diff options
author | Adam Harrison <adamdharrison@gmail.com> | 2023-07-06 06:37:41 -0400 |
---|---|---|
committer | Adam Harrison <adamdharrison@gmail.com> | 2023-07-06 06:37:41 -0400 |
commit | 9db10386430479067795bec66bb26343ff176ded (patch) | |
tree | 5ad0cf95abde7cf03afaf8f70af8549d46b09a46 /lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c | |
parent | 57092d80cb07fa1a84873769fa92165426196054 (diff) | |
download | lite-xl-plugin-manager-9db10386430479067795bec66bb26343ff176ded.tar.gz lite-xl-plugin-manager-9db10386430479067795bec66bb26343ff176ded.zip |
Removed old mbedtls, replacing with submodule.
Diffstat (limited to 'lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c')
-rw-r--r-- | lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c | 707 |
1 files changed, 0 insertions, 707 deletions
diff --git a/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c b/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c deleted file mode 100644 index 5d64349..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c +++ /dev/null @@ -1,707 +0,0 @@ -/** - * PSA API key derivation demonstration - * - * This program calculates a key ladder: a chain of secret material, each - * derived from the previous one in a deterministic way based on a label. - * Two keys are identical if and only if they are derived from the same key - * using the same label. - * - * The initial key is called the master key. The master key is normally - * randomly generated, but it could itself be derived from another key. - * - * This program derives a series of keys called intermediate keys. - * The first intermediate key is derived from the master key using the - * first label passed on the command line. Each subsequent intermediate - * key is derived from the previous one using the next label passed - * on the command line. - * - * This program has four modes of operation: - * - * - "generate": generate a random master key. - * - "wrap": derive a wrapping key from the last intermediate key, - * and use that key to encrypt-and-authenticate some data. - * - "unwrap": derive a wrapping key from the last intermediate key, - * and use that key to decrypt-and-authenticate some - * ciphertext created by wrap mode. - * - "save": save the last intermediate key so that it can be reused as - * the master key in another run of the program. - * - * See the usage() output for the command line usage. See the file - * `key_ladder_demo.sh` for an example run. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize - -#include <psa/crypto.h> - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ - !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) -int main( void ) -{ - printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " - "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " - "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER " - "defined.\n" ); - return( 0 ); -} -#else - -/* The real program starts here. */ - -/* Run a system function and bail out if it fails. */ -#define SYS_CHECK( expr ) \ - do \ - { \ - if( ! ( expr ) ) \ - { \ - perror( #expr ); \ - status = DEMO_ERROR; \ - goto exit; \ - } \ - } \ - while( 0 ) - -/* Run a PSA function and bail out if it fails. */ -#define PSA_CHECK( expr ) \ - do \ - { \ - status = ( expr ); \ - if( status != PSA_SUCCESS ) \ - { \ - printf( "Error %d at line %d: %s\n", \ - (int) status, \ - __LINE__, \ - #expr ); \ - goto exit; \ - } \ - } \ - while( 0 ) - -/* To report operational errors in this program, use an error code that is - * different from every PSA error code. */ -#define DEMO_ERROR 120 - -/* The maximum supported key ladder depth. */ -#define MAX_LADDER_DEPTH 10 - -/* Salt to use when deriving an intermediate key. */ -#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" ) -#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) ) - -/* Salt to use when deriving a wrapping key. */ -#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" ) -#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) ) - -/* Size of the key derivation keys (applies both to the master key and - * to intermediate keys). */ -#define KEY_SIZE_BYTES 40 - -/* Algorithm for key derivation. */ -#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 ) - -/* Type and size of the key used to wrap data. */ -#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES -#define WRAPPING_KEY_BITS 128 - -/* Cipher mode used to wrap data. */ -#define WRAPPING_ALG PSA_ALG_CCM - -/* Nonce size used to wrap data. */ -#define WRAPPING_IV_SIZE 13 - -/* Header used in files containing wrapped data. We'll save this header - * directly without worrying about data representation issues such as - * integer sizes and endianness, because the data is meant to be read - * back by the same program on the same machine. */ -#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte -#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) ) -typedef struct -{ - char magic[WRAPPED_DATA_MAGIC_LENGTH]; - size_t ad_size; /* Size of the additional data, which is this header. */ - size_t payload_size; /* Size of the encrypted data. */ - /* Store the IV inside the additional data. It's convenient. */ - uint8_t iv[WRAPPING_IV_SIZE]; -} wrapped_data_header_t; - -/* The modes that this program can operate in (see usage). */ -enum program_mode -{ - MODE_GENERATE, - MODE_SAVE, - MODE_UNWRAP, - MODE_WRAP -}; - -/* Save a key to a file. In the real world, you may want to export a derived - * key sometimes, to share it with another party. */ -static psa_status_t save_key( psa_key_id_t key, - const char *output_file_name ) -{ - psa_status_t status = PSA_SUCCESS; - uint8_t key_data[KEY_SIZE_BYTES]; - size_t key_size; - FILE *key_file = NULL; - - PSA_CHECK( psa_export_key( key, - key_data, sizeof( key_data ), - &key_size ) ); - SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL ); - SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size ); - SYS_CHECK( fclose( key_file ) == 0 ); - key_file = NULL; - -exit: - if( key_file != NULL) - fclose( key_file ); - return( status ); -} - -/* Generate a master key for use in this demo. - * - * Normally a master key would be non-exportable. For the purpose of this - * demo, we want to save it to a file, to avoid relying on the keystore - * capability of the PSA crypto library. */ -static psa_status_t generate( const char *key_file_name ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_id_t key = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( &attributes, KDF_ALG ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) ); - - PSA_CHECK( psa_generate_key( &attributes, &key ) ); - - PSA_CHECK( save_key( key, key_file_name ) ); - -exit: - (void) psa_destroy_key( key ); - return( status ); -} - -/* Load the master key from a file. - * - * In the real world, this master key would be stored in an internal memory - * and the storage would be managed by the keystore capability of the PSA - * crypto library. */ -static psa_status_t import_key_from_file( psa_key_usage_t usage, - psa_algorithm_t alg, - const char *key_file_name, - psa_key_id_t *master_key ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t key_data[KEY_SIZE_BYTES]; - size_t key_size; - FILE *key_file = NULL; - unsigned char extra_byte; - - SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL ); - SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ), - key_file ) ) != 0 ); - if( fread( &extra_byte, 1, 1, key_file ) != 0 ) - { - printf( "Key file too large (max: %u).\n", - (unsigned) sizeof( key_data ) ); - status = DEMO_ERROR; - goto exit; - } - SYS_CHECK( fclose( key_file ) == 0 ); - key_file = NULL; - - psa_set_key_usage_flags( &attributes, usage ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) ); -exit: - if( key_file != NULL ) - fclose( key_file ); - mbedtls_platform_zeroize( key_data, sizeof( key_data ) ); - if( status != PSA_SUCCESS ) - { - /* If the key creation hasn't happened yet or has failed, - * *master_key is null. psa_destroy_key( 0 ) is - * guaranteed to do nothing and return PSA_SUCCESS. */ - (void) psa_destroy_key( *master_key ); - *master_key = 0; - } - return( status ); -} - -/* Derive the intermediate keys, using the list of labels provided on - * the command