diff options
Diffstat (limited to 'lib/mbedtls-2.27.0/programs/pkey')
24 files changed, 4663 insertions, 0 deletions
diff --git a/lib/mbedtls-2.27.0/programs/pkey/CMakeLists.txt b/lib/mbedtls-2.27.0/programs/pkey/CMakeLists.txt new file mode 100644 index 0000000..9c6fe7d --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/CMakeLists.txt @@ -0,0 +1,39 @@ +set(executables_mbedtls + dh_client + dh_server +) + +foreach(exe IN LISTS executables_mbedtls) + add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) + target_link_libraries(${exe} ${mbedtls_target}) +endforeach() + +set(executables_mbedcrypto + dh_genprime + ecdh_curve25519 + ecdsa + gen_key + key_app + key_app_writer + mpi_demo + pk_encrypt + pk_decrypt + pk_sign + pk_verify + rsa_decrypt + rsa_encrypt + rsa_genkey + rsa_sign + rsa_sign_pss + rsa_verify + rsa_verify_pss +) + +foreach(exe IN LISTS executables_mbedcrypto) + add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) + target_link_libraries(${exe} ${mbedcrypto_target}) +endforeach() + +install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} + DESTINATION "bin" + PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/lib/mbedtls-2.27.0/programs/pkey/dh_client.c b/lib/mbedtls-2.27.0/programs/pkey/dh_client.c new file mode 100644 index 0000000..d6e4990 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/dh_client.c @@ -0,0 +1,312 @@ +/* + * Diffie-Hellman-Merkle key exchange (client side) + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_time_t time_t +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_SHA1_C) +#include "mbedtls/net_sockets.h" +#include "mbedtls/aes.h" +#include "mbedtls/dhm.h" +#include "mbedtls/rsa.h" +#include "mbedtls/sha1.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <string.h> +#endif + +#define SERVER_NAME "localhost" +#define SERVER_PORT "11999" + +#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_SHA1_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " + "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( void ) +{ + FILE *f; + + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t n, buflen; + mbedtls_net_context server_fd; + + unsigned char *p, *end; + unsigned char buf[2048]; + unsigned char hash[32]; + const char *pers = "dh_client"; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_rsa_context rsa; + mbedtls_dhm_context dhm; + mbedtls_aes_context aes; + + mbedtls_net_init( &server_fd ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); + mbedtls_dhm_init( &dhm ); + mbedtls_aes_init( &aes ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + /* + * 1. Setup the RNG + */ + mbedtls_printf( "\n . Seeding the random number generator" ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + /* + * 2. Read the server's public RSA key + */ + mbedtls_printf( "\n . Reading public key from rsa_pub.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); + goto exit; + } + + rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * 3. Initiate the connection + */ + mbedtls_printf( "\n . Connecting to tcp/%s/%s", SERVER_NAME, + SERVER_PORT ); + fflush( stdout ); + + if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, + SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret ); + goto exit; + } + + /* + * 4a. First get the buffer length + */ + mbedtls_printf( "\n . Receiving the server's DH parameters" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_net_recv( &server_fd, buf, 2 ) ) != 2 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + n = buflen = ( buf[0] << 8 ) | buf[1]; + if( buflen < 1 || buflen > sizeof( buf ) ) + { + mbedtls_printf( " failed\n ! Got an invalid buffer length\n\n" ); + goto exit; + } + + /* + * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P + */ + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_net_recv( &server_fd, buf, n ) ) != (int) n ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + p = buf, end = buf + buflen; + + if( ( ret = mbedtls_dhm_read_params( &dhm, &p, end ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret ); + goto exit; + } + + if( dhm.len < 64 || dhm.len > 512 ) + { + mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); + goto exit; + } + + /* + * 5. Check that the server's RSA signature matches + * the SHA-256 hash of (P,G,Ys) + */ + mbedtls_printf( "\n . Verifying the server's RSA signature" ); + fflush( stdout ); + + p += 2; + + if( ( n = (size_t) ( end - p ) ) != rsa.len ) + { + mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret ); + goto exit; + } + + /* + * 6. Send our public value: Yc = G ^ Xc mod P + */ + mbedtls_printf( "\n . Sending own public value to server" ); + fflush( stdout ); + + n = dhm.len; + if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_net_send( &server_fd, buf, n ) ) != (int) n ) + { + mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret ); + goto exit; + } + + /* + * 7. Derive the shared secret: K = Ys ^ Xc mod P + */ + mbedtls_printf( "\n . Shared secret: " ); + fflush( stdout ); + + if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret ); + goto exit; + } + + for( n = 0; n < 16; n++ ) + mbedtls_printf( "%02x", buf[n] ); + + /* + * 8. Setup the AES-256 decryption key + * + * This is an overly simplified example; best practice is + * to hash the shared secret with a random value to derive + * the keying material for the encryption/decryption keys, + * IVs and MACs. + */ + mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" ); + fflush( stdout ); + + mbedtls_aes_setkey_dec( &aes, buf, 256 ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_net_recv( &server_fd, buf, 16 ) ) != 16 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf ); + buf[16] = '\0'; + mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_net_free( &server_fd ); + + mbedtls_aes_free( &aes ); + mbedtls_rsa_free( &rsa ); + mbedtls_dhm_free( &dhm ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && + MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/dh_genprime.c b/lib/mbedtls-2.27.0/programs/pkey/dh_genprime.c new file mode 100644 index 0000000..a481e32 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/dh_genprime.c @@ -0,0 +1,201 @@ +/* + * Diffie-Hellman-Merkle key exchange (prime generation) + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_time_t time_t +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_GENPRIME) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_GENPRIME not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/bignum.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <string.h> + +#define USAGE \ + "\n usage: dh_genprime param=<>...\n" \ + "\n acceprable parameters:\n" \ + " bits=%%d default: 2048\n" + +#define DFL_BITS 2048 + +/* + * Note: G = 4 is always a quadratic residue mod P, + * so it is a generator of order Q (with P = 2*Q+1). + */ +#define GENERATOR "4" + + +int main( int argc, char **argv ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_mpi G, P, Q; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "dh_genprime"; + FILE *fout; + int nbits = DFL_BITS; + int i; + char *p, *q; + + mbedtls_mpi_init( &G ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + + if( argc == 0 ) + { + usage: + mbedtls_printf( USAGE ); + goto exit; + } + + for( i = 1; i < argc; i++ ) + { + p = argv[i]; + if( ( q = strchr( p, '=' ) ) == NULL ) + goto usage; + *q++ = '\0'; + + if( strcmp( p, "bits" ) == 0 ) + { + nbits = atoi( q ); + if( nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS ) + goto usage; + } + else + goto usage; + } + + if( ( ret = mbedtls_mpi_read_string( &G, 10, GENERATOR ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ! Generating large primes may take minutes!\n" ); + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Generating the modulus, please wait..." ); + fflush( stdout ); + + /* + * This can take a long time... + */ + if( ( ret = mbedtls_mpi_gen_prime( &P, nbits, 1, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Verifying that Q = (P-1)/2 is prime..." ); + fflush( stdout ); + + if( ( ret = mbedtls_mpi_sub_int( &Q, &P, 1 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_mpi_div_int( &Q, NULL, &Q, 2 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_mpi_is_prime_ext( &Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Exporting the value in dh_prime.txt..." ); + fflush( stdout ); + + if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not create dh_prime.txt\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) || + ( ret = mbedtls_mpi_write_file( "G = ", &G, 16, fout ) != 0 ) ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); + fclose( fout ); + goto exit; + } + + mbedtls_printf( " ok\n\n" ); + fclose( fout ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_mpi_free( &G ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO && + MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/dh_prime.txt b/lib/mbedtls-2.27.0/programs/pkey/dh_prime.txt new file mode 100644 index 0000000..de0c281 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/dh_prime.txt @@ -0,0 +1,2 @@ +P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF +G = 02 diff --git a/lib/mbedtls-2.27.0/programs/pkey/dh_server.c b/lib/mbedtls-2.27.0/programs/pkey/dh_server.c new file mode 100644 index 0000000..dccf095 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/dh_server.c @@ -0,0 +1,335 @@ +/* + * Diffie-Hellman-Merkle key exchange (server side) + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_time_t time_t +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_SHA1_C) +#include "mbedtls/net_sockets.h" +#include "mbedtls/aes.h" +#include "mbedtls/dhm.h" +#include "mbedtls/rsa.h" +#include "mbedtls/sha1.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <string.h> +#endif + +#define SERVER_PORT "11999" +#define PLAINTEXT "==Hello there!==" + +#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ + !defined(MBEDTLS_SHA1_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " + "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( void ) +{ + FILE *f; + + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t n, buflen; + mbedtls_net_context listen_fd, client_fd; + + unsigned char buf[2048]; + unsigned char hash[32]; + unsigned char buf2[2]; + const char *pers = "dh_server"; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_rsa_context rsa; + mbedtls_dhm_context dhm; + mbedtls_aes_context aes; + + mbedtls_mpi N, P, Q, D, E; + + mbedtls_net_init( &listen_fd ); + mbedtls_net_init( &client_fd ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); + mbedtls_dhm_init( &dhm ); + mbedtls_aes_init( &aes ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + /* + * 1. Setup the RNG + */ + mbedtls_printf( "\n . Seeding the random number generator" ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + /* + * 2a. Read the server's private RSA key + */ + mbedtls_printf( "\n . Reading private key from rsa_priv.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + ret ); + fclose( f ); + goto exit; + } + fclose( f ); + + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + + /* + * 2b. Get the DHM modulus and generator + */ + mbedtls_printf( "\n . Reading DH parameters from dh_prime.txt" ); + fflush( stdout ); + + if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open dh_prime.txt\n" \ + " ! Please run dh_genprime first\n\n" ); + goto exit; + } + + if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 || + mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) + { + mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); + fclose( f ); + goto exit; + } + + fclose( f ); + + /* + * 3. Wait for a client to connect + */ + mbedtls_printf( "\n . Waiting for a remote connection" ); + fflush( stdout ); + + if( ( ret = mbedtls_net_bind( &listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd, + NULL, 0, NULL ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_accept returned %d\n\n", ret ); + goto exit; + } + + /* + * 4. Setup the DH parameters (P,G,Ys) + */ + mbedtls_printf( "\n . Sending the server's DH parameters" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + + if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret ); + goto exit; + } + + /* + * 5. Sign the parameters and send them + */ + if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); + goto exit; + } + + buf[n ] = (unsigned char)( rsa.len >> 8 ); + buf[n + 1] = (unsigned char)( rsa.len ); + + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + 0, hash, buf + n + 2 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret ); + goto exit; + } + + buflen = n + 2 + rsa.len; + buf2[0] = (unsigned char)( buflen >> 8 ); + buf2[1] = (unsigned char)( buflen ); + + if( ( ret = mbedtls_net_send( &client_fd, buf2, 2 ) ) != 2 || + ( ret = mbedtls_net_send( &client_fd, buf, buflen ) ) != (int) buflen ) + { + mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret ); + goto exit; + } + + /* + * 6. Get the client's public value: Yc = G ^ Xc mod P + */ + mbedtls_printf( "\n . Receiving the client's public value" ); + fflush( stdout ); + + memset( buf, 0, sizeof( buf ) ); + + n = dhm.len; + if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n ) + { + mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret ); + goto exit; + } + + /* + * 7. Derive the shared secret: K = Ys ^ Xc mod P + */ + mbedtls_printf( "\n . Shared secret: " ); + fflush( stdout ); + + if( ( ret = mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &n, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret ); + goto exit; + } + + for( n = 0; n < 16; n++ ) + mbedtls_printf( "%02x", buf[n] ); + + /* + * 8. Setup the AES-256 encryption key + * + * This is an overly simplified example; best practice is + * to hash the shared secret with a random value to derive + * the keying material for the encryption/decryption keys + * and MACs. + */ + mbedtls_printf( "...\n . Encrypting and sending the ciphertext" ); + fflush( stdout ); + + mbedtls_aes_setkey_enc( &aes, buf, 256 ); + memcpy( buf, PLAINTEXT, 16 ); + mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf ); + + if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 ) + { + mbedtls_printf( " failed\n ! mbedtls_net_send returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( "\n\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + + mbedtls_net_free( &client_fd ); + mbedtls_net_free( &listen_fd ); + + mbedtls_aes_free( &aes ); + mbedtls_rsa_free( &rsa ); + mbedtls_dhm_free( &dhm ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C && + MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/ecdh_curve25519.c b/lib/mbedtls-2.27.0/programs/pkey/ecdh_curve25519.c new file mode 100644 index 0000000..67f1363 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/ecdh_curve25519.c @@ -0,0 +1,242 @@ +/* + * Example ECDHE with Curve25519 program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDH_LEGACY_CONTEXT) || \ + !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf( "MBEDTLS_ECDH_C and/or MBEDTLS_ECDH_LEGACY_CONTEXT and/or " + "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C " + "not defined\n" ); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/ecdh.h" + + +int main( int argc, char *argv[] ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_ecdh_context ctx_cli, ctx_srv; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char cli_to_srv[32], srv_to_cli[32]; + const char pers[] = "ecdh"; + ((void) argc); + ((void) argv); + + mbedtls_ecdh_init( &ctx_cli ); + mbedtls_ecdh_init( &ctx_srv ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + /* + * Initialize random number generation + */ + mbedtls_printf( " . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + sizeof pers ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * Client: initialize context and generate keypair + */ + mbedtls_printf( " . Setting up client context..." ); + fflush( stdout ); + + ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, + mbedtls_ctr_drbg_random, &ctr_drbg ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdh_gen_public returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * Server: initialize context and generate keypair + */ + mbedtls_printf( " . Setting up server context..." ); + fflush( stdout ); + + ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q, + mbedtls_ctr_drbg_random, &ctr_drbg ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdh_gen_public returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * Server: read peer's key and generate shared secret + */ + mbedtls_printf( " . Server reading client key and computing secret..." ); + fflush( stdout ); + + ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z, + &ctx_srv.Qp, &ctx_srv.d, + mbedtls_ctr_drbg_random, &ctr_drbg ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * Client: read peer's key and generate shared secret + */ + mbedtls_printf( " . Client reading server key and computing secret..." ); + fflush( stdout ); + + ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret ); + goto exit; + } + + ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z, + &ctx_cli.Qp, &ctx_cli.d, + mbedtls_ctr_drbg_random, &ctr_drbg ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * Verification: are the computed secrets equal? + */ + mbedtls_printf( " . Checking if both computed secrets are equal..." ); + fflush( stdout ); + + ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_ecdh_free( &ctx_srv ); + mbedtls_ecdh_free( &ctx_cli ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/ecdsa.c b/lib/mbedtls-2.27.0/programs/pkey/ecdsa.c new file mode 100644 index 0000000..1bbf826 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/ecdsa.c @@ -0,0 +1,252 @@ +/* + * Example ECDSA program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_ECDSA_C) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/ecdsa.h" +#include "mbedtls/sha256.h" + +#include <string.h> +#endif + +/* + * Uncomment to show key and signature details + */ +#define VERBOSE + +/* + * Uncomment to force use of a specific curve + */ +#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 + +#if !defined(ECPARAMS) +#define ECPARAMS mbedtls_ecp_curve_list()->grp_id +#endif + +#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n"); + mbedtls_exit( 0 ); +} +#else +#if defined(VERBOSE) +static void dump_buf( const char *title, unsigned char *buf, size_t len ) +{ + size_t i; + + mbedtls_printf( "%s", title ); + for( i = 0; i < len; i++ ) + mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16], + "0123456789ABCDEF" [buf[i] % 16] ); + mbedtls_printf( "\n" ); +} + +static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) +{ + unsigned char buf[300]; + size_t len; + + if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 ) + { + mbedtls_printf("internal error\n"); + return; + } + + dump_buf( title, buf, len ); +} +#else +#define dump_buf( a, b, c ) +#define dump_pubkey( a, b ) +#endif + + +int main( int argc, char *argv[] ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_ecdsa_context ctx_sign, ctx_verify; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char message[100]; + unsigned char hash[32]; + unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; + size_t sig_len; + const char *pers = "ecdsa"; + ((void) argv); + + mbedtls_ecdsa_init( &ctx_sign ); + mbedtls_ecdsa_init( &ctx_verify ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + memset( sig, 0, sizeof( sig ) ); + memset( message, 0x25, sizeof( message ) ); + + if( argc != 1 ) + { + mbedtls_printf( "usage: ecdsa\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + /* + * Generate a key pair for signing + */ + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Generating key pair..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ecdsa_genkey( &ctx_sign, ECPARAMS, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits ); + + dump_pubkey( " + Public key: ", &ctx_sign ); + + /* + * Compute message hash + */ + mbedtls_printf( " . Computing message hash..." ); + fflush( stdout ); + + if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + dump_buf( " + Hash: ", hash, sizeof( hash ) ); + + /* + * Sign message hash + */ + mbedtls_printf( " . Signing message hash..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256, + hash, sizeof( hash ), + sig, &sig_len, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret ); + goto exit; + } + mbedtls_printf( " ok (signature length = %u)\n", (unsigned int) sig_len ); + + dump_buf( " + Signature: ", sig, sig_len ); + + /* + * Transfer public information to verifying context + * + * We could use the same context for verification and signatures, but we + * chose to use a new one in order to make it clear that the verifying + * context only needs the public key (Q), and not the private key (d). + */ + mbedtls_printf( " . Preparing verification context..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret ); + goto exit; + } + + if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret ); + goto exit; + } + + /* + * Verify signature + */ + mbedtls_printf( " ok\n . Verifying signature..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ecdsa_read_signature( &ctx_verify, + hash, sizeof( hash ), + sig, sig_len ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_ecdsa_free( &ctx_verify ); + mbedtls_ecdsa_free( &ctx_sign ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && + ECPARAMS */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/gen_key.c b/lib/mbedtls-2.27.0/programs/pkey/gen_key.c new file mode 100644 index 0000000..63cc11e --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/gen_key.c @@ -0,0 +1,450 @@ +/* + * Key generation application + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/error.h" +#include "mbedtls/pk.h" +#include "mbedtls/ecdsa.h" +#include "mbedtls/rsa.h" +#include "mbedtls/error.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#if !defined(_WIN32) +#include <unistd.h> + +#define DEV_RANDOM_THRESHOLD 32 + +int dev_random_entropy_poll( void *data, unsigned char *output, + size_t len, size_t *olen ) +{ + FILE *file; + size_t ret, left = len; + unsigned char *p = output; + ((void) data); + + *olen = 0; + + file = fopen( "/dev/random", "rb" ); + if( file == NULL ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + + while( left > 0 ) + { + /* /dev/random can return much less than requested. If so, try again */ + ret = fread( p, 1, left, file ); + if( ret == 0 && ferror( file ) ) + { + fclose( file ); + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + } + + p += ret; + left -= ret; + sleep( 1 ); + } + fclose( file ); + *olen = len; + + return( 0 ); +} +#endif /* !_WIN32 */ +#endif + +#if defined(MBEDTLS_ECP_C) +#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id +#else +#define DFL_EC_CURVE 0 +#endif + +#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) +#define USAGE_DEV_RANDOM \ + " use_dev_random=0|1 default: 0\n" +#else +#define USAGE_DEV_RANDOM "" +#endif /* !_WIN32 && MBEDTLS_FS_IO */ + +#define FORMAT_PEM 0 +#define FORMAT_DER 1 + +#define DFL_TYPE MBEDTLS_PK_RSA +#define DFL_RSA_KEYSIZE 4096 +#define DFL_FILENAME "keyfile.key" +#define DFL_FORMAT FORMAT_PEM +#define DFL_USE_DEV_RANDOM 0 + +#define USAGE \ + "\n usage: gen_key param=<>...\n" \ + "\n acceptable parameters:\n" \ + " type=rsa|ec default: rsa\n" \ + " rsa_keysize=%%d default: 4096\n" \ + " ec_curve=%%s see below\n" \ + " filename=%%s default: keyfile.key\n" \ + " format=pem|der default: pem\n" \ + USAGE_DEV_RANDOM \ + "\n" + +#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf( "MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_PEM_WRITE_C" + "not defined.\n" ); + mbedtls_exit( 0 ); +} +#else + + +/* + * global options + */ +struct options +{ + int type; /* the type of key to generate */ + int rsa_keysize; /* length of key in bits */ + int ec_curve; /* curve identifier for EC keys */ + const char *filename; /* filename of the key file */ + int format; /* the output format to use */ + int use_dev_random; /* use /dev/random as entropy source */ +} opt; + +static int write_private_key( mbedtls_pk_context *key, const char *output_file ) +{ + int ret; + FILE *f; + unsigned char output_buf[16000]; + unsigned char *c = output_buf; + size_t len = 0; + + memset(output_buf, 0, 16000); + if( opt.format == FORMAT_PEM ) + { + if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 ) + return( ret ); + + len = strlen( (char *) output_buf ); + } + else + { + if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 ) + return( ret ); + + len = ret; + c = output_buf + sizeof(output_buf) - len; + } + + if( ( f = fopen( output_file, "wb" ) ) == NULL ) + return( -1 ); + + if( fwrite( c, 1, len, f ) != len ) + { + fclose( f ); + return( -1 ); + } + + fclose( f ); + + return( 0 ); +} + +int main( int argc, char *argv[] ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_pk_context key; + char buf[1024]; + int i; + char *p, *q; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "gen_key"; +#if defined(MBEDTLS_ECP_C) + const mbedtls_ecp_curve_info *curve_info; +#endif + + /* + * Set to sane values + */ + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + + mbedtls_pk_init( &key ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + memset( buf, 0, sizeof( buf ) ); + + if( argc == 0 ) + { + usage: + mbedtls_printf( USAGE ); +#if defined(MBEDTLS_ECP_C) + mbedtls_printf( " available ec_curve values:\n" ); + curve_info = mbedtls_ecp_curve_list(); + mbedtls_printf( " %s (default)\n", curve_info->name ); + while( ( ++curve_info )->name != NULL ) + mbedtls_printf( " %s\n", curve_info->name ); +#endif /* MBEDTLS_ECP_C */ + goto exit; + } + + opt.type = DFL_TYPE; + opt.rsa_keysize = DFL_RSA_KEYSIZE; + opt.ec_curve = DFL_EC_CURVE; + opt.filename = DFL_FILENAME; + opt.format = DFL_FORMAT; + opt.use_dev_random = DFL_USE_DEV_RANDOM; + + for( i = 1; i < argc; i++ ) + { + p = argv[i]; + if( ( q = strchr( p, '=' ) ) == NULL ) + goto usage; + *q++ = '\0'; + + if( strcmp( p, "type" ) == 0 ) + { + if( strcmp( q, "rsa" ) == 0 ) + opt.type = MBEDTLS_PK_RSA; + else if( strcmp( q, "ec" ) == 0 ) + opt.type = MBEDTLS_PK_ECKEY; + else + goto usage; + } + else if( strcmp( p, "format" ) == 0 ) + { + if( strcmp( q, "pem" ) == 0 ) + opt.format = FORMAT_PEM; + else if( strcmp( q, "der" ) == 0 ) + opt.format = FORMAT_DER; + else + goto usage; + } + else if( strcmp( p, "rsa_keysize" ) == 0 ) + { + opt.rsa_keysize = atoi( q ); + if( opt.rsa_keysize < 1024 || + opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS ) + goto usage; + } +#if defined(MBEDTLS_ECP_C) + else if( strcmp( p, "ec_curve" ) == 0 ) + { + if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL ) + goto usage; + opt.ec_curve = curve_info->grp_id; + } +#endif + else if( strcmp( p, "filename" ) == 0 ) + opt.filename = q; + else if( strcmp( p, "use_dev_random" ) == 0 ) + { + opt.use_dev_random = atoi( q ); + if( opt.use_dev_random < 0 || opt.use_dev_random > 1 ) + goto usage; + } + else + goto usage; + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); +#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) + if( opt.use_dev_random ) + { + if( ( ret = mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll, + NULL, DEV_RANDOM_THRESHOLD, + MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf("\n Using /dev/random, so can take a long time! " ); + fflush( stdout ); + } +#endif /* !_WIN32 && MBEDTLS_FS_IO */ + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + /* + * 1.1. Generate the key + */ + mbedtls_printf( "\n . Generating the private key ..." ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_setup( &key, + mbedtls_pk_info_from_type( (mbedtls_pk_type_t) opt.type ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret ); + goto exit; + } + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) + if( opt.type == MBEDTLS_PK_RSA ) + { + ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg, + opt.rsa_keysize, 65537 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", (unsigned int) -ret ); + goto exit; + } + } + else +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_C) + if( opt.type == MBEDTLS_PK_ECKEY ) + { + ret = mbedtls_ecp_gen_key( (mbedtls_ecp_group_id) opt.ec_curve, + mbedtls_pk_ec( key ), + mbedtls_ctr_drbg_random, &ctr_drbg ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ecp_gen_key returned -0x%04x", (unsigned int) -ret ); + goto exit; + } + } + else +#endif /* MBEDTLS_ECP_C */ + { + mbedtls_printf( " failed\n ! key type not supported\n" ); + goto exit; + } + + /* + * 1.2 Print the key + */ + mbedtls_printf( " ok\n . Key information:\n" ); + +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) + { + mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); + } + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) + { + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); + mbedtls_printf( "curve: %s\n", + mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name ); + mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL ); + mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL ); + } + else +#endif + mbedtls_printf(" ! key type not supported\n"); + + /* + * 1.3 Export key + */ + mbedtls_printf( " . Writing key to file..." ); + + if( ( ret = write_private_key( &key, opt.filename ) ) != 0 ) + { + mbedtls_printf( " failed\n" ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { +#ifdef MBEDTLS_ERROR_C + mbedtls_strerror( ret, buf, sizeof( buf ) ); + mbedtls_printf( " - %s\n", buf ); +#else + mbedtls_printf("\n"); +#endif + } + + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + + mbedtls_pk_free( &key ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && + * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/key_app.c b/lib/mbedtls-2.27.0/programs/pkey/key_app.c new file mode 100644 index 0000000..7f39e5c --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/key_app.c @@ -0,0 +1,314 @@ +/* + * Key reading application + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && \ + defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) +#include "mbedtls/error.h" +#include "mbedtls/rsa.h" +#include "mbedtls/pk.h" + +#include <string.h> +#endif + +#define MODE_NONE 0 +#define MODE_PRIVATE 1 +#define MODE_PUBLIC 2 + +#define DFL_MODE MODE_NONE +#define DFL_FILENAME "keyfile.key" +#define DFL_PASSWORD "" +#define DFL_PASSWORD_FILE "" +#define DFL_DEBUG_LEVEL 0 + +#define USAGE \ + "\n usage: key_app param=<>...\n" \ + "\n acceptable parameters:\n" \ + " mode=private|public default: none\n" \ + " filename=%%s default: keyfile.key\n" \ + " password=%%s default: \"\"\n" \ + " password_file=%%s default: \"\"\n" \ + "\n" + +#if !defined(MBEDTLS_BIGNUM_C) || \ + !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or " + "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +/* + * global options + */ +struct options +{ + int mode; /* the mode to run the application in */ + const char *filename; /* filename of the key file */ + const char *password; /* password for the private key */ + const char *password_file; /* password_file for the private key */ +} opt; + +int main( int argc, char *argv[] ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + char buf[1024]; + int i; + char *p, *q; + + mbedtls_pk_context pk; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + + /* + * Set to sane values + */ + mbedtls_pk_init( &pk ); + memset( buf, 0, sizeof(buf) ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + + if( argc == 0 ) + { + usage: + mbedtls_printf( USAGE ); + goto cleanup; + } + + opt.mode = DFL_MODE; + opt.filename = DFL_FILENAME; + opt.password = DFL_PASSWORD; + opt.password_file = DFL_PASSWORD_FILE; + + for( i = 1; i < argc; i++ ) + { + p = argv[i]; + if( ( q = strchr( p, '=' ) ) == NULL ) + goto usage; + *q++ = '\0'; + + if( strcmp( p, "mode" ) == 0 ) + { + if( strcmp( q, "private" ) == 0 ) + opt.mode = MODE_PRIVATE; + else if( strcmp( q, "public" ) == 0 ) + opt.mode = MODE_PUBLIC; + else + goto usage; + } + else if( strcmp( p, "filename" ) == 0 ) + opt.filename = q; + else if( strcmp( p, "password" ) == 0 ) + opt.password = q; + else if( strcmp( p, "password_file" ) == 0 ) + opt.password_file = q; + else + goto usage; + } + + if( opt.mode == MODE_PRIVATE ) + { + if( strlen( opt.password ) && strlen( opt.password_file ) ) + { + mbedtls_printf( "Error: cannot have both password and password_file\n" ); + goto usage; + } + + if( strlen( opt.password_file ) ) + { + FILE *f; + + mbedtls_printf( "\n . Loading the password file ..." ); + if( ( f = fopen( opt.password_file, "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! fopen returned NULL\n" ); + goto cleanup; + } + if( fgets( buf, sizeof(buf), f ) == NULL ) + { + fclose( f ); + mbedtls_printf( "Error: fgets() failed to retrieve password\n" ); + goto cleanup; + } + fclose( f ); + + i = (int) strlen( buf ); + if( buf[i - 1] == '\n' ) buf[i - 1] = '\0'; + if( buf[i - 2] == '\r' ) buf[i - 2] = '\0'; + opt.password = buf; + } + + /* + * 1.1. Load the key + */ + mbedtls_printf( "\n . Loading the private key ..." ); + fflush( stdout ); + + ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password ); + + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); + goto cleanup; + } + + mbedtls_printf( " ok\n" ); + + /* + * 1.2 Print the key + */ + mbedtls_printf( " . Key information ...\n" ); +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) + { + mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D: ", &D, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P: ", &P, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ) ); + } + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) + { + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) ); + } + else +#endif + { + mbedtls_printf("Do not know how to print key information for this type\n" ); + goto cleanup; + } + } + else if( opt.mode == MODE_PUBLIC ) + { + /* + * 1.1. Load the key + */ + mbedtls_printf( "\n . Loading the public key ..." ); + fflush( stdout ); + + ret = mbedtls_pk_parse_public_keyfile( &pk, opt.filename ); + + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret ); + goto cleanup; + } + + mbedtls_printf( " ok\n" ); + + mbedtls_printf( " . Key information ...\n" ); +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) + { + mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk ); + + if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL, + NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) ); + } + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) + { + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) ); + } + else +#endif + { + mbedtls_printf("Do not know how to print key information for this type\n" ); + goto cleanup; + } + } + else + goto usage; + + exit_code = MBEDTLS_EXIT_SUCCESS; + +cleanup: + +#if defined(MBEDTLS_ERROR_C) + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { + mbedtls_strerror( ret, buf, sizeof( buf ) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } +#endif + + mbedtls_pk_free( &pk ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/key_app_writer.c b/lib/mbedtls-2.27.0/programs/pkey/key_app_writer.c new file mode 100644 index 0000000..6a4d0e4 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/key_app_writer.c @@ -0,0 +1,439 @@ +/* + * Key writing application + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) +#include "mbedtls/error.h" +#include "mbedtls/pk.h" +#include "mbedtls/error.h" + +#include <stdio.h> +#include <string.h> +#endif + +#if defined(MBEDTLS_PEM_WRITE_C) +#define USAGE_OUT \ + " output_file=%%s default: keyfile.pem\n" \ + " output_format=pem|der default: pem\n" +#else +#define USAGE_OUT \ + " output_file=%%s default: keyfile.der\n" \ + " output_format=der default: der\n" +#endif + +#if defined(MBEDTLS_PEM_WRITE_C) +#define DFL_OUTPUT_FILENAME "keyfile.pem" +#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM +#else +#define DFL_OUTPUT_FILENAME "keyfile.der" +#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER +#endif + +#define DFL_MODE MODE_NONE +#define DFL_FILENAME "keyfile.key" +#define DFL_DEBUG_LEVEL 0 +#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE + +#define MODE_NONE 0 +#define MODE_PRIVATE 1 +#define MODE_PUBLIC 2 + +#define OUTPUT_MODE_NONE 0 +#define OUTPUT_MODE_PRIVATE 1 +#define OUTPUT_MODE_PUBLIC 2 + +#define OUTPUT_FORMAT_PEM 0 +#define OUTPUT_FORMAT_DER 1 + +#define USAGE \ + "\n usage: key_app_writer param=<>...\n" \ + "\n acceptable parameters:\n" \ + " mode=private|public default: none\n" \ + " filename=%%s default: keyfile.key\n" \ + " output_mode=private|public default: none\n" \ + USAGE_OUT \ + "\n" + +#if !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_PK_WRITE_C) || \ + !defined(MBEDTLS_FS_IO) +int main( void ) +{ + mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); + mbedtls_exit( 0 ); +} +#else + + +/* + * global options + */ +struct options +{ + int mode; /* the mode to run the application in */ + const char *filename; /* filename of the key file */ + int output_mode; /* the output mode to use */ + const char *output_file; /* where to store the constructed key file */ + int output_format; /* the output format to use */ +} opt; + +static int write_public_key( mbedtls_pk_context *key, const char *output_file ) +{ + int ret; + FILE *f; + unsigned char output_buf[16000]; + unsigned char *c = output_buf; + size_t len = 0; + + memset(output_buf, 0, 16000); + +#if defined(MBEDTLS_PEM_WRITE_C) + if( opt.output_format == OUTPUT_FORMAT_PEM ) + { + if( ( ret = mbedtls_pk_write_pubkey_pem( key, output_buf, 16000 ) ) != 0 ) + return( ret ); + + len = strlen( (char *) output_buf ); + } + else +#endif + { + if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, 16000 ) ) < 0 ) + return( ret ); + + len = ret; + c = output_buf + sizeof(output_buf) - len; + } + + if( ( f = fopen( output_file, "w" ) ) == NULL ) + return( -1 ); + + if( fwrite( c, 1, len, f ) != len ) + { + fclose( f ); + return( -1 ); + } + + fclose( f ); + + return( 0 ); +} + +static int write_private_key( mbedtls_pk_context *key, const char *output_file ) +{ + int ret; + FILE *f; + unsigned char output_buf[16000]; + unsigned char *c = output_buf; + size_t len = 0; + + memset(output_buf, 0, 16000); + +#if defined(MBEDTLS_PEM_WRITE_C) + if( opt.output_format == OUTPUT_FORMAT_PEM ) + { + if( ( ret = mbedtls_pk_write_key_pem( key, output_buf, 16000 ) ) != 0 ) + return( ret ); + + len = strlen( (char *) output_buf ); + } + else +#endif + { + if( ( ret = mbedtls_pk_write_key_der( key, output_buf, 16000 ) ) < 0 ) + return( ret ); + + len = ret; + c = output_buf + sizeof(output_buf) - len; + } + + if( ( f = fopen( output_file, "w" ) ) == NULL ) + return( -1 ); + + if( fwrite( c, 1, len, f ) != len ) + { + fclose( f ); + return( -1 ); + } + + fclose( f ); + + return( 0 ); +} + +int main( int argc, char *argv[] ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + char buf[1024]; + int i; + char *p, *q; + + mbedtls_pk_context key; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + + /* + * Set to sane values + */ + mbedtls_pk_init( &key ); + memset( buf, 0, sizeof( buf ) ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + + if( argc == 0 ) + { + usage: + mbedtls_printf( USAGE ); + goto exit; + } + + opt.mode = DFL_MODE; + opt.filename = DFL_FILENAME; + opt.output_mode = DFL_OUTPUT_MODE; + opt.output_file = DFL_OUTPUT_FILENAME; + opt.output_format = DFL_OUTPUT_FORMAT; + + for( i = 1; i < argc; i++ ) + { + p = argv[i]; + if( ( q = strchr( p, '=' ) ) == NULL ) + goto usage; + *q++ = '\0'; + + if( strcmp( p, "mode" ) == 0 ) + { + if( strcmp( q, "private" ) == 0 ) + opt.mode = MODE_PRIVATE; + else if( strcmp( q, "public" ) == 0 ) + opt.mode = MODE_PUBLIC; + else + goto usage; + } + else if( strcmp( p, "output_mode" ) == 0 ) + { + if( strcmp( q, "private" ) == 0 ) + opt.output_mode = OUTPUT_MODE_PRIVATE; + else if( strcmp( q, "public" ) == 0 ) + opt.output_mode = OUTPUT_MODE_PUBLIC; + else + goto usage; + } + else if( strcmp( p, "output_format" ) == 0 ) + { +#if defined(MBEDTLS_PEM_WRITE_C) + if( strcmp( q, "pem" ) == 0 ) + opt.output_format = OUTPUT_FORMAT_PEM; + else +#endif + if( strcmp( q, "der" ) == 0 ) + opt.output_format = OUTPUT_FORMAT_DER; + else + goto usage; + } + else if( strcmp( p, "filename" ) == 0 ) + opt.filename = q; + else if( strcmp( p, "output_file" ) == 0 ) + opt.output_file = q; + else + goto usage; + } + + if( opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE ) + { + mbedtls_printf( "\nCannot output a key without reading one.\n"); + goto exit; + } + + if( opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE ) + { + mbedtls_printf( "\nCannot output a private key from a public key.\n"); + goto exit; + } + + if( opt.mode == MODE_PRIVATE ) + { + /* + * 1.1. Load the key + */ + mbedtls_printf( "\n . Loading the private key ..." ); + fflush( stdout ); + + ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL ); + + if( ret != 0 ) + { + mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 1.2 Print the key + */ + mbedtls_printf( " . Key information ...\n" ); + +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) + { + mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); + } + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) + { + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); + mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ); + mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ); + mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ); + mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ); + } + else +#endif + mbedtls_printf("key type not supported yet\n"); + + } + else if( opt.mode == MODE_PUBLIC ) + { + /* + * 1.1. Load the key + */ + mbedtls_printf( "\n . Loading the public key ..." ); + fflush( stdout ); + + ret = mbedtls_pk_parse_public_keyfile( &key, opt.filename ); + + if( ret != 0 ) + { + mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 1.2 Print the key + */ + mbedtls_printf( " . Key information ...\n" ); + +#if defined(MBEDTLS_RSA_C) + if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) + { + mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); + + if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL, + NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + } + else +#endif +#if defined(MBEDTLS_ECP_C) + if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) + { + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); + mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ); + mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ); + mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ); + } + else +#endif + mbedtls_printf("key type not supported yet\n"); + } + else + goto usage; + + if( opt.output_mode == OUTPUT_MODE_PUBLIC ) + { + write_public_key( &key, opt.output_file ); + } + if( opt.output_mode == OUTPUT_MODE_PRIVATE ) + { + write_private_key( &key, opt.output_file ); + } + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { +#ifdef MBEDTLS_ERROR_C + mbedtls_strerror( ret, buf, sizeof( buf ) ); + mbedtls_printf( " - %s\n", buf ); +#else + mbedtls_printf("\n"); +#endif + } + + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + + mbedtls_pk_free( &key ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/mpi_demo.c b/lib/mbedtls-2.27.0/programs/pkey/mpi_demo.c new file mode 100644 index 0000000..8245d01 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/mpi_demo.c @@ -0,0 +1,115 @@ +/* + * Simple MPI demonstration program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO) +#include "mbedtls/bignum.h" + +#include <stdio.h> +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( void ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_mpi E, P, Q, N, H, D, X, Y, Z; + + mbedtls_mpi_init( &E ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &H ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); + mbedtls_mpi_init( &Z ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P, 10, "2789" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Q, 10, "3203" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 10, "257" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &N, &P, &Q ) ); + + mbedtls_printf( "\n Public key:\n\n" ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " N = ", &N, 10, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " E = ", &E, 10, NULL ) ); + + mbedtls_printf( "\n Private key:\n\n" ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " P = ", &P, 10, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Q = ", &Q, 10, NULL ) ); + +#if defined(MBEDTLS_GENPRIME) + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P, &P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q, &Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P, &Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &D, &E, &H ) ); + + mbedtls_mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ", + &D, 10, NULL ); +#else + mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n"); +#endif + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &X, 10, "55555" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Y, &X, &E, &N, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &Z, &Y, &D, &N, NULL ) ); + + mbedtls_printf( "\n RSA operation:\n\n" ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " X (plaintext) = ", &X, 10, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL ) ); + mbedtls_printf( "\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +cleanup: + mbedtls_mpi_free( &E ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &H ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); + mbedtls_mpi_free( &Z ); + + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { + mbedtls_printf( "\nAn error occurred.\n" ); + } + +#if defined(_WIN32) + mbedtls_printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/pk_decrypt.c b/lib/mbedtls-2.27.0/programs/pkey/pk_decrypt.c new file mode 100644 index 0000000..810d6fb --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/pk_decrypt.c @@ -0,0 +1,176 @@ +/* + * Public key-based simple decryption program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/error.h" +#include "mbedtls/pk.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <string.h> +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + unsigned c; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i, olen = 0; + mbedtls_pk_context pk; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char result[1024]; + unsigned char buf[512]; + const char *pers = "mbedtls_pk_decrypt"; + ((void) argv); + + mbedtls_pk_init( &pk ); + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + memset(result, 0, sizeof( result ) ); + + if( argc != 2 ) + { + mbedtls_printf( "usage: mbedtls_pk_decrypt <key_file>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", + (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + /* + * Extract the RSA encrypted value from the text file + */ + if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); + ret = 1; + goto exit; + } + + i = 0; + while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 && + i < (int) sizeof( buf ) ) + { + buf[i++] = (unsigned char) c; + } + + fclose( f ); + + /* + * Decrypt the encrypted RSA data and print the result. + */ + mbedtls_printf( "\n . Decrypting the encrypted data" ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_decrypt( &pk, buf, i, result, &olen, sizeof(result), + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_decrypt returned -0x%04x\n", + (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( "\n . OK\n\n" ); + + mbedtls_printf( "The decrypted result is: '%s'\n\n", result ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_pk_free( &pk ); + mbedtls_entropy_free( &entropy ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + +#if defined(MBEDTLS_ERROR_C) + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { + mbedtls_strerror( ret, (char *) buf, sizeof( buf ) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } +#endif + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/pk_encrypt.c b/lib/mbedtls-2.27.0/programs/pkey/pk_encrypt.c new file mode 100644 index 0000000..e629dc1 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/pk_encrypt.c @@ -0,0 +1,180 @@ +/* + * RSA simple data encryption program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ + defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/error.h" +#include "mbedtls/pk.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <stdio.h> +#include <string.h> +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i, olen = 0; + mbedtls_pk_context pk; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char input[1024]; + unsigned char buf[512]; + const char *pers = "mbedtls_pk_encrypt"; + + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + mbedtls_pk_init( &pk ); + + if( argc != 3 ) + { + mbedtls_printf( "usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", + (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( "\n . Reading public key from '%s'", argv[1] ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + if( strlen( argv[2] ) > 100 ) + { + mbedtls_printf( " Input data larger than 100 characters.\n\n" ); + goto exit; + } + + memcpy( input, argv[2], strlen( argv[2] ) ); + + /* + * Calculate the RSA encryption of the hash. + */ + mbedtls_printf( "\n . Generating the encrypted value" ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_encrypt( &pk, input, strlen( argv[2] ), + buf, &olen, sizeof(buf), + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_encrypt returned -0x%04x\n", + (unsigned int) -ret ); + goto exit; + } + + /* + * Write the signature into result-enc.txt + */ + if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not create %s\n\n", + "result-enc.txt" ); + ret = 1; + goto exit; + } + + for( i = 0; i < olen; i++ ) + { + mbedtls_fprintf( f, "%02X%s", buf[i], + ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); + } + + fclose( f ); + + mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_pk_free( &pk ); + mbedtls_entropy_free( &entropy ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + +#if defined(MBEDTLS_ERROR_C) + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { + mbedtls_strerror( ret, (char *) buf, sizeof( buf ) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } +#endif + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C && + MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/pk_sign.c b/lib/mbedtls-2.27.0/programs/pkey/pk_sign.c new file mode 100644 index 0000000..451e3de --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/pk_sign.c @@ -0,0 +1,178 @@ +/* + * Public key-based signature creation program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_snprintf snprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " + "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/error.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/md.h" +#include "mbedtls/pk.h" + +#include <stdio.h> +#include <string.h> + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_pk_context pk; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char hash[32]; + unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; + char filename[512]; + const char *pers = "mbedtls_pk_sign"; + size_t olen = 0; + + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_pk_init( &pk ); + + if( argc != 3 ) + { + mbedtls_printf( "usage: mbedtls_pk_sign <key_file> <filename>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); + goto exit; + } + + /* + * Compute the SHA-256 hash of the input file, + * then calculate the signature of the hash. + */ + mbedtls_printf( "\n . Generating the SHA-256 signature" ); + fflush( stdout ); + + if( ( ret = mbedtls_md_file( + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), + argv[2], hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); + goto exit; + } + + if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + /* + * Write the signature into <filename>.sig + */ + mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); + + if( ( f = fopen( filename, "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); + goto exit; + } + + if( fwrite( buf, 1, olen, f ) != olen ) + { + mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); + goto exit; + } + + fclose( f ); + + mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_pk_free( &pk ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(MBEDTLS_ERROR_C) + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { + mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } +#endif + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && + MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && + MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/pk_verify.c b/lib/mbedtls-2.27.0/programs/pkey/pk_verify.c new file mode 100644 index 0000000..ee72243 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/pk_verify.c @@ -0,0 +1,151 @@ +/* + * Public key-based signature verification program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_snprintf snprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_PK_PARSE_C) || \ + !defined(MBEDTLS_FS_IO) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_PK_PARSE_C and/or " + "MBEDTLS_FS_IO not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/error.h" +#include "mbedtls/md.h" +#include "mbedtls/pk.h" + +#include <stdio.h> +#include <string.h> + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i; + mbedtls_pk_context pk; + unsigned char hash[32]; + unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; + char filename[512]; + + mbedtls_pk_init( &pk ); + + if( argc != 3 ) + { + mbedtls_printf( "usage: mbedtls_pk_verify <key_file> <filename>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Reading public key from '%s'", argv[1] ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + /* + * Extract the signature from the file + */ + mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + mbedtls_printf( "\n ! Could not open %s\n\n", filename ); + goto exit; + } + + i = fread( buf, 1, sizeof(buf), f ); + + fclose( f ); + + /* + * Compute the SHA-256 hash of the input file and + * verify the signature + */ + mbedtls_printf( "\n . Verifying the SHA-256 signature" ); + fflush( stdout ); + + if( ( ret = mbedtls_md_file( + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), + argv[2], hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); + goto exit; + } + + if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0, + buf, i ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( "\n . OK (the signature is valid)\n\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_pk_free( &pk ); + +#if defined(MBEDTLS_ERROR_C) + if( exit_code != MBEDTLS_EXIT_SUCCESS ) + { + mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } +#endif + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_SHA256_C && + MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_decrypt.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_decrypt.c new file mode 100644 index 0000000..01bf3a6 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_decrypt.c @@ -0,0 +1,210 @@ +/* + * RSA simple decryption program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/rsa.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <string.h> + +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + unsigned c; + size_t i; + mbedtls_rsa_context rsa; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char result[1024]; + unsigned char buf[512]; + const char *pers = "rsa_decrypt"; + ((void) argv); + + memset(result, 0, sizeof( result ) ); + + if( argc != 1 ) + { + mbedtls_printf( "usage: rsa_decrypt\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + mbedtls_exit( exit_code ); + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + + ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + ret ); + goto exit; + } + + mbedtls_printf( "\n . Reading private key from rsa_priv.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + ret ); + fclose( f ); + goto exit; + } + fclose( f ); + + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + + /* + * Extract the RSA encrypted value from the text file + */ + if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); + goto exit; + } + + i = 0; + + while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 && + i < (int) sizeof( buf ) ) + buf[i++] = (unsigned char) c; + + fclose( f ); + + if( i != rsa.len ) + { + mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); + goto exit; + } + + /* + * Decrypt the encrypted RSA data and print the result. + */ + mbedtls_printf( "\n . Decrypting the encrypted data" ); + fflush( stdout ); + + ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i, + buf, result, 1024 ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n", + ret ); + goto exit; + } + + mbedtls_printf( "\n . OK\n\n" ); + + mbedtls_printf( "The decrypted result is: '%s'\n\n", result ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_encrypt.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_encrypt.c new file mode 100644 index 0000000..ba01201 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_encrypt.c @@ -0,0 +1,188 @@ +/* + * RSA simple data encryption program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \ + defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/rsa.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" + +#include <string.h> +#endif + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i; + mbedtls_rsa_context rsa; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char input[1024]; + unsigned char buf[512]; + const char *pers = "rsa_encrypt"; + mbedtls_mpi N, E; + + if( argc != 2 ) + { + mbedtls_printf( "usage: rsa_encrypt <string of max 100 characters>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + mbedtls_exit( exit_code ); + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + + ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", + ret ); + goto exit; + } + + mbedtls_printf( "\n . Reading public key from rsa_pub.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + ret ); + fclose( f ); + goto exit; + } + fclose( f ); + + if( ( ret = mbedtls_rsa_import( &rsa, &N, NULL, NULL, NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( strlen( argv[1] ) > 100 ) + { + mbedtls_printf( " Input data larger than 100 characters.\n\n" ); + goto exit; + } + + memcpy( input, argv[1], strlen( argv[1] ) ); + + /* + * Calculate the RSA encryption of the hash. + */ + mbedtls_printf( "\n . Generating the RSA encrypted value" ); + fflush( stdout ); + + ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg, MBEDTLS_RSA_PUBLIC, + strlen( argv[1] ), input, buf ); + if( ret != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n", + ret ); + goto exit; + } + + /* + * Write the signature into result-enc.txt + */ + if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not create %s\n\n", "result-enc.txt" ); + goto exit; + } + + for( i = 0; i < rsa.len; i++ ) + mbedtls_fprintf( f, "%02X%s", buf[i], + ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); + + fclose( f ); + + mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + mbedtls_rsa_free( &rsa ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C && + MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_genkey.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_genkey.c new file mode 100644 index 0000000..26a8925 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_genkey.c @@ -0,0 +1,176 @@ +/* + * Example RSA key generation program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/bignum.h" +#include "mbedtls/rsa.h" + +#include <stdio.h> +#include <string.h> +#endif + +#define KEY_SIZE 2048 +#define EXPONENT 65537 + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or " + "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + + +int main( void ) +{ + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_rsa_context rsa; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + FILE *fpub = NULL; + FILE *fpriv = NULL; + const char *pers = "rsa_genkey"; + + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + mbedtls_entropy_init( &entropy ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); + fflush( stdout ); + + if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, + EXPONENT ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Exporting the public key in rsa_pub.txt...." ); + fflush( stdout ); + + if( ( ret = mbedtls_rsa_export ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_write_file( "N = ", &N, 16, fpub ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "E = ", &E, 16, fpub ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n . Exporting the private key in rsa_priv.txt..." ); + fflush( stdout ); + + if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! could not open rsa_priv.txt for writing\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_write_file( "N = " , &N , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "E = " , &E , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "D = " , &D , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "P = " , &P , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "Q = " , &Q , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "DP = ", &DP, 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "DQ = ", &DQ, 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "QP = ", &QP, 16, fpriv ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); + goto exit; + } + mbedtls_printf( " ok\n\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + if( fpub != NULL ) + fclose( fpub ); + + if( fpriv != NULL ) + fclose( fpriv ); + + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + mbedtls_rsa_free( &rsa ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && + MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_priv.txt b/lib/mbedtls-2.27.0/programs/pkey/rsa_priv.txt new file mode 100644 index 0000000..254fcf8 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_priv.txt @@ -0,0 +1,8 @@ +N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 +E = 010001 +D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 +P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 +Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 +DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 +DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 +QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_pub.txt b/lib/mbedtls-2.27.0/programs/pkey/rsa_pub.txt new file mode 100644 index 0000000..1e7ae0c --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_pub.txt @@ -0,0 +1,2 @@ +N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 +E = 010001 diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_sign.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_sign.c new file mode 100644 index 0000000..c9522c8 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_sign.c @@ -0,0 +1,192 @@ +/* + * RSA/SHA-256 signature creation program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_fprintf fprintf +#define mbedtls_printf printf +#define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_FS_IO) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_MD_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/rsa.h" +#include "mbedtls/md.h" + +#include <stdio.h> +#include <string.h> + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i; + mbedtls_rsa_context rsa; + unsigned char hash[32]; + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + char filename[512]; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + + if( argc != 2 ) + { + mbedtls_printf( "usage: rsa_sign <filename>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Reading private key from rsa_priv.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_priv.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); + goto exit; + } + fclose( f ); + + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + + mbedtls_printf( "\n . Checking the private key" ); + fflush( stdout ); + if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n", (unsigned int) -ret ); + goto exit; + } + + /* + * Compute the SHA-256 hash of the input file, + * then calculate the RSA signature of the hash. + */ + mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" ); + fflush( stdout ); + + if( ( ret = mbedtls_md_file( + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), + argv[1], hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] ); + goto exit; + } + + if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, + 20, hash, buf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret ); + goto exit; + } + + /* + * Write the signature into <filename>.sig + */ + mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] ); + + if( ( f = fopen( filename, "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not create %s\n\n", argv[1] ); + goto exit; + } + + for( i = 0; i < rsa.len; i++ ) + mbedtls_fprintf( f, "%02X%s", buf[i], + ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); + + fclose( f ); + + mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_sign_pss.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_sign_pss.c new file mode 100644 index 0000000..9d5053a --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_sign_pss.c @@ -0,0 +1,180 @@ +/* + * RSASSA-PSS/SHA-256 signature creation program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_snprintf snprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" +#include "mbedtls/md.h" +#include "mbedtls/rsa.h" +#include "mbedtls/pk.h" + +#include <stdio.h> +#include <string.h> + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + mbedtls_pk_context pk; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + unsigned char hash[32]; + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + char filename[512]; + const char *pers = "rsa_sign_pss"; + size_t olen = 0; + + mbedtls_entropy_init( &entropy ); + mbedtls_pk_init( &pk ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + + if( argc != 3 ) + { + mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); + mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret ); + goto exit; + } + + if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) ) + { + mbedtls_printf( " failed\n ! Key is not an RSA key\n" ); + goto exit; + } + + mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ); + + /* + * Compute the SHA-256 hash of the input file, + * then calculate the RSA signature of the hash. + */ + mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" ); + fflush( stdout ); + + if( ( ret = mbedtls_md_file( + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), + argv[2], hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); + goto exit; + } + + if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_sign returned %d\n\n", ret ); + goto exit; + } + + /* + * Write the signature into <filename>.sig + */ + mbedtls_snprintf( filename, 512, "%s.sig", argv[2] ); + + if( ( f = fopen( filename, "wb+" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); + goto exit; + } + + if( fwrite( buf, 1, olen, f ) != olen ) + { + mbedtls_printf( "failed\n ! fwrite failed\n\n" ); + fclose( f ); + goto exit; + } + + fclose( f ); + + mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_pk_free( &pk ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C && + MBEDTLS_SHA256_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && + MBEDTLS_CTR_DRBG_C */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_verify.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_verify.c new file mode 100644 index 0000000..fbc0779 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_verify.c @@ -0,0 +1,166 @@ +/* + * RSA/SHA-256 signature verification program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_printf printf +#define mbedtls_snprintf snprintf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ + !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ + !defined(MBEDTLS_FS_IO) +int main( void ) +{ + mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " + "MBEDTLS_MD_C and/or " + "MBEDTLS_SHA256_C and/or MBEDTLS_FS_IO not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/rsa.h" +#include "mbedtls/md.h" + +#include <stdio.h> +#include <string.h> + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + unsigned c; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i; + mbedtls_rsa_context rsa; + unsigned char hash[32]; + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + char filename[512]; + + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + if( argc != 2 ) + { + mbedtls_printf( "usage: rsa_verify <filename>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Reading public key from rsa_pub.txt" ); + fflush( stdout ); + + if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL ) + { + mbedtls_printf( " failed\n ! Could not open rsa_pub.txt\n" \ + " ! Please run rsa_genkey first\n\n" ); + goto exit; + } + + if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + fclose( f ); + goto exit; + } + + rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; + + fclose( f ); + + /* + * Extract the RSA signature from the text file + */ + mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[1] ); + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + mbedtls_printf( "\n ! Could not open %s\n\n", filename ); + goto exit; + } + + i = 0; + while( fscanf( f, "%02X", (unsigned int*) &c ) > 0 && + i < (int) sizeof( buf ) ) + buf[i++] = (unsigned char) c; + + fclose( f ); + + if( i != rsa.len ) + { + mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); + goto exit; + } + + /* + * Compute the SHA-256 hash of the input file and + * verify the signature + */ + mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" ); + fflush( stdout ); + + if( ( ret = mbedtls_md_file( + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), + argv[1], hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[1] ); + goto exit; + } + + if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, + MBEDTLS_MD_SHA256, 20, hash, buf ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n", (unsigned int) -ret ); + goto exit; + } + + mbedtls_printf( "\n . OK (the signature is valid)\n\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_rsa_free( &rsa ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/pkey/rsa_verify_pss.c b/lib/mbedtls-2.27.0/programs/pkey/rsa_verify_pss.c new file mode 100644 index 0000000..81b0fd6 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/pkey/rsa_verify_pss.c @@ -0,0 +1,155 @@ +/* + * RSASSA-PSS/SHA-256 signature verification program + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include <stdio.h> +#include <stdlib.h> +#define mbedtls_snprintf snprintf +#define mbedtls_printf printf +#define mbedtls_exit exit +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif /* MBEDTLS_PLATFORM_C */ + +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_CTR_DRBG_C) +int main( void ) +{ + mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or " + "MBEDTLS_RSA_C and/or MBEDTLS_SHA256_C and/or " + "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_CTR_DRBG_C not defined.\n"); + mbedtls_exit( 0 ); +} +#else + +#include "mbedtls/md.h" +#include "mbedtls/pem.h" +#include "mbedtls/pk.h" +#include "mbedtls/md.h" + +#include <stdio.h> +#include <string.h> + + +int main( int argc, char *argv[] ) +{ + FILE *f; + int ret = 1; + int exit_code = MBEDTLS_EXIT_FAILURE; + size_t i; + mbedtls_pk_context pk; + unsigned char hash[32]; + unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + char filename[512]; + + mbedtls_pk_init( &pk ); + + if( argc != 3 ) + { + mbedtls_printf( "usage: rsa_verify_pss <key_file> <filename>\n" ); + +#if defined(_WIN32) + mbedtls_printf( "\n" ); +#endif + + goto exit; + } + + mbedtls_printf( "\n . Reading public key from '%s'", argv[1] ); + fflush( stdout ); + + if( ( ret = mbedtls_pk_parse_public_keyfile( &pk, argv[1] ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); + mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret ); + goto exit; + } + + if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) ) + { + mbedtls_printf( " failed\n ! Key is not an RSA key\n" ); + goto exit; + } + + mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ); + + /* + * Extract the RSA signature from the file + */ + mbedtls_snprintf( filename, 512, "%s.sig", argv[2] ); + + if( ( f = fopen( filename, "rb" ) ) == NULL ) + { + mbedtls_printf( "\n ! Could not open %s\n\n", filename ); + goto exit; + } + + i = fread( buf, 1, MBEDTLS_MPI_MAX_SIZE, f ); + + fclose( f ); + + /* + * Compute the SHA-256 hash of the input file and + * verify the signature + */ + mbedtls_printf( "\n . Verifying the RSA/SHA-256 signature" ); + fflush( stdout ); + + if( ( ret = mbedtls_md_file( + mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), + argv[2], hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); + goto exit; + } + + if( ( ret = mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256, hash, 0, + buf, i ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_pk_verify returned %d\n\n", ret ); + goto exit; + } + + mbedtls_printf( "\n . OK (the signature is valid)\n\n" ); + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + mbedtls_pk_free( &pk ); + +#if defined(_WIN32) + mbedtls_printf( " + Press Enter to exit this program.\n" ); + fflush( stdout ); getchar(); +#endif + + mbedtls_exit( exit_code ); +} +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_SHA256_C && + MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ |