
} while (0)
#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
!defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
!defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
int main(void)
{
printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
"MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
"and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
"not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
" defined.\r\n" );
return( 0 );
printf("MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
"MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
"and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
"not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
" defined.\r\n");
return 0;
}
#else
static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
const uint8_t * input,
size_t input_size,
size_t part_size,
uint8_t * output,
size_t output_size,
size_t *output_len )
static psa_status_t cipher_operation(psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_size,
size_t part_size,
uint8_t *output,
size_t output_size,
size_t *output_len)
{
psa_status_t status;
size_t bytes_to_write = 0, bytes_written = 0, len = 0;
*output_len = 0;
while( bytes_written != input_size )
{
bytes_to_write = ( input_size - bytes_written > part_size ?
part_size :
input_size - bytes_written );
while (bytes_written != input_size) {
bytes_to_write = (input_size - bytes_written > part_size ?
part_size :
input_size - bytes_written);
status = psa_cipher_update( operation, input + bytes_written,
bytes_to_write, output + *output_len,
output_size - *output_len, &len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_cipher_update(operation, input + bytes_written,
bytes_to_write, output + *output_len,
output_size - *output_len, &len);
ASSERT_STATUS(status, PSA_SUCCESS);
bytes_written += bytes_to_write;
*output_len += len;
}
status = psa_cipher_finish( operation, output + *output_len,
output_size - *output_len, &len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_cipher_finish(operation, output + *output_len,
output_size - *output_len, &len);
ASSERT_STATUS(status, PSA_SUCCESS);
*output_len += len;
exit:
return( status );
return status;
}
static psa_status_t cipher_encrypt( psa_key_id_t key,
psa_algorithm_t alg,
uint8_t * iv,
size_t iv_size,
const uint8_t * input,
size_t input_size,
size_t part_size,
uint8_t * output,
size_t output_size,
size_t *output_len )
static psa_status_t cipher_encrypt(psa_key_id_t key,
psa_algorithm_t alg,
uint8_t *iv,
size_t iv_size,
const uint8_t *input,
size_t input_size,
size_t part_size,
uint8_t *output,
size_t output_size,
size_t *output_len)
{
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
size_t iv_len = 0;
memset( &operation, 0, sizeof( operation ) );
status = psa_cipher_encrypt_setup( &operation, key, alg );
ASSERT_STATUS( status, PSA_SUCCESS );
memset(&operation, 0, sizeof(operation));
status = psa_cipher_encrypt_setup(&operation, key, alg);
ASSERT_STATUS(status, PSA_SUCCESS);
status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_cipher_generate_iv(&operation, iv, iv_size, &iv_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_operation( &operation, input, input_size, part_size,
output, output_size, output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_operation(&operation, input, input_size, part_size,
output, output_size, output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
exit:
psa_cipher_abort( &operation );
return( status );
psa_cipher_abort(&operation);
return status;
}
static psa_status_t cipher_decrypt( psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t * iv,
size_t iv_size,
const uint8_t * input,
size_t input_size,
size_t part_size,
uint8_t * output,
size_t output_size,
size_t *output_len )
static psa_status_t cipher_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_size,
const uint8_t *input,
size_t input_size,
size_t part_size,
uint8_t *output,
size_t output_size,
size_t *output_len)
{
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
memset( &operation, 0, sizeof( operation ) );
status = psa_cipher_decrypt_setup( &operation, key, alg );
ASSERT_STATUS( status, PSA_SUCCESS );
memset(&operation, 0, sizeof(operation));
status = psa_cipher_decrypt_setup(&operation, key, alg);
ASSERT_STATUS(status, PSA_SUCCESS);
status = psa_cipher_set_iv( &operation, iv, iv_size );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_cipher_set_iv(&operation, iv, iv_size);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_operation( &operation, input, input_size, part_size,
output, output_size, output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_operation(&operation, input, input_size, part_size,
output, output_size, output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
exit:
psa_cipher_abort( &operation );
return( status );
psa_cipher_abort(&operation);
return status;
}
static psa_status_t
cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
part_size = block_size,
};
@ -174,40 +173,40 @@ cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
uint8_t encrypt[block_size];
uint8_t decrypt[block_size];
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_generate_random(input, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, key_bits );
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key( &attributes, &key );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_generate_key(&attributes, &key);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_encrypt( key, alg, iv, sizeof( iv ),
input, sizeof( input ), part_size,
encrypt, sizeof( encrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt(key, alg, iv, sizeof(iv),
input, sizeof(input), part_size,
encrypt, sizeof(encrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_decrypt( key, alg, iv, sizeof( iv ),
encrypt, output_len, part_size,
decrypt, sizeof( decrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_decrypt(key, alg, iv, sizeof(iv),
encrypt, output_len, part_size,
decrypt, sizeof(decrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = memcmp( input, decrypt, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
status = memcmp(input, decrypt, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);
exit:
psa_destroy_key( key );
return( status );
psa_destroy_key(key);
return status;
}
static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 10,
@ -222,40 +221,40 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
uint8_t iv[block_size], input[input_size],
encrypt[input_size + block_size], decrypt[input_size + block_size];
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_generate_random(input, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, key_bits );
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key( &attributes, &key );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_generate_key(&attributes, &key);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_encrypt( key, alg, iv, sizeof( iv ),
input, sizeof( input ), part_size,
encrypt, sizeof( encrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt(key, alg, iv, sizeof(iv),
input, sizeof(input), part_size,
encrypt, sizeof(encrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_decrypt( key, alg, iv, sizeof( iv ),
encrypt, output_len, part_size,
decrypt, sizeof( decrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_decrypt(key, alg, iv, sizeof(iv),
encrypt, output_len, part_size,
decrypt, sizeof(decrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = memcmp( input, decrypt, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
status = memcmp(input, decrypt, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);
exit:
psa_destroy_key( key );
return( status );
psa_destroy_key(key);
return status;
}
static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
{
enum {
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 10,
@ -269,63 +268,66 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
uint8_t iv[block_size], input[input_size], encrypt[input_size],
decrypt[input_size];
status = psa_generate_random( input, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_generate_random(input, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, key_bits );
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, key_bits);
status = psa_generate_key( &attributes, &key );
ASSERT_STATUS( status, PSA_SUCCESS );
status = psa_generate_key(&attributes, &key);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_encrypt( key, alg, iv, sizeof( iv ),
input, sizeof( input ), part_size,
encrypt, sizeof( encrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_encrypt(key, alg, iv, sizeof(iv),
input, sizeof(input), part_size,
encrypt, sizeof(encrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = cipher_decrypt( key, alg, iv, sizeof( iv ),
encrypt, output_len, part_size,
decrypt, sizeof( decrypt ), &output_len );
ASSERT_STATUS( status, PSA_SUCCESS );
status = cipher_decrypt(key, alg, iv, sizeof(iv),
encrypt, output_len, part_size,
decrypt, sizeof(decrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
status = memcmp( input, decrypt, sizeof( input ) );
ASSERT_STATUS( status, PSA_SUCCESS );
status = memcmp(input, decrypt, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);
exit:
psa_destroy_key( key );
return( status );
psa_destroy_key(key);
return status;
}
static void cipher_examples( void )
static void cipher_examples(void)
{
psa_status_t status;
printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
if( status == PSA_SUCCESS )
printf( "\tsuccess!\r\n" );
printf("cipher encrypt/decrypt AES CBC no padding:\r\n");
status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block();
if (status == PSA_SUCCESS) {
printf("\tsuccess!\r\n");
}
printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
if( status == PSA_SUCCESS )
printf( "\tsuccess!\r\n" );
printf("cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n");
status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi();
if (status == PSA_SUCCESS) {
printf("\tsuccess!\r\n");
}
printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
if( status == PSA_SUCCESS )
printf( "\tsuccess!\r\n" );
printf("cipher encrypt/decrypt AES CTR multipart:\r\n");
status = cipher_example_encrypt_decrypt_aes_ctr_multi();
if (status == PSA_SUCCESS) {
printf("\tsuccess!\r\n");
}
}
int main( void )
int main(void)
{
ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
cipher_examples( );
ASSERT(psa_crypto_init() == PSA_SUCCESS);
cipher_examples();
exit:
mbedtls_psa_crypto_free( );
return( 0 );
mbedtls_psa_crypto_free();
return 0;
}
#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC &&
MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */

88
programs/psa/hmac_demo.c
View File

@ -50,11 +50,11 @@
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_PSA_CRYPTO_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
int main(void)
{
printf( "MBEDTLS_PSA_CRYPTO_C not defined, "
"and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n" );
return( 0 );
printf("MBEDTLS_PSA_CRYPTO_C not defined, "
"and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
return 0;
}
#else
@ -71,31 +71,32 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 };
const unsigned char key_bytes[32] = { 0 };
/* Print the contents of a buffer in hex */
void print_buf( const char *title, uint8_t *buf, size_t len )
void print_buf(const char *title, uint8_t *buf, size_t len)
{
printf( "%s:", title );
for( size_t i = 0; i < len; i++ )
printf( " %02x", buf[i] );
printf( "\n" );
printf("%s:", title);
for (size_t i = 0; i < len; i++) {
printf(" %02x", buf[i]);
}
printf("\n");
}
/* Run a PSA function and bail out if it fails.
* The symbolic name of the error code can be recovered using:
* programs/psa/psa_constant_name status <value> */
#define PSA_CHECK( expr ) \
#define PSA_CHECK(expr) \
do \
{ \
status = ( expr ); \
if( status != PSA_SUCCESS ) \
status = (expr); \
if (status != PSA_SUCCESS) \
{ \
printf( "Error %d at line %d: %s\n", \
(int) status, \
__LINE__, \
#expr ); \
printf("Error %d at line %d: %s\n", \
(int) status, \
__LINE__, \
#expr); \
goto exit; \
} \
} \
while( 0 )
while (0)
/*
* This function demonstrates computation of the HMAC of two messages using
@ -113,40 +114,41 @@ psa_status_t hmac_demo(void)
psa_key_id_t key = 0;
/* prepare key */
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
psa_set_key_bits( &attributes, 8 * sizeof( key_bytes ) ); // optional
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
psa_set_key_bits(&attributes, 8 * sizeof(key_bytes)); // optional
status = psa_import_key( &attributes,
key_bytes, sizeof( key_bytes ), &key );
if( status != PSA_SUCCESS )
return( status );
status = psa_import_key(&attributes,
key_bytes, sizeof(key_bytes), &key);
if (status != PSA_SUCCESS) {
return status;
}
/* prepare operation */
psa_mac_operation_t op = PSA_MAC_OPERATION_INIT;
size_t out_len = 0;
/* compute HMAC(key, msg1_part1 | msg1_part2) */
PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
PSA_CHECK( psa_mac_update( &op, msg1_part1, sizeof( msg1_part1 ) ) );
PSA_CHECK( psa_mac_update( &op, msg1_part2, sizeof( msg1_part2 ) ) );
PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
print_buf( "msg1", out, out_len );
PSA_CHECK(psa_mac_sign_setup(&op, key, alg));
PSA_CHECK(psa_mac_update(&op, msg1_part1, sizeof(msg1_part1)));
PSA_CHECK(psa_mac_update(&op, msg1_part2, sizeof(msg1_part2)));
PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len));
print_buf("msg1", out, out_len);
/* compute HMAC(key, msg2_part1 | msg2_part2) */
PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
PSA_CHECK( psa_mac_update( &op, msg2_part1, sizeof( msg2_part1 ) ) );
PSA_CHECK( psa_mac_update( &op, msg2_part2, sizeof( msg2_part2 ) ) );
PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
print_buf( "msg2", out, out_len );
PSA_CHECK(psa_mac_sign_setup(&op, key, alg));
PSA_CHECK(psa_mac_update(&op, msg2_part1, sizeof(msg2_part1)));
PSA_CHECK(psa_mac_update(&op, msg2_part2, sizeof(msg2_part2)));
PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len));
print_buf("msg2", out, out_len);
exit:
psa_mac_abort( &op ); // needed on error, harmless on success
psa_destroy_key( key );
mbedtls_platform_zeroize( out, sizeof( out ) );
psa_mac_abort(&op); // needed on error, harmless on success
psa_destroy_key(key);
mbedtls_platform_zeroize(out, sizeof(out));
return( status );
return status;
}
int main(void)
@ -154,16 +156,16 @@ int main(void)
psa_status_t status = PSA_SUCCESS;
/* Initialize the PSA crypto library. */
PSA_CHECK( psa_crypto_init( ) );
PSA_CHECK(psa_crypto_init());
/* Run the demo */
PSA_CHECK( hmac_demo() );
PSA_CHECK(hmac_demo());
/* Deinitialize the PSA crypto library. */
mbedtls_psa_crypto_free( );
mbedtls_psa_crypto_free();
exit:
return( status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