line. On input, *key is the master key identifier. - * This function destroys the master key. On successful output, *key - * is the identifier of the final derived key. - */ -static psa_status_t derive_key_ladder( const char *ladder[], - size_t ladder_depth, - psa_key_id_t *key ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - size_t i; - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( &attributes, KDF_ALG ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) ); - - /* For each label in turn, ... */ - for( i = 0; i < ladder_depth; i++ ) - { - /* Start deriving material from the master key (if i=0) or from - * the current intermediate key (if i>0). */ - PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) ); - PSA_CHECK( psa_key_derivation_input_key( - &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - *key ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - (uint8_t*) ladder[i], strlen( ladder[i] ) ) ); - /* When the parent key is not the master key, destroy it, - * since it is no longer needed. */ - PSA_CHECK( psa_destroy_key( *key ) ); - *key = 0; - /* Derive the next intermediate key from the parent key. */ - PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - key ) ); - PSA_CHECK( psa_key_derivation_abort( &operation ) ); - } - -exit: - psa_key_derivation_abort( &operation ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( *key ); - *key = 0; - } - return( status ); -} - -/* Derive a wrapping key from the last intermediate key. */ -static psa_status_t derive_wrapping_key( psa_key_usage_t usage, - psa_key_id_t derived_key, - psa_key_id_t *wrapping_key ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - - *wrapping_key = 0; - - /* Set up a key derivation operation from the key derived from - * the master key. */ - PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) ); - PSA_CHECK( psa_key_derivation_input_key( - &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - derived_key ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - NULL, 0 ) ); - - /* Create the wrapping key. */ - psa_set_key_usage_flags( &attributes, usage ); - psa_set_key_algorithm( &attributes, WRAPPING_ALG ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - psa_set_key_bits( &attributes, WRAPPING_KEY_BITS ); - PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - wrapping_key ) ); - -exit: - psa_key_derivation_abort( &operation ); - return( status ); -} - -static psa_status_t wrap_data( const char *input_file_name, - const char *output_file_name, - psa_key_id_t wrapping_key ) -{ - psa_status_t status; - FILE *input_file = NULL; - FILE *output_file = NULL; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - long input_position; - size_t input_size; - size_t buffer_size = 0; - unsigned char *buffer = NULL; - size_t ciphertext_size; - wrapped_data_header_t header; - - /* Find the size of the data to wrap. */ - SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL ); - SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 ); - SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 ); -#if LONG_MAX > SIZE_MAX - if( input_position > SIZE_MAX ) - { - printf( "Input file too large.\n" ); - status = DEMO_ERROR; - goto exit; - } -#endif - input_size = input_position; - PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes ) ); - key_type = psa_get_key_type( &attributes ); - buffer_size = - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, input_size ); - /* Check for integer overflow. */ - if( buffer_size < input_size ) - { - printf( "Input file too large.