diff options
Diffstat (limited to 'lib/mbedtls-2.27.0/programs/psa')
| -rw-r--r-- | lib/mbedtls-2.27.0/programs/psa/CMakeLists.txt | 21 | ||||
| -rw-r--r-- | lib/mbedtls-2.27.0/programs/psa/crypto_examples.c | 331 | ||||
| -rw-r--r-- | lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c | 707 | ||||
| -rwxr-xr-x | lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.sh | 65 | ||||
| -rw-r--r-- | lib/mbedtls-2.27.0/programs/psa/psa_constant_names.c | 327 | ||||
| -rw-r--r-- | lib/mbedtls-2.27.0/programs/psa/psa_constant_names_generated.c | 430 |
6 files changed, 0 insertions, 1881 deletions
diff --git a/lib/mbedtls-2.27.0/programs/psa/CMakeLists.txt b/lib/mbedtls-2.27.0/programs/psa/CMakeLists.txt deleted file mode 100644 index 23e85fe..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/CMakeLists.txt +++ /dev/null @@ -1,21 +0,0 @@ -set(executables - crypto_examples - key_ladder_demo - psa_constant_names -) - -foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) - target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) -endforeach() - -target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) - -install(TARGETS ${executables} - DESTINATION "bin" - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -install(PROGRAMS - key_ladder_demo.sh - DESTINATION "bin") diff --git a/lib/mbedtls-2.27.0/programs/psa/crypto_examples.c b/lib/mbedtls-2.27.0/programs/psa/crypto_examples.c deleted file mode 100644 index 935d657..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/crypto_examples.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "psa/crypto.h" -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -#define ASSERT( predicate ) \ - do \ - { \ - if( ! ( predicate ) ) \ - { \ - printf( "\tassertion failed at %s:%d - '%s'\r\n", \ - __FILE__, __LINE__, #predicate); \ - goto exit; \ - } \ - } while ( 0 ) - -#define ASSERT_STATUS( actual, expected ) \ - do \ - { \ - if( ( actual ) != ( expected ) ) \ - { \ - printf( "\tassertion failed at %s:%d - " \ - "actual:%d expected:%d\r\n", __FILE__, __LINE__, \ - (psa_status_t) actual, (psa_status_t) expected ); \ - goto exit; \ - } \ - } while ( 0 ) - -#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \ - !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \ - !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \ - defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) -int main( void ) -{ - printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or " - "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR " - "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING " - "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER" - " defined.\r\n" ); - return( 0 ); -} -#else - -static psa_status_t cipher_operation( psa_cipher_operation_t *operation, - const uint8_t * input, - size_t input_size, - size_t part_size, - uint8_t * output, - size_t output_size, - size_t *output_len ) -{ - psa_status_t status; - size_t bytes_to_write = 0, bytes_written = 0, len = 0; - - *output_len = 0; - while( bytes_written != input_size ) - { - bytes_to_write = ( input_size - bytes_written > part_size ? - part_size : - input_size - bytes_written ); - - status = psa_cipher_update( operation, input + bytes_written, - bytes_to_write, output + *output_len, - output_size - *output_len, &len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - bytes_written += bytes_to_write; - *output_len += len; - } - - status = psa_cipher_finish( operation, output + *output_len, - output_size - *output_len, &len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - *output_len += len; - -exit: - return( status ); -} - -static psa_status_t cipher_encrypt( psa_key_id_t key, - psa_algorithm_t alg, - uint8_t * iv, - size_t iv_size, - const uint8_t * input, - size_t input_size, - size_t part_size, - uint8_t * output, - size_t output_size, - size_t *output_len ) -{ - psa_status_t status; - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - size_t iv_len = 0; - - memset( &operation, 0, sizeof( operation ) ); - status = psa_cipher_encrypt_setup( &operation, key, alg ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_operation( &operation, input, input_size, part_size, - output, output_size, output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - -exit: - psa_cipher_abort( &operation ); - return( status ); -} - -static psa_status_t cipher_decrypt( psa_key_id_t key, - psa_algorithm_t alg, - const uint8_t * iv, - size_t iv_size, - const uint8_t * input, - size_t input_size, - size_t part_size, - uint8_t * output, - size_t output_size, - size_t *output_len ) -{ - psa_status_t status; - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - - memset( &operation, 0, sizeof( operation ) ); - status = psa_cipher_decrypt_setup( &operation, key, alg ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = psa_cipher_set_iv( &operation, iv, iv_size ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_operation( &operation, input, input_size, part_size, - output, output_size, output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - -exit: - psa_cipher_abort( &operation ); - return( status ); -} - -static psa_status_t -cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void ) -{ - enum { - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ), - key_bits = 256, - part_size = block_size, - }; - const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING; - - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key = 0; - size_t output_len = 0; - uint8_t iv[block_size]; - uint8_t input[block_size]; - uint8_t encrypt[block_size]; - uint8_t decrypt[block_size]; - - status = psa_generate_random( input, sizeof( input ) ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - psa_set_key_bits( &attributes, key_bits ); - - status = psa_generate_key( &attributes, &key ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_encrypt( key, alg, iv, sizeof( iv ), - input, sizeof( input ), part_size, - encrypt, sizeof( encrypt ), &output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_decrypt( key, alg, iv, sizeof( iv ), - encrypt, output_len, part_size, - decrypt, sizeof( decrypt ), &output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = memcmp( input, decrypt, sizeof( input ) ); - ASSERT_STATUS( status, PSA_SUCCESS ); - -exit: - psa_destroy_key( key ); - return( status ); -} - -static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void ) -{ - enum { - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ), - key_bits = 256, - input_size = 100, - part_size = 10, - }; - - const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7; - - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key = 0; - size_t output_len = 0; - uint8_t iv[block_size], input[input_size], - encrypt[input_size + block_size], decrypt[input_size + block_size]; - - status = psa_generate_random( input, sizeof( input ) ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - psa_set_key_bits( &attributes, key_bits ); - - status = psa_generate_key( &attributes, &key ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_encrypt( key, alg, iv, sizeof( iv ), - input, sizeof( input ), part_size, - encrypt, sizeof( encrypt ), &output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_decrypt( key, alg, iv, sizeof( iv ), - encrypt, output_len, part_size, - decrypt, sizeof( decrypt ), &output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = memcmp( input, decrypt, sizeof( input ) ); - ASSERT_STATUS( status, PSA_SUCCESS ); - -exit: - psa_destroy_key( key ); - return( status ); -} - -static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void ) -{ - enum { - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ), - key_bits = 256, - input_size = 100, - part_size = 10, - }; - const psa_algorithm_t alg = PSA_ALG_CTR; - - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key = 0; - size_t output_len = 0; - uint8_t iv[block_size], input[input_size], encrypt[input_size], - decrypt[input_size]; - - status = psa_generate_random( input, sizeof( input ) ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - psa_set_key_bits( &attributes, key_bits ); - - status = psa_generate_key( &attributes, &key ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_encrypt( key, alg, iv, sizeof( iv ), - input, sizeof( input ), part_size, - encrypt, sizeof( encrypt ), &output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = cipher_decrypt( key, alg, iv, sizeof( iv ), - encrypt, output_len, part_size, - decrypt, sizeof( decrypt ), &output_len ); - ASSERT_STATUS( status, PSA_SUCCESS ); - - status = memcmp( input, decrypt, sizeof( input ) ); - ASSERT_STATUS( status, PSA_SUCCESS ); - -exit: - psa_destroy_key( key ); - return( status ); -} - -static void cipher_examples( void ) -{ - psa_status_t status; - - printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" ); - status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( ); - if( status == PSA_SUCCESS ) - printf( "\tsuccess!\r\n" ); - - printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" ); - status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( ); - if( status == PSA_SUCCESS ) - printf( "\tsuccess!\r\n" ); - - printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" ); - status = cipher_example_encrypt_decrypt_aes_ctr_multi( ); - if( status == PSA_SUCCESS ) - printf( "\tsuccess!\r\n" ); -} - -int main( void ) -{ - ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); - cipher_examples( ); -exit: - mbedtls_psa_crypto_free( ); - return( 0 ); -} -#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC && - MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */ diff --git a/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c b/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c deleted file mode 100644 index 5d64349..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.c +++ /dev/null @@ -1,707 +0,0 @@ -/** - * PSA API key derivation demonstration - * - * This program calculates a key ladder: a chain of secret material, each - * derived from the previous one in a deterministic way based on a label. - * Two keys are identical if and only if they are derived from the same key - * using the same label. - * - * The initial key is called the master key. The master key is normally - * randomly generated, but it could itself be derived from another key. - * - * This program derives a series of keys called intermediate keys. - * The first intermediate key is derived from the master key using the - * first label passed on the command line. Each subsequent intermediate - * key is derived from the previous one using the next label passed - * on the command line. - * - * This program has four modes of operation: - * - * - "generate": generate a random master key. - * - "wrap": derive a wrapping key from the last intermediate key, - * and use that key to encrypt-and-authenticate some data. - * - "unwrap": derive a wrapping key from the last intermediate key, - * and use that key to decrypt-and-authenticate some - * ciphertext created by wrap mode. - * - "save": save the last intermediate key so that it can be reused as - * the master key in another run of the program. - * - * See the usage() output for the command line usage. See the file - * `key_ladder_demo.sh` for an example run. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize - -#include <psa/crypto.h> - -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ - !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \ - defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) -int main( void ) -{ - printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " - "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " - "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER " - "defined.\n" ); - return( 0 ); -} -#else - -/* The real program starts here. */ - -/* Run a system function and bail out if it fails. */ -#define SYS_CHECK( expr ) \ - do \ - { \ - if( ! ( expr ) ) \ - { \ - perror( #expr ); \ - status = DEMO_ERROR; \ - goto exit; \ - } \ - } \ - while( 0 ) - -/* Run a PSA function and bail out if it fails. */ -#define PSA_CHECK( expr ) \ - do \ - { \ - status = ( expr ); \ - if( status != PSA_SUCCESS ) \ - { \ - printf( "Error %d at line %d: %s\n", \ - (int) status, \ - __LINE__, \ - #expr ); \ - goto exit; \ - } \ - } \ - while( 0 ) - -/* To report operational errors in this program, use an error code that is - * different from every PSA error code. */ -#define DEMO_ERROR 120 - -/* The maximum supported key ladder depth. */ -#define MAX_LADDER_DEPTH 10 - -/* Salt to use when deriving an intermediate key. */ -#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" ) -#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) ) - -/* Salt to use when deriving a wrapping key. */ -#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" ) -#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) ) - -/* Size of the key derivation keys (applies both to the master key and - * to intermediate keys). */ -#define KEY_SIZE_BYTES 40 - -/* Algorithm for key derivation. */ -#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 ) - -/* Type and size of the key used to wrap data. */ -#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES -#define WRAPPING_KEY_BITS 128 - -/* Cipher mode used to wrap data. */ -#define WRAPPING_ALG PSA_ALG_CCM - -/* Nonce size used to wrap data. */ -#define WRAPPING_IV_SIZE 13 - -/* Header used in files containing wrapped data. We'll save this header - * directly without worrying about data representation issues such as - * integer sizes and endianness, because the data is meant to be read - * back by the same program on the same machine. */ -#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte -#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) ) -typedef struct -{ - char magic[WRAPPED_DATA_MAGIC_LENGTH]; - size_t ad_size; /* Size of the additional data, which is this header. */ - size_t payload_size; /* Size of the encrypted data. */ - /* Store the IV inside the additional data. It's convenient. */ - uint8_t iv[WRAPPING_IV_SIZE]; -} wrapped_data_header_t; - -/* The modes that this program can operate in (see usage). */ -enum program_mode -{ - MODE_GENERATE, - MODE_SAVE, - MODE_UNWRAP, - MODE_WRAP -}; - -/* Save a key to a file. In the real world, you may want to export a derived - * key sometimes, to share it with another party. */ -static psa_status_t save_key( psa_key_id_t key, - const char *output_file_name ) -{ - psa_status_t status = PSA_SUCCESS; - uint8_t key_data[KEY_SIZE_BYTES]; - size_t key_size; - FILE *key_file = NULL; - - PSA_CHECK( psa_export_key( key, - key_data, sizeof( key_data ), - &key_size ) ); - SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL ); - SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size ); - SYS_CHECK( fclose( key_file ) == 0 ); - key_file = NULL; - -exit: - if( key_file != NULL) - fclose( key_file ); - return( status ); -} - -/* Generate a master key for use in this demo. - * - * Normally a master key would be non-exportable. For the purpose of this - * demo, we want to save it to a file, to avoid relying on the keystore - * capability of the PSA crypto library. */ -static psa_status_t generate( const char *key_file_name ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_id_t key = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( &attributes, KDF_ALG ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) ); - - PSA_CHECK( psa_generate_key( &attributes, &key ) ); - - PSA_CHECK( save_key( key, key_file_name ) ); - -exit: - (void) psa_destroy_key( key ); - return( status ); -} - -/* Load the master key from a file. - * - * In the real world, this master key would be stored in an internal memory - * and the storage would be managed by the keystore capability of the PSA - * crypto library. */ -static psa_status_t import_key_from_file( psa_key_usage_t usage, - psa_algorithm_t alg, - const char *key_file_name, - psa_key_id_t *master_key ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t key_data[KEY_SIZE_BYTES]; - size_t key_size; - FILE *key_file = NULL; - unsigned char extra_byte; - - SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL ); - SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ), - key_file ) ) != 0 ); - if( fread( &extra_byte, 1, 1, key_file ) != 0 ) - { - printf( "Key file too large (max: %u).\n", - (unsigned) sizeof( key_data ) ); - status = DEMO_ERROR; - goto exit; - } - SYS_CHECK( fclose( key_file ) == 0 ); - key_file = NULL; - - psa_set_key_usage_flags( &attributes, usage ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) ); -exit: - if( key_file != NULL ) - fclose( key_file ); - mbedtls_platform_zeroize( key_data, sizeof( key_data ) ); - if( status != PSA_SUCCESS ) - { - /* If the key creation hasn't happened yet or has failed, - * *master_key is null. psa_destroy_key( 0 ) is - * guaranteed to do nothing and return PSA_SUCCESS. */ - (void) psa_destroy_key( *master_key ); - *master_key = 0; - } - return( status ); -} - -/* Derive the intermediate keys, using the list of labels provided on - * the command line. On input, *key is the master key identifier. - * This function destroys the master key. On successful output, *key - * is the identifier of the final derived key. - */ -static psa_status_t derive_key_ladder( const char *ladder[], - size_t ladder_depth, - psa_key_id_t *key ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - size_t i; - - psa_set_key_usage_flags( &attributes, - PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT ); - psa_set_key_algorithm( &attributes, KDF_ALG ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) ); - - /* For each label in turn, ... */ - for( i = 0; i < ladder_depth; i++ ) - { - /* Start deriving material from the master key (if i=0) or from - * the current intermediate key (if i>0). */ - PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) ); - PSA_CHECK( psa_key_derivation_input_key( - &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - *key ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - (uint8_t*) ladder[i], strlen( ladder[i] ) ) ); - /* When the parent key is not the master key, destroy it, - * since it is no longer needed. */ - PSA_CHECK( psa_destroy_key( *key ) ); - *key = 0; - /* Derive the next intermediate key from the parent key. */ - PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - key ) ); - PSA_CHECK( psa_key_derivation_abort( &operation ) ); - } - -exit: - psa_key_derivation_abort( &operation ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( *key ); - *key = 0; - } - return( status ); -} - -/* Derive a wrapping key from the last intermediate key. */ -static psa_status_t derive_wrapping_key( psa_key_usage_t usage, - psa_key_id_t derived_key, - psa_key_id_t *wrapping_key ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - - *wrapping_key = 0; - - /* Set up a key derivation operation from the key derived from - * the master key. */ - PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_SALT, - WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) ); - PSA_CHECK( psa_key_derivation_input_key( - &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - derived_key ) ); - PSA_CHECK( psa_key_derivation_input_bytes( - &operation, PSA_KEY_DERIVATION_INPUT_INFO, - NULL, 0 ) ); - - /* Create the wrapping key. */ - psa_set_key_usage_flags( &attributes, usage ); - psa_set_key_algorithm( &attributes, WRAPPING_ALG ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_AES ); - psa_set_key_bits( &attributes, WRAPPING_KEY_BITS ); - PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation, - wrapping_key ) ); - -exit: - psa_key_derivation_abort( &operation ); - return( status ); -} - -static psa_status_t wrap_data( const char *input_file_name, - const char *output_file_name, - psa_key_id_t wrapping_key ) -{ - psa_status_t status; - FILE *input_file = NULL; - FILE *output_file = NULL; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - long input_position; - size_t input_size; - size_t buffer_size = 0; - unsigned char *buffer = NULL; - size_t ciphertext_size; - wrapped_data_header_t header; - - /* Find the size of the data to wrap. */ - SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL ); - SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 ); - SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 ); -#if LONG_MAX > SIZE_MAX - if( input_position > SIZE_MAX ) - { - printf( "Input file too large.\n" ); - status = DEMO_ERROR; - goto exit; - } -#endif - input_size = input_position; - PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes ) ); - key_type = psa_get_key_type( &attributes ); - buffer_size = - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, input_size ); - /* Check for integer overflow. */ - if( buffer_size < input_size ) - { - printf( "Input file too large.\n" ); - status = DEMO_ERROR; - goto exit; - } - - /* Load the data to wrap. */ - SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 ); - SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL ); - SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size ); - SYS_CHECK( fclose( input_file ) == 0 ); - input_file = NULL; - - /* Construct a header. */ - memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH ); - header.ad_size = sizeof( header ); - header.payload_size = input_size; - - /* Wrap the data. */ - PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) ); - PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG, - header.iv, WRAPPING_IV_SIZE, - (uint8_t *) &header, sizeof( header ), - buffer, input_size, - buffer, buffer_size, - &ciphertext_size ) ); - - /* Write the output. */ - SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL ); - SYS_CHECK( fwrite( &header, 1, sizeof( header ), - output_file ) == sizeof( header ) ); - SYS_CHECK( fwrite( buffer, 1, ciphertext_size, - output_file ) == ciphertext_size ); - SYS_CHECK( fclose( output_file ) == 0 ); - output_file = NULL; - -exit: - if( input_file != NULL ) - fclose( input_file ); - if( output_file != NULL ) - fclose( output_file ); - if( buffer != NULL ) - mbedtls_platform_zeroize( buffer, buffer_size ); - free( buffer ); - return( status ); -} - -static psa_status_t unwrap_data( const char *input_file_name, - const char *output_file_name, - psa_key_id_t wrapping_key ) -{ - psa_status_t status; - FILE *input_file = NULL; - FILE *output_file = NULL; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - unsigned char *buffer = NULL; - size_t ciphertext_size = 0; - size_t plaintext_size; - wrapped_data_header_t header; - unsigned char extra_byte; - - /* Load and validate the header. */ - SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL ); - SYS_CHECK( fread( &header, 1, sizeof( header ), - input_file ) == sizeof( header ) ); - if( memcmp( &header.magic, WRAPPED_DATA_MAGIC, - WRAPPED_DATA_MAGIC_LENGTH ) != 0 ) - { - printf( "The input does not start with a valid magic header.\n" ); - status = DEMO_ERROR; - goto exit; - } - if( header.ad_size != sizeof( header ) ) - { - printf( "The header size is not correct.\n" ); - status = DEMO_ERROR; - goto exit; - } - PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes) ); - key_type = psa_get_key_type( &attributes); - ciphertext_size = - PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, header.payload_size ); - /* Check for integer overflow. */ - if( ciphertext_size < header.payload_size ) - { - printf( "Input file too large.\n" ); - status = DEMO_ERROR; - goto exit; - } - - /* Load the payload data. */ - SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL ); - SYS_CHECK( fread( buffer, 1, ciphertext_size, - input_file ) == ciphertext_size ); - if( fread( &extra_byte, 1, 1, input_file ) != 0 ) - { - printf( "Extra garbage after ciphertext\n" ); - status = DEMO_ERROR; - goto exit; - } - SYS_CHECK( fclose( input_file ) == 0 ); - input_file = NULL; - - /* Unwrap the data. */ - PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG, - header.iv, WRAPPING_IV_SIZE, - (uint8_t *) &header, sizeof( header ), - buffer, ciphertext_size, - buffer, ciphertext_size, - &plaintext_size ) ); - if( plaintext_size != header.payload_size ) - { - printf( "Incorrect payload size in the header.\n" ); - status = DEMO_ERROR; - goto exit; - } - - /* Write the output. */ - SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL ); - SYS_CHECK( fwrite( buffer, 1, plaintext_size, - output_file ) == plaintext_size ); - SYS_CHECK( fclose( output_file ) == 0 ); - output_file = NULL; - -exit: - if( input_file != NULL ) - fclose( input_file ); - if( output_file != NULL ) - fclose( output_file ); - if( buffer != NULL ) - mbedtls_platform_zeroize( buffer, ciphertext_size ); - free( buffer ); - return( status ); -} - -static psa_status_t run( enum program_mode mode, - const char *key_file_name, - const char *ladder[], size_t ladder_depth, - const char *input_file_name, - const char *output_file_name ) -{ - psa_status_t status = PSA_SUCCESS; - psa_key_id_t derivation_key = 0; - psa_key_id_t wrapping_key = 0; - - /* Initialize the PSA crypto library. */ - PSA_CHECK( psa_crypto_init( ) ); - - /* Generate mode is unlike the others. Generate the master key and exit. */ - if( mode == MODE_GENERATE ) - return( generate( key_file_name ) ); - - /* Read the master key. */ - PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT, - KDF_ALG, - key_file_name, - &derivation_key ) ); - - /* Calculate the derived key for this session. */ - PSA_CHECK( derive_key_ladder( ladder, ladder_depth, - &derivation_key ) ); - - switch( mode ) - { - case MODE_SAVE: - PSA_CHECK( save_key( derivation_key, output_file_name ) ); - break; - case MODE_UNWRAP: - PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT, - derivation_key, - &wrapping_key ) ); - PSA_CHECK( unwrap_data( input_file_name, output_file_name, - wrapping_key ) ); - break; - case MODE_WRAP: - PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT, - derivation_key, - &wrapping_key ) ); - PSA_CHECK( wrap_data( input_file_name, output_file_name, - wrapping_key ) ); - break; - default: - /* Unreachable but some compilers don't realize it. */ - break; - } - -exit: - /* Destroy any remaining key. Deinitializing the crypto library would do - * this anyway since they are volatile keys, but explicitly destroying - * keys makes the code easier to reuse. */ - (void) psa_destroy_key( derivation_key ); - (void) psa_destroy_key( wrapping_key ); - /* Deinitialize the PSA crypto library. */ - mbedtls_psa_crypto_free( ); - return( status ); -} - -static void usage( void ) -{ - printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" ); - printf( "Demonstrate the usage of a key derivation ladder.\n" ); - printf( "\n" ); - printf( "Modes:\n" ); - printf( " generate Generate the master key\n" ); - printf( " save Save the derived key\n" ); - printf( " unwrap Unwrap (decrypt) input with the derived key\n" ); - printf( " wrap Wrap (encrypt) input with the derived key\n" ); - printf( "\n" ); - printf( "Options:\n" ); - printf( " input=FILENAME Input file (required for wrap/unwrap)\n" ); - printf( " master=FILENAME File containing the master key (default: master.key)\n" ); - printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" ); - printf( " label=TEXT Label for the key derivation.\n" ); - printf( " This may be repeated multiple times.\n" ); - printf( " To get the same key, you must use the same master key\n" ); - printf( " and the same sequence of labels.\n" ); -} - -int main( int argc, char *argv[] ) -{ - const char *key_file_name = "master.key"; - const char *input_file_name = NULL; - const char *output_file_name = NULL; - const char *ladder[MAX_LADDER_DEPTH]; - size_t ladder_depth = 0; - int i; - enum program_mode mode; - psa_status_t status; - - if( argc <= 1 || - strcmp( argv[1], "help" ) == 0 || - strcmp( argv[1], "-help" ) == 0 || - strcmp( argv[1], "--help" ) == 0 ) - { - usage( ); - return( EXIT_SUCCESS ); - } - - for( i = 2; i < argc; i++ ) - { - char *q = strchr( argv[i], '=' ); - if( q == NULL ) - { - printf( "Missing argument to option %s\n", argv[i] ); - goto usage_failure; - } - *q = 0; - ++q; - if( strcmp( argv[i], "input" ) == 0 ) - input_file_name = q; - else if( strcmp( argv[i], "label" ) == 0 ) - { - if( ladder_depth == MAX_LADDER_DEPTH ) - { - printf( "Maximum ladder depth %u exceeded.\n", - (unsigned) MAX_LADDER_DEPTH ); - return( EXIT_FAILURE ); - } - ladder[ladder_depth] = q; - ++ladder_depth; - } - else if( strcmp( argv[i], "master" ) == 0 ) - key_file_name = q; - else if( strcmp( argv[i], "output" ) == 0 ) - output_file_name = q; - else - { - printf( "Unknown option: %s\n", argv[i] ); - goto usage_failure; - } - } - - if( strcmp( argv[1], "generate" ) == 0 ) - mode = MODE_GENERATE; - else if( strcmp( argv[1], "save" ) == 0 ) - mode = MODE_SAVE; - else if( strcmp( argv[1], "unwrap" ) == 0 ) - mode = MODE_UNWRAP; - else if( strcmp( argv[1], "wrap" ) == 0 ) - mode = MODE_WRAP; - else - { - printf( "Unknown action: %s\n", argv[1] ); - goto usage_failure; - } - - if( input_file_name == NULL && - ( mode == MODE_WRAP || mode == MODE_UNWRAP ) ) - { - printf( "Required argument missing: input\n" ); - return( DEMO_ERROR ); - } - if( output_file_name == NULL && - ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) ) - { - printf( "Required argument missing: output\n" ); - return( DEMO_ERROR ); - } - - status = run( mode, key_file_name, - ladder, ladder_depth, - input_file_name, output_file_name ); - return( status == PSA_SUCCESS ? - EXIT_SUCCESS : - EXIT_FAILURE ); - -usage_failure: - usage( ); - return( EXIT_FAILURE ); -} -#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */ diff --git a/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.sh b/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.sh deleted file mode 100755 index 67de085..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/key_ladder_demo.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e -u - -program="${0%/*}"/key_ladder_demo -files_to_clean= - -run () { - echo - echo "# $1" - shift - echo "+ $*" - "$@" -} - -if [ -e master.key ]; then - echo "# Reusing the existing master.key file." -else - files_to_clean="$files_to_clean master.key" - run "Generate a master key." \ - "$program" generate master=master.key -fi - -files_to_clean="$files_to_clean input.txt hello_world.wrap" -echo "Here is some input. See it wrapped." >input.txt -run "Derive a key and wrap some data with it." \ - "$program" wrap master=master.key label=hello label=world \ - input=input.txt output=hello_world.wrap - -files_to_clean="$files_to_clean hello_world.txt" -run "Derive the same key again and unwrap the data." \ - "$program" unwrap master=master.key label=hello label=world \ - input=hello_world.wrap output=hello_world.txt -run "Compare the unwrapped data with the original input." \ - cmp input.txt hello_world.txt - -files_to_clean="$files_to_clean hellow_orld.txt" -! run "Derive a different key and attempt to unwrap the data. This must fail." \ - "$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld - -files_to_clean="$files_to_clean hello.key" -run "Save the first step of the key ladder, then load it as a master key and construct the rest of the ladder." \ - "$program" save master=master.key label=hello \ - input=hello_world.wrap output=hello.key -run "Check that we get the same key by unwrapping data made by the other key." \ - "$program" unwrap master=hello.key label=world \ - input=hello_world.wrap output=hello_world.txt - -# Cleanup -rm -f $files_to_clean diff --git a/lib/mbedtls-2.27.0/programs/psa/psa_constant_names.c b/lib/mbedtls-2.27.0/programs/psa/psa_constant_names.c deleted file mode 100644 index 14d4494..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/psa_constant_names.c +++ /dev/null @@ -1,327 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <errno.h> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "psa/crypto.h" - -/* This block is present to support Visual Studio builds prior to 2015 */ -#if defined(_MSC_VER) && _MSC_VER < 1900 -#include <stdarg.h> -int snprintf( char *s, size_t n, const char *fmt, ... ) -{ - int ret; - va_list argp; - - /* Avoid calling the invalid parameter handler by checking ourselves */ - if( s == NULL || n == 0 || fmt == NULL ) - return( -1 ); - - va_start( argp, fmt ); -#if defined(_TRUNCATE) && !defined(__MINGW32__) - ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp ); -#else - ret = _vsnprintf( s, n, fmt, argp ); - if( ret < 0 || (size_t) ret == n ) - { - s[n-1] = '\0'; - ret = -1; - } -#endif - va_end( argp ); - - return( ret ); -} -#endif - -/* There are different GET_HASH macros for different kinds of algorithms - * built from hashes, but the values are all constructed on the - * same model. */ -#define PSA_ALG_GET_HASH(alg) \ - (((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH) - -static void append(char **buffer, size_t buffer_size, - size_t *required_size, - const char *string, size_t length) -{ - *required_size += length; - if (*required_size < buffer_size) { - memcpy(*buffer, string, length); - *buffer += length; - } -} - -static void append_integer(char **buffer, size_t buffer_size, - size_t *required_size, - const char *format /*printf format for value*/, - unsigned long value) -{ - size_t n = snprintf(*buffer, buffer_size - *required_size, format, value); - if (n < buffer_size - *required_size) *buffer += n; - *required_size += n; -} - -/* The code of these function is automatically generated and included below. */ -static const char *psa_ecc_family_name(psa_ecc_family_t curve); -static const char *psa_dh_family_name(psa_dh_family_t group); -static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg); - -static void append_with_curve(char **buffer, size_t buffer_size, - size_t *required_size, - const char *string, size_t length, - psa_ecc_family_t curve) -{ - const char *family_name = psa_ecc_family_name(curve); - append(buffer, buffer_size, required_size, string, length); - append(buffer, buffer_size, required_size, "(", 1); - if (family_name != NULL) { - append(buffer, buffer_size, required_size, - family_name, strlen(family_name)); - } else { - append_integer(buffer, buffer_size, required_size, - "0x%02x", curve); - } - append(buffer, buffer_size, required_size, ")", 1); -} - -static void append_with_group(char **buffer, size_t buffer_size, - size_t *required_size, - const char *string, size_t length, - psa_dh_family_t group) -{ - const char *group_name = psa_dh_family_name(group); - append(buffer, buffer_size, required_size, string, length); - append(buffer, buffer_size, required_size, "(", 1); - if (group_name != NULL) { - append(buffer, buffer_size, required_size, - group_name, strlen(group_name)); - } else { - append_integer(buffer, buffer_size, required_size, - "0x%02x", group); - } - append(buffer, buffer_size, required_size, ")", 1); -} - -typedef const char *(*psa_get_algorithm_name_func_ptr)(psa_algorithm_t alg); - -static void append_with_alg(char **buffer, size_t buffer_size, - size_t *required_size, - psa_get_algorithm_name_func_ptr get_name, - psa_algorithm_t alg) -{ - const char *name = get_name(alg); - if (name != NULL) { - append(buffer, buffer_size, required_size, - name, strlen(name)); - } else { - append_integer(buffer, buffer_size, required_size, - "0x%08lx", alg); - } -} - -#include "psa_constant_names_generated.c" - -static int psa_snprint_status(char *buffer, size_t buffer_size, - psa_status_t status) -{ - const char *name = psa_strerror(status); - if (name == NULL) { - return snprintf(buffer, buffer_size, "%ld", (long) status); - } else { - size_t length = strlen(name); - if (length < buffer_size) { - memcpy(buffer, name, length + 1); - return (int) length; - } else { - return (int) buffer_size; - } - } -} - -static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size, - psa_ecc_family_t curve) -{ - const char *name = psa_ecc_family_name(curve); - if (name == NULL) { - return snprintf(buffer, buffer_size, "0x%02x", (unsigned) curve); - } else { - size_t length = strlen(name); - if (length < buffer_size) { - memcpy(buffer, name, length + 1); - return (int) length; - } else { - return (int) buffer_size; - } - } -} - -static int psa_snprint_dh_group(char *buffer, size_t buffer_size, - psa_dh_family_t group) -{ - const char *name = psa_dh_family_name(group); - if (name == NULL) { - return snprintf(buffer, buffer_size, "0x%02x", (unsigned) group); - } else { - size_t length = strlen(name); - if (length < buffer_size) { - memcpy(buffer, name, length + 1); - return (int) length; - } else { - return (int) buffer_size; - } - } -} - -static void usage(const char *program_name) -{ - printf("Usage: %s TYPE VALUE [VALUE...]\n", - program_name == NULL ? "psa_constant_names" : program_name); - printf("Print the symbolic name whose numerical value is VALUE in TYPE.\n"); - printf("Supported types (with = between aliases):\n"); - printf(" alg=algorithm Algorithm (psa_algorithm_t)\n"); - printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_family_t)\n"); - printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_family_t)\n"); - printf(" type=key_type Key type (psa_key_type_t)\n"); - printf(" usage=key_usage Key usage (psa_key_usage_t)\n"); - printf(" error=status Status code (psa_status_t)\n"); -} - -typedef enum { - TYPE_STATUS, -} signed_value_type; - -int process_signed(signed_value_type type, long min, long max, char **argp) -{ - for (; *argp != NULL; argp++) { - char buffer[200]; - char *end; - long value = strtol(*argp, &end, 0); - if (*end) { - printf("Non-numeric value: %s\n", *argp); - return EXIT_FAILURE; - } - if (value < min || (errno == ERANGE && value < 0)) { - printf("Value too small: %s\n", *argp); - return EXIT_FAILURE; - } - if (value > max || (errno == ERANGE && value > 0)) { - printf("Value too large: %s\n", *argp); - return EXIT_FAILURE; - } - - switch (type) { - case TYPE_STATUS: - psa_snprint_status(buffer, sizeof(buffer), - (psa_status_t) value); - break; - } - puts(buffer); - } - - return EXIT_SUCCESS; -} - -typedef enum { - TYPE_ALGORITHM, - TYPE_ECC_CURVE, - TYPE_DH_GROUP, - TYPE_KEY_TYPE, - TYPE_KEY_USAGE, -} unsigned_value_type; - -int process_unsigned(unsigned_value_type type, unsigned long max, char **argp) -{ - for (; *argp != NULL; argp++) { - char buffer[200]; - char *end; - unsigned long value = strtoul(*argp, &end, 0); - if (*end) { - printf("Non-numeric value: %s\n", *argp); - return EXIT_FAILURE; - } - if (value > max || errno == ERANGE) { - printf("Value out of range: %s\n", *argp); - return EXIT_FAILURE; - } - - switch (type) { - case TYPE_ALGORITHM: - psa_snprint_algorithm(buffer, sizeof(buffer), - (psa_algorithm_t) value); - break; - case TYPE_ECC_CURVE: - psa_snprint_ecc_curve(buffer, sizeof(buffer), - (psa_ecc_family_t) value); - break; - case TYPE_DH_GROUP: - psa_snprint_dh_group(buffer, sizeof(buffer), - (psa_dh_family_t) value); - break; - case TYPE_KEY_TYPE: - psa_snprint_key_type(buffer, sizeof(buffer), - (psa_key_type_t) value); - break; - case TYPE_KEY_USAGE: - psa_snprint_key_usage(buffer, sizeof(buffer), - (psa_key_usage_t) value); - break; - } - puts(buffer); - } - - return EXIT_SUCCESS; -} - -int main(int argc, char *argv[]) -{ - if (argc <= 1 || - !strcmp(argv[1], "help") || - !strcmp(argv[1], "--help")) - { - usage(argv[0]); - return EXIT_FAILURE; - } - - if (!strcmp(argv[1], "error") || !strcmp(argv[1], "status")) { - /* There's no way to obtain the actual range of a signed type, - * so hard-code it here: psa_status_t is int32_t. */ - return process_signed(TYPE_STATUS, INT32_MIN, INT32_MAX, - argv + 2); - } else if (!strcmp(argv[1], "alg") || !strcmp(argv[1], "algorithm")) { - return process_unsigned(TYPE_ALGORITHM, (psa_algorithm_t) (-1), - argv + 2); - } else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) { - return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_family_t) (-1), - argv + 2); - } else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) { - return process_unsigned(TYPE_DH_GROUP, (psa_dh_family_t) (-1), - argv + 2); - } else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) { - return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1), - argv + 2); - } else if (!strcmp(argv[1], "usage") || !strcmp(argv[1], "key_usage")) { - return process_unsigned(TYPE_KEY_USAGE, (psa_key_usage_t) (-1), - argv + 2); - } else { - printf("Unknown type: %s\n", argv[1]); - return EXIT_FAILURE; - } -} diff --git a/lib/mbedtls-2.27.0/programs/psa/psa_constant_names_generated.c b/lib/mbedtls-2.27.0/programs/psa/psa_constant_names_generated.c deleted file mode 100644 index bebb97c..0000000 --- a/lib/mbedtls-2.27.0/programs/psa/psa_constant_names_generated.c +++ /dev/null @@ -1,430 +0,0 @@ -/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ - -static const char *psa_strerror(psa_status_t status) -{ - switch (status) { - case PSA_ERROR_ALREADY_EXISTS: return "PSA_ERROR_ALREADY_EXISTS"; - case PSA_ERROR_BAD_STATE: return "PSA_ERROR_BAD_STATE"; - case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL"; - case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; - case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; - case PSA_ERROR_DATA_CORRUPT: return "PSA_ERROR_DATA_CORRUPT"; - case PSA_ERROR_DATA_INVALID: return "PSA_ERROR_DATA_INVALID"; - case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; - case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; - case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE"; - case PSA_ERROR_INSUFFICIENT_DATA: return "PSA_ERROR_INSUFFICIENT_DATA"; - case PSA_ERROR_INSUFFICIENT_ENTROPY: return "PSA_ERROR_INSUFFICIENT_ENTROPY"; - case PSA_ERROR_INSUFFICIENT_MEMORY: return "PSA_ERROR_INSUFFICIENT_MEMORY"; - case PSA_ERROR_INSUFFICIENT_STORAGE: return "PSA_ERROR_INSUFFICIENT_STORAGE"; - case PSA_ERROR_INVALID_ARGUMENT: return "PSA_ERROR_INVALID_ARGUMENT"; - case PSA_ERROR_INVALID_HANDLE: return "PSA_ERROR_INVALID_HANDLE"; - case PSA_ERROR_INVALID_PADDING: return "PSA_ERROR_INVALID_PADDING"; - case PSA_ERROR_INVALID_SIGNATURE: return "PSA_ERROR_INVALID_SIGNATURE"; - case PSA_ERROR_NOT_PERMITTED: return "PSA_ERROR_NOT_PERMITTED"; - case PSA_ERROR_NOT_SUPPORTED: return "PSA_ERROR_NOT_SUPPORTED"; - case PSA_ERROR_STORAGE_FAILURE: return "PSA_ERROR_STORAGE_FAILURE"; - case PSA_SUCCESS: return "PSA_SUCCESS"; - default: return NULL; - } -} - -static const char *psa_ecc_family_name(psa_ecc_family_t curve) -{ - switch (curve) { - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: return "PSA_ECC_FAMILY_BRAINPOOL_P_R1"; - case PSA_ECC_FAMILY_MONTGOMERY: return "PSA_ECC_FAMILY_MONTGOMERY"; - case PSA_ECC_FAMILY_SECP_K1: return "PSA_ECC_FAMILY_SECP_K1"; - case PSA_ECC_FAMILY_SECP_R1: return "PSA_ECC_FAMILY_SECP_R1"; - case PSA_ECC_FAMILY_SECP_R2: return "PSA_ECC_FAMILY_SECP_R2"; - case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; - case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; - case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; - case PSA_ECC_FAMILY_TWISTED_EDWARDS: return "PSA_ECC_FAMILY_TWISTED_EDWARDS"; - default: return NULL; - } -} - -static const char *psa_dh_family_name(psa_dh_family_t group) -{ - switch (group) { - case PSA_DH_FAMILY_CUSTOM: return "PSA_DH_FAMILY_CUSTOM"; - case PSA_DH_FAMILY_RFC7919: return "PSA_DH_FAMILY_RFC7919"; - default: return NULL; - } -} - -static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg) -{ - switch (hash_alg) { - case PSA_ALG_ANY_HASH: return "PSA_ALG_ANY_HASH"; - case PSA_ALG_CATEGORY_HASH: return "PSA_ALG_CATEGORY_HASH"; - case PSA_ALG_MD2: return "PSA_ALG_MD2"; - case PSA_ALG_MD4: return "PSA_ALG_MD4"; - case PSA_ALG_MD5: return "PSA_ALG_MD5"; - case PSA_ALG_RIPEMD160: return "PSA_ALG_RIPEMD160"; - case PSA_ALG_SHA3_224: return "PSA_ALG_SHA3_224"; - case PSA_ALG_SHA3_256: return "PSA_ALG_SHA3_256"; - case PSA_ALG_SHA3_384: return "PSA_ALG_SHA3_384"; - case PSA_ALG_SHA3_512: return "PSA_ALG_SHA3_512"; - case PSA_ALG_SHAKE256_512: return "PSA_ALG_SHAKE256_512"; - case PSA_ALG_SHA_1: return "PSA_ALG_SHA_1"; - case PSA_ALG_SHA_224: return "PSA_ALG_SHA_224"; - case PSA_ALG_SHA_256: return "PSA_ALG_SHA_256"; - case PSA_ALG_SHA_384: return "PSA_ALG_SHA_384"; - case PSA_ALG_SHA_512: return "PSA_ALG_SHA_512"; - case PSA_ALG_SHA_512_224: return "PSA_ALG_SHA_512_224"; - case PSA_ALG_SHA_512_256: return "PSA_ALG_SHA_512_256"; - default: return NULL; - } -} - -static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg) -{ - switch (ka_alg) { - case PSA_ALG_CATEGORY_KEY_AGREEMENT: return "PSA_ALG_CATEGORY_KEY_AGREEMENT"; - case PSA_ALG_ECDH: return "PSA_ALG_ECDH"; - case PSA_ALG_FFDH: return "PSA_ALG_FFDH"; - default: return NULL; - } -} - -static int psa_snprint_key_type(char *buffer, size_t buffer_size, - psa_key_type_t type) -{ - size_t required_size = 0; - switch (type) { - case PSA_KEY_TYPE_AES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_AES", 16); break; - case PSA_KEY_TYPE_ARC4: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ARC4", 17); break; - case PSA_KEY_TYPE_CAMELLIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CAMELLIA", 21); break; - case PSA_KEY_TYPE_CATEGORY_FLAG_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_FLAG_PAIR", 31); break; - case PSA_KEY_TYPE_CATEGORY_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_KEY_PAIR", 30); break; - case PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY", 32); break; - case PSA_KEY_TYPE_CATEGORY_RAW: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_RAW", 25); break; - case PSA_KEY_TYPE_CATEGORY_SYMMETRIC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_SYMMETRIC", 31); break; - case PSA_KEY_TYPE_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CHACHA20", 21); break; - case PSA_KEY_TYPE_DERIVE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DERIVE", 19); break; - case PSA_KEY_TYPE_DES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DES", 16); break; - case PSA_KEY_TYPE_DH_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_KEY_PAIR_BASE", 29); break; - case PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE", 31); break; - case PSA_KEY_TYPE_DSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_KEY_PAIR", 25); break; - case PSA_KEY_TYPE_DSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_PUBLIC_KEY", 27); break; - case PSA_KEY_TYPE_ECC_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_KEY_PAIR_BASE", 30); break; - case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break; - case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break; - case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break; - case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break; - case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break; - case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break; - default: - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - append_with_curve(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_ECC_KEY_PAIR", 25, - PSA_KEY_TYPE_ECC_GET_FAMILY(type)); - } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { - append_with_curve(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_ECC_PUBLIC_KEY", 27, - PSA_KEY_TYPE_ECC_GET_FAMILY(type)); - } else if (PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - append_with_group(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_DH_KEY_PAIR", 24, - PSA_KEY_TYPE_DH_GET_FAMILY(type)); - } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)) { - append_with_group(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_DH_PUBLIC_KEY", 26, - PSA_KEY_TYPE_DH_GET_FAMILY(type)); - } else { - return snprintf(buffer, buffer_size, - "0x%04x", (unsigned) type); - } - break; - } - buffer[0] = 0; - return (int) required_size; -} - -#define NO_LENGTH_MODIFIER 0xfffffffflu -static int psa_snprint_algorithm(char *buffer, size_t buffer_size, - psa_algorithm_t alg) -{ - size_t required_size = 0; - psa_algorithm_t core_alg = alg; - unsigned long length_modifier = NO_LENGTH_MODIFIER; - if (PSA_ALG_IS_MAC(alg)) { - core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); - if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33); - length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); - } else if (core_alg != alg) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_TRUNCATED_MAC(", 22); - length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); - } - } else if (PSA_ALG_IS_AEAD(alg)) { - core_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - if (core_alg == 0) { - /* For unknown AEAD algorithms, there is no "default tag length". */ - core_alg = alg; - } else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43); - length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg); - } else if (core_alg != alg) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32); - length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg); - } - } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) && - !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { - core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); - append(&buffer, buffer_size, &required_size, - "PSA_ALG_KEY_AGREEMENT(", 22); - append_with_alg(&buffer, buffer_size, &required_size, - psa_ka_algorithm_name, - PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)); - append(&buffer, buffer_size, &required_size, ", ", 2); - } - switch (core_alg) { - case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break; - case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break; - case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break; - case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break; - case PSA_ALG_CATEGORY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_HASH", 21); break; - case PSA_ALG_CATEGORY_KEY_AGREEMENT: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_AGREEMENT", 30); break; - case PSA_ALG_CATEGORY_KEY_DERIVATION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_DERIVATION", 31); break; - case PSA_ALG_CATEGORY_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_MAC", 20); break; - case PSA_ALG_CATEGORY_SIGN: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_SIGN", 21); break; - case PSA_ALG_CBC_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_MAC", 15); break; - case PSA_ALG_CBC_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_NO_PADDING", 22); break; - case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break; - case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break; - case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break; - case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break; - case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break; - case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break; - case PSA_ALG_CTR: append(&buffer, buffer_size, &required_size, "PSA_ALG_CTR", 11); break; - case PSA_ALG_DETERMINISTIC_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_DSA_BASE", 30); break; - case PSA_ALG_DETERMINISTIC_ECDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_ECDSA_BASE", 32); break; - case PSA_ALG_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DSA_BASE", 16); break; - case PSA_ALG_ECB_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECB_NO_PADDING", 22); break; - case PSA_ALG_ECDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDH", 12); break; - case PSA_ALG_ECDSA_ANY: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDSA_ANY", 17); break; - case PSA_ALG_ED25519PH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ED25519PH", 17); break; - case PSA_ALG_ED448PH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ED448PH", 15); break; - case PSA_ALG_FFDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_FFDH", 12); break; - case PSA_ALG_GCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_GCM", 11); break; - case PSA_ALG_HASH_EDDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HASH_EDDSA_BASE", 23); break; - case PSA_ALG_HKDF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_BASE", 17); break; - case PSA_ALG_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HMAC_BASE", 17); break; - case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; - case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; - case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; - case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; - case PSA_ALG_PURE_EDDSA: append(&buffer, buffer_size, &required_size, "PSA_ALG_PURE_EDDSA", 18); break; - case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; - case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break; - case PSA_ALG_RSA_PKCS1V15_CRYPT: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_CRYPT", 26); break; - case PSA_ALG_RSA_PKCS1V15_SIGN_RAW: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_SIGN_RAW", 29); break; - case PSA_ALG_RSA_PSS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_BASE", 20); break; - case PSA_ALG_SHA3_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_224", 16); break; - case PSA_ALG_SHA3_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_256", 16); break; - case PSA_ALG_SHA3_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_384", 16); break; - case PSA_ALG_SHA3_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_512", 16); break; - case PSA_ALG_SHAKE256_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHAKE256_512", 20); break; - case PSA_ALG_SHA_1: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_1", 13); break; - case PSA_ALG_SHA_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_224", 15); break; - case PSA_ALG_SHA_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_256", 15); break; - case PSA_ALG_SHA_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_384", 15); break; - case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break; - case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break; - case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break; - case PSA_ALG_STREAM_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_STREAM_CIPHER", 21); break; - case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break; - case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break; - case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break; - default: - if (PSA_ALG_IS_DETERMINISTIC_DSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_DETERMINISTIC_DSA(", 25 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_DETERMINISTIC_ECDSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_DETERMINISTIC_ECDSA(", 27 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RANDOMIZED_DSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_DSA(", 11 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RANDOMIZED_ECDSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_ECDSA(", 13 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_HKDF(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_HKDF(", 12 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_HMAC(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_HMAC(", 12 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_RSA_OAEP(", 16 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_RSA_PKCS1V15_SIGN(", 25 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RSA_PSS(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_RSA_PSS(", 15 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_TLS12_PRF(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_TLS12_PRF(", 17 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_TLS12_PSK_TO_MS(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_TLS12_PSK_TO_MS(", 23 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else { - append_integer(&buffer, buffer_size, &required_size, - "0x%08lx", (unsigned long) core_alg); - } - break; - } - if (core_alg != alg) { - if (length_modifier != NO_LENGTH_MODIFIER) { - append(&buffer, buffer_size, &required_size, ", ", 2); - append_integer(&buffer, buffer_size, &required_size, - "%lu", length_modifier); - } - append(&buffer, buffer_size, &required_size, ")", 1); - } - buffer[0] = 0; - return (int) required_size; -} - -static int psa_snprint_key_usage(char *buffer, size_t buffer_size, - psa_key_usage_t usage) -{ - size_t required_size = 0; - if (usage == 0) { - if (buffer_size > 1) { - buffer[0] = '0'; - buffer[1] = 0; - } else if (buffer_size == 1) { - buffer[0] = 0; - } - return 1; - } - if (usage & PSA_KEY_USAGE_COPY) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_COPY", 18); - usage ^= PSA_KEY_USAGE_COPY; - } - if (usage & PSA_KEY_USAGE_DECRYPT) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DECRYPT", 21); - usage ^= PSA_KEY_USAGE_DECRYPT; - } - if (usage & PSA_KEY_USAGE_DERIVE) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DERIVE", 20); - usage ^= PSA_KEY_USAGE_DERIVE; - } - if (usage & PSA_KEY_USAGE_ENCRYPT) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_ENCRYPT", 21); - usage ^= PSA_KEY_USAGE_ENCRYPT; - } - if (usage & PSA_KEY_USAGE_EXPORT) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_EXPORT", 20); - usage ^= PSA_KEY_USAGE_EXPORT; - } - if (usage & PSA_KEY_USAGE_SIGN_HASH) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); - usage ^= PSA_KEY_USAGE_SIGN_HASH; - } - if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_MESSAGE", 26); - usage ^= PSA_KEY_USAGE_SIGN_MESSAGE; - } - if (usage & PSA_KEY_USAGE_VERIFY_HASH) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25); - usage ^= PSA_KEY_USAGE_VERIFY_HASH; - } - if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_MESSAGE", 28); - usage ^= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - if (usage != 0) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append_integer(&buffer, buffer_size, &required_size, - "0x%08lx", (unsigned long) usage); - } else { - buffer[0] = 0; - } - return (int) required_size; -} - -/* End of automatically generated file. */ |