625
programs/psa/key_ladder_demo.c
View File

@ -66,47 +66,47 @@
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
int main( void )
int main(void)
{
printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
"not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
"defined.\n" );
return( 0 );
printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
"not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
"defined.\n");
return 0;
}
#else
/* The real program starts here. */
/* Run a system function and bail out if it fails. */
#define SYS_CHECK( expr ) \
#define SYS_CHECK(expr) \
do \
{ \
if( ! ( expr ) ) \
if (!(expr)) \
{ \
perror( #expr ); \
perror( #expr); \
status = DEMO_ERROR; \
goto exit; \
} \
} \
while( 0 )
while (0)
/* Run a PSA function and bail out if it fails. */
#define PSA_CHECK( expr ) \
#define PSA_CHECK(expr) \
do \
{ \
status = ( expr ); \
if( status != PSA_SUCCESS ) \
status = (expr); \
if (status != PSA_SUCCESS) \
{ \
printf( "Error %d at line %d: %s\n", \
(int) status, \
__LINE__, \
#expr ); \
printf("Error %d at line %d: %s\n", \
(int) status, \
__LINE__, \
#expr); \
goto exit; \
} \
} \
while( 0 )
while (0)
/* To report operational errors in this program, use an error code that is
* different from every PSA error code. */
@ -116,19 +116,19 @@ int main( void )
#define MAX_LADDER_DEPTH 10
/* Salt to use when deriving an intermediate key. */
#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" )
#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) )
#define DERIVE_KEY_SALT ((uint8_t *) "key_ladder_demo.derive")
#define DERIVE_KEY_SALT_LENGTH (strlen((const char *) DERIVE_KEY_SALT))
/* Salt to use when deriving a wrapping key. */
#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" )
#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) )
#define WRAPPING_KEY_SALT ((uint8_t *) "key_ladder_demo.wrap")
#define WRAPPING_KEY_SALT_LENGTH (strlen((const char *) WRAPPING_KEY_SALT))
/* Size of the key derivation keys (applies both to the master key and
* to intermediate keys). */
#define KEY_SIZE_BYTES 40
/* Algorithm for key derivation. */
#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 )
#define KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256)
/* Type and size of the key used to wrap data. */
#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES
@ -145,9 +145,8 @@ int main( void )
* integer sizes and endianness, because the data is meant to be read
* back by the same program on the same machine. */
#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte
#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) )
typedef struct
{
#define WRAPPED_DATA_MAGIC_LENGTH (sizeof(WRAPPED_DATA_MAGIC))
typedef struct {
char magic[WRAPPED_DATA_MAGIC_LENGTH];
size_t ad_size; /* Size of the additional data, which is this header. */
size_t payload_size; /* Size of the encrypted data. */
@ -156,8 +155,7 @@ typedef struct
} wrapped_data_header_t;
/* The modes that this program can operate in (see usage). */
enum program_mode
{
enum program_mode {
MODE_GENERATE,
MODE_SAVE,
MODE_UNWRAP,
@ -166,28 +164,29 @@ enum program_mode
/* Save a key to a file. In the real world, you may want to export a derived
* key sometimes, to share it with another party. */
static psa_status_t save_key( psa_key_id_t key,
const char *output_file_name )
static psa_status_t save_key(psa_key_id_t key,
const char *output_file_name)
{
psa_status_t status = PSA_SUCCESS;
uint8_t key_data[KEY_SIZE_BYTES];
size_t key_size;
FILE *key_file = NULL;
PSA_CHECK( psa_export_key( key,
key_data, sizeof( key_data ),
&key_size ) );
SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
PSA_CHECK(psa_export_key(key,
key_data, sizeof(key_data),
&key_size));
SYS_CHECK((key_file = fopen(output_file_name, "wb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( key_file, NULL );
SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
SYS_CHECK( fclose( key_file ) == 0 );
mbedtls_setbuf(key_file, NULL);
SYS_CHECK(fwrite(key_data, 1, key_size, key_file) == key_size);
SYS_CHECK(fclose(key_file) == 0);
key_file = NULL;
exit:
if( key_file != NULL)
fclose( key_file );
return( status );
if (key_file != NULL) {
fclose(key_file);
}
return status;
}
/* Generate a master key for use in this demo.
@ -195,25 +194,25 @@ exit:
* Normally a master key would be non-exportable. For the purpose of this
* demo, we want to save it to a file, to avoid relying on the keystore
* capability of the PSA crypto library. */
static psa_status_t generate( const char *key_file_name )
static psa_status_t generate(const char *key_file_name)
{
psa_status_t status = PSA_SUCCESS;
psa_key_id_t key = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, KDF_ALG );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(&attributes, KDF_ALG);
psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
PSA_CHECK( psa_generate_key( &attributes, &key ) );
PSA_CHECK(psa_generate_key(&attributes, &key));
PSA_CHECK( save_key( key, key_file_name ) );
PSA_CHECK(save_key(key, key_file_name));
exit:
(void) psa_destroy_key( key );
return( status );
(void) psa_destroy_key(key);
return status;
}
/* Load the master key from a file.
@ -221,10 +220,10 @@ exit:
* In the real world, this master key would be stored in an internal memory
* and the storage would be managed by the keystore capability of the PSA
* crypto library. */
static psa_status_t import_key_from_file( psa_key_usage_t usage,
psa_algorithm_t alg,
const char *key_file_name,
psa_key_id_t *master_key )
static psa_status_t import_key_from_file(psa_key_usage_t usage,
psa_algorithm_t alg,
const char *key_file_name,
psa_key_id_t *master_key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -233,38 +232,37 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
FILE *key_file = NULL;
unsigned char extra_byte;
SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
SYS_CHECK((key_file = fopen(key_file_name, "rb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( key_file, NULL );
SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
key_file ) ) != 0 );
if( fread( &extra_byte, 1, 1, key_file ) != 0 )
{
printf( "Key file too large (max: %u).\n",
(unsigned) sizeof( key_data ) );
mbedtls_setbuf(key_file, NULL);
SYS_CHECK((key_size = fread(key_data, 1, sizeof(key_data),
key_file)) != 0);
if (fread(&extra_byte, 1, 1, key_file) != 0) {
printf("Key file too large (max: %u).\n",
(unsigned) sizeof(key_data));
status = DEMO_ERROR;
goto exit;
}
SYS_CHECK( fclose( key_file ) == 0 );
SYS_CHECK(fclose(key_file) == 0);
key_file = NULL;
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) );
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
PSA_CHECK(psa_import_key(&attributes, key_data, key_size, master_key));
exit:
if( key_file != NULL )
fclose( key_file );
mbedtls_platform_zeroize( key_data, sizeof( key_data ) );
if( status != PSA_SUCCESS )
{
if (key_file != NULL) {
fclose(key_file);
}
mbedtls_platform_zeroize(key_data, sizeof(key_data));
if (status != PSA_SUCCESS) {
/* If the key creation hasn't happened yet or has failed,
* *master_key is null. psa_destroy_key( 0 ) is
* guaranteed to do nothing and return PSA_SUCCESS. */
(void) psa_destroy_key( *master_key );
(void) psa_destroy_key(*master_key);
*master_key = 0;
}
return( status );
return status;
}
/* Derive the intermediate keys, using the list of labels provided on
@ -272,60 +270,58 @@ exit:
* This function destroys the master key. On successful output, *key
* is the identifier of the final derived key.
*/
static psa_status_t derive_key_ladder( const char *ladder[],
size_t ladder_depth,
psa_key_id_t *key )
static psa_status_t derive_key_ladder(const char *ladder[],
size_t ladder_depth,
psa_key_id_t *key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
size_t i;
psa_set_key_usage_flags( &attributes,
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, KDF_ALG );
psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(&attributes, KDF_ALG);
psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
/* For each label in turn, ... */
for( i = 0; i < ladder_depth; i++ )
{
for (i = 0; i < ladder_depth; i++) {
/* Start deriving material from the master key (if i=0) or from
* the current intermediate key (if i>0). */
PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT,
DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) );
PSA_CHECK( psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
*key ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
(uint8_t*) ladder[i], strlen( ladder[i] ) ) );
PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
PSA_CHECK(psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT,
DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH));
PSA_CHECK(psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
*key));
PSA_CHECK(psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
(uint8_t *) ladder[i], strlen(ladder[i])));
/* When the parent key is not the master key, destroy it,
* since it is no longer needed. */
PSA_CHECK( psa_destroy_key( *key ) );
PSA_CHECK(psa_destroy_key(*key));
*key = 0;
/* Derive the next intermediate key from the parent key. */
PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
key ) );
PSA_CHECK( psa_key_derivation_abort( &operation ) );
PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
key));
PSA_CHECK(psa_key_derivation_abort(&operation));
}
exit:
psa_key_derivation_abort( &operation );
if( status != PSA_SUCCESS )
{
psa_destroy_key( *key );
psa_key_derivation_abort(&operation);
if (status != PSA_SUCCESS) {
psa_destroy_key(*key);
*key = 0;
}
return( status );
return status;
}
/* Derive a wrapping key from the last intermediate key. */
static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
psa_key_id_t derived_key,
psa_key_id_t *wrapping_key )
static psa_status_t derive_wrapping_key(psa_key_usage_t usage,
psa_key_id_t derived_key,
psa_key_id_t *wrapping_key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -335,33 +331,33 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
/* Set up a key derivation operation from the key derived from
* the master key. */
PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT,
WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) );
PSA_CHECK( psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
derived_key ) );
PSA_CHECK( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
PSA_CHECK(psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT,
WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH));
PSA_CHECK(psa_key_derivation_input_key(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
derived_key));
PSA_CHECK(psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0));
/* Create the wrapping key. */
psa_set_key_usage_flags( &attributes, usage );
psa_set_key_algorithm( &attributes, WRAPPING_ALG );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
wrapping_key ) );
psa_set_key_usage_flags(&attributes, usage);
psa_set_key_algorithm(&attributes, WRAPPING_ALG);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, WRAPPING_KEY_BITS);
PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
wrapping_key));
exit:
psa_key_derivation_abort( &operation );
return( status );
psa_key_derivation_abort(&operation);
return status;
}
static psa_status_t wrap_data( const char *input_file_name,
const char *output_file_name,
psa_key_id_t wrapping_key )
static psa_status_t wrap_data(const char *input_file_name,
const char *output_file_name,
psa_key_id_t wrapping_key)
{
psa_status_t status;
FILE *input_file = NULL;
@ -376,78 +372,79 @@ static psa_status_t wrap_data( const char *input_file_name,
wrapped_data_header_t header;
/* Find the size of the data to wrap. */
SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( input_file, NULL );
SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
mbedtls_setbuf(input_file, NULL);
SYS_CHECK(fseek(input_file, 0, SEEK_END) == 0);
SYS_CHECK((input_position = ftell(input_file)) != -1);
#if LONG_MAX > SIZE_MAX
if( input_position > SIZE_MAX )
{
printf( "Input file too large.\n" );
if (input_position > SIZE_MAX) {
printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
#endif
input_size = input_position;
PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes ) );
key_type = psa_get_key_type( &attributes );
PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
key_type = psa_get_key_type(&attributes);
buffer_size =
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, input_size );
PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, input_size);
/* Check for integer overflow. */
if( buffer_size < input_size )
{
printf( "Input file too large.\n" );
if (buffer_size < input_size) {
printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
/* Load the data to wrap. */
SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL );
SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
SYS_CHECK( fclose( input_file ) == 0 );
SYS_CHECK(fseek(input_file, 0, SEEK_SET) == 0);
SYS_CHECK((buffer = calloc(1, buffer_size)) != NULL);
SYS_CHECK(fread(buffer, 1, input_size, input_file) == input_size);
SYS_CHECK(fclose(input_file) == 0);
input_file = NULL;
/* Construct a header. */
memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH );
header.ad_size = sizeof( header );
memcpy(&header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH);
header.ad_size = sizeof(header);
header.payload_size = input_size;
/* Wrap the data. */
PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) );
PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG,
header.iv, WRAPPING_IV_SIZE,
(uint8_t *) &header, sizeof( header ),
buffer, input_size,
buffer, buffer_size,
&ciphertext_size ) );
PSA_CHECK(psa_generate_random(header.iv, WRAPPING_IV_SIZE));
PSA_CHECK(psa_aead_encrypt(wrapping_key, WRAPPING_ALG,
header.iv, WRAPPING_IV_SIZE,
(uint8_t *) &header, sizeof(header),
buffer, input_size,
buffer, buffer_size,
&ciphertext_size));
/* Write the output. */
SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( output_file, NULL );
SYS_CHECK( fwrite( &header, 1, sizeof( header ),
output_file ) == sizeof( header ) );
SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
output_file ) == ciphertext_size );
SYS_CHECK( fclose( output_file ) == 0 );
mbedtls_setbuf(output_file, NULL);
SYS_CHECK(fwrite(&header, 1, sizeof(header),
output_file) == sizeof(header));
SYS_CHECK(fwrite(buffer, 1, ciphertext_size,
output_file) == ciphertext_size);
SYS_CHECK(fclose(output_file) == 0);
output_file = NULL;
exit:
if( input_file != NULL )
fclose( input_file );
if( output_file != NULL )
fclose( output_file );
if( buffer != NULL )
mbedtls_platform_zeroize( buffer, buffer_size );
free( buffer );
return( status );
if (input_file != NULL) {
fclose(input_file);
}
if (output_file != NULL) {
fclose(output_file);
}
if (buffer != NULL) {
mbedtls_platform_zeroize(buffer, buffer_size);
}
free(buffer);
return status;
}
static psa_status_t unwrap_data( const char *input_file_name,
const char *output_file_name,
psa_key_id_t wrapping_key )
static psa_status_t unwrap_data(const char *input_file_name,
const char *output_file_name,
psa_key_id_t wrapping_key)
{
psa_status_t status;
FILE *input_file = NULL;
@ -461,128 +458,126 @@ static psa_status_t unwrap_data( const char *input_file_name,
unsigned char extra_byte;
/* Load and validate the header. */
SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( input_file, NULL );
SYS_CHECK( fread( &header, 1, sizeof( header ),
input_file ) == sizeof( header ) );
if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
{
printf( "The input does not start with a valid magic header.\n" );
mbedtls_setbuf(input_file, NULL);
SYS_CHECK(fread(&header, 1, sizeof(header),
input_file) == sizeof(header));
if (memcmp(&header.magic, WRAPPED_DATA_MAGIC,
WRAPPED_DATA_MAGIC_LENGTH) != 0) {
printf("The input does not start with a valid magic header.\n");
status = DEMO_ERROR;
goto exit;
}
if( header.ad_size != sizeof( header ) )
{
printf( "The header size is not correct.\n" );
if (header.ad_size != sizeof(header)) {
printf("The header size is not correct.\n");
status = DEMO_ERROR;
goto exit;
}
PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes) );
key_type = psa_get_key_type( &attributes);
PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
key_type = psa_get_key_type(&attributes);
ciphertext_size =
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, header.payload_size );
PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, header.payload_size);
/* Check for integer overflow. */
if( ciphertext_size < header.payload_size )
{
printf( "Input file too large.\n" );
if (ciphertext_size < header.payload_size) {
printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
/* Load the payload data. */
SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL );
SYS_CHECK( fread( buffer, 1, ciphertext_size,
input_file ) == ciphertext_size );
if( fread( &extra_byte, 1, 1, input_file ) != 0 )
{
printf( "Extra garbage after ciphertext\n" );
SYS_CHECK((buffer = calloc(1, ciphertext_size)) != NULL);
SYS_CHECK(fread(buffer, 1, ciphertext_size,
input_file) == ciphertext_size);
if (fread(&extra_byte, 1, 1, input_file) != 0) {
printf("Extra garbage after ciphertext\n");
status = DEMO_ERROR;
goto exit;
}
SYS_CHECK( fclose( input_file ) == 0 );
SYS_CHECK(fclose(input_file) == 0);
input_file = NULL;
/* Unwrap the data. */
PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG,
header.iv, WRAPPING_IV_SIZE,
(uint8_t *) &header, sizeof( header ),
buffer, ciphertext_size,
buffer, ciphertext_size,
&plaintext_size ) );
if( plaintext_size != header.payload_size )
{
printf( "Incorrect payload size in the header.\n" );
PSA_CHECK(psa_aead_decrypt(wrapping_key, WRAPPING_ALG,
header.iv, WRAPPING_IV_SIZE,
(uint8_t *) &header, sizeof(header),
buffer, ciphertext_size,
buffer, ciphertext_size,
&plaintext_size));
if (plaintext_size != header.payload_size) {
printf("Incorrect payload size in the header.\n");
status = DEMO_ERROR;
goto exit;
}
/* Write the output. */
SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
mbedtls_setbuf( output_file, NULL );
SYS_CHECK( fwrite( buffer, 1, plaintext_size,
output_file ) == plaintext_size );
SYS_CHECK( fclose( output_file ) == 0 );
mbedtls_setbuf(output_file, NULL);
SYS_CHECK(fwrite(buffer, 1, plaintext_size,
output_file) == plaintext_size);
SYS_CHECK(fclose(output_file) == 0);
output_file = NULL;
exit:
if( input_file != NULL )
fclose( input_file );
if( output_file != NULL )
fclose( output_file );
if( buffer != NULL )
mbedtls_platform_zeroize( buffer, ciphertext_size );
free( buffer );
return( status );
if (input_file != NULL) {
fclose(input_file);
}
if (output_file != NULL) {
fclose(output_file);
}
if (buffer != NULL) {
mbedtls_platform_zeroize(buffer, ciphertext_size);
}
free(buffer);
return status;
}
static psa_status_t run( enum program_mode mode,
const char *key_file_name,
const char *ladder[], size_t ladder_depth,
const char *input_file_name,
const char *output_file_name )
static psa_status_t run(enum program_mode mode,
const char *key_file_name,
const char *ladder[], size_t ladder_depth,
const char *input_file_name,
const char *output_file_name)
{
psa_status_t status = PSA_SUCCESS;
psa_key_id_t derivation_key = 0;
psa_key_id_t wrapping_key = 0;
/* Initialize the PSA crypto library. */
PSA_CHECK( psa_crypto_init( ) );
PSA_CHECK(psa_crypto_init());
/* Generate mode is unlike the others. Generate the master key and exit. */
if( mode == MODE_GENERATE )
return( generate( key_file_name ) );
if (mode == MODE_GENERATE) {
return generate(key_file_name);
}
/* Read the master key. */
PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
KDF_ALG,
key_file_name,
&derivation_key ) );
PSA_CHECK(import_key_from_file(PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
KDF_ALG,
key_file_name,
&derivation_key));
/* Calculate the derived key for this session. */
PSA_CHECK( derive_key_ladder( ladder, ladder_depth,
&derivation_key ) );
PSA_CHECK(derive_key_ladder(ladder, ladder_depth,
&derivation_key));
switch( mode )
{
switch (mode) {
case MODE_SAVE:
PSA_CHECK( save_key( derivation_key, output_file_name ) );
PSA_CHECK(save_key(derivation_key, output_file_name));
break;
case MODE_UNWRAP:
PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT,
derivation_key,
&wrapping_key ) );
PSA_CHECK( unwrap_data( input_file_name, output_file_name,
wrapping_key ) );
PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_DECRYPT,
derivation_key,
&wrapping_key));
PSA_CHECK(unwrap_data(input_file_name, output_file_name,
wrapping_key));
break;
case MODE_WRAP:
PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT,
derivation_key,
&wrapping_key ) );
PSA_CHECK( wrap_data( input_file_name, output_file_name,
wrapping_key ) );
PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_ENCRYPT,
derivation_key,
&wrapping_key));
PSA_CHECK(wrap_data(input_file_name, output_file_name,
wrapping_key));
break;
default:
/* Unreachable but some compilers don't realize it. */
@ -593,35 +588,35 @@ exit:
/* Destroy any remaining key. Deinitializing the crypto library would do
* this anyway since they are volatile keys, but explicitly destroying
* keys makes the code easier to reuse. */
(void) psa_destroy_key( derivation_key );
(void) psa_destroy_key( wrapping_key );
(void) psa_destroy_key(derivation_key);
(void) psa_destroy_key(wrapping_key);
/* Deinitialize the PSA crypto library. */
mbedtls_psa_crypto_free( );
return( status );
mbedtls_psa_crypto_free();
return status;
}
static void usage( void )
static void usage(void)
{
printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
printf( "Demonstrate the usage of a key derivation ladder.\n" );
printf( "\n" );
printf( "Modes:\n" );
printf( " generate Generate the master key\n" );
printf( " save Save the derived key\n" );
printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
printf( " wrap Wrap (encrypt) input with the derived key\n" );
printf( "\n" );
printf( "Options:\n" );
printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
printf( " master=FILENAME File containing the master key (default: master.key)\n" );
printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
printf( " label=TEXT Label for the key derivation.\n" );
printf( " This may be repeated multiple times.\n" );
printf( " To get the same key, you must use the same master key\n" );
printf( " and the same sequence of labels.\n" );
printf("Usage: key_ladder_demo MODE [OPTION=VALUE]...\n");
printf("Demonstrate the usage of a key derivation ladder.\n");
printf("\n");
printf("Modes:\n");
printf(" generate Generate the master key\n");
printf(" save Save the derived key\n");
printf(" unwrap Unwrap (decrypt) input with the derived key\n");
printf(" wrap Wrap (encrypt) input with the derived key\n");
printf("\n");
printf("Options:\n");
printf(" input=FILENAME Input file (required for wrap/unwrap)\n");
printf(" master=FILENAME File containing the master key (default: master.key)\n");
printf(" output=FILENAME Output file (required for save/wrap/unwrap)\n");
printf(" label=TEXT Label for the key derivation.\n");
printf(" This may be repeated multiple times.\n");
printf(" To get the same key, you must use the same master key\n");
printf(" and the same sequence of labels.\n");
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
const char *key_file_name = "master.key";
const char *input_file_name = NULL;
@ -632,86 +627,76 @@ int main( int argc, char *argv[] )
enum program_mode mode;
psa_status_t status;
if( argc <= 1 ||
strcmp( argv[1], "help" ) == 0 ||
strcmp( argv[1], "-help" ) == 0 ||
strcmp( argv[1], "--help" ) == 0 )
{
usage( );
return( EXIT_SUCCESS );
if (argc <= 1 ||
strcmp(argv[1], "help") == 0 ||
strcmp(argv[1], "-help") == 0 ||
strcmp(argv[1], "--help") == 0) {
usage();
return EXIT_SUCCESS;
}
for( i = 2; i < argc; i++ )
{
char *q = strchr( argv[i], '=' );
if( q == NULL )
{
printf( "Missing argument to option %s\n", argv[i] );
for (i = 2; i < argc; i++) {
char *q = strchr(argv[i], '=');
if (q == NULL) {
printf("Missing argument to option %s\n", argv[i]);
goto usage_failure;
}
*q = 0;
++q;
if( strcmp( argv[i], "input" ) == 0 )
if (strcmp(argv[i], "input") == 0) {
input_file_name = q;
else if( strcmp( argv[i], "label" ) == 0 )
{
if( ladder_depth == MAX_LADDER_DEPTH )
{
printf( "Maximum ladder depth %u exceeded.\n",
(unsigned) MAX_LADDER_DEPTH );
return( EXIT_FAILURE );
} else if (strcmp(argv[i], "label") == 0) {
if (ladder_depth == MAX_LADDER_DEPTH) {
printf("Maximum ladder depth %u exceeded.\n",
(unsigned) MAX_LADDER_DEPTH);
return EXIT_FAILURE;
}
ladder[ladder_depth] = q;
++ladder_depth;
}
else if( strcmp( argv[i], "master" ) == 0 )
} else if (strcmp(argv[i], "master") == 0) {
key_file_name = q;
else if( strcmp( argv[i], "output" ) == 0 )
} else if (strcmp(argv[i], "output") == 0) {
output_file_name = q;
else
{
printf( "Unknown option: %s\n", argv[i] );
} else {
printf("Unknown option: %s\n", argv[i]);
goto usage_failure;
}
}
if( strcmp( argv[1], "generate" ) == 0 )
if (strcmp(argv[1], "generate") == 0) {
mode = MODE_GENERATE;
else if( strcmp( argv[1], "save" ) == 0 )
} else if (strcmp(argv[1], "save") == 0) {
mode = MODE_SAVE;
else if( strcmp( argv[1], "unwrap" ) == 0 )
} else if (strcmp(argv[1], "unwrap") == 0) {
mode = MODE_UNWRAP;
else if( strcmp( argv[1], "wrap" ) == 0 )
} else if (strcmp(argv[1], "wrap") == 0) {
mode = MODE_WRAP;
else
{
printf( "Unknown action: %s\n", argv[1] );
} else {
printf("Unknown action: %s\n", argv[1]);
goto usage_failure;
}
if( input_file_name == NULL &&
( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
{
printf( "Required argument missing: input\n" );
return( DEMO_ERROR );
if (input_file_name == NULL &&
(mode == MODE_WRAP || mode == MODE_UNWRAP)) {
printf("Required argument missing: input\n");
return DEMO_ERROR;
}
if( output_file_name == NULL &&
( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
{
printf( "Required argument missing: output\n" );
return( DEMO_ERROR );
if (output_file_name == NULL &&
(mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP)) {
printf("Required argument missing: output\n");
return DEMO_ERROR;
}
status = run( mode, key_file_name,
ladder, ladder_depth,
input_file_name, output_file_name );
return( status == PSA_SUCCESS ?
EXIT_SUCCESS :
EXIT_FAILURE );
status = run(mode, key_file_name,
ladder, ladder_depth,
input_file_name, output_file_name);
return status == PSA_SUCCESS ?
EXIT_SUCCESS :
EXIT_FAILURE;
usage_failure:
usage( );
return( EXIT_FAILURE );
usage();
return EXIT_FAILURE;
}
#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C &&
MBEDTLS_AES_C && MBEDTLS_CCM_C &&

27
programs/psa/psa_constant_names.c
View File

@ -26,29 +26,29 @@
/* This block is present to support Visual Studio builds prior to 2015 */
#if defined(_MSC_VER) && _MSC_VER < 1900
#include <stdarg.h>
int snprintf( char *s, size_t n, const char *fmt, ... )
int snprintf(char *s, size_t n, const char *fmt, ...)
{
int ret;
va_list argp;
/* Avoid calling the invalid parameter handler by checking ourselves */
if( s == NULL || n == 0 || fmt == NULL )
return( -1 );
if (s == NULL || n == 0 || fmt == NULL) {
return -1;
}
va_start( argp, fmt );
va_start(argp, fmt);
#if defined(_TRUNCATE) && !defined(__MINGW32__)
ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
ret = _vsnprintf_s(s, n, _TRUNCATE, fmt, argp);
#else
ret = _vsnprintf( s, n, fmt, argp );
if( ret < 0 || (size_t) ret == n )
{
ret = _vsnprintf(s, n, fmt, argp);
if (ret < 0 || (size_t) ret == n) {
s[n-1] = '\0';
ret = -1;
}
#endif
va_end( argp );
va_end(argp);
return( ret );
return ret;
}
#endif
@ -69,7 +69,9 @@ static void append_integer(char **buffer, size_t buffer_size,
unsigned long value)
{
size_t n = snprintf(*buffer, buffer_size - *required_size, format, value);
if (n < buffer_size - *required_size) *buffer += n;
if (n < buffer_size - *required_size) {
*buffer += n;
}
*required_size += n;
}
@ -288,8 +290,7 @@ int main(int argc, char *argv[])
{
if (argc <= 1 ||
!strcmp(argv[1], "help") ||
!strcmp(argv[1], "--help"))
{
!strcmp(argv[1], "--help")) {
usage(argv[0]);
return EXIT_FAILURE;
}

53
programs/random/gen_entropy.c
View File

@ -28,15 +28,15 @@
#endif
#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int i, k, ret = 1;
@ -44,45 +44,44 @@ int main( int argc, char *argv[] )
mbedtls_entropy_context entropy;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
mbedtls_exit( exit_code );
if (argc < 2) {
mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
mbedtls_exit(exit_code);
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
mbedtls_exit( exit_code );
if ((f = fopen(argv[1], "wb+")) == NULL) {
mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
mbedtls_exit(exit_code);
}
mbedtls_entropy_init( &entropy );
mbedtls_entropy_init(&entropy);
for( i = 0, k = 768; i < k; i++ )
{
ret = mbedtls_entropy_func( &entropy, buf, sizeof( buf ) );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_entropy_func returned -%04X\n",
(unsigned int) ret );
for (i = 0, k = 768; i < k; i++) {
ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n",
(unsigned int) ret);
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
fwrite(buf, 1, sizeof(buf), f);
mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r",
(long) (sizeof(buf) * k / 1024),
argv[1],
(100 * (float) (i + 1)) / k);
fflush(stdout);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
mbedtls_printf( "\n" );
mbedtls_printf("\n");
fclose( f );
mbedtls_entropy_free( &entropy );
fclose(f);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_ENTROPY_C */

88
programs/random/gen_random_ctr_drbg.c
View File

@ -22,7 +22,7 @@
#include "mbedtls/platform.h"
#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_FS_IO)
defined(MBEDTLS_FS_IO)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
@ -30,16 +30,16 @@
#endif
#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_FS_IO)
int main( void )
!defined(MBEDTLS_FS_IO)
int main(void)
{
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
FILE *f;
int i, k, ret = 1;
@ -48,63 +48,61 @@ int main( int argc, char *argv[] )
mbedtls_entropy_context entropy;
unsigned char buf[1024];
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_ctr_drbg_init(&ctr_drbg);
if( argc < 2 )
{
mbedtls_fprintf( stderr, "usage: %s <output filename>\n", argv[0] );
mbedtls_exit( exit_code );
if (argc < 2) {
mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
mbedtls_exit(exit_code);
}
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
{
mbedtls_printf( "failed to open '%s' for writing.\n", argv[1] );
mbedtls_exit( exit_code );
if ((f = fopen(argv[1], "wb+")) == NULL) {
mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
mbedtls_exit(exit_code);
}
mbedtls_entropy_init( &entropy );
ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) "RANDOM_GEN", 10 );
if( ret != 0 )
{
mbedtls_printf( "failed in mbedtls_ctr_drbg_seed: %d\n", ret );
mbedtls_entropy_init(&entropy);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg,
mbedtls_entropy_func,
&entropy,
(const unsigned char *) "RANDOM_GEN",
10);
if (ret != 0) {
mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret);
goto cleanup;
}
mbedtls_ctr_drbg_set_prediction_resistance( &ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF );
mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF);
#if defined(MBEDTLS_FS_IO)
ret = mbedtls_ctr_drbg_update_seed_file( &ctr_drbg, "seedfile" );
ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile");
if( ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR )
{
mbedtls_printf( "Failed to open seedfile. Generating one.\n" );
ret = mbedtls_ctr_drbg_write_seed_file( &ctr_drbg, "seedfile" );
if( ret != 0 )
{
mbedtls_printf( "failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret );
if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) {
mbedtls_printf("Failed to open seedfile. Generating one.\n");
ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile");
if (ret != 0) {
mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret);
goto cleanup;
}
}
else if( ret != 0 )
{
mbedtls_printf( "failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret );
} else if (ret != 0) {
mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret);
goto cleanup;
}
#endif
for( i = 0, k = 768; i < k; i++ )
{
ret = mbedtls_ctr_drbg_random( &ctr_drbg, buf, sizeof( buf ) );
if( ret != 0 )
{
for (i = 0, k = 768; i < k; i++) {
ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf));
if (ret != 0) {
mbedtls_printf("failed!\n");
goto cleanup;
}
fwrite( buf, 1, sizeof( buf ), f );
fwrite(buf, 1, sizeof(buf), f);
mbedtls_printf( "Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r", (long)(sizeof(buf) * k / 1024), argv[1], (100 * (float) (i + 1)) / k );
fflush( stdout );
mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
"%% done\r",
(long) (sizeof(buf) * k / 1024),
argv[1],
(100 * (float) (i + 1)) / k);
fflush(stdout);
}
exit_code = MBEDTLS_EXIT_SUCCESS;
@ -112,10 +110,10 @@ int main( int argc, char *argv[] )
cleanup:
mbedtls_printf("\n");
fclose( f );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
fclose(f);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */

248
programs/ssl/dtls_client.c
View File

@ -26,14 +26,14 @@
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_PEM_PARSE_C)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_PEM_PARSE_C not defined.\n" );
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -68,17 +68,17 @@ int main( void )
#define DEBUG_LEVEL 0
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
fflush((FILE *) ctx);
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret, len;
mbedtls_net_context server_fd;
@ -98,221 +98,217 @@ int main( int argc, char *argv[] )
((void) argv);
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 0. Initialize the RNG and the session data
*/
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &cacert );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 0. Load certificates
*/
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
mbedtls_printf(" . Loading the CA root certificate ...");
fflush(stdout);
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len);
if (ret < 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( " ok (%d skipped)\n", ret );
mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1. Start the connection
*/
mbedtls_printf( " . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT );
fflush( stdout );
mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT);
fflush(stdout);
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_ADDR,
SERVER_PORT, MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR,
SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 2. Setup stuff
*/
mbedtls_printf( " . Setting up the DTLS structure..." );
fflush( stdout );
mbedtls_printf(" . Setting up the DTLS structure...");
fflush(stdout);
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
mbedtls_ssl_set_bio(&ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay);
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 4. Handshake
*/
mbedtls_printf( " . Performing the DTLS handshake..." );
fflush( stdout );
mbedtls_printf(" . Performing the DTLS handshake...");
fflush(stdout);
do ret = mbedtls_ssl_handshake( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_handshake(&ssl);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 5. Verify the server certificate
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
mbedtls_printf(" . Verifying peer X.509 certificate...");
/* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
* handshake would not succeed if the peer's cert is bad. Even if we used
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
#if !defined(MBEDTLS_X509_REMOVE_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
mbedtls_printf(" failed\n");
#if !defined(MBEDTLS_X509_REMOVE_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
mbedtls_printf( "%s\n", vrfy_buf );
mbedtls_printf("%s\n", vrfy_buf);
#endif
} else {
mbedtls_printf(" ok\n");
}
else
mbedtls_printf( " ok\n" );
/*
* 6. Write the echo request
*/
send_request:
mbedtls_printf( " > Write to server:" );
fflush( stdout );
mbedtls_printf(" > Write to server:");
fflush(stdout);
len = sizeof( MESSAGE ) - 1;
len = sizeof(MESSAGE) - 1;
do ret = mbedtls_ssl_write( &ssl, (unsigned char *) MESSAGE, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
if (ret < 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
len = ret;
mbedtls_printf( " %d bytes written\n\n%s\n\n", len, MESSAGE );
mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE);
/*
* 7. Read the echo response
*/
mbedtls_printf( " < Read from server:" );
fflush( stdout );
mbedtls_printf(" < Read from server:");
fflush(stdout);
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_read(&ssl, buf, len);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if( ret <= 0 )
{
switch( ret )
{
if (ret <= 0) {
switch (ret) {
case MBEDTLS_ERR_SSL_TIMEOUT:
mbedtls_printf( " timeout\n\n" );
if( retry_left-- > 0 )
mbedtls_printf(" timeout\n\n");
if (retry_left-- > 0) {
goto send_request;
}
goto exit;
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " connection was closed gracefully\n" );
mbedtls_printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
}
len = ret;
mbedtls_printf( " %d bytes read\n\n%s\n\n", len, buf );
mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf);
/*
* 8. Done, cleanly close the connection
*/
close_notify:
mbedtls_printf( " . Closing the connection..." );
mbedtls_printf(" . Closing the connection...");
/* No error checking, the connection might be closed already */
do ret = mbedtls_ssl_close_notify( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_close_notify(&ssl);
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
mbedtls_printf( " done\n" );
mbedtls_printf(" done\n");
/*
* 9. Final clean-ups and exit
@ -320,27 +316,27 @@ close_notify:
exit:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf( "Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
mbedtls_net_free( &server_fd );
mbedtls_net_free(&server_fd);
mbedtls_x509_crt_free( &cacert );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
/* Shell can not handle large exit numbers -> 1 for errors */
if( ret < 0 )
if (ret < 0) {
ret = 1;
}
mbedtls_exit( ret );
mbedtls_exit(ret);
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&

315
programs/ssl/dtls_server.c
View File

@ -36,14 +36,14 @@
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
int main( void )
int main(void)
{
printf( "MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n" );
mbedtls_exit( 0 );
printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
"MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -75,17 +75,17 @@ int main( void )
#define DEBUG_LEVEL 0
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
fflush((FILE *) ctx);
}
int main( void )
int main(void)
{
int ret, len;
mbedtls_net_context listen_fd, client_fd;
@ -106,274 +106,265 @@ int main( void )
mbedtls_ssl_cache_context cache;
#endif
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ssl_cookie_init( &cookie_ctx );
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ssl_cookie_init(&cookie_ctx);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
mbedtls_ssl_cache_init(&cache);
#endif
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 1. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
printf(" . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
printf( " ok\n" );
printf(" ok\n");
/*
* 2. Load the certificates and private RSA key
*/
printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
printf("\n . Loading the server cert. and key...");
fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len);
if (ret != 0) {
printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len);
if (ret != 0) {
printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
ret = mbedtls_pk_parse_key(&pkey,
(const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len,
NULL,
0,
mbedtls_ctr_drbg_random,
&ctr_drbg);
if (ret != 0) {
printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
printf( " ok\n" );
printf(" ok\n");
/*
* 3. Setup the "listening" UDP socket
*/
printf( " . Bind on udp/*/4433 ..." );
fflush( stdout );
printf(" . Bind on udp/*/4433 ...");
fflush(stdout);
if( ( ret = mbedtls_net_bind( &listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP ) ) != 0 )
{
printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
if ((ret = mbedtls_net_bind(&listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP)) != 0) {
printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
printf( " ok\n" );
printf(" ok\n");
/*
* 4. Setup stuff
*/
printf( " . Setting up the DTLS data..." );
fflush( stdout );
printf(" . Setting up the DTLS data...");
fflush(stdout);
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
mbedtls_ssl_cache_set);
#endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx);
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay);
printf( " ok\n" );
printf(" ok\n");
reset:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror(ret, error_buf, 100);
printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
mbedtls_net_free( &client_fd );
mbedtls_net_free(&client_fd);
mbedtls_ssl_session_reset( &ssl );
mbedtls_ssl_session_reset(&ssl);
/*
* 3. Wait until a client connects
*/
printf( " . Waiting for a remote connection ..." );
fflush( stdout );
printf(" . Waiting for a remote connection ...");
fflush(stdout);
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
client_ip, sizeof( client_ip ), &cliip_len ) ) != 0 )
{
printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
client_ip, sizeof(client_ip), &cliip_len)) != 0) {
printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
/* For HelloVerifyRequest cookies */
if( ( ret = mbedtls_ssl_set_client_transport_id( &ssl,
client_ip, cliip_len ) ) != 0 )
{
printf( " failed\n ! "
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret );
if ((ret = mbedtls_ssl_set_client_transport_id(&ssl,
client_ip, cliip_len)) != 0) {
printf(" failed\n ! "
"mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret);
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
mbedtls_ssl_set_bio(&ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
printf( " ok\n" );
printf(" ok\n");
/*
* 5. Handshake
*/
printf( " . Performing the DTLS handshake..." );
fflush( stdout );
printf(" . Performing the DTLS handshake...");
fflush(stdout);
do ret = mbedtls_ssl_handshake( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_handshake(&ssl);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED )
{
printf( " hello verification requested\n" );
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
printf(" hello verification requested\n");
ret = 0;
goto reset;
}
else if( ret != 0 )
{
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
} else if (ret != 0) {
printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
goto reset;
}
printf( " ok\n" );
printf(" ok\n");
/*
* 6. Read the echo Request
*/
printf( " < Read from client:" );
fflush( stdout );
printf(" < Read from client:");
fflush(stdout);
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
do ret = mbedtls_ssl_read( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_read(&ssl, buf, len);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if( ret <= 0 )
{
switch( ret )
{
if (ret <= 0) {
switch (ret) {
case MBEDTLS_ERR_SSL_TIMEOUT:
printf( " timeout\n\n" );
printf(" timeout\n\n");
goto reset;
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
printf( " connection was closed gracefully\n" );
printf(" connection was closed gracefully\n");
ret = 0;
goto close_notify;
default:
printf( " mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret );
printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
goto reset;
}
}
len = ret;
printf( " %d bytes read\n\n%s\n\n", len, buf );
printf(" %d bytes read\n\n%s\n\n", len, buf);
/*
* 7. Write the 200 Response
*/
printf( " > Write to client:" );
fflush( stdout );
printf(" > Write to client:");
fflush(stdout);
do ret = mbedtls_ssl_write( &ssl, buf, len );
while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_write(&ssl, buf, len);
} while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
ret == MBEDTLS_ERR_SSL_WANT_WRITE);
if( ret < 0 )
{
printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
if (ret < 0) {
printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
len = ret;
printf( " %d bytes written\n\n%s\n\n", len, buf );
printf(" %d bytes written\n\n%s\n\n", len, buf);
/*
* 8. Done, cleanly close the connection
*/
close_notify:
printf( " . Closing the connection..." );
printf(" . Closing the connection...");
/* No error checking, the connection might be closed already */
do ret = mbedtls_ssl_close_notify( &ssl );
while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
do {
ret = mbedtls_ssl_close_notify(&ssl);
} while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
ret = 0;
printf( " done\n" );
printf(" done\n");
goto reset;
@ -383,33 +374,33 @@ close_notify:
exit:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
printf( "Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror(ret, error_buf, 100);
printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_cookie_free( &cookie_ctx );
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_cookie_free(&cookie_ctx);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
mbedtls_ssl_cache_free(&cache);
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
/* Shell can not handle large exit numbers -> 1 for errors */
if( ret < 0 )
if (ret < 0) {
ret = 1;
}
mbedtls_exit( ret );
mbedtls_exit(ret);
}
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&

96
programs/ssl/mini_client.c
View File

@ -40,12 +40,12 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(UNIX)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
"not defined.\n");
mbedtls_exit(0);
}
#else
@ -137,8 +137,7 @@ const unsigned char ca_cert[] = {
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
enum exit_codes
{
enum exit_codes {
exit_ok = 0,
ctr_drbg_seed_failed,
ssl_config_defaults_failed,
@ -152,7 +151,7 @@ enum exit_codes
};
int main( void )
int main(void)
{
int ret = exit_ok;
mbedtls_net_context server_fd;
@ -165,62 +164,57 @@ int main( void )
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_ctr_drbg_init(&ctr_drbg);
/*
* 0. Initialize and setup stuff
*/
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &ca );
mbedtls_x509_crt_init(&ca);
#endif
mbedtls_entropy_init( &entropy );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
{
mbedtls_entropy_init(&entropy);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
goto exit;
}
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
{
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
ret = ssl_config_defaults_failed;
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
(const unsigned char *) psk_id, sizeof(psk_id) - 1);
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( mbedtls_x509_crt_parse_der( &ca, ca_cert, sizeof( ca_cert ) ) != 0 )
{
if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) {
ret = x509_crt_parse_failed;
goto exit;
}
mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL );
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL);
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
#endif
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
{
if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
ret = ssl_setup_failed;
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
{
if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) {
ret = hostname_failed;
goto exit;
}
@ -229,7 +223,7 @@ int main( void )
/*
* 1. Start the connection
*/
memset( &addr, 0, sizeof( addr ) );
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
ret = 1; /* for endianness detection */
@ -237,23 +231,20 @@ int main( void )
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0;
if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
if ((server_fd.fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
ret = socket_failed;
goto exit;
}
if( connect( server_fd.fd,
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{
if (connect(server_fd.fd,
(const struct sockaddr *) &addr, sizeof(addr)) < 0) {
ret = connect_failed;
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
if( mbedtls_ssl_handshake( &ssl ) != 0 )
{
if (mbedtls_ssl_handshake(&ssl) != 0) {
ret = ssl_handshake_failed;
goto exit;
}
@ -261,26 +252,25 @@ int main( void )
/*
* 2. Write the GET request and close the connection
*/
if( mbedtls_ssl_write( &ssl, (const unsigned char *) GET_REQUEST,
sizeof( GET_REQUEST ) - 1 ) <= 0 )
{
if (mbedtls_ssl_write(&ssl, (const unsigned char *) GET_REQUEST,
sizeof(GET_REQUEST) - 1) <= 0) {
ret = ssl_write_failed;
goto exit;
}
mbedtls_ssl_close_notify( &ssl );
mbedtls_ssl_close_notify(&ssl);
exit:
mbedtls_net_free( &server_fd );
mbedtls_net_free(&server_fd);
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free( &ca );
mbedtls_x509_crt_free(&ca);
#endif
mbedtls_exit( ret );
mbedtls_exit(ret);
}
#endif

226
programs/ssl/ssl_client1.c
View File

@ -26,14 +26,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"not defined.\n");
mbedtls_exit(0);
}
#else
@ -54,17 +54,17 @@ int main( void )
#define DEBUG_LEVEL 1
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
fflush((FILE *) ctx);
}
int main( void )
int main(void)
{
int ret = 1, len;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -80,220 +80,208 @@ int main( void )
mbedtls_x509_crt cacert;
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 0. Initialize the RNG and the session data
*/
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &cacert );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 0. Initialize certificates
*/
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
mbedtls_printf(" . Loading the CA root certificate ...");
fflush(stdout);
ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len);
if (ret < 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( " ok (%d skipped)\n", ret );
mbedtls_printf(" ok (%d skipped)\n", ret);
/*
* 1. Start the connection
*/
mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );
fflush( stdout );
mbedtls_printf(" . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT);
fflush(stdout);
if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,
SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 2. Setup stuff
*/
mbedtls_printf( " . Setting up the SSL/TLS structure..." );
fflush( stdout );
mbedtls_printf(" . Setting up the SSL/TLS structure...");
fflush(stdout);
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
/*
* 4. Handshake
*/
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
mbedtls_printf(" . Performing the SSL/TLS handshake...");
fflush(stdout);
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 5. Verify the server certificate
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
mbedtls_printf(" . Verifying peer X.509 certificate...");
/* In real life, we probably want to bail out when ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
#if !defined(MBEDTLS_X509_REMOVE_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
mbedtls_printf(" failed\n");
#if !defined(MBEDTLS_X509_REMOVE_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
mbedtls_printf( "%s\n", vrfy_buf );
mbedtls_printf("%s\n", vrfy_buf);
#endif
} else {
mbedtls_printf(" ok\n");
}
else
mbedtls_printf( " ok\n" );
/*
* 3. Write the GET request
*/
mbedtls_printf( " > Write to server:" );
fflush( stdout );
mbedtls_printf(" > Write to server:");
fflush(stdout);
len = sprintf( (char *) buf, GET_REQUEST );
len = sprintf((char *) buf, GET_REQUEST);
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
}
len = ret;
mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );
mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf);
/*
* 7. Read the HTTP response
*/
mbedtls_printf( " < Read from server:" );
fflush( stdout );
mbedtls_printf(" < Read from server:");
fflush(stdout);
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
}
if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
break;
if( ret < 0 )
{
mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
break;
}
if( ret == 0 )
{
mbedtls_printf( "\n\nEOF\n\n" );
if (ret < 0) {
mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
break;
}
if (ret == 0) {
mbedtls_printf("\n\nEOF\n\n");
break;
}
len = ret;
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
}
while( 1 );
mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
} while (1);
mbedtls_ssl_close_notify( &ssl );
mbedtls_ssl_close_notify(&ssl);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
#ifdef MBEDTLS_ERROR_C
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
mbedtls_net_free( &server_fd );
mbedtls_net_free(&server_fd);
mbedtls_x509_crt_free( &cacert );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&

2693
programs/ssl/ssl_client2.c
View File

File diff suppressed because it is too large Load Diff

921
programs/ssl/ssl_context_info.c
View File

File diff suppressed because it is too large Load Diff

310
programs/ssl/ssl_fork_server.c
View File

@ -27,24 +27,24 @@
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_PEM_PARSE_C)
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
((void) argc);
((void) argv);
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit( 0 );
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit(0);
}
#elif defined(_WIN32)
int main( void )
int main(void)
{
mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
"to work correctly.\n");
mbedtls_exit( 0 );
"to work correctly.\n");
mbedtls_exit(0);
}
#else
@ -71,17 +71,17 @@ int main( void )
#define DEBUG_LEVEL 0
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
fflush((FILE *) ctx);
}
int main( void )
int main(void)
{
int ret = 1, len, cnt = 0, pid;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -96,127 +96,118 @@ int main( void )
mbedtls_x509_crt srvcert;
mbedtls_pk_context pkey;
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_entropy_init( &entropy );
mbedtls_pk_init( &pkey );
mbedtls_x509_crt_init( &srvcert );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pkey);
mbedtls_x509_crt_init(&srvcert);
mbedtls_ctr_drbg_init(&ctr_drbg);
signal( SIGCHLD, SIG_IGN );
signal(SIGCHLD, SIG_IGN);
/*
* 0. Initial seeding of the RNG
*/
mbedtls_printf( "\n . Initial seeding of the random generator..." );
fflush( stdout );
mbedtls_printf("\n . Initial seeding of the random generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1. Load the certificates and private RSA key
*/
mbedtls_printf( " . Loading the server cert. and key..." );
fflush( stdout );
mbedtls_printf(" . Loading the server cert. and key...");
fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
mbedtls_printf( " failed! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1b. Prepare SSL configuration
*/
mbedtls_printf( " . Configuring SSL..." );
fflush( stdout );
mbedtls_printf(" . Configuring SSL...");
fflush(stdout);
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ssl_config_defaults returned %d\n\n", ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
mbedtls_printf(" failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 2. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
mbedtls_printf(" . Bind on https://localhost:4433/ ...");
fflush(stdout);
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_net_bind returned %d\n\n", ret );
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
while( 1 )
{
while (1) {
/*
* 3. Wait until a client connects
*/
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl );
mbedtls_net_init(&client_fd);
mbedtls_ssl_init(&ssl);
mbedtls_printf( " . Waiting for a remote connection ...\n" );
fflush( stdout );
mbedtls_printf(" . Waiting for a remote connection ...\n");
fflush(stdout);
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_net_accept returned %d\n\n", ret );
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
mbedtls_printf(" failed! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
@ -224,113 +215,104 @@ int main( void )
* 3.5. Forking server thread
*/
mbedtls_printf( " . Forking to handle connection ..." );
fflush( stdout );
mbedtls_printf(" . Forking to handle connection ...");
fflush(stdout);
pid = fork();
if( pid < 0 )
{
mbedtls_printf(" failed! fork returned %d\n\n", pid );
if (pid < 0) {
mbedtls_printf(" failed! fork returned %d\n\n", pid);
goto exit;
}
if( pid != 0 )
{
mbedtls_printf( " ok\n" );
mbedtls_net_close( &client_fd );
if (pid != 0) {
mbedtls_printf(" ok\n");
mbedtls_net_close(&client_fd);
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "parent",
6 ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret );
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "parent",
6)) != 0) {
mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret);
goto exit;
}
continue;
}
mbedtls_net_close( &listen_fd );
mbedtls_net_close(&listen_fd);
pid = getpid();
/*
* 4. Setup stuff
*/
mbedtls_printf( "pid %d: Setting up the SSL data.\n", pid );
fflush( stdout );
mbedtls_printf("pid %d: Setting up the SSL data.\n", pid);
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_reseed( &ctr_drbg,
(const unsigned char *) "child",
5 ) ) != 0 )
{
if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
(const unsigned char *) "child",
5)) != 0) {
mbedtls_printf(
"pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
pid, ret );
"pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
pid, ret);
goto exit;
}
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(
"pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
pid, ret );
"pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
pid, ret);
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
mbedtls_printf( "pid %d: SSL setup ok\n", pid );
mbedtls_printf("pid %d: SSL setup ok\n", pid);
/*
* 5. Handshake
*/
mbedtls_printf( "pid %d: Performing the SSL/TLS handshake.\n", pid );
fflush( stdout );
mbedtls_printf("pid %d: Performing the SSL/TLS handshake.\n", pid);
fflush(stdout);
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(
"pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
pid, ret );
"pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
pid, ret);
goto exit;
}
}
mbedtls_printf( "pid %d: SSL handshake ok\n", pid );
mbedtls_printf("pid %d: SSL handshake ok\n", pid);
/*
* 6. Read the HTTP Request
*/
mbedtls_printf( "pid %d: Start reading from client.\n", pid );
fflush( stdout );
mbedtls_printf("pid %d: Start reading from client.\n", pid);
fflush(stdout);
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
}
if( ret <= 0 )
{
switch( ret )
{
if (ret <= 0) {
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( "pid %d: connection was closed gracefully\n", pid );
mbedtls_printf("pid %d: connection was closed gracefully\n", pid);
break;
case MBEDTLS_ERR_NET_CONN_RESET:
mbedtls_printf( "pid %d: connection was reset by peer\n", pid );
mbedtls_printf("pid %d: connection was reset by peer\n", pid);
break;
default:
mbedtls_printf( "pid %d: mbedtls_ssl_read returned %d\n", pid, ret );
mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
break;
}
@ -338,65 +320,61 @@ int main( void )
}
len = ret;
mbedtls_printf( "pid %d: %d bytes read\n\n%s", pid, len, (char *) buf );
mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
if( ret > 0 )
if (ret > 0) {
break;
}
while( 1 );
}
} while (1);
/*
* 7. Write the 200 Response
*/
mbedtls_printf( "pid %d: Start writing to client.\n", pid );
fflush( stdout );
mbedtls_printf("pid %d: Start writing to client.\n", pid);
fflush(stdout);
len = sprintf( (char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite( &ssl ) );
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
while( cnt++ < 100 )
{
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
{
while (cnt++ < 100) {
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(
"pid %d: Write failed! peer closed the connection\n\n", pid );
"pid %d: Write failed! peer closed the connection\n\n", pid);
goto exit;
}
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(
"pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
pid, ret );
"pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
pid, ret);
goto exit;
}
}
len = ret;
mbedtls_printf( "pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf );
mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
mbedtls_net_usleep( 1000000 );
mbedtls_net_usleep(1000000);
}
mbedtls_ssl_close_notify( &ssl );
mbedtls_ssl_close_notify(&ssl);
goto exit;
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&

741
programs/ssl/ssl_mail_client.c
View File

File diff suppressed because it is too large Load Diff

360
programs/ssl/ssl_pthread_server.c
View File

@ -28,15 +28,15 @@
!defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
!defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
!defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit( 0 );
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
"MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -75,20 +75,20 @@ int main( void )
mbedtls_threading_mutex_t debug_mutex;
static void my_mutexed_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_mutexed_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
long int thread_id = (long int) pthread_self();
mbedtls_mutex_lock( &debug_mutex );
mbedtls_mutex_lock(&debug_mutex);
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: [ #%ld ] %s",
file, line, thread_id, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: [ #%ld ] %s",
file, line, thread_id, str);
fflush((FILE *) ctx);
mbedtls_mutex_unlock( &debug_mutex );
mbedtls_mutex_unlock(&debug_mutex);
}
typedef struct {
@ -106,7 +106,7 @@ typedef struct {
static thread_info_t base_info;
static pthread_info_t threads[MAX_NUM_THREADS];
static void *handle_ssl_connection( void *data )
static void *handle_ssl_connection(void *data)
{
int ret, len;
thread_info_t *thread_info = (thread_info_t *) data;
@ -116,190 +116,178 @@ static void *handle_ssl_connection( void *data )
mbedtls_ssl_context ssl;
/* Make sure memory references are valid */
mbedtls_ssl_init( &ssl );
mbedtls_ssl_init(&ssl);
mbedtls_printf( " [ #%ld ] Setting up SSL/TLS data\n", thread_id );
mbedtls_printf(" [ #%ld ] Setting up SSL/TLS data\n", thread_id);
/*
* 4. Get the SSL context ready
*/
if( ( ret = mbedtls_ssl_setup( &ssl, thread_info->config ) ) != 0 )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
thread_id, ( unsigned int ) -ret );
if ((ret = mbedtls_ssl_setup(&ssl, thread_info->config)) != 0) {
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
thread_id, (unsigned int) -ret);
goto thread_exit;
}
mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_set_bio(&ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
/*
* 5. Handshake
*/
mbedtls_printf( " [ #%ld ] Performing the SSL/TLS handshake\n", thread_id );
mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
thread_id, ( unsigned int ) -ret );
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
thread_id, (unsigned int) -ret);
goto thread_exit;
}
}
mbedtls_printf( " [ #%ld ] ok\n", thread_id );
mbedtls_printf(" [ #%ld ] ok\n", thread_id);
/*
* 6. Read the HTTP Request
*/
mbedtls_printf( " [ #%ld ] < Read from client\n", thread_id );
mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
}
if( ret <= 0 )
{
switch( ret )
{
if (ret <= 0) {
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " [ #%ld ] connection was closed gracefully\n",
thread_id );
mbedtls_printf(" [ #%ld ] connection was closed gracefully\n",
thread_id);
goto thread_exit;
case MBEDTLS_ERR_NET_CONN_RESET:
mbedtls_printf( " [ #%ld ] connection was reset by peer\n",
thread_id );
mbedtls_printf(" [ #%ld ] connection was reset by peer\n",
thread_id);
goto thread_exit;
default:
mbedtls_printf( " [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
thread_id, ( unsigned int ) -ret );
mbedtls_printf(" [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
thread_id, (unsigned int) -ret);
goto thread_exit;
}
}
len = ret;
mbedtls_printf( " [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
if( ret > 0 )
if (ret > 0) {
break;
}
while( 1 );
}
} while (1);
/*
* 7. Write the 200 Response
*/
mbedtls_printf( " [ #%ld ] > Write to client:\n", thread_id );
mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
len = sprintf( (char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite( &ssl ) );
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
{
mbedtls_printf( " [ #%ld ] failed: peer closed the connection\n",
thread_id );
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(" [ #%ld ] failed: peer closed the connection\n",
thread_id);
goto thread_exit;
}
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
thread_id, ( unsigned int ) ret );
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
thread_id, (unsigned int) ret);
goto thread_exit;
}
}
len = ret;
mbedtls_printf( " [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf);
mbedtls_printf( " [ #%ld ] . Closing the connection...", thread_id );
mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
thread_id, ( unsigned int ) ret );
while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
thread_id, (unsigned int) ret);
goto thread_exit;
}
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
ret = 0;
thread_exit:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
thread_id, ( unsigned int ) -ret, error_buf );
thread_id, (unsigned int) -ret, error_buf);
}
#endif
mbedtls_net_free( client_fd );
mbedtls_ssl_free( &ssl );
mbedtls_net_free(client_fd);
mbedtls_ssl_free(&ssl);
thread_info->thread_complete = 1;
return( NULL );
return NULL;
}
static int thread_create( mbedtls_net_context *client_fd )
static int thread_create(mbedtls_net_context *client_fd)
{
int ret, i;
/*
* Find in-active or finished thread slot
*/
for( i = 0; i < MAX_NUM_THREADS; i++ )
{
if( threads[i].active == 0 )
for (i = 0; i < MAX_NUM_THREADS; i++) {
if (threads[i].active == 0) {
break;
}
if( threads[i].data.thread_complete == 1 )
{
mbedtls_printf( " [ main ] Cleaning up thread %d\n", i );
pthread_join(threads[i].thread, NULL );
memset( &threads[i], 0, sizeof(pthread_info_t) );
if (threads[i].data.thread_complete == 1) {
mbedtls_printf(" [ main ] Cleaning up thread %d\n", i);
pthread_join(threads[i].thread, NULL);
memset(&threads[i], 0, sizeof(pthread_info_t));
break;
}
}
if( i == MAX_NUM_THREADS )
return( -1 );
if (i == MAX_NUM_THREADS) {
return -1;
}
/*
* Fill thread-info for thread
*/
memcpy( &threads[i].data, &base_info, sizeof(base_info) );
memcpy(&threads[i].data, &base_info, sizeof(base_info));
threads[i].active = 1;
memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
memcpy(&threads[i].data.client_fd, client_fd, sizeof(mbedtls_net_context));
if( ( ret = pthread_create( &threads[i].thread, NULL, handle_ssl_connection,
&threads[i].data ) ) != 0 )
{
return( ret );
if ((ret = pthread_create(&threads[i].thread, NULL, handle_ssl_connection,
&threads[i].data)) != 0) {
return ret;
}
return( 0 );
return 0;
}
int main( void )
int main(void)
{
int ret;
mbedtls_net_context listen_fd, client_fd;
@ -319,167 +307,157 @@ int main( void )
#endif
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof(alloc_buf) );
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
#endif
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
mbedtls_ssl_cache_init(&cache);
#endif
mbedtls_x509_crt_init( &srvcert );
mbedtls_x509_crt_init( &cachain );
mbedtls_x509_crt_init(&srvcert);
mbedtls_x509_crt_init(&cachain);
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( threads, 0, sizeof(threads) );
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(threads, 0, sizeof(threads));
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
mbedtls_mutex_init( &debug_mutex );
mbedtls_mutex_init(&debug_mutex);
base_info.config = &conf;
/*
* We use only a single entropy source that is used in all the threads.
*/
mbedtls_entropy_init( &entropy );
mbedtls_entropy_init(&entropy);
/*
* 1a. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
mbedtls_printf(" . Seeding the random number generator...");
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1b. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
mbedtls_printf("\n . Loading the server cert. and key...");
fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_x509_crt_parse( &cachain, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&cachain, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
mbedtls_pk_init(&pkey);
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1c. Prepare SSL configuration
*/
mbedtls_printf( " . Setting up the SSL data...." );
mbedtls_printf(" . Setting up the SSL data....");
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
( unsigned int ) -ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
(unsigned int) -ret);
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_mutexed_debug, stdout );
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
mbedtls_ssl_cache_set);
#endif
mbedtls_ssl_conf_ca_chain( &conf, &cachain, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
mbedtls_ssl_conf_ca_chain(&conf, &cachain, NULL);
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 2. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
mbedtls_printf(" . Bind on https://localhost:4433/ ...");
fflush(stdout);
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
reset:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf( " [ main ] Last error was: -0x%04x - %s\n", ( unsigned int ) -ret,
error_buf );
mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf(" [ main ] Last error was: -0x%04x - %s\n", (unsigned int) -ret,
error_buf);
}
#endif
/*
* 3. Wait until a client connects
*/
mbedtls_printf( " [ main ] Waiting for a remote connection\n" );
mbedtls_printf(" [ main ] Waiting for a remote connection\n");
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
( unsigned int ) ret );
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
mbedtls_printf(" [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
(unsigned int) ret);
goto exit;
}
mbedtls_printf( " [ main ] ok\n" );
mbedtls_printf( " [ main ] Creating a new thread\n" );
mbedtls_printf(" [ main ] ok\n");
mbedtls_printf(" [ main ] Creating a new thread\n");
if( ( ret = thread_create( &client_fd ) ) != 0 )
{
mbedtls_printf( " [ main ] failed: thread_create returned %d\n", ret );
mbedtls_net_free( &client_fd );
if ((ret = thread_create(&client_fd)) != 0) {
mbedtls_printf(" [ main ] failed: thread_create returned %d\n", ret);
mbedtls_net_free(&client_fd);
goto reset;
}
@ -487,24 +465,24 @@ reset:
goto reset;
exit:
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
mbedtls_ssl_cache_free(&cache);
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_config_free(&conf);
mbedtls_net_free( &listen_fd );
mbedtls_net_free(&listen_fd);
mbedtls_mutex_free( &debug_mutex );
mbedtls_mutex_free(&debug_mutex);
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
mbedtls_exit( ret );
mbedtls_exit(ret);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&

282
programs/ssl/ssl_server.c
View File

@ -26,14 +26,14 @@
!defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit( 0 );
"and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
"and/or MBEDTLS_PEM_PARSE_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -65,17 +65,17 @@ int main( void )
#define DEBUG_LEVEL 0
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
fflush((FILE *) ctx);
}
int main( void )
int main(void)
{
int ret, len;
mbedtls_net_context listen_fd, client_fd;
@ -92,206 +92,192 @@ int main( void )
mbedtls_ssl_cache_context cache;
#endif
mbedtls_net_init( &listen_fd );
mbedtls_net_init( &client_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_net_init(&listen_fd);
mbedtls_net_init(&client_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
mbedtls_ssl_cache_init(&cache);
#endif
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( DEBUG_LEVEL );
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
/*
* 1. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 2. Load the certificates and private RSA key
*/
mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout );
mbedtls_printf("\n . Loading the server cert. and key...");
fflush(stdout);
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
* server and CA certificates, as well as mbedtls_pk_parse_keyfile().
*/
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
goto exit;
}
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 3. Setup the listening TCP socket
*/
mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout );
mbedtls_printf(" . Bind on https://localhost:4433/ ...");
fflush(stdout);
if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 4. Setup stuff
*/
mbedtls_printf( " . Setting up the SSL data...." );
fflush( stdout );
mbedtls_printf(" . Setting up the SSL data....");
fflush(stdout);
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache,
mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set );
mbedtls_ssl_cache_set);
#endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
goto exit;
}
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
reset:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
mbedtls_net_free( &client_fd );
mbedtls_net_free(&client_fd);
mbedtls_ssl_session_reset( &ssl );
mbedtls_ssl_session_reset(&ssl);
/*
* 3. Wait until a client connects
*/
mbedtls_printf( " . Waiting for a remote connection ..." );
fflush( stdout );
mbedtls_printf(" . Waiting for a remote connection ...");
fflush(stdout);
if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
NULL, 0, NULL ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
NULL, 0, NULL)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 5. Handshake
*/
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
fflush( stdout );
mbedtls_printf(" . Performing the SSL/TLS handshake...");
fflush(stdout);
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
goto reset;
}
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 6. Read the HTTP Request
*/
mbedtls_printf( " < Read from client:" );
fflush( stdout );
mbedtls_printf(" < Read from client:");
fflush(stdout);
do
{
len = sizeof( buf ) - 1;
memset( buf, 0, sizeof( buf ) );
ret = mbedtls_ssl_read( &ssl, buf, len );
do {
len = sizeof(buf) - 1;
memset(buf, 0, sizeof(buf));
ret = mbedtls_ssl_read(&ssl, buf, len);
if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
continue;
}
if( ret <= 0 )
{
switch( ret )
{
if (ret <= 0) {
switch (ret) {
case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
mbedtls_printf( " connection was closed gracefully\n" );
mbedtls_printf(" connection was closed gracefully\n");
break;
case MBEDTLS_ERR_NET_CONN_RESET:
mbedtls_printf( " connection was reset by peer\n" );
mbedtls_printf(" connection was reset by peer\n");
break;
default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret );
mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
break;
}
@ -299,53 +285,48 @@ reset:
}
len = ret;
mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
if( ret > 0 )
if (ret > 0) {
break;
}
while( 1 );
}
} while (1);
/*
* 7. Write the 200 Response
*/
mbedtls_printf( " > Write to client:" );
fflush( stdout );
mbedtls_printf(" > Write to client:");
fflush(stdout);
len = sprintf( (char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite( &ssl ) );
len = sprintf((char *) buf, HTTP_RESPONSE,
mbedtls_ssl_get_ciphersuite(&ssl));
while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 )
{
if( ret == MBEDTLS_ERR_NET_CONN_RESET )
{
mbedtls_printf( " failed\n ! peer closed the connection\n\n" );
while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
mbedtls_printf(" failed\n ! peer closed the connection\n\n");
goto reset;
}
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
goto exit;
}
}
len = ret;
mbedtls_printf( " %d bytes written\n\n%s\n", len, (char *) buf );
mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf);
mbedtls_printf( " . Closing the connection..." );
mbedtls_printf(" . Closing the connection...");
while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret );
while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret);
goto reset;
}
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
ret = 0;
goto reset;
@ -353,28 +334,27 @@ reset:
exit:
#ifdef MBEDTLS_ERROR_C
if( ret != 0 )
{
if (ret != 0) {
char error_buf[100];
mbedtls_strerror( ret, error_buf, 100 );
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );
mbedtls_strerror(ret, error_buf, 100);
mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
}
#endif
mbedtls_net_free( &client_fd );
mbedtls_net_free( &listen_fd );
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
mbedtls_x509_crt_free( &srvcert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
mbedtls_ssl_cache_free(&cache);
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( ret );
mbedtls_exit(ret);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&

3550
programs/ssl/ssl_server2.c
View File

File diff suppressed because it is too large Load Diff

299
programs/ssl/ssl_test_common_source.c
View File

@ -24,174 +24,176 @@
* limitations under the License.
*/
void eap_tls_key_derivation( void *p_expkey,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
void eap_tls_key_derivation(void *p_expkey,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type)
{
eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
eap_tls_keys *keys = (eap_tls_keys *) p_expkey;
/* We're only interested in the TLS 1.2 master secret */
if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
return;
if( secret_len != sizeof( keys->master_secret ) )
}
if (secret_len != sizeof(keys->master_secret)) {
return;
}
memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
memcpy( keys->randbytes, client_random, 32 );
memcpy( keys->randbytes + 32, server_random, 32 );
memcpy(keys->master_secret, secret, sizeof(keys->master_secret));
memcpy(keys->randbytes, client_random, 32);
memcpy(keys->randbytes + 32, server_random, 32);
keys->tls_prf_type = tls_prf_type;
}
void nss_keylog_export( void *p_expkey,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
void nss_keylog_export(void *p_expkey,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type)
{
char nss_keylog_line[ 200 ];
char nss_keylog_line[200];
size_t const client_random_len = 32;
size_t len = 0;
size_t j;
/* We're only interested in the TLS 1.2 master secret */
if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
return;
}
((void) p_expkey);
((void) server_random);
((void) tls_prf_type);
len += sprintf( nss_keylog_line + len,
"%s", "CLIENT_RANDOM " );
len += sprintf(nss_keylog_line + len,
"%s", "CLIENT_RANDOM ");
for( j = 0; j < client_random_len; j++ )
{
len += sprintf( nss_keylog_line + len,
"%02x", client_random[j] );
for (j = 0; j < client_random_len; j++) {
len += sprintf(nss_keylog_line + len,
"%02x", client_random[j]);
}
len += sprintf( nss_keylog_line + len, " " );
len += sprintf(nss_keylog_line + len, " ");
for( j = 0; j < secret_len; j++ )
{
len += sprintf( nss_keylog_line + len,
"%02x", secret[j] );
for (j = 0; j < secret_len; j++) {
len += sprintf(nss_keylog_line + len,
"%02x", secret[j]);
}
len += sprintf( nss_keylog_line + len, "\n" );
nss_keylog_line[ len ] = '\0';
len += sprintf(nss_keylog_line + len, "\n");
nss_keylog_line[len] = '\0';
mbedtls_printf( "\n" );
mbedtls_printf( "---------------- NSS KEYLOG -----------------\n" );
mbedtls_printf( "%s", nss_keylog_line );
mbedtls_printf( "---------------------------------------------\n" );
mbedtls_printf("\n");
mbedtls_printf("---------------- NSS KEYLOG -----------------\n");
mbedtls_printf("%s", nss_keylog_line);
mbedtls_printf("---------------------------------------------\n");
if( opt.nss_keylog_file != NULL )
{
if (opt.nss_keylog_file != NULL) {
FILE *f;
if( ( f = fopen( opt.nss_keylog_file, "a" ) ) == NULL )
{
if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) {
goto exit;
}
/* Ensure no stdio buffering of secrets, as such buffers cannot be
* wiped. */
mbedtls_setbuf( f, NULL );
mbedtls_setbuf(f, NULL);
if( fwrite( nss_keylog_line, 1, len, f ) != len )
{
fclose( f );
if (fwrite(nss_keylog_line, 1, len, f) != len) {
fclose(f);
goto exit;
}
fclose( f );
fclose(f);
}
exit:
mbedtls_platform_zeroize( nss_keylog_line,
sizeof( nss_keylog_line ) );
mbedtls_platform_zeroize(nss_keylog_line,
sizeof(nss_keylog_line));
}
#if defined( MBEDTLS_SSL_DTLS_SRTP )
void dtls_srtp_key_derivation( void *p_expkey,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type )
#if defined(MBEDTLS_SSL_DTLS_SRTP)
void dtls_srtp_key_derivation(void *p_expkey,
mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret,
size_t secret_len,
const unsigned char client_random[32],
const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type)
{
dtls_srtp_keys *keys = (dtls_srtp_keys *)p_expkey;
dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey;
/* We're only interested in the TLS 1.2 master secret */
if( secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET )
if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
return;
if( secret_len != sizeof( keys->master_secret ) )
}
if (secret_len != sizeof(keys->master_secret)) {
return;
}
memcpy( keys->master_secret, secret, sizeof( keys->master_secret ) );
memcpy( keys->randbytes, client_random, 32 );
memcpy( keys->randbytes + 32, server_random, 32 );
memcpy(keys->master_secret, secret, sizeof(keys->master_secret));
memcpy(keys->randbytes, client_random, 32);
memcpy(keys->randbytes + 32, server_random, 32);
keys->tls_prf_type = tls_prf_type;
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
int ssl_check_record( mbedtls_ssl_context const *ssl,
unsigned char const *buf, size_t len )
int ssl_check_record(mbedtls_ssl_context const *ssl,
unsigned char const *buf, size_t len)
{
int my_ret = 0, ret_cr1, ret_cr2;
unsigned char *tmp_buf;
/* Record checking may modify the input buffer,
* so make a copy. */
tmp_buf = mbedtls_calloc( 1, len );
if( tmp_buf == NULL )
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( tmp_buf, buf, len );
tmp_buf = mbedtls_calloc(1, len);
if (tmp_buf == NULL) {
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
memcpy(tmp_buf, buf, len);
ret_cr1 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
if( ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
{
ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
/* Test-only: Make sure that mbedtls_ssl_check_record()
* doesn't alter state. */
memcpy( tmp_buf, buf, len ); /* Restore buffer */
ret_cr2 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
if( ret_cr2 != ret_cr1 )
{
mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
memcpy(tmp_buf, buf, len); /* Restore buffer */
ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
if (ret_cr2 != ret_cr1) {
mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n");
my_ret = -1;
goto cleanup;
}
switch( ret_cr1 )
{
switch (ret_cr1) {
case 0:
break;
case MBEDTLS_ERR_SSL_INVALID_RECORD:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected invalid record.\n" );
if (opt.debug_level > 1) {
mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n");
}
break;
case MBEDTLS_ERR_SSL_INVALID_MAC:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected unauthentic record.\n" );
if (opt.debug_level > 1) {
mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n");
}
break;
case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
if( opt.debug_level > 1 )
mbedtls_printf( "mbedtls_ssl_check_record() detected unexpected record.\n" );
if (opt.debug_level > 1) {
mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n");
}
break;
default:
mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret_cr1 );
mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n",
(unsigned int) -ret_cr1);
my_ret = -1;
goto cleanup;
}
@ -200,69 +202,73 @@ int ssl_check_record( mbedtls_ssl_context const *ssl,
}
cleanup:
mbedtls_free( tmp_buf );
mbedtls_free(tmp_buf);
return( my_ret );
return my_ret;
}
int recv_cb( void *ctx, unsigned char *buf, size_t len )
int recv_cb(void *ctx, unsigned char *buf, size_t len)
{
io_ctx_t *io_ctx = (io_ctx_t*) ctx;
io_ctx_t *io_ctx = (io_ctx_t *) ctx;
size_t recv_len;
int ret;
if( opt.nbio == 2 )
ret = delayed_recv( io_ctx->net, buf, len );
else
ret = mbedtls_net_recv( io_ctx->net, buf, len );
if( ret < 0 )
return( ret );
if (opt.nbio == 2) {
ret = delayed_recv(io_ctx->net, buf, len);
} else {
ret = mbedtls_net_recv(io_ctx->net, buf, len);
}
if (ret < 0) {
return ret;
}
recv_len = (size_t) ret;
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Here's the place to do any datagram/record checking
* in between receiving the packet from the underlying
* transport and passing it on to the TLS stack. */
if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
return( -1 );
if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
return -1;
}
}
return( (int) recv_len );
return (int) recv_len;
}
int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout )
int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
uint32_t timeout)
{
io_ctx_t *io_ctx = (io_ctx_t*) ctx;
io_ctx_t *io_ctx = (io_ctx_t *) ctx;
int ret;
size_t recv_len;
ret = mbedtls_net_recv_timeout( io_ctx->net, buf, len, timeout );
if( ret < 0 )
return( ret );
ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout);
if (ret < 0) {
return ret;
}
recv_len = (size_t) ret;
if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
/* Here's the place to do any datagram/record checking
* in between receiving the packet from the underlying
* transport and passing it on to the TLS stack. */
if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 )
return( -1 );
if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
return -1;
}
}
return( (int) recv_len );
return (int) recv_len;
}
int send_cb( void *ctx, unsigned char const *buf, size_t len )
int send_cb(void *ctx, unsigned char const *buf, size_t len)
{
io_ctx_t *io_ctx = (io_ctx_t*) ctx;
io_ctx_t *io_ctx = (io_ctx_t *) ctx;
if( opt.nbio == 2 )
return( delayed_send( io_ctx->net, buf, len ) );
if (opt.nbio == 2) {
return delayed_send(io_ctx->net, buf, len);
}
return( mbedtls_net_send( io_ctx->net, buf, len ) );
return mbedtls_net_send(io_ctx->net, buf, len);
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -276,46 +282,46 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len )
* for its signature in the key exchange message. As Mbed TLS 1.2 does not
* support them, the handshake fails.
*/
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
(( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \
( 0x800 | hash ),
#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \
((hash << 8) | MBEDTLS_SSL_SIG_RSA), \
(0x800 | hash),
#else
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA), \
(( hash << 8 ) | MBEDTLS_SSL_SIG_RSA),
#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \
((hash << 8) | MBEDTLS_SSL_SIG_RSA),
#endif
#elif defined(MBEDTLS_ECDSA_C)
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_ECDSA),
#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA),
#elif defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
/* See above */
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA), \
( 0x800 | hash ),
#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \
(0x800 | hash),
#else
#define MBEDTLS_SSL_SIG_ALG( hash ) (( hash << 8 ) | MBEDTLS_SSL_SIG_RSA),
#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA),
#endif
#else
#define MBEDTLS_SSL_SIG_ALG( hash )
#define MBEDTLS_SSL_SIG_ALG(hash)
#endif
uint16_t ssl_sig_algs_for_test[] = {
#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512)
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384)
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256)
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224)
#endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
/* Allow SHA-1 as we use it extensively in tests. */
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1)
#endif
MBEDTLS_TLS1_3_SIG_NONE
};
@ -325,21 +331,21 @@ uint16_t ssl_sig_algs_for_test[] = {
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
* for more info.
*/
int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
uint32_t flags )
int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
uint32_t flags)
{
#if !defined(MBEDTLS_X509_REMOVE_INFO)
return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) );
return mbedtls_x509_crt_verify_info(buf, size, prefix, flags);
#else /* !MBEDTLS_X509_REMOVE_INFO */
int ret;
char *p = buf;
size_t n = size;
#define X509_CRT_ERROR_INFO( err, err_str, info ) \
if( ( flags & err ) != 0 ) \
#define X509_CRT_ERROR_INFO(err, err_str, info) \
if ((flags & err) != 0) \
{ \
ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, info ); \
ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \
MBEDTLS_X509_SAFE_SNPRINTF; \
flags ^= err; \
}
@ -347,21 +353,20 @@ int x509_crt_verify_info( char *buf, size_t size, const char *prefix,
MBEDTLS_X509_CRT_ERROR_INFO_LIST
#undef X509_CRT_ERROR_INFO
if( flags != 0 )
{
ret = mbedtls_snprintf( p, n, "%sUnknown reason "
"(this should not happen)\n", prefix );
if (flags != 0) {
ret = mbedtls_snprintf(p, n, "%sUnknown reason "
"(this should not happen)\n", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
}
return( (int) ( size - n ) );
return (int) (size - n);
#endif /* MBEDTLS_X509_REMOVE_INFO */
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_print_supported_sig_algs( void )
void mbedtls_print_supported_sig_algs(void)
{
mbedtls_printf( "supported signature algorithms:\n" );
mbedtls_printf("supported signature algorithms:\n");
mbedtls_printf("\trsa_pkcs1_sha256 ");
mbedtls_printf("rsa_pkcs1_sha384 ");
mbedtls_printf("rsa_pkcs1_sha512\n");
@ -378,5 +383,5 @@ void mbedtls_print_supported_sig_algs( void )
mbedtls_printf("ed448 ");
mbedtls_printf("rsa_pkcs1_sha1 ");
mbedtls_printf("ecdsa_sha1\n");
mbedtls_printf( "\n" );
mbedtls_printf("\n");
}

367
programs/ssl/ssl_test_lib.c
View File

@ -30,24 +30,26 @@
#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
const char *p, *basename;
/* Extract basename from file */
for( p = basename = file; *p != '\0'; p++ )
if( *p == '/' || *p == '\\' )
for (p = basename = file; *p != '\0'; p++) {
if (*p == '/' || *p == '\\') {
basename = p + 1;
}
}
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s",
basename, line, level, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
basename, line, level, str);
fflush((FILE *) ctx);
}
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
{
(void) time;
return 0x5af2a056;
@ -55,74 +57,72 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
#endif
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
static int dummy_entropy( void *data, unsigned char *output, size_t len )
static int dummy_entropy(void *data, unsigned char *output, size_t len)
{
size_t i;
int ret;
(void) data;
ret = mbedtls_entropy_func( data, output, len );
for( i = 0; i < len; i++ )
{
ret = mbedtls_entropy_func(data, output, len);
for (i = 0; i < len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( ret );
return ret;
}
#endif
void rng_init( rng_context_t *rng )
void rng_init(rng_context_t *rng)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) rng;
psa_crypto_init( );
psa_crypto_init();
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init( &rng->drbg );
mbedtls_ctr_drbg_init(&rng->drbg);
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_init( &rng->drbg );
mbedtls_hmac_drbg_init(&rng->drbg);
#else
#error "No DRBG available"
#endif
mbedtls_entropy_init( &rng->entropy );
mbedtls_entropy_init(&rng->entropy);
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( reproducible )
{
mbedtls_fprintf( stderr,
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n" );
return( -1 );
if (reproducible) {
mbedtls_fprintf(stderr,
"MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
return -1;
}
#endif
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
/* The PSA crypto RNG does its own seeding. */
(void) rng;
(void) pers;
if( reproducible )
{
mbedtls_fprintf( stderr,
"The PSA RNG does not support reproducible mode.\n" );
return( -1 );
if (reproducible) {
mbedtls_fprintf(stderr,
"The PSA RNG does not support reproducible mode.\n");
return -1;
}
return( 0 );
return 0;
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
int ( *f_entropy )( void *, unsigned char *, size_t ) =
( reproducible ? dummy_entropy : mbedtls_entropy_func );
int (*f_entropy)(void *, unsigned char *, size_t) =
(reproducible ? dummy_entropy : mbedtls_entropy_func);
if ( reproducible )
srand( 1 );
if (reproducible) {
srand(1);
}
#if defined(MBEDTLS_CTR_DRBG_C)
int ret = mbedtls_ctr_drbg_seed( &rng->drbg,
f_entropy, &rng->entropy,
(const unsigned char *) pers,
strlen( pers ) );
int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
f_entropy, &rng->entropy,
(const unsigned char *) pers,
strlen(pers));
#elif defined(MBEDTLS_HMAC_DRBG_C)
#if defined(MBEDTLS_SHA256_C)
const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
@ -131,61 +131,60 @@ int rng_seed( rng_context_t *rng, int reproducible, const char *pers )
#else
#error "No message digest available for HMAC_DRBG"
#endif
int ret = mbedtls_hmac_drbg_seed( &rng->drbg,
mbedtls_md_info_from_type( md_type ),
f_entropy, &rng->entropy,
(const unsigned char *) pers,
strlen( pers ) );
int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
mbedtls_md_info_from_type(md_type),
f_entropy, &rng->entropy,
(const unsigned char *) pers,
strlen(pers));
#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
#error "No DRBG available"
#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
(unsigned int) -ret );
return( ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
(unsigned int) -ret);
return ret;
}
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
return( 0 );
return 0;
}
void rng_free( rng_context_t *rng )
void rng_free(rng_context_t *rng)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) rng;
/* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
* This is ok because none of our applications try to do any crypto after
* deinitializing the RNG. */
mbedtls_psa_crypto_free( );
mbedtls_psa_crypto_free();
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free( &rng->drbg );
mbedtls_ctr_drbg_free(&rng->drbg);
#elif defined(MBEDTLS_HMAC_DRBG_C)
mbedtls_hmac_drbg_free( &rng->drbg );
mbedtls_hmac_drbg_free(&rng->drbg);
#else
#error "No DRBG available"
#endif
mbedtls_entropy_free( &rng->entropy );
mbedtls_entropy_free(&rng->entropy);
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
int rng_get( void *p_rng, unsigned char *output, size_t output_len )
int rng_get(void *p_rng, unsigned char *output, size_t output_len)
{
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
(void) p_rng;
return( mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
output, output_len ) );
return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, output_len);
#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
rng_context_t *rng = p_rng;
#if defined(MBEDTLS_CTR_DRBG_C)
return( mbedtls_ctr_drbg_random( &rng->drbg, output, output_len ) );
return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
#elif defined(MBEDTLS_HMAC_DRBG_C)
return( mbedtls_hmac_drbg_random( &rng->drbg, output, output_len ) );
return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
#else
#error "No DRBG available"
#endif
@ -193,116 +192,93 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len )
#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
}
int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 )
int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
{
char* separator;
if( ( separator = strchr( arg, ',' ) ) == NULL )
char *separator;
if ((separator = strchr(arg, ',')) == NULL) {
return 1;
}
*separator = '\0';
*alg1 = arg;
*alg2 = separator + 1;
if( strcmp( *alg1, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg1, "rsa-decrypt" ) != 0 &&
strcmp( *alg1, "ecdsa-sign" ) != 0 &&
strcmp( *alg1, "ecdh" ) != 0 )
if (strcmp(*alg1, "rsa-sign-pkcs1") != 0 &&
strcmp(*alg1, "rsa-sign-pss") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
strcmp(*alg1, "rsa-decrypt") != 0 &&
strcmp(*alg1, "ecdsa-sign") != 0 &&
strcmp(*alg1, "ecdh") != 0) {
return 1;
}
if( strcmp( *alg2, "rsa-sign-pkcs1" ) != 0 &&
strcmp( *alg2, "rsa-sign-pss" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha256" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha384" ) != 0 &&
strcmp( *alg1, "rsa-sign-pss-sha512" ) != 0 &&
strcmp( *alg2, "rsa-decrypt" ) != 0 &&
strcmp( *alg2, "ecdsa-sign" ) != 0 &&
strcmp( *alg2, "ecdh" ) != 0 &&
strcmp( *alg2, "none" ) != 0 )
if (strcmp(*alg2, "rsa-sign-pkcs1") != 0 &&
strcmp(*alg2, "rsa-sign-pss") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
strcmp(*alg2, "rsa-decrypt") != 0 &&
strcmp(*alg2, "ecdsa-sign") != 0 &&
strcmp(*alg2, "ecdh") != 0 &&
strcmp(*alg2, "none") != 0) {
return 1;
}
return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage,
mbedtls_pk_type_t key_type )
int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage,
mbedtls_pk_type_t key_type)
{
if( strcmp( alg1, "none" ) != 0 )
{
const char * algs[] = { alg1, alg2 };
if (strcmp(alg1, "none") != 0) {
const char *algs[] = { alg1, alg2 };
psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
for ( int i = 0; i < 2; i++ )
{
if( strcmp( algs[i], "rsa-sign-pkcs1" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
for (int i = 0; i < 2; i++) {
if (strcmp(algs[i], "rsa-sign-pkcs1") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
} else if (strcmp(algs[i], "rsa-sign-pss") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha256" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
} else if (strcmp(algs[i], "rsa-sign-pss-sha256") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha384" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
} else if (strcmp(algs[i], "rsa-sign-pss-sha384") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_384);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-sign-pss-sha512" ) == 0 )
{
*psa_algs[i] = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
} else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "rsa-decrypt" ) == 0 )
{
} else if (strcmp(algs[i], "rsa-decrypt") == 0) {
*psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
*usage |= PSA_KEY_USAGE_DECRYPT;
}
else if( strcmp( algs[i], "ecdsa-sign" ) == 0 )
{
*psa_algs[i] = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
} else if (strcmp(algs[i], "ecdsa-sign") == 0) {
*psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
*usage |= PSA_KEY_USAGE_SIGN_HASH;
}
else if( strcmp( algs[i], "ecdh" ) == 0 )
{
} else if (strcmp(algs[i], "ecdh") == 0) {
*psa_algs[i] = PSA_ALG_ECDH;
*usage |= PSA_KEY_USAGE_DERIVE;
}
else if( strcmp( algs[i], "none" ) == 0 )
{
} else if (strcmp(algs[i], "none") == 0) {
*psa_algs[i] = PSA_ALG_NONE;
}
}
}
else
{
if( key_type == MBEDTLS_PK_ECKEY )
{
*psa_alg1 = PSA_ALG_ECDSA( PSA_ALG_ANY_HASH );
} else {
if (key_type == MBEDTLS_PK_ECKEY) {
*psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
*psa_alg2 = PSA_ALG_ECDH;
*usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
}
else if( key_type == MBEDTLS_PK_RSA )
{
*psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH );
*psa_alg2 = PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH );
} else if (key_type == MBEDTLS_PK_RSA) {
*psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
*psa_alg2 = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
*usage = PSA_KEY_USAGE_SIGN_HASH;
}
else
{
} else {
return 1;
}
}
@ -312,8 +288,8 @@ int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates )
int ca_callback(void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates)
{
int ret = 0;
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
@ -329,25 +305,21 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
* and parent `Subject` field or matching key identifiers. */
((void) child);
first = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
if( first == NULL )
{
first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
if (first == NULL) {
ret = -1;
goto exit;
}
mbedtls_x509_crt_init( first );
mbedtls_x509_crt_init(first);
if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
{
if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
ret = -1;
goto exit;
}
while( ca->next != NULL )
{
while (ca->next != NULL) {
ca = ca->next;
if( mbedtls_x509_crt_parse_der( first, ca->raw.p, ca->raw.len ) != 0 )
{
if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
ret = -1;
goto exit;
}
@ -355,122 +327,123 @@ int ca_callback( void *data, mbedtls_x509_crt const *child,
exit:
if( ret != 0 )
{
mbedtls_x509_crt_free( first );
mbedtls_free( first );
if (ret != 0) {
mbedtls_x509_crt_free(first);
mbedtls_free(first);
first = NULL;
}
*candidates = first;
return( ret );
return ret;
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
int delayed_recv( void *ctx, unsigned char *buf, size_t len )
int delayed_recv(void *ctx, unsigned char *buf, size_t len)
{
static int first_try = 1;
int ret;
if( first_try )
{
if (first_try) {
first_try = 0;
return( MBEDTLS_ERR_SSL_WANT_READ );
return MBEDTLS_ERR_SSL_WANT_READ;
}
ret = mbedtls_net_recv( ctx, buf, len );
if( ret != MBEDTLS_ERR_SSL_WANT_READ )
ret = mbedtls_net_recv(ctx, buf, len);
if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
first_try = 1; /* Next call will be a new operation */
return( ret );
}
return ret;
}
int delayed_send( void *ctx, const unsigned char *buf, size_t len )
int delayed_send(void *ctx, const unsigned char *buf, size_t len)
{
static int first_try = 1;
int ret;
if( first_try )
{
if (first_try) {
first_try = 0;
return( MBEDTLS_ERR_SSL_WANT_WRITE );
return MBEDTLS_ERR_SSL_WANT_WRITE;
}
ret = mbedtls_net_send( ctx, buf, len );
if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
ret = mbedtls_net_send(ctx, buf, len);
if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
first_try = 1; /* Next call will be a new operation */
return( ret );
}
return ret;
}
#if !defined(MBEDTLS_TIMING_C)
int idle( mbedtls_net_context *fd,
int idle_reason )
int idle(mbedtls_net_context *fd,
int idle_reason)
#else
int idle( mbedtls_net_context *fd,
mbedtls_timing_delay_context *timer,
int idle_reason )
int idle(mbedtls_net_context *fd,
mbedtls_timing_delay_context *timer,
int idle_reason)
#endif
{
int ret;
int poll_type = 0;
if( idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE )
if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
poll_type = MBEDTLS_NET_POLL_WRITE;
else if( idle_reason == MBEDTLS_ERR_SSL_WANT_READ )
} else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
poll_type = MBEDTLS_NET_POLL_READ;
}
#if !defined(MBEDTLS_TIMING_C)
else
return( 0 );
else {
return 0;
}
#endif
while( 1 )
{
while (1) {
/* Check if timer has expired */
#if defined(MBEDTLS_TIMING_C)
if( timer != NULL &&
mbedtls_timing_get_delay( timer ) == 2 )
{
if (timer != NULL &&
mbedtls_timing_get_delay(timer) == 2) {
break;
}
#endif /* MBEDTLS_TIMING_C */
/* Check if underlying transport became available */
if( poll_type != 0 )
{
ret = mbedtls_net_poll( fd, poll_type, 0 );
if( ret < 0 )
return( ret );
if( ret == poll_type )
if (poll_type != 0) {
ret = mbedtls_net_poll(fd, poll_type, 0);
if (ret < 0) {
return ret;
}
if (ret == poll_type) {
break;
}
}
}
return( 0 );
return 0;
}
#if defined(MBEDTLS_TEST_HOOKS)
void test_hooks_init( void )
void test_hooks_init(void)
{
mbedtls_test_info_reset( );
mbedtls_test_info_reset();
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
mbedtls_test_mutex_usage_init( );
mbedtls_test_mutex_usage_init();
#endif
}
int test_hooks_failure_detected( void )
int test_hooks_failure_detected(void)
{
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
/* Errors are reported via mbedtls_test_info. */
mbedtls_test_mutex_usage_check( );
mbedtls_test_mutex_usage_check();
#endif
if( mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS )
return( 1 );
return( 0 );
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
return 1;
}
return 0;
}
void test_hooks_free( void )
void test_hooks_free(void)
{
}

68
programs/ssl/ssl_test_lib.h
View File

@ -26,13 +26,13 @@
#undef HAVE_RNG
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
( defined(MBEDTLS_USE_PSA_CRYPTO) || \
defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) )
(defined(MBEDTLS_USE_PSA_CRYPTO) || \
defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#define HAVE_RNG
#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \
( defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C) )
(defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA512_C))
#define HAVE_RNG
#endif
@ -79,14 +79,13 @@
#include "../test/query_config.h"
typedef struct eap_tls_keys
{
typedef struct eap_tls_keys {
unsigned char master_secret[48];
unsigned char randbytes[64];
mbedtls_tls_prf_types tls_prf_type;
} eap_tls_keys;
#if defined( MBEDTLS_SSL_DTLS_SRTP )
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/* Supported SRTP mode needs a maximum of :
* - 16 bytes for key (AES-128)
@ -95,8 +94,7 @@ typedef struct eap_tls_keys
*/
#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
typedef struct dtls_srtp_keys
{
typedef struct dtls_srtp_keys {
unsigned char master_secret[48];
unsigned char randbytes[64];
mbedtls_tls_prf_types tls_prf_type;
@ -104,18 +102,17 @@ typedef struct dtls_srtp_keys
#endif /* MBEDTLS_SSL_DTLS_SRTP */
typedef struct
{
typedef struct {
mbedtls_ssl_context *ssl;
mbedtls_net_context *net;
} io_ctx_t;
void my_debug( void *ctx, int level,
const char *file, int line,
const char *str );
void my_debug(void *ctx, int level,
const char *file, int line,
const char *str);
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
@ -145,8 +142,7 @@ mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
/** A context for random number generation (RNG).
*/
typedef struct
{
typedef struct {
#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
unsigned char dummy;
#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
@ -166,7 +162,7 @@ typedef struct
* This function only initializes the memory used by the RNG context.
* Before using the RNG, it must be seeded with rng_seed().
*/
void rng_init( rng_context_t *rng );
void rng_init(rng_context_t *rng);
/* Seed the random number generator.
*
@ -182,14 +178,14 @@ void rng_init( rng_context_t *rng );
*
* return 0 on success, a negative value on error.
*/
int rng_seed( rng_context_t *rng, int reproducible, const char *pers );
int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
/** Deinitialize the RNG. Free any embedded resource.
*
* \param rng The RNG context to deinitialize. It must have been
* initialized with rng_init().
*/
void rng_free( rng_context_t *rng );
void rng_free(rng_context_t *rng);
/** Generate random data.
*
@ -204,7 +200,7 @@ void rng_free( rng_context_t *rng );
* \return \c 0 on success.
* \return An Mbed TLS error code on error.
*/
int rng_get( void *p_rng, unsigned char *output, size_t output_len );
int rng_get(void *p_rng, unsigned char *output, size_t output_len);
/** Parse command-line option: key_opaque_algs
*
@ -223,7 +219,7 @@ int rng_get( void *p_rng, unsigned char *output, size_t output_len );
* \return \c 0 on success.
* \return \c 1 on parse failure.
*/
int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2 );
int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/** Parse given opaque key algorithms to obtain psa algs and usage
@ -241,11 +237,11 @@ int key_opaque_alg_parse( const char *arg, const char **alg1, const char **alg2
* \return \c 0 on success.
* \return \c 1 on parse failure.
*/
int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage,
mbedtls_pk_type_t key_type );
int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
psa_algorithm_t *psa_alg1,
psa_algorithm_t *psa_alg2,
psa_key_usage_t *usage,
mbedtls_pk_type_t key_type);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
@ -257,31 +253,31 @@ int key_opaque_set_alg_usage( const char *alg1, const char *alg2,
#endif
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
int ca_callback( void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates );
int ca_callback(void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates);
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
/*
* Test recv/send functions that make sure each try returns
* WANT_READ/WANT_WRITE at least once before succeeding
*/
int delayed_recv( void *ctx, unsigned char *buf, size_t len );
int delayed_send( void *ctx, const unsigned char *buf, size_t len );
int delayed_recv(void *ctx, unsigned char *buf, size_t len);
int delayed_send(void *ctx, const unsigned char *buf, size_t len);
/*
* Wait for an event from the underlying transport or the timer
* (Used in event-driven IO mode).
*/
int idle( mbedtls_net_context *fd,
int idle(mbedtls_net_context *fd,
#if defined(MBEDTLS_TIMING_C)
mbedtls_timing_delay_context *timer,
mbedtls_timing_delay_context *timer,
#endif
int idle_reason );
int idle_reason);
#if defined(MBEDTLS_TEST_HOOKS)
/** Initialize whatever test hooks are enabled by the compile-time
* configuration and make sense for the TLS test programs. */
void test_hooks_init( void );
void test_hooks_init(void);
/** Check if any test hooks detected a problem.
*
@ -299,14 +295,14 @@ void test_hooks_init( void );
* \return Nonzero if a problem was detected.
* \c 0 if no problem was detected.
*/
int test_hooks_failure_detected( void );
int test_hooks_failure_detected(void);
/** Free any resources allocated for the sake of test hooks.
*
* Call this at the end of the program so that resource leak analyzers
* don't complain.
*/
void test_hooks_free( void );
void test_hooks_free(void);
#endif /* !MBEDTLS_TEST_HOOKS */

1129
programs/test/benchmark.c
View File

File diff suppressed because it is too large Load Diff

6
programs/test/cmake_package/cmake_package.c
View File

@ -31,9 +31,9 @@ int main()
/* This version string is 18 bytes long, as advised by version.h. */
char version[18];
mbedtls_version_get_string_full( version );
mbedtls_version_get_string_full(version);
mbedtls_printf( "Built against %s\n", version );
mbedtls_printf("Built against %s\n", version);
return( 0 );
return 0;
}

6
programs/test/cmake_package_install/cmake_package_install.c
View File

@ -32,9 +32,9 @@ int main()
/* This version string is 18 bytes long, as advised by version.h. */
char version[18];
mbedtls_version_get_string_full( version );
mbedtls_version_get_string_full(version);
mbedtls_printf( "Built against %s\n", version );
mbedtls_printf("Built against %s\n", version);
return( 0 );
return 0;
}

6
programs/test/cmake_subproject/cmake_subproject.c
View File

@ -32,9 +32,9 @@ int main()
/* This version string is 18 bytes long, as advised by version.h. */
char version[18];
mbedtls_version_get_string_full( version );
mbedtls_version_get_string_full(version);
mbedtls_printf( "Built against %s\n", version );
mbedtls_printf("Built against %s\n", version);
return( 0 );
return 0;
}

85
programs/test/dlopen.c
View File

@ -37,67 +37,68 @@
#include <dlfcn.h>
#define CHECK_DLERROR( function, argument ) \
#define CHECK_DLERROR(function, argument) \
do \
{ \
char *CHECK_DLERROR_error = dlerror ( ); \
if( CHECK_DLERROR_error != NULL ) \
char *CHECK_DLERROR_error = dlerror(); \
if (CHECK_DLERROR_error != NULL) \
{ \
fprintf( stderr, "Dynamic loading error for %s(%s): %s\n", \
function, argument, CHECK_DLERROR_error ); \
mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
fprintf(stderr, "Dynamic loading error for %s(%s): %s\n", \
function, argument, CHECK_DLERROR_error); \
mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
} \
while( 0 )
while (0)
int main( void )
int main(void)
{
#if defined(MBEDTLS_MD_C) || defined(MBEDTLS_SSL_TLS_C)
unsigned n;
#endif
#if defined(MBEDTLS_SSL_TLS_C)
void *tls_so = dlopen( TLS_SO_FILENAME, RTLD_NOW );
CHECK_DLERROR( "dlopen", TLS_SO_FILENAME );
const int *( *ssl_list_ciphersuites )( void ) =
dlsym( tls_so, "mbedtls_ssl_list_ciphersuites" );
CHECK_DLERROR( "dlsym", "mbedtls_ssl_list_ciphersuites" );
const int *ciphersuites = ssl_list_ciphersuites( );
for( n = 0; ciphersuites[n] != 0; n++ )
/* nothing to do, we're just counting */;
mbedtls_printf( "dlopen(%s): %u ciphersuites\n",
TLS_SO_FILENAME, n );
dlclose( tls_so );
CHECK_DLERROR( "dlclose", TLS_SO_FILENAME );
void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW);
CHECK_DLERROR("dlopen", TLS_SO_FILENAME);
const int *(*ssl_list_ciphersuites)(void) =
dlsym(tls_so, "mbedtls_ssl_list_ciphersuites");
CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites");
const int *ciphersuites = ssl_list_ciphersuites();
for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */
;
}
mbedtls_printf("dlopen(%s): %u ciphersuites\n",
TLS_SO_FILENAME, n);
dlclose(tls_so);
CHECK_DLERROR("dlclose", TLS_SO_FILENAME);
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void *x509_so = dlopen( X509_SO_FILENAME, RTLD_NOW );
CHECK_DLERROR( "dlopen", X509_SO_FILENAME );
void *x509_so = dlopen(X509_SO_FILENAME, RTLD_NOW);
CHECK_DLERROR("dlopen", X509_SO_FILENAME);
const mbedtls_x509_crt_profile *profile =
dlsym( x509_so, "mbedtls_x509_crt_profile_default" );
CHECK_DLERROR( "dlsym", "mbedtls_x509_crt_profile_default" );
mbedtls_printf( "dlopen(%s): Allowed md mask: %08x\n",
X509_SO_FILENAME, (unsigned) profile->allowed_mds );
dlclose( x509_so );
CHECK_DLERROR( "dlclose", X509_SO_FILENAME );
dlsym(x509_so, "mbedtls_x509_crt_profile_default");
CHECK_DLERROR("dlsym", "mbedtls_x509_crt_profile_default");
mbedtls_printf("dlopen(%s): Allowed md mask: %08x\n",
X509_SO_FILENAME, (unsigned) profile->allowed_mds);
dlclose(x509_so);
CHECK_DLERROR("dlclose", X509_SO_FILENAME);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_MD_C)
void *crypto_so = dlopen( CRYPTO_SO_FILENAME, RTLD_NOW );
CHECK_DLERROR( "dlopen", CRYPTO_SO_FILENAME );
const int *( *md_list )( void ) =
dlsym( crypto_so, "mbedtls_md_list" );
CHECK_DLERROR( "dlsym", "mbedtls_md_list" );
const int *mds = md_list( );
for( n = 0; mds[n] != 0; n++ )
/* nothing to do, we're just counting */;
mbedtls_printf( "dlopen(%s): %u hashes\n",
CRYPTO_SO_FILENAME, n );
dlclose( crypto_so );
CHECK_DLERROR( "dlclose", CRYPTO_SO_FILENAME );
void *crypto_so = dlopen(CRYPTO_SO_FILENAME, RTLD_NOW);
CHECK_DLERROR("dlopen", CRYPTO_SO_FILENAME);
const int *(*md_list)(void) =
dlsym(crypto_so, "mbedtls_md_list");
CHECK_DLERROR("dlsym", "mbedtls_md_list");
const int *mds = md_list();
for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */
;
}
mbedtls_printf("dlopen(%s): %u hashes\n",
CRYPTO_SO_FILENAME, n);
dlclose(crypto_so);
CHECK_DLERROR("dlclose", CRYPTO_SO_FILENAME);
#endif /* MBEDTLS_MD_C */
return( 0 );
return 0;
}

50
programs/test/query_compile_time_config.c
View File

@ -36,47 +36,43 @@
#include <string.h>
#include "query_config.h"
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int i;
if ( argc == 1 || strcmp( argv[1], "-h" ) == 0 )
{
mbedtls_printf( USAGE, argv[0] );
return( MBEDTLS_EXIT_FAILURE );
if (argc == 1 || strcmp(argv[1], "-h") == 0) {
mbedtls_printf(USAGE, argv[0]);
return MBEDTLS_EXIT_FAILURE;
}
if( strcmp( argv[1], "-l" ) == 0 )
{
if (strcmp(argv[1], "-l") == 0) {
list_config();
return( 0 );
return 0;
}
if( strcmp( argv[1], "-all" ) == 0 )
{
for( i = 2; i < argc; i++ )
{
if( query_config( argv[i] ) != 0 )
return( 1 );
if (strcmp(argv[1], "-all") == 0) {
for (i = 2; i < argc; i++) {
if (query_config(argv[i]) != 0) {
return 1;
}
}
return( 0 );
return 0;
}
if( strcmp( argv[1], "-any" ) == 0 )
{
for( i = 2; i < argc; i++ )
{
if( query_config( argv[i] ) == 0 )
return( 0 );
if (strcmp(argv[1], "-any") == 0) {
for (i = 2; i < argc; i++) {
if (query_config(argv[i]) == 0) {
return 0;
}
}
return( 1 );
return 1;
}
for( i = 1; i < argc; i++ )
{
if( query_config( argv[i] ) != 0 )
return( 1 );
for (i = 1; i < argc; i++) {
if (query_config(argv[i]) != 0) {
return 1;
}
}
return( 0 );
return 0;
}

4
programs/test/query_config.h
View File

@ -33,7 +33,7 @@
* which is automatically generated by
* `scripts/generate_query_config.pl`.
*/
int query_config( const char *config );
int query_config(const char *config);
/** List all enabled configuration symbols
*
@ -41,6 +41,6 @@ int query_config( const char *config );
* which is automatically generated by
* `scripts/generate_query_config.pl`.
*/
void list_config( void );
void list_config(void);
#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */

433
programs/test/selftest.c
View File

@ -65,106 +65,101 @@
/* Sanity check for malloc. This is not expected to fail, and is rather
* intended to display potentially useful information about the platform,
* in particular the behavior of malloc(0). */
static int calloc_self_test( int verbose )
static int calloc_self_test(int verbose)
{
int failures = 0;
void *empty1 = mbedtls_calloc( 0, 1 );
void *empty2 = mbedtls_calloc( 0, 1 );
void *buffer1 = mbedtls_calloc( 1, 1 );
void *buffer2 = mbedtls_calloc( 1, 1 );
void *empty1 = mbedtls_calloc(0, 1);
void *empty2 = mbedtls_calloc(0, 1);
void *buffer1 = mbedtls_calloc(1, 1);
void *buffer2 = mbedtls_calloc(1, 1);
if( empty1 == NULL && empty2 == NULL )
{
if( verbose )
mbedtls_printf( " CALLOC(0): passed (NULL)\n" );
}
else if( empty1 == NULL || empty2 == NULL )
{
if( verbose )
mbedtls_printf( " CALLOC(0): failed (mix of NULL and non-NULL)\n" );
if (empty1 == NULL && empty2 == NULL) {
if (verbose) {
mbedtls_printf(" CALLOC(0): passed (NULL)\n");
}
} else if (empty1 == NULL || empty2 == NULL) {
if (verbose) {
mbedtls_printf(" CALLOC(0): failed (mix of NULL and non-NULL)\n");
}
++failures;
}
else if( empty1 == empty2 )
{
if( verbose )
mbedtls_printf( " CALLOC(0): passed (same non-null)\n" );
}
else
{
if( verbose )
mbedtls_printf( " CALLOC(0): passed (distinct non-null)\n" );
} else if (empty1 == empty2) {
if (verbose) {
mbedtls_printf(" CALLOC(0): passed (same non-null)\n");
}
} else {
if (verbose) {
mbedtls_printf(" CALLOC(0): passed (distinct non-null)\n");
}
}
if( buffer1 == NULL || buffer2 == NULL )
{
if( verbose )
mbedtls_printf( " CALLOC(1): failed (NULL)\n" );
if (buffer1 == NULL || buffer2 == NULL) {
if (verbose) {
mbedtls_printf(" CALLOC(1): failed (NULL)\n");
}
++failures;
}
else if( buffer1 == buffer2 )
{
if( verbose )
mbedtls_printf( " CALLOC(1): failed (same buffer twice)\n" );
} else if (buffer1 == buffer2) {
if (verbose) {
mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n");
}
++failures;
}
else
{
if( verbose )
mbedtls_printf( " CALLOC(1): passed\n" );
} else {
if (verbose) {
mbedtls_printf(" CALLOC(1): passed\n");
}
}
mbedtls_free( buffer1 );
buffer1 = mbedtls_calloc( 1, 1 );
if( buffer1 == NULL )
{
if( verbose )
mbedtls_printf( " CALLOC(1 again): failed (NULL)\n" );
mbedtls_free(buffer1);
buffer1 = mbedtls_calloc(1, 1);
if (buffer1 == NULL) {
if (verbose) {
mbedtls_printf(" CALLOC(1 again): failed (NULL)\n");
}
++failures;
}
else
{
if( verbose )
mbedtls_printf( " CALLOC(1 again): passed\n" );
} else {
if (verbose) {
mbedtls_printf(" CALLOC(1 again): passed\n");
}
}
if( verbose )
mbedtls_printf( "\n" );
mbedtls_free( empty1 );
mbedtls_free( empty2 );
mbedtls_free( buffer1 );
mbedtls_free( buffer2 );
return( failures );
if (verbose) {
mbedtls_printf("\n");
}
mbedtls_free(empty1);
mbedtls_free(empty2);
mbedtls_free(buffer1);
mbedtls_free(buffer2);
return failures;
}
#endif /* MBEDTLS_SELF_TEST */
static int test_snprintf( size_t n, const char *ref_buf, int ref_ret )
static int test_snprintf(size_t n, const char *ref_buf, int ref_ret)
{
int ret;
char buf[10] = "xxxxxxxxx";
const char ref[10] = "xxxxxxxxx";
ret = mbedtls_snprintf( buf, n, "%s", "123" );
if( ret < 0 || (size_t) ret >= n )
ret = mbedtls_snprintf(buf, n, "%s", "123");
if (ret < 0 || (size_t) ret >= n) {
ret = -1;
if( strncmp( ref_buf, buf, sizeof( buf ) ) != 0 ||
ref_ret != ret ||
memcmp( buf + n, ref + n, sizeof( buf ) - n ) != 0 )
{
return( 1 );
}
return( 0 );
if (strncmp(ref_buf, buf, sizeof(buf)) != 0 ||
ref_ret != ret ||
memcmp(buf + n, ref + n, sizeof(buf) - n) != 0) {
return 1;
}
return 0;
}
static int run_test_snprintf( void )
static int run_test_snprintf(void)
{
return( test_snprintf( 0, "xxxxxxxxx", -1 ) != 0 ||
test_snprintf( 1, "", -1 ) != 0 ||
test_snprintf( 2, "1", -1 ) != 0 ||
test_snprintf( 3, "12", -1 ) != 0 ||
test_snprintf( 4, "123", 3 ) != 0 ||
test_snprintf( 5, "123", 3 ) != 0 );
return test_snprintf(0, "xxxxxxxxx", -1) != 0 ||
test_snprintf(1, "", -1) != 0 ||
test_snprintf(2, "1", -1) != 0 ||
test_snprintf(3, "12", -1) != 0 ||
test_snprintf(4, "123", 3) != 0 ||
test_snprintf(5, "123", 3) != 0;
}
/*
@ -174,7 +169,7 @@ static int run_test_snprintf( void )
*/
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C)
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
static void create_entropy_seed_file( void )
static void create_entropy_seed_file(void)
{
int result;
size_t output_len = 0;
@ -182,151 +177,152 @@ static void create_entropy_seed_file( void )
/* Attempt to read the entropy seed file. If this fails - attempt to write
* to the file to ensure one is present. */
result = mbedtls_platform_std_nv_seed_read( seed_value,
MBEDTLS_ENTROPY_BLOCK_SIZE );
if( 0 == result )
result = mbedtls_platform_std_nv_seed_read(seed_value,
MBEDTLS_ENTROPY_BLOCK_SIZE);
if (0 == result) {
return;
}
result = mbedtls_platform_entropy_poll( NULL,
seed_value,
MBEDTLS_ENTROPY_BLOCK_SIZE,
&output_len );
if( 0 != result )
result = mbedtls_platform_entropy_poll(NULL,
seed_value,
MBEDTLS_ENTROPY_BLOCK_SIZE,
&output_len);
if (0 != result) {
return;
}
if( MBEDTLS_ENTROPY_BLOCK_SIZE != output_len )
if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) {
return;
}
mbedtls_platform_std_nv_seed_write( seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE );
mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
}
#endif
int mbedtls_entropy_self_test_wrapper( int verbose )
int mbedtls_entropy_self_test_wrapper(int verbose)
{
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
create_entropy_seed_file( );
create_entropy_seed_file();
#endif
return( mbedtls_entropy_self_test( verbose ) );
return mbedtls_entropy_self_test(verbose);
}
#endif
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
int mbedtls_memory_buffer_alloc_free_and_self_test( int verbose )
int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose)
{
if( verbose != 0 )
{
if (verbose != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_memory_buffer_alloc_status( );
mbedtls_memory_buffer_alloc_status();
#endif
}
mbedtls_memory_buffer_alloc_free( );
return( mbedtls_memory_buffer_alloc_self_test( verbose ) );
mbedtls_memory_buffer_alloc_free();
return mbedtls_memory_buffer_alloc_self_test(verbose);
}
#endif
typedef struct
{
typedef struct {
const char *name;
int ( *function )( int );
int (*function)(int);
} selftest_t;
const selftest_t selftests[] =
{
{"calloc", calloc_self_test},
{ "calloc", calloc_self_test },
#if defined(MBEDTLS_MD5_C)
{"md5", mbedtls_md5_self_test},
{ "md5", mbedtls_md5_self_test },
#endif
#if defined(MBEDTLS_RIPEMD160_C)
{"ripemd160", mbedtls_ripemd160_self_test},
{ "ripemd160", mbedtls_ripemd160_self_test },
#endif
#if defined(MBEDTLS_SHA1_C)
{"sha1", mbedtls_sha1_self_test},
{ "sha1", mbedtls_sha1_self_test },
#endif
#if defined(MBEDTLS_SHA224_C)
{"sha224", mbedtls_sha224_self_test},
{ "sha224", mbedtls_sha224_self_test },
#endif
#if defined(MBEDTLS_SHA256_C)
{"sha256", mbedtls_sha256_self_test},
{ "sha256", mbedtls_sha256_self_test },
#endif
#if defined(MBEDTLS_SHA384_C)
{"sha384", mbedtls_sha384_self_test},
{ "sha384", mbedtls_sha384_self_test },
#endif
#if defined(MBEDTLS_SHA512_C)
{"sha512", mbedtls_sha512_self_test},
{ "sha512", mbedtls_sha512_self_test },
#endif
#if defined(MBEDTLS_DES_C)
{"des", mbedtls_des_self_test},
{ "des", mbedtls_des_self_test },
#endif
#if defined(MBEDTLS_AES_C)
{"aes", mbedtls_aes_self_test},
{ "aes", mbedtls_aes_self_test },
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
{"gcm", mbedtls_gcm_self_test},
{ "gcm", mbedtls_gcm_self_test },
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
{"ccm", mbedtls_ccm_self_test},
{ "ccm", mbedtls_ccm_self_test },
#endif
#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C)
{"nist_kw", mbedtls_nist_kw_self_test},
{ "nist_kw", mbedtls_nist_kw_self_test },
#endif
#if defined(MBEDTLS_CMAC_C)
{"cmac", mbedtls_cmac_self_test},
{ "cmac", mbedtls_cmac_self_test },
#endif
#if defined(MBEDTLS_CHACHA20_C)
{"chacha20", mbedtls_chacha20_self_test},
{ "chacha20", mbedtls_chacha20_self_test },
#endif
#if defined(MBEDTLS_POLY1305_C)
{"poly1305", mbedtls_poly1305_self_test},
{ "poly1305", mbedtls_poly1305_self_test },
#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
{"chacha20-poly1305", mbedtls_chachapoly_self_test},
{ "chacha20-poly1305", mbedtls_chachapoly_self_test },
#endif
#if defined(MBEDTLS_BASE64_C)
{"base64", mbedtls_base64_self_test},
{ "base64", mbedtls_base64_self_test },
#endif
#if defined(MBEDTLS_BIGNUM_C)
{"mpi", mbedtls_mpi_self_test},
{ "mpi", mbedtls_mpi_self_test },
#endif
#if defined(MBEDTLS_RSA_C)
{"rsa", mbedtls_rsa_self_test},
{ "rsa", mbedtls_rsa_self_test },
#endif
#if defined(MBEDTLS_CAMELLIA_C)
{"camellia", mbedtls_camellia_self_test},
{ "camellia", mbedtls_camellia_self_test },
#endif
#if defined(MBEDTLS_ARIA_C)
{"aria", mbedtls_aria_self_test},
{ "aria", mbedtls_aria_self_test },
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
{"ctr_drbg", mbedtls_ctr_drbg_self_test},
{ "ctr_drbg", mbedtls_ctr_drbg_self_test },
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
{"hmac_drbg", mbedtls_hmac_drbg_self_test},
{ "hmac_drbg", mbedtls_hmac_drbg_self_test },
#endif
#if defined(MBEDTLS_ECP_C)
{"ecp", mbedtls_ecp_self_test},
{ "ecp", mbedtls_ecp_self_test },
#endif
#if defined(MBEDTLS_ECJPAKE_C)
{"ecjpake", mbedtls_ecjpake_self_test},
{ "ecjpake", mbedtls_ecjpake_self_test },
#endif
#if defined(MBEDTLS_DHM_C)
{"dhm", mbedtls_dhm_self_test},
{ "dhm", mbedtls_dhm_self_test },
#endif
#if defined(MBEDTLS_ENTROPY_C)
{"entropy", mbedtls_entropy_self_test_wrapper},
{ "entropy", mbedtls_entropy_self_test_wrapper },
#endif
#if defined(MBEDTLS_PKCS5_C)
{"pkcs5", mbedtls_pkcs5_self_test},
{ "pkcs5", mbedtls_pkcs5_self_test },
#endif
/* Heap test comes last */
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
{"memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test},
{ "memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test },
#endif
{NULL, NULL}
{ NULL, NULL }
};
#endif /* MBEDTLS_SELF_TEST */
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
#if defined(MBEDTLS_SELF_TEST)
const selftest_t *test;
@ -345,11 +341,10 @@ int main( int argc, char *argv[] )
* of a NULL pointer. We do however use that in our code for initializing
* structures, which should work on every modern platform. Let's be sure.
*/
memset( &pointer, 0, sizeof( void * ) );
if( pointer != NULL )
{
mbedtls_printf( "all-bits-zero is not a NULL pointer\n" );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
memset(&pointer, 0, sizeof(void *));
if (pointer != NULL) {
mbedtls_printf("all-bits-zero is not a NULL pointer\n");
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
/*
@ -374,52 +369,52 @@ int main( int argc, char *argv[] )
#define CHECK_PADDING_SIGNED(TYPE, NAME) \
do \
{ \
if( sizeof( TYPE ) == 2 || sizeof( TYPE ) == 4 || \
sizeof( TYPE ) == 8 ) { \
if( ( sizeof( TYPE ) == 2 && \
(int16_t) NAME ## _MAX != 0x7FFF ) || \
( sizeof( TYPE ) == 4 && \
(int32_t) NAME ## _MAX != 0x7FFFFFFF ) || \
( sizeof( TYPE ) == 8 && \
(int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF ) ) \
if (sizeof(TYPE) == 2 || sizeof(TYPE) == 4 || \
sizeof(TYPE) == 8) { \
if ((sizeof(TYPE) == 2 && \
(int16_t) NAME ## _MAX != 0x7FFF) || \
(sizeof(TYPE) == 4 && \
(int32_t) NAME ## _MAX != 0x7FFFFFFF) || \
(sizeof(TYPE) == 8 && \
(int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF)) \
{ \
mbedtls_printf( "Type '" #TYPE "' has padding bits\n" );\
mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \
mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
} else { \
mbedtls_printf( "Padding checks only implemented for types of size 2, 4 or 8" \
" - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
sizeof( TYPE ) ); \
mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \
" - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
sizeof(TYPE)); \
mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
} while( 0 )
} while (0)
#define CHECK_PADDING_UNSIGNED(TYPE, NAME) \
do \
{ \
if( ( sizeof( TYPE ) == 2 && \
(uint16_t) NAME ## _MAX != 0xFFFF ) || \
( sizeof( TYPE ) == 4 && \
(uint32_t) NAME ## _MAX != 0xFFFFFFFF ) || \
( sizeof( TYPE ) == 8 && \
(uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF ) ) \
if ((sizeof(TYPE) == 2 && \
(uint16_t) NAME ## _MAX != 0xFFFF) || \
(sizeof(TYPE) == 4 && \
(uint32_t) NAME ## _MAX != 0xFFFFFFFF) || \
(sizeof(TYPE) == 8 && \
(uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF)) \
{ \
mbedtls_printf( "Type '" #TYPE "' has padding bits\n" ); \
mbedtls_exit( MBEDTLS_EXIT_FAILURE ); \
mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \
mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
} \
} while( 0 )
} while (0)
CHECK_PADDING_SIGNED( short, SHRT );
CHECK_PADDING_SIGNED( int, INT );
CHECK_PADDING_SIGNED( long, LONG );
CHECK_PADDING_SIGNED( long long, LLONG );
CHECK_PADDING_SIGNED( ptrdiff_t, PTRDIFF );
CHECK_PADDING_SIGNED(short, SHRT);
CHECK_PADDING_SIGNED(int, INT);
CHECK_PADDING_SIGNED(long, LONG);
CHECK_PADDING_SIGNED(long long, LLONG);
CHECK_PADDING_SIGNED(ptrdiff_t, PTRDIFF);
CHECK_PADDING_UNSIGNED( unsigned short, USHRT );
CHECK_PADDING_UNSIGNED( unsigned, UINT );
CHECK_PADDING_UNSIGNED( unsigned long, ULONG );
CHECK_PADDING_UNSIGNED( unsigned long long, ULLONG );
CHECK_PADDING_UNSIGNED( size_t, SIZE );
CHECK_PADDING_UNSIGNED(unsigned short, USHRT);
CHECK_PADDING_UNSIGNED(unsigned, UINT);
CHECK_PADDING_UNSIGNED(unsigned long, ULONG);
CHECK_PADDING_UNSIGNED(unsigned long long, ULLONG);
CHECK_PADDING_UNSIGNED(size_t, SIZE);
#undef CHECK_PADDING_SIGNED
#undef CHECK_PADDING_UNSIGNED
@ -427,83 +422,68 @@ int main( int argc, char *argv[] )
/*
* Make sure we have a snprintf that correctly zero-terminates
*/
if( run_test_snprintf() != 0 )
{
mbedtls_printf( "the snprintf implementation is broken\n" );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
if (run_test_snprintf() != 0) {
mbedtls_printf("the snprintf implementation is broken\n");
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
for( argp = argv + ( argc >= 1 ? 1 : argc ); *argp != NULL; ++argp )
{
if( strcmp( *argp, "--quiet" ) == 0 ||
strcmp( *argp, "-q" ) == 0 )
{
for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) {
if (strcmp(*argp, "--quiet") == 0 ||
strcmp(*argp, "-q") == 0) {
v = 0;
}
else if( strcmp( *argp, "--exclude" ) == 0 ||
strcmp( *argp, "-x" ) == 0 )
{
} else if (strcmp(*argp, "--exclude") == 0 ||
strcmp(*argp, "-x") == 0) {
exclude_mode = 1;
}
else
} else {
break;
}
}
if( v != 0 )
mbedtls_printf( "\n" );
if (v != 0) {
mbedtls_printf("\n");
}
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) );
mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
#endif
if( *argp != NULL && exclude_mode == 0 )
{
if (*argp != NULL && exclude_mode == 0) {
/* Run the specified tests */
for( ; *argp != NULL; argp++ )
{
for( test = selftests; test->name != NULL; test++ )
{
if( !strcmp( *argp, test->name ) )
{
if( test->function( v ) != 0 )
{
for (; *argp != NULL; argp++) {
for (test = selftests; test->name != NULL; test++) {
if (!strcmp(*argp, test->name)) {
if (test->function(v) != 0) {
suites_failed++;
}
suites_tested++;
break;
}
}
if( test->name == NULL )
{
mbedtls_printf( " Test suite %s not available -> failed\n\n", *argp );
if (test->name == NULL) {
mbedtls_printf(" Test suite %s not available -> failed\n\n", *argp);
suites_failed++;
}
}
}
else
{
} else {
/* Run all the tests except excluded ones */
for( test = selftests; test->name != NULL; test++ )
{
if( exclude_mode )
{
for (test = selftests; test->name != NULL; test++) {
if (exclude_mode) {
char **excluded;
for( excluded = argp; *excluded != NULL; ++excluded )
{
if( !strcmp( *excluded, test->name ) )
for (excluded = argp; *excluded != NULL; ++excluded) {
if (!strcmp(*excluded, test->name)) {
break;
}
}
if( *excluded )
{
if( v )
mbedtls_printf( " Skip: %s\n", test->name );
if (*excluded) {
if (v) {
mbedtls_printf(" Skip: %s\n", test->name);
}
continue;
}
}
if( test->function( v ) != 0 )
{
if (test->function(v) != 0) {
suites_failed++;
}
suites_tested++;
@ -512,25 +492,22 @@ int main( int argc, char *argv[] )
#else
(void) exclude_mode;
mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" );
mbedtls_printf(" MBEDTLS_SELF_TEST not defined.\n");
#endif
if( v != 0 )
{
mbedtls_printf( " Executed %d test suites\n\n", suites_tested );
if (v != 0) {
mbedtls_printf(" Executed %d test suites\n\n", suites_tested);
if( suites_failed > 0)
{
mbedtls_printf( " [ %d tests FAIL ]\n\n", suites_failed );
}
else
{
mbedtls_printf( " [ All tests PASS ]\n\n" );
if (suites_failed > 0) {
mbedtls_printf(" [ %d tests FAIL ]\n\n", suites_failed);
} else {
mbedtls_printf(" [ All tests PASS ]\n\n");
}
}
if( suites_failed > 0)
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
if (suites_failed > 0) {
mbedtls_exit(MBEDTLS_EXIT_FAILURE);
}
mbedtls_exit( MBEDTLS_EXIT_SUCCESS );
mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
}

833
programs/test/udp_proxy.c
View File

File diff suppressed because it is too large Load Diff

50
programs/test/zeroize.c
View File

@ -35,16 +35,16 @@
#define BUFFER_LEN 1024
void usage( void )
void usage(void)
{
mbedtls_printf( "Zeroize is a simple program to assist with testing\n" );
mbedtls_printf( "the mbedtls_platform_zeroize() function by using the\n" );
mbedtls_printf( "debugger. This program takes a file as input and\n" );
mbedtls_printf( "prints the first %d characters. Usage:\n\n", BUFFER_LEN );
mbedtls_printf( " zeroize <FILE>\n" );
mbedtls_printf("Zeroize is a simple program to assist with testing\n");
mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n");
mbedtls_printf("debugger. This program takes a file as input and\n");
mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN);
mbedtls_printf(" zeroize <FILE>\n");
}
int main( int argc, char** argv )
int main(int argc, char **argv)
{
int exit_code = MBEDTLS_EXIT_FAILURE;
FILE *fp;
@ -53,34 +53,32 @@ int main( int argc, char** argv )
char *end = p + BUFFER_LEN;
int c;
if( argc != 2 )
{
mbedtls_printf( "This program takes exactly 1 argument\n" );
if (argc != 2) {
mbedtls_printf("This program takes exactly 1 argument\n");
usage();
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
fp = fopen( argv[1], "r" );
if( fp == NULL )
{
mbedtls_printf( "Could not open file '%s'\n", argv[1] );
mbedtls_exit( exit_code );
fp = fopen(argv[1], "r");
if (fp == NULL) {
mbedtls_printf("Could not open file '%s'\n", argv[1]);
mbedtls_exit(exit_code);
}
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
*p++ = (char)c;
while ((c = fgetc(fp)) != EOF && p < end - 1) {
*p++ = (char) c;
}
*p = '\0';
if( p - buf != 0 )
{
mbedtls_printf( "%s\n", buf );
if (p - buf != 0) {
mbedtls_printf("%s\n", buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
} else {
mbedtls_printf("The file is empty!\n");
}
else
mbedtls_printf( "The file is empty!\n" );
fclose( fp );
mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose(fp);
mbedtls_platform_zeroize(buf, sizeof(buf));
mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment!
mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment!
}

200
programs/util/pem2der.c
View File

@ -41,10 +41,10 @@
"\n"
#if !defined(MBEDTLS_BASE64_C) || !defined(MBEDTLS_FS_IO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
@ -52,120 +52,127 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
const char *filename; /* filename of the input file */
const char *output_file; /* where to store the output */
} opt;
int convert_pem_to_der( const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen )
int convert_pem_to_der(const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen)
{
int ret;
const unsigned char *s1, *s2, *end = input + ilen;
size_t len = 0;
s1 = (unsigned char *) strstr( (const char *) input, "-----BEGIN" );
if( s1 == NULL )
return( -1 );
s1 = (unsigned char *) strstr((const char *) input, "-----BEGIN");
if (s1 == NULL) {
return -1;
}
s2 = (unsigned char *) strstr( (const char *) input, "-----END" );
if( s2 == NULL )
return( -1 );
s2 = (unsigned char *) strstr((const char *) input, "-----END");
if (s2 == NULL) {
return -1;
}
s1 += 10;
while( s1 < end && *s1 != '-' )
while (s1 < end && *s1 != '-') {
s1++;
while( s1 < end && *s1 == '-' )
}
while (s1 < end && *s1 == '-') {
s1++;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
}
if (*s1 == '\r') {
s1++;
}
if (*s1 == '\n') {
s1++;
}
if( s2 <= s1 || s2 > end )
return( -1 );
if (s2 <= s1 || s2 > end) {
return -1;
}
ret = mbedtls_base64_decode( NULL, 0, &len, (const unsigned char *) s1, s2 - s1 );
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
return( ret );
ret = mbedtls_base64_decode(NULL, 0, &len, (const unsigned char *) s1, s2 - s1);
if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
return ret;
}
if( len > *olen )
return( -1 );
if (len > *olen) {
return -1;
}
if( ( ret = mbedtls_base64_decode( output, len, &len, (const unsigned char *) s1,
s2 - s1 ) ) != 0 )
{
return( ret );
if ((ret = mbedtls_base64_decode(output, len, &len, (const unsigned char *) s1,
s2 - s1)) != 0) {
return ret;
}
*olen = len;
return( 0 );
return 0;
}
/*
* Load all data from a file into a given buffer.
*/
static int load_file( const char *path, unsigned char **buf, size_t *n )
static int load_file(const char *path, unsigned char **buf, size_t *n)
{
FILE *f;
long size;
if( ( f = fopen( path, "rb" ) ) == NULL )
return( -1 );
fseek( f, 0, SEEK_END );
if( ( size = ftell( f ) ) == -1 )
{
fclose( f );
return( -1 );
if ((f = fopen(path, "rb")) == NULL) {
return -1;
}
fseek( f, 0, SEEK_SET );
fseek(f, 0, SEEK_END);
if ((size = ftell(f)) == -1) {
fclose(f);
return -1;
}
fseek(f, 0, SEEK_SET);
*n = (size_t) size;
if( *n + 1 == 0 ||
( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
{
fclose( f );
return( -1 );
if (*n + 1 == 0 ||
(*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
fclose(f);
return -1;
}
if( fread( *buf, 1, *n, f ) != *n )
{
fclose( f );
free( *buf );
if (fread(*buf, 1, *n, f) != *n) {
fclose(f);
free(*buf);
*buf = NULL;
return( -1 );
return -1;
}
fclose( f );
fclose(f);
(*buf)[*n] = '\0';
return( 0 );
return 0;
}
/*
* Write buffer to a file
*/
static int write_file( const char *path, unsigned char *buf, size_t n )
static int write_file(const char *path, unsigned char *buf, size_t n)
{
FILE *f;
if( ( f = fopen( path, "wb" ) ) == NULL )
return( -1 );
if( fwrite( buf, 1, n, f ) != n )
{
fclose( f );
return( -1 );
if ((f = fopen(path, "wb")) == NULL) {
return -1;
}
fclose( f );
return( 0 );
if (fwrite(buf, 1, n, f) != n) {
fclose(f);
return -1;
}
fclose(f);
return 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -179,95 +186,92 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
memset( buf, 0, sizeof(buf) );
memset( der_buffer, 0, sizeof(der_buffer) );
memset(buf, 0, sizeof(buf));
memset(der_buffer, 0, sizeof(der_buffer));
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
opt.filename = DFL_FILENAME;
opt.output_file = DFL_OUTPUT_FILENAME;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "filename" ) == 0 )
if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "output_file" ) == 0 )
} else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
else
} else {
goto usage;
}
}
/*
* 1.1. Load the PEM file
*/
mbedtls_printf( "\n . Loading the PEM file ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the PEM file ...");
fflush(stdout);
ret = load_file( opt.filename, &pem_buffer, &pem_size );
ret = load_file(opt.filename, &pem_buffer, &pem_size);
if( ret != 0 )
{
if (ret != 0) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, 1024 );
mbedtls_strerror(ret, buf, 1024);
#endif
mbedtls_printf( " failed\n ! load_file returned %d - %s\n\n", ret, buf );
mbedtls_printf(" failed\n ! load_file returned %d - %s\n\n", ret, buf);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2. Convert from PEM to DER
*/
mbedtls_printf( " . Converting from PEM to DER ..." );
fflush( stdout );
mbedtls_printf(" . Converting from PEM to DER ...");
fflush(stdout);
if( ( ret = convert_pem_to_der( pem_buffer, pem_size, der_buffer, &der_size ) ) != 0 )
{
if ((ret = convert_pem_to_der(pem_buffer, pem_size, der_buffer, &der_size)) != 0) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, 1024 );
mbedtls_strerror(ret, buf, 1024);
#endif
mbedtls_printf( " failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf );
mbedtls_printf(" failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.3. Write the DER file
*/
mbedtls_printf( " . Writing the DER file ..." );
fflush( stdout );
mbedtls_printf(" . Writing the DER file ...");
fflush(stdout);
ret = write_file( opt.output_file, der_buffer, der_size );
ret = write_file(opt.output_file, der_buffer, der_size);
if( ret != 0 )
{
if (ret != 0) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, 1024 );
mbedtls_strerror(ret, buf, 1024);
#endif
mbedtls_printf( " failed\n ! write_file returned %d - %s\n\n", ret, buf );
mbedtls_printf(" failed\n ! write_file returned %d - %s\n\n", ret, buf);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
free( pem_buffer );
free(pem_buffer);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */

43
programs/util/strerror.c
View File

@ -34,43 +34,40 @@
"\n where <errorcode> can be a decimal or hexadecimal (starts with 0x or -0x)\n"
#if !defined(MBEDTLS_ERROR_C) && !defined(MBEDTLS_ERROR_STRERROR_DUMMY)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
mbedtls_exit( 0 );
mbedtls_exit(0);
}
#else
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
long int val;
char *end = argv[1];
if( argc != 2 )
{
mbedtls_printf( USAGE );
mbedtls_exit( 0 );
if (argc != 2) {
mbedtls_printf(USAGE);
mbedtls_exit(0);
}
val = strtol( argv[1], &end, 10 );
if( *end != '\0' )
{
val = strtol( argv[1], &end, 16 );
if( *end != '\0' )
{
mbedtls_printf( USAGE );
return( 0 );
val = strtol(argv[1], &end, 10);
if (*end != '\0') {
val = strtol(argv[1], &end, 16);
if (*end != '\0') {
mbedtls_printf(USAGE);
return 0;
}
}
if( val > 0 )
if (val > 0) {
val = -val;
if( val != 0 )
{
char error_buf[200];
mbedtls_strerror( val, error_buf, 200 );
mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf );
}
mbedtls_exit( val );
if (val != 0) {
char error_buf[200];
mbedtls_strerror(val, error_buf, 200);
mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf);
}
mbedtls_exit(val);
}
#endif /* MBEDTLS_ERROR_C */

16
programs/wince_main.c
View File

@ -21,23 +21,23 @@
#include <windows.h>
extern int main( int, const char ** );
extern int main(int, const char **);
int _tmain( int argc, _TCHAR* targv[] )
int _tmain(int argc, _TCHAR *targv[])
{
char **argv;
int i;
argv = ( char ** ) calloc( argc, sizeof( char * ) );
argv = (char **) calloc(argc, sizeof(char *));
for ( i = 0; i < argc; i++ ) {
for (i = 0; i < argc; i++) {
size_t len;
len = _tcslen( targv[i] ) + 1;
argv[i] = ( char * ) calloc( len, sizeof( char ) );
wcstombs( argv[i], targv[i], len );
len = _tcslen(targv[i]) + 1;
argv[i] = (char *) calloc(len, sizeof(char));
wcstombs(argv[i], targv[i], len);
}
return main( argc, argv );
return main(argc, argv);
}
#endif /* defined(_WIN32_WCE) */

351
programs/x509/cert_app.c
View File

@ -26,14 +26,14 @@
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit(0);
}
#else
@ -86,8 +86,7 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the certificate file */
const char *ca_file; /* the file with the CA certificate(s) */
@ -99,37 +98,36 @@ struct options
int permissive; /* permissive parsing */
} opt;
static void my_debug( void *ctx, int level,
const char *file, int line,
const char *str )
static void my_debug(void *ctx, int level,
const char *file, int line,
const char *str)
{
((void) level);
mbedtls_fprintf( (FILE *) ctx, "%s:%04d: %s", file, line, str );
fflush( (FILE *) ctx );
mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
fflush((FILE *) ctx);
}
static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
{
char buf[1024];
((void) data);
mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
mbedtls_printf( "%s", buf );
mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
mbedtls_printf("%s", buf);
if ( ( *flags ) == 0 )
mbedtls_printf( " This certificate has no flags\n" );
else
{
mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
mbedtls_printf( "%s\n", buf );
if ((*flags) == 0) {
mbedtls_printf(" This certificate has no flags\n");
} else {
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
mbedtls_printf("%s\n", buf);
}
return( 0 );
return 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -150,23 +148,22 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_net_init( &server_fd );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &cacert );
mbedtls_net_init(&server_fd);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_init( &cacrl );
mbedtls_x509_crl_init(&cacrl);
#else
/* Zeroize structure as CRL parsing is not supported and we have to pass
it to the verify function */
memset( &cacrl, 0, sizeof(mbedtls_x509_crl) );
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
@ -180,91 +177,85 @@ int main( int argc, char *argv[] )
opt.debug_level = DFL_DEBUG_LEVEL;
opt.permissive = DFL_PERMISSIVE;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
for( j = 0; p + j < q; j++ )
{
if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
for (j = 0; p + j < q; j++) {
if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') {
argv[i][j] |= 0x20;
}
}
if( strcmp( p, "mode" ) == 0 )
{
if( strcmp( q, "file" ) == 0 )
if (strcmp(p, "mode") == 0) {
if (strcmp(q, "file") == 0) {
opt.mode = MODE_FILE;
else if( strcmp( q, "ssl" ) == 0 )
} else if (strcmp(q, "ssl") == 0) {
opt.mode = MODE_SSL;
else
} else {
goto usage;
}
else if( strcmp( p, "filename" ) == 0 )
}
} else if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "ca_file" ) == 0 )
} else if (strcmp(p, "ca_file") == 0) {
opt.ca_file = q;
else if( strcmp( p, "crl_file" ) == 0 )
} else if (strcmp(p, "crl_file") == 0) {
opt.crl_file = q;
else if( strcmp( p, "ca_path" ) == 0 )
} else if (strcmp(p, "ca_path") == 0) {
opt.ca_path = q;
else if( strcmp( p, "server_name" ) == 0 )
} else if (strcmp(p, "server_name") == 0) {
opt.server_name = q;
else if( strcmp( p, "server_port" ) == 0 )
} else if (strcmp(p, "server_port") == 0) {
opt.server_port = q;
else if( strcmp( p, "debug_level" ) == 0 )
{
opt.debug_level = atoi( q );
if( opt.debug_level < 0 || opt.debug_level > 65535 )
} else if (strcmp(p, "debug_level") == 0) {
opt.debug_level = atoi(q);
if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
}
else if( strcmp( p, "permissive" ) == 0 )
{
opt.permissive = atoi( q );
if( opt.permissive < 0 || opt.permissive > 1 )
}
} else if (strcmp(p, "permissive") == 0) {
opt.permissive = atoi(q);
if (opt.permissive < 0 || opt.permissive > 1) {
goto usage;
}
else
}
} else {
goto usage;
}
}
/*
* 1.1. Load the trusted CA
*/
mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout );
mbedtls_printf(" . Loading the CA root certificate ...");
fflush(stdout);
if( strlen( opt.ca_path ) )
{
if( ( ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ) ) < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", (unsigned int) -ret );
if (strlen(opt.ca_path)) {
if ((ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path)) < 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
verify = 1;
}
else if( strlen( opt.ca_file ) )
{
if( ( ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ) ) < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", (unsigned int) -ret );
} else if (strlen(opt.ca_file)) {
if ((ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file)) < 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
verify = 1;
}
mbedtls_printf( " ok (%d skipped)\n", ret );
mbedtls_printf(" ok (%d skipped)\n", ret);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
if( strlen( opt.crl_file ) )
{
if( ( ret = mbedtls_x509_crl_parse_file( &cacrl, opt.crl_file ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", (unsigned int) -ret );
if (strlen(opt.crl_file)) {
if ((ret = mbedtls_x509_crl_parse_file(&cacrl, opt.crl_file)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n",
(unsigned int) -ret);
goto exit;
}
@ -272,52 +263,49 @@ int main( int argc, char *argv[] )
}
#endif
if( opt.mode == MODE_FILE )
{
if (opt.mode == MODE_FILE) {
mbedtls_x509_crt crt;
mbedtls_x509_crt *cur = &crt;
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init(&crt);
/*
* 1.1. Load the certificate(s)
*/
mbedtls_printf( "\n . Loading the certificate(s) ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the certificate(s) ...");
fflush(stdout);
ret = mbedtls_x509_crt_parse_file( &crt, opt.filename );
ret = mbedtls_x509_crt_parse_file(&crt, opt.filename);
if( ret < 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret );
mbedtls_x509_crt_free( &crt );
if (ret < 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret);
mbedtls_x509_crt_free(&crt);
goto exit;
}
if( opt.permissive == 0 && ret > 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n", ret );
mbedtls_x509_crt_free( &crt );
if (opt.permissive == 0 && ret > 0) {
mbedtls_printf(
" failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n",
ret);
mbedtls_x509_crt_free(&crt);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2 Print the certificate(s)
*/
while( cur != NULL )
{
mbedtls_printf( " . Peer certificate information ...\n" );
ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
cur );
if( ret == -1 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
mbedtls_x509_crt_free( &crt );
while (cur != NULL) {
mbedtls_printf(" . Peer certificate information ...\n");
ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
cur);
if (ret == -1) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret);
mbedtls_x509_crt_free(&crt);
goto exit;
}
mbedtls_printf( "%s\n", buf );
mbedtls_printf("%s\n", buf);
cur = cur->next;
}
@ -325,156 +313,143 @@ int main( int argc, char *argv[] )
/*
* 1.3 Verify the certificate
*/
if( verify )
{
mbedtls_printf( " . Verifying X.509 certificate..." );
if (verify) {
mbedtls_printf(" . Verifying X.509 certificate...");
if( ( ret = mbedtls_x509_crt_verify( &crt, &cacert, &cacrl, NULL, &flags,
my_verify, NULL ) ) != 0 )
{
if ((ret = mbedtls_x509_crt_verify(&crt, &cacert, &cacrl, NULL, &flags,
my_verify, NULL)) != 0) {
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_printf(" failed\n");
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
mbedtls_printf( "%s\n", vrfy_buf );
mbedtls_printf("%s\n", vrfy_buf);
} else {
mbedtls_printf(" ok\n");
}
else
mbedtls_printf( " ok\n" );
}
mbedtls_x509_crt_free( &crt );
}
else if( opt.mode == MODE_SSL )
{
mbedtls_x509_crt_free(&crt);
} else if (opt.mode == MODE_SSL) {
/*
* 1. Initialize the RNG and the session data
*/
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
goto ssl_exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold( opt.debug_level );
mbedtls_debug_set_threshold(opt.debug_level);
#endif
/*
* 2. Start the connection
*/
mbedtls_printf( " . SSL connection to tcp/%s/%s...", opt.server_name,
opt.server_port );
fflush( stdout );
mbedtls_printf(" . SSL connection to tcp/%s/%s...", opt.server_name,
opt.server_port);
fflush(stdout);
if( ( ret = mbedtls_net_connect( &server_fd, opt.server_name,
opt.server_port, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );
if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
goto ssl_exit;
}
/*
* 3. Setup stuff
*/
if( ( ret = mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
if ((ret = mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
goto exit;
}
if( verify )
{
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
if (verify) {
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
} else {
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
}
else
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
goto ssl_exit;
}
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
goto ssl_exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
/*
* 4. Handshake
*/
while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
{
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
goto ssl_exit;
}
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 5. Print the certificate
*/
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_printf( " . Peer certificate information ... skipped\n" );
mbedtls_printf(" . Peer certificate information ... skipped\n");
#else
mbedtls_printf( " . Peer certificate information ...\n" );
ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
mbedtls_ssl_get_peer_cert( &ssl ) );
if( ret == -1 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret );
mbedtls_printf(" . Peer certificate information ...\n");
ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
mbedtls_ssl_get_peer_cert(&ssl));
if (ret == -1) {
mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret);
goto ssl_exit;
}
mbedtls_printf( "%s\n", buf );
mbedtls_printf("%s\n", buf);
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
mbedtls_ssl_close_notify( &ssl );
mbedtls_ssl_close_notify(&ssl);
ssl_exit:
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
else
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
} else {
goto usage;
}
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_net_free( &server_fd );
mbedtls_x509_crt_free( &cacert );
mbedtls_net_free(&server_fd);
mbedtls_x509_crt_free(&cacert);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_free( &cacrl );
mbedtls_x509_crl_free(&cacrl);
#endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&

271
programs/x509/cert_req.c
View File

@ -25,13 +25,13 @@
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_SHA256_C) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
!defined(MBEDTLS_PEM_WRITE_C)
int main( void )
int main(void)
{
mbedtls_printf( "MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
mbedtls_exit( 0 );
mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_SHA256_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
"not defined.\n");
mbedtls_exit(0);
}
#else
@ -95,8 +95,7 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
const char *filename; /* filename of the key file */
const char *password; /* password for the key file */
int debug_level; /* level of debugging */
@ -109,36 +108,37 @@ struct options
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
int write_certificate_request( mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
int ret;
FILE *f;
unsigned char output_buf[4096];
size_t len = 0;
memset( output_buf, 0, 4096 );
if( ( ret = mbedtls_x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
return( ret );
len = strlen( (char *) output_buf );
if( ( f = fopen( output_file, "w" ) ) == NULL )
return( -1 );
if( fwrite( output_buf, 1, len, f ) != len )
{
fclose( f );
return( -1 );
memset(output_buf, 0, 4096);
if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
return ret;
}
fclose( f );
len = strlen((char *) output_buf);
return( 0 );
if ((f = fopen(output_file, "w")) == NULL) {
return -1;
}
if (fwrite(output_buf, 1, len, f) != len) {
fclose(f);
return -1;
}
fclose(f);
return 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -154,15 +154,14 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_x509write_csr_init( &req );
mbedtls_pk_init( &key );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( buf, 0, sizeof( buf ) );
mbedtls_x509write_csr_init(&req);
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
@ -177,210 +176,194 @@ int main( int argc, char *argv[] )
opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
opt.md_alg = DFL_MD_ALG;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "filename" ) == 0 )
if (strcmp(p, "filename") == 0) {
opt.filename = q;
else if( strcmp( p, "password" ) == 0 )
} else if (strcmp(p, "password") == 0) {
opt.password = q;
else if( strcmp( p, "output_file" ) == 0 )
} else if (strcmp(p, "output_file") == 0) {
opt.output_file = q;
else if( strcmp( p, "debug_level" ) == 0 )
{
opt.debug_level = atoi( q );
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "subject_name" ) == 0 )
{
opt.subject_name = q;
}
else if( strcmp( p, "md" ) == 0 )
{
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_string( q );
if( md_info == NULL )
{
mbedtls_printf( "Invalid argument for option %s\n", p );
} else if (strcmp(p, "debug_level") == 0) {
opt.debug_level = atoi(q);
if (opt.debug_level < 0 || opt.debug_level > 65535) {
goto usage;
}
opt.md_alg = mbedtls_md_get_type( md_info );
}
else if( strcmp( p, "key_usage" ) == 0 )
{
while( q != NULL )
{
if( ( r = strchr( q, ',' ) ) != NULL )
} else if (strcmp(p, "subject_name") == 0) {
opt.subject_name = q;
} else if (strcmp(p, "md") == 0) {
const mbedtls_md_info_t *md_info =
mbedtls_md_info_from_string(q);
if (md_info == NULL) {
mbedtls_printf("Invalid argument for option %s\n", p);
goto usage;
}
opt.md_alg = mbedtls_md_get_type(md_info);
} else if (strcmp(p, "key_usage") == 0) {
while (q != NULL) {
if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
}
if( strcmp( q, "digital_signature" ) == 0 )
if (strcmp(q, "digital_signature") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
else if( strcmp( q, "non_repudiation" ) == 0 )
} else if (strcmp(q, "non_repudiation") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
else if( strcmp( q, "key_encipherment" ) == 0 )
} else if (strcmp(q, "key_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
else if( strcmp( q, "data_encipherment" ) == 0 )
} else if (strcmp(q, "data_encipherment") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
else if( strcmp( q, "key_agreement" ) == 0 )
} else if (strcmp(q, "key_agreement") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
else if( strcmp( q, "key_cert_sign" ) == 0 )
} else if (strcmp(q, "key_cert_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
else if( strcmp( q, "crl_sign" ) == 0 )
} else if (strcmp(q, "crl_sign") == 0) {
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
else
} else {
goto usage;
}
q = r;
}
}
else if( strcmp( p, "force_key_usage" ) == 0 )
{
switch( atoi( q ) )
{
} else if (strcmp(p, "force_key_usage") == 0) {
switch (atoi(q)) {
case 0: opt.force_key_usage = 0; break;
case 1: opt.force_key_usage = 1; break;
default: goto usage;
}
}
else if( strcmp( p, "ns_cert_type" ) == 0 )
{
while( q != NULL )
{
if( ( r = strchr( q, ',' ) ) != NULL )
} else if (strcmp(p, "ns_cert_type") == 0) {
while (q != NULL) {
if ((r = strchr(q, ',')) != NULL) {
*r++ = '\0';
}
if( strcmp( q, "ssl_client" ) == 0 )
if (strcmp(q, "ssl_client") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
else if( strcmp( q, "ssl_server" ) == 0 )
} else if (strcmp(q, "ssl_server") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
else if( strcmp( q, "email" ) == 0 )
} else if (strcmp(q, "email") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
else if( strcmp( q, "object_signing" ) == 0 )
} else if (strcmp(q, "object_signing") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
else if( strcmp( q, "ssl_ca" ) == 0 )
} else if (strcmp(q, "ssl_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
else if( strcmp( q, "email_ca" ) == 0 )
} else if (strcmp(q, "email_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
else if( strcmp( q, "object_signing_ca" ) == 0 )
} else if (strcmp(q, "object_signing_ca") == 0) {
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else
} else {
goto usage;
}
q = r;
}
}
else if( strcmp( p, "force_ns_cert_type" ) == 0 )
{
switch( atoi( q ) )
{
} else if (strcmp(p, "force_ns_cert_type") == 0) {
switch (atoi(q)) {
case 0: opt.force_ns_cert_type = 0; break;
case 1: opt.force_ns_cert_type = 1; break;
default: goto usage;
}
}
else
} else {
goto usage;
}
}
mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
mbedtls_x509write_csr_set_md_alg(&req, opt.md_alg);
if( opt.key_usage || opt.force_key_usage == 1 )
mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
if (opt.key_usage || opt.force_key_usage == 1) {
mbedtls_x509write_csr_set_key_usage(&req, opt.key_usage);
}
if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
if (opt.ns_cert_type || opt.force_ns_cert_type == 1) {
mbedtls_x509write_csr_set_ns_cert_type(&req, opt.ns_cert_type);
}
/*
* 0. Seed the PRNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
mbedtls_entropy_init( &entropy );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d", ret );
mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.0. Check the subject name for validity
*/
mbedtls_printf( " . Checking subject name..." );
fflush( stdout );
mbedtls_printf(" . Checking subject name...");
fflush(stdout);
if( ( ret = mbedtls_x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret );
if ((ret = mbedtls_x509write_csr_set_subject_name(&req, opt.subject_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.1. Load the key
*/
mbedtls_printf( " . Loading the private key ..." );
fflush( stdout );
mbedtls_printf(" . Loading the private key ...");
fflush(stdout);
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d", ret );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
goto exit;
}
mbedtls_x509write_csr_set_key( &req, &key );
mbedtls_x509write_csr_set_key(&req, &key);
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2. Writing the request
*/
mbedtls_printf( " . Writing the certificate request ..." );
fflush( stdout );
mbedtls_printf(" . Writing the certificate request ...");
fflush(stdout);
if( ( ret = write_certificate_request( &req, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! write_certificate_request %d", ret );
if ((ret = write_certificate_request(&req, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " - %s\n", buf );
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" - %s\n", buf);
#else
mbedtls_printf("\n");
#endif
}
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */

740
programs/x509/cert_write.c
View File

File diff suppressed because it is too large Load Diff

65
programs/x509/crl_app.c
View File

@ -24,12 +24,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_X509_REMOVE_INFO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined and/or "
"MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined and/or "
"MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit(0);
}
#else
@ -52,12 +52,11 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
const char *filename; /* filename of the certificate file */
} opt;
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -69,67 +68,65 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_x509_crl_init( &crl );
mbedtls_x509_crl_init(&crl);
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
opt.filename = DFL_FILENAME;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "filename" ) == 0 )
if (strcmp(p, "filename") == 0) {
opt.filename = q;
else
} else {
goto usage;
}
}
/*
* 1.1. Load the CRL
*/
mbedtls_printf( "\n . Loading the CRL ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the CRL ...");
fflush(stdout);
ret = mbedtls_x509_crl_parse_file( &crl, opt.filename );
ret = mbedtls_x509_crl_parse_file(&crl, opt.filename);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret );
mbedtls_x509_crl_free( &crl );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret);
mbedtls_x509_crl_free(&crl);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2 Print the CRL
*/
mbedtls_printf( " . CRL information ...\n" );
ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
if( ret == -1 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret );
mbedtls_x509_crl_free( &crl );
mbedtls_printf(" . CRL information ...\n");
ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
if (ret == -1) {
mbedtls_printf(" failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret);
mbedtls_x509_crl_free(&crl);
goto exit;
}
mbedtls_printf( "%s\n", buf );
mbedtls_printf("%s\n", buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_x509_crl_free( &crl );
mbedtls_x509_crl_free(&crl);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
MBEDTLS_FS_IO */

109
programs/x509/load_roots.c
View File

@ -50,11 +50,11 @@
#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_TIMING_C)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_TIMING_C not defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_TIMING_C not defined.\n");
mbedtls_exit(0);
}
#else
@ -80,55 +80,51 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
const char **filenames; /* NULL-terminated list of file names */
unsigned iterations; /* Number of iterations to time */
int prime_cache; /* Prime the disk read cache? */
} opt;
int read_certificates( const char *const *filenames )
int read_certificates(const char *const *filenames)
{
mbedtls_x509_crt cas;
int ret = 0;
const char *const *cur;
mbedtls_x509_crt_init( &cas );
mbedtls_x509_crt_init(&cas);
for( cur = filenames; *cur != NULL; cur++ )
{
ret = mbedtls_x509_crt_parse_file( &cas, *cur );
if( ret != 0 )
{
for (cur = filenames; *cur != NULL; cur++) {
ret = mbedtls_x509_crt_parse_file(&cas, *cur);
if (ret != 0) {
#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
char error_message[200];
mbedtls_strerror( ret, error_message, sizeof( error_message ) );
printf( "\n%s: -0x%04x (%s)\n",
*cur, (unsigned) -ret, error_message );
mbedtls_strerror(ret, error_message, sizeof(error_message));
printf("\n%s: -0x%04x (%s)\n",
*cur, (unsigned) -ret, error_message);
#else
printf( "\n%s: -0x%04x\n",
*cur, (unsigned) -ret );
printf("\n%s: -0x%04x\n",
*cur, (unsigned) -ret);
#endif
goto exit;
}
}
exit:
mbedtls_x509_crt_free( &cas );
return( ret == 0 );
mbedtls_x509_crt_free(&cas);
return ret == 0;
}
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int exit_code = MBEDTLS_EXIT_FAILURE;
unsigned i, j;
struct mbedtls_timing_hr_time timer;
unsigned long ms;
if( argc <= 1 )
{
mbedtls_printf( USAGE );
if (argc <= 1) {
mbedtls_printf(USAGE);
goto exit;
}
@ -136,66 +132,61 @@ int main( int argc, char *argv[] )
opt.iterations = DFL_ITERATIONS;
opt.prime_cache = DFL_PRIME_CACHE;
for( i = 1; i < (unsigned) argc; i++ )
{
for (i = 1; i < (unsigned) argc; i++) {
char *p = argv[i];
char *q = NULL;
if( strcmp( p, "--" ) == 0 )
if (strcmp(p, "--") == 0) {
break;
if( ( q = strchr( p, '=' ) ) == NULL )
}
if ((q = strchr(p, '=')) == NULL) {
break;
}
*q++ = '\0';
for( j = 0; p + j < q; j++ )
{
if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
for (j = 0; p + j < q; j++) {
if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') {
argv[i][j] |= 0x20;
}
}
if( strcmp( p, "iterations" ) == 0 )
{
opt.iterations = atoi( q );
}
else if( strcmp( p, "prime" ) == 0 )
{
opt.iterations = atoi( q ) != 0;
}
else
{
mbedtls_printf( "Unknown option: %s\n", p );
mbedtls_printf( USAGE );
if (strcmp(p, "iterations") == 0) {
opt.iterations = atoi(q);
} else if (strcmp(p, "prime") == 0) {
opt.iterations = atoi(q) != 0;
} else {
mbedtls_printf("Unknown option: %s\n", p);
mbedtls_printf(USAGE);
goto exit;
}
}
opt.filenames = (const char**) argv + i;
if( *opt.filenames == 0 )
{
mbedtls_printf( "Missing list of certificate files to parse\n" );
opt.filenames = (const char **) argv + i;
if (*opt.filenames == 0) {
mbedtls_printf("Missing list of certificate files to parse\n");
goto exit;
}
mbedtls_printf( "Parsing %u certificates", argc - i );
if( opt.prime_cache )
{
if( ! read_certificates( opt.filenames ) )
mbedtls_printf("Parsing %u certificates", argc - i);
if (opt.prime_cache) {
if (!read_certificates(opt.filenames)) {
goto exit;
mbedtls_printf( " " );
}
mbedtls_printf(" ");
}
(void) mbedtls_timing_get_timer( &timer, 1 );
for( i = 1; i <= opt.iterations; i++ )
{
if( ! read_certificates( opt.filenames ) )
(void) mbedtls_timing_get_timer(&timer, 1);
for (i = 1; i <= opt.iterations; i++) {
if (!read_certificates(opt.filenames)) {
goto exit;
mbedtls_printf( "." );
}
mbedtls_printf(".");
}
ms = mbedtls_timing_get_timer( &timer, 0 );
mbedtls_printf( "\n%u iterations -> %lu ms\n", opt.iterations, ms );
ms = mbedtls_timing_get_timer(&timer, 0);
mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* necessary configuration */

65
programs/x509/req_app.c
View File

@ -24,12 +24,12 @@
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_X509_REMOVE_INFO)
int main( void )
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined and/or "
"MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit( 0 );
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined and/or "
"MBEDTLS_X509_REMOVE_INFO defined.\n");
mbedtls_exit(0);
}
#else
@ -52,12 +52,11 @@ int main( void )
/*
* global options
*/
struct options
{
struct options {
const char *filename; /* filename of the certificate request */
} opt;
int main( int argc, char *argv[] )
int main(int argc, char *argv[])
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
@ -69,67 +68,65 @@ int main( int argc, char *argv[] )
/*
* Set to sane values
*/
mbedtls_x509_csr_init( &csr );
mbedtls_x509_csr_init(&csr);
if( argc == 0 )
{
usage:
mbedtls_printf( USAGE );
if (argc == 0) {
usage:
mbedtls_printf(USAGE);
goto exit;
}
opt.filename = DFL_FILENAME;
for( i = 1; i < argc; i++ )
{
for (i = 1; i < argc; i++) {
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if( strcmp( p, "filename" ) == 0 )
if (strcmp(p, "filename") == 0) {
opt.filename = q;
else
} else {
goto usage;
}
}
/*
* 1.1. Load the CSR
*/
mbedtls_printf( "\n . Loading the CSR ..." );
fflush( stdout );
mbedtls_printf("\n . Loading the CSR ...");
fflush(stdout);
ret = mbedtls_x509_csr_parse_file( &csr, opt.filename );
ret = mbedtls_x509_csr_parse_file(&csr, opt.filename);
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret );
mbedtls_x509_csr_free( &csr );
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret);
mbedtls_x509_csr_free(&csr);
goto exit;
}
mbedtls_printf( " ok\n" );
mbedtls_printf(" ok\n");
/*
* 1.2 Print the CSR
*/
mbedtls_printf( " . CSR information ...\n" );
ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
if( ret == -1 )
{
mbedtls_printf( " failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret );
mbedtls_x509_csr_free( &csr );
mbedtls_printf(" . CSR information ...\n");
ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
if (ret == -1) {
mbedtls_printf(" failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret);
mbedtls_x509_csr_free(&csr);
goto exit;
}
mbedtls_printf( "%s\n", buf );
mbedtls_printf("%s\n", buf);
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_x509_csr_free( &csr );
mbedtls_x509_csr_free(&csr);
mbedtls_exit( exit_code );
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
MBEDTLS_FS_IO */