\n" ); - status = DEMO_ERROR; - goto exit; - } - - /* Load the data to wrap. */ - SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 ); - SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL ); - SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size ); - SYS_CHECK( fclose( input_file ) == 0 ); - input_file = NULL; - - /* Construct a header. */ - memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH ); - header.ad_size = sizeof( header ); - header.payload_size = input_size; - - /* Wrap the data. */ - PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) ); - PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG, - header.iv, WRAPPING_IV_SIZE, - (uint8_t *) &header, sizeof( header ), - buffer, input_size, - buffer, buffer_size, - &ciphertext_size ) ); - - /* Write the output. */ - SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL ); - SYS_CHECK( fwrite( &header, 1, sizeof( header ), - output_file ) == sizeof( header ) ); - SYS_CHECK( fwrite( buffer, 1, ciphertext_size, - output_file ) == ciphertext_size ); - SYS_CHECK( fclose( output_file ) == 0 ); - output_file = NULL; - -exit: - if( input_file != NULL ) - fclose( input_file ); - if( output_file != NULL ) - fclose( output_file ); - if( buffer != NULL ) - mbedtls_platform_zeroize( buffer, buffer_size ); - free( buffer ); - return( status ); -} - -static psa_status_t unwrap_data( const char *input_file_name, - const char *output_file_name, - psa_key_id_t wrapping_key ) -{ - psa_status_t status; - FILE *input_file = NULL; - FILE *output_file = NULL; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - unsigned char *buffer = NULL; - size_t ciphertext_size = 0; - size_t plaintext_size; - wrapped_data_header_t header; - unsigned char extra_byte; - - /* Load and validate the header. */ - SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL ); - SYS_CHECK( fread( &header, 1, sizeof( header ), - input_file ) == sizeof( header ) ); - if( memcmp( &header.magic, WRAPPED_DATA_MAGIC, - WRAPPED_DATA_MAGIC_LENGTH ) != 0 ) - { - printf( "The input does not start with a valid magic header.\n" ); - status = DEMO_ERROR; - goto exit; - } - if( header.ad_size != sizeof( header ) ) - { - printf( "The header size is not correct.\n" ); - status = DEMO_ERROR; - goto exit; - } - PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes) ); - key_type = psa_get_key_type( &attributes); - ciphertext_size = - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, header.payload_size ); - /* Check for integer overflow. */ - if( ciphertext_size < header.payload_size ) - { - printf( "Input file too large.\n" ); - status = DEMO_ERROR; - goto exit; - } - - /* Load the payload data. */ - SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL ); - SYS_CHECK( fread( buffer, 1, ciphertext_size, - input_file ) == ciphertext_size ); - if( fread( &extra_byte, 1, 1, input_file ) != 0 ) - { - printf( "Extra garbage after ciphertext\n" ); - status = DEMO_ERROR; - goto exit; - } - SYS_CHECK( fclose( input_file ) == 0 ); - input_file = NULL; - - /* Unwrap the data. */ - PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG, - header.iv, WRAPPING_IV_SIZE, - (uint8_t *) &header, sizeof( header ), - buffer, ciphertext_size, - buffer, ciphertext_size, - &plaintext_size ) ); - if( plaintext_size != header.payload_size ) - { - printf( "Incorrect payload size in the header.\n" ); - status = DEMO_ERROR; - goto exit; - } - - /* Write the output. */ - SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL ); - SYS_CHECK( fwrite( buffer, 1, plaintext_size, - output_file ) == plaintext_size ); - SYS_CHECK( fclose( output_file ) == 0 ); - output_file = NULL; - -exit: - if( input_file != NULL ) - fclose( input_file ); - if( output_file != NULL ) - fclose( output_file ); - if( buffer != NULL ) - mbedtls_platform_zeroize( buffer, ciphertext_size ); - free( buffer ); - return( status ); -} - -static psa_status_t run( enum program_mode mode, - const char *key_file_name, - const char *ladder[], size_t ladder_depth, - const char *input_file_name, - const char *output_file_name ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_id_t derivation_key = 0; - psa_key_id_t wrapping_key = 0; - - /* Initialize the PSA crypto library. */ - PSA_CHECK( psa_crypto_init( ) ); - - /* Generate mode is unlike the others. Generate the master key and exit. */ - if( mode == MODE_GENERATE ) - return( generate( key_file_name ) ); - - /* Read the master key. */ - PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT, - KDF_ALG, - key_file_name, - &derivation_key ) ); - - /* Calculate the derived key for this session. */ - PSA_CHECK( derive_key_ladder( ladder, ladder_depth, - &derivation_key ) ); - - switch( mode ) - { - case MODE_SAVE: - PSA_CHECK( save_key( derivation_key, output_file_name ) ); - break; - case MODE_UNWRAP: - PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT, - derivation_key, - &wrapping_key ) ); - PSA_CHECK( unwrap_data( input_file_name, output_file_name, - wrapping_key ) ); - break; - case MODE_WRAP: - PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT, - derivation_key, - &wrapping_key ) ); - PSA_CHECK( wrap_data( input_file_name, output_file_name, - wrapping_key ) ); - break; - default: - /* Unreachable but some compilers don't realize it. */ - break; - } - -exit: - /* Destroy any remaining key. Deinitializing the crypto library would do - * this anyway since they are volatile keys, but explicitly destroying - * keys makes the code easier to reuse. */ - (void) psa_destroy_key( derivation_key ); - (void) psa_destroy_key( wrapping_key ); - /* Deinitialize the PSA crypto library. */ - mbedtls_psa_crypto_free( ); - return( status ); -} - -static void usage( void ) -{ - printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" ); - printf( "Demonstrate the usage of a key derivation ladder.\n" ); - printf( "\n" ); - printf( "Modes:\n" ); - printf( " generate Generate the master key\n" ); - printf( " save Save the derived key\n" ); - printf( " unwrap Unwrap (decrypt) input with the derived key\n" ); - printf( " wrap Wrap (encrypt) input with the derived key\n" ); - printf( "\n" ); - printf( "Options:\n" ); - printf( " input=FILENAME Input file (required for wrap/unwrap)\n" ); - printf( " master=FILENAME File containing the master key (default: master.key)\n" ); - printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" ); - printf( " label=TEXT Label for the key derivation.\n" ); - printf( " This may be repeated multiple times.\n" ); - printf( " To get the same key, you must use the same master key\n" ); - printf( " and the same sequence of labels.\n" ); -} - -int main( int argc, char *argv[] ) -{ - const char *key_file_name = "master.key"; - const char *input_file_name = NULL; - const char *output_file_name = NULL; - const char *ladder[MAX_LADDER_DEPTH]; - size_t ladder_depth = 0; - int i; - enum program_mode mode; - psa_status_t status; - - if( argc <= 1 || - strcmp( argv[1], "help" ) == 0 || - strcmp( argv[1], "-help" ) == 0 || - strcmp( argv[1], "--help" ) == 0 ) - { - usage( ); - return( EXIT_SUCCESS ); - } - - for( i = 2; i < argc; i++ ) - { - char *q = strchr( argv[i], '=' ); - if( q == NULL ) - { - printf( "Missing argument to option %s\n", argv[i] ); - goto usage_failure; - } - *q = 0; - ++q; - if( strcmp( argv[i], "input" ) == 0 ) - input_file_name = q; - else if( strcmp( argv[i], "label" ) == 0 ) - { - if( ladder_depth == MAX_LADDER_DEPTH ) - { - printf( "Maximum ladder depth %u exceeded.\n", - (unsigned) MAX_LADDER_DEPTH ); - return( EXIT_FAILURE ); - } - ladder[ladder_depth] = q; - ++ladder_depth; - } - else if( strcmp( argv[i], "master" ) == 0 ) - key_file_name = q; - else if( strcmp( argv[i], "output" ) == 0 ) - output_file_name = q; - else - { - printf( "Unknown option: %s\n", argv[i] ); - goto usage_failure; - } - } - - if( strcmp( argv[1], "generate" ) == 0 ) - mode = MODE_GENERATE; - else if( strcmp( argv[1], "save" ) == 0 ) - mode = MODE_SAVE; - else if( strcmp( argv[1], "unwrap" ) == 0 ) - mode = MODE_UNWRAP; - else if( strcmp( argv[1], "wrap" ) == 0 ) - mode = MODE_WRAP; - else - { - printf( "Unknown action: %s\n", argv[1] ); - goto usage_failure; - } - - if( input_file_name == NULL && - ( mode == MODE_WRAP || mode == MODE_UNWRAP ) ) - { - printf( "Required argument missing: input\n" ); - return( DEMO_ERROR ); - } - if( output_file_name == NULL && - ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) ) - { - printf( "Required argument missing: output\n" ); - return( DEMO_ERROR ); - } - - status = run( mode, key_file_name, - ladder, ladder_depth, - input_file_name, output_file_name ); - return( status == PSA_SUCCESS ? - EXIT_SUCCESS : - EXIT_FAILURE ); - -usage_failure: - usage( ); - return( EXIT_FAILURE ); -} -#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */ |