mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-10-19 10:21:33 +00:00
8dd1690993
Resolve conflicts by performing the following operations:
- Reject changes related to building a crypto submodule, since Mbed
Crypto is the crypto submodule.
- Reject X.509, NET, and SSL changes.
- Reject changes to README, as Mbed Crypto is a different project from
Mbed TLS, with a different README.
- Avoid adding mention of ssl-opt.sh in a comment near some modified
code in include/CMakeLists.txt (around where ENABLE_TESTING as added).
- Align config.pl in Mbed TLS with config.pl in Mbed Crypto where PSA
options are concerned, to make future merging easier. There is no
reason for the two to be different in this regard, now that Mbed TLS
always depends on Mbed Crypto. Remaining differences are only the
PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option and the absence of X.509,
NET, and SSL related options in Mbed Crypto's config.pl.
- Align config.h in Mbed Crypto with Mbed TLS's copy, with a few notable
exceptions:
- Leave CMAC on by default.
- Leave storage on by default (including ITS emulation).
- Avoid documenting the PSA Crypto API as is in beta stage in
documentation for MBEDTLS_PSA_CRYPTO_C.
The only remaining differences are a lack of X.509, NET, and SSL
options in Mbed Crypto's config.h, as well as an additional
Mbed-Crypto-specific PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER option.
Documentation for the check params feature and related macros is also
updated to match Mbed TLS's description.
- Reject tests/data_files/Makefile changes to generate DER versions of
CRTs and keys, as none of those are used by Mbed Crypto tests.
- Add the "no PEM and no filesystem" test to all.sh, without ssl-opt.sh
run, as Mbed Crypto doesn't have ssl-opt.sh. Also remove use of PSA
Crypto storage and ITS emulation, since those depend on filesystem
support.
- Reject addition of test when no ciphersuites have MAC to all.sh, as
the option being tested, MBEDTLS_SSL_SOME_MODES_USE_MAC, is not
present in Mbed Crypto.
- Use baremetal config in all.sh, as Mbed Crypto's baremetal
configuration does exclude the net module (as it doesn't exist in Mbed
Crypto)
- Reject cmake_subproject_build changes, continuing to link only
libmbedcrypto.
- Reject changes to visualc and associated templates. Mbed Crypto
doesn't need additional logic to handle submodule-sourced headers.
- Avoid adding fuzzers from Mbed TLS. The only relevant fuzzers are the
privkey and pubkey fuzzers, but non-trivial work would be required to
integrate those into Mbed Crypto (more than is comfortable in a merge
commit).
- Reject addition of Docker wrappers for compat.sh and ssl-opt.sh, as
those are not present in Mbed Crypto.
- Remove calls to SSL-related scripts from basic-in-docker.sh
Fix test errors by performing the following:
- Avoid using a link that Doxygen can't seem to resolve in Mbed Crypto,
but can resolve in Mbed TLS. In documentation for
MBEDTLS_CHECK_PARAMS, don't attempt to link to MBEDTLS_PARAM_FAILED.
* origin/development: (339 commits)
Do not build fuzz on windows
No booleans and import config
Removing space before opening parenthesis
Style corrections
Syntax fix
Fixes warnings from MSVC
Add a linker flag to enable gcov in basic-build-test.sh
Update crypto submodule to a revision with the HAVEGE header changes
Test with MBEDTLS_ECP_RESTARTABLE
Allow TODO in code
Use the docstring in the command line help
Split _abi_compliance_command into smaller functions
Record the commits that were compared
Document how to build the typical argument for -s
Allow running /somewhere/else/path/to/abi_check.py
tests: Limit each log to 10 GiB
Warn if VLAs are used
Remove redundant compiler flag
Consistently spell -Wextra
Fix parsing issue when int parameter is in base 16
...
317 lines
9.8 KiB
C
317 lines
9.8 KiB
C
/*
|
|
* Key reading application
|
|
*
|
|
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
*/
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include "mbedtls/config.h"
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
|
#include "mbedtls/platform.h"
|
|
#else
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#define mbedtls_printf printf
|
|
#define mbedtls_exit exit
|
|
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
|
|
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
|
|
#endif /* MBEDTLS_PLATFORM_C */
|
|
|
|
#if defined(MBEDTLS_BIGNUM_C) && \
|
|
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
|
|
#include "mbedtls/error.h"
|
|
#include "mbedtls/rsa.h"
|
|
#include "mbedtls/pk.h"
|
|
|
|
#include <string.h>
|
|
#endif
|
|
|
|
#define MODE_NONE 0
|
|
#define MODE_PRIVATE 1
|
|
#define MODE_PUBLIC 2
|
|
|
|
#define DFL_MODE MODE_NONE
|
|
#define DFL_FILENAME "keyfile.key"
|
|
#define DFL_PASSWORD ""
|
|
#define DFL_PASSWORD_FILE ""
|
|
#define DFL_DEBUG_LEVEL 0
|
|
|
|
#define USAGE \
|
|
"\n usage: key_app param=<>...\n" \
|
|
"\n acceptable parameters:\n" \
|
|
" mode=private|public default: none\n" \
|
|
" filename=%%s default: keyfile.key\n" \
|
|
" password=%%s default: \"\"\n" \
|
|
" password_file=%%s default: \"\"\n" \
|
|
"\n"
|
|
|
|
#if !defined(MBEDTLS_BIGNUM_C) || \
|
|
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO)
|
|
int main( void )
|
|
{
|
|
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
|
|
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
|
|
return( 0 );
|
|
}
|
|
#else
|
|
|
|
|
|
/*
|
|
* global options
|
|
*/
|
|
struct options
|
|
{
|
|
int mode; /* the mode to run the application in */
|
|
const char *filename; /* filename of the key file */
|
|
const char *password; /* password for the private key */
|
|
const char *password_file; /* password_file for the private key */
|
|
} opt;
|
|
|
|
int main( int argc, char *argv[] )
|
|
{
|
|
int ret = 1;
|
|
int exit_code = MBEDTLS_EXIT_FAILURE;
|
|
char buf[1024];
|
|
int i;
|
|
char *p, *q;
|
|
|
|
mbedtls_pk_context pk;
|
|
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
|
|
|
|
/*
|
|
* Set to sane values
|
|
*/
|
|
mbedtls_pk_init( &pk );
|
|
memset( buf, 0, sizeof(buf) );
|
|
|
|
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
|
|
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
|
|
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
|
|
|
|
if( argc == 0 )
|
|
{
|
|
usage:
|
|
mbedtls_printf( USAGE );
|
|
goto cleanup;
|
|
}
|
|
|
|
opt.mode = DFL_MODE;
|
|
opt.filename = DFL_FILENAME;
|
|
opt.password = DFL_PASSWORD;
|
|
opt.password_file = DFL_PASSWORD_FILE;
|
|
|
|
for( i = 1; i < argc; i++ )
|
|
{
|
|
p = argv[i];
|
|
if( ( q = strchr( p, '=' ) ) == NULL )
|
|
goto usage;
|
|
*q++ = '\0';
|
|
|
|
if( strcmp( p, "mode" ) == 0 )
|
|
{
|
|
if( strcmp( q, "private" ) == 0 )
|
|
opt.mode = MODE_PRIVATE;
|
|
else if( strcmp( q, "public" ) == 0 )
|
|
opt.mode = MODE_PUBLIC;
|
|
else
|
|
goto usage;
|
|
}
|
|
else if( strcmp( p, "filename" ) == 0 )
|
|
opt.filename = q;
|
|
else if( strcmp( p, "password" ) == 0 )
|
|
opt.password = q;
|
|
else if( strcmp( p, "password_file" ) == 0 )
|
|
opt.password_file = q;
|
|
else
|
|
goto usage;
|
|
}
|
|
|
|
if( opt.mode == MODE_PRIVATE )
|
|
{
|
|
if( strlen( opt.password ) && strlen( opt.password_file ) )
|
|
{
|
|
mbedtls_printf( "Error: cannot have both password and password_file\n" );
|
|
goto usage;
|
|
}
|
|
|
|
if( strlen( opt.password_file ) )
|
|
{
|
|
FILE *f;
|
|
|
|
mbedtls_printf( "\n . Loading the password file ..." );
|
|
if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
|
|
{
|
|
mbedtls_printf( " failed\n ! fopen returned NULL\n" );
|
|
goto cleanup;
|
|
}
|
|
if( fgets( buf, sizeof(buf), f ) == NULL )
|
|
{
|
|
fclose( f );
|
|
mbedtls_printf( "Error: fgets() failed to retrieve password\n" );
|
|
goto cleanup;
|
|
}
|
|
fclose( f );
|
|
|
|
i = (int) strlen( buf );
|
|
if( buf[i - 1] == '\n' ) buf[i - 1] = '\0';
|
|
if( buf[i - 2] == '\r' ) buf[i - 2] = '\0';
|
|
opt.password = buf;
|
|
}
|
|
|
|
/*
|
|
* 1.1. Load the key
|
|
*/
|
|
mbedtls_printf( "\n . Loading the private key ..." );
|
|
fflush( stdout );
|
|
|
|
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password );
|
|
|
|
if( ret != 0 )
|
|
{
|
|
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", -ret );
|
|
goto cleanup;
|
|
}
|
|
|
|
mbedtls_printf( " ok\n" );
|
|
|
|
/*
|
|
* 1.2 Print the key
|
|
*/
|
|
mbedtls_printf( " . Key information ...\n" );
|
|
#if defined(MBEDTLS_RSA_C)
|
|
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
|
|
{
|
|
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
|
|
|
|
if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 ||
|
|
( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
|
|
{
|
|
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
|
|
goto cleanup;
|
|
}
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D: ", &D, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "P: ", &P, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ) );
|
|
}
|
|
else
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_C)
|
|
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
|
|
{
|
|
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) );
|
|
}
|
|
else
|
|
#endif
|
|
{
|
|
mbedtls_printf("Do not know how to print key information for this type\n" );
|
|
goto cleanup;
|
|
}
|
|
}
|
|
else if( opt.mode == MODE_PUBLIC )
|
|
{
|
|
/*
|
|
* 1.1. Load the key
|
|
*/
|
|
mbedtls_printf( "\n . Loading the public key ..." );
|
|
fflush( stdout );
|
|
|
|
ret = mbedtls_pk_parse_public_keyfile( &pk, opt.filename );
|
|
|
|
if( ret != 0 )
|
|
{
|
|
mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n", -ret );
|
|
goto cleanup;
|
|
}
|
|
|
|
mbedtls_printf( " ok\n" );
|
|
|
|
mbedtls_printf( " . Key information ...\n" );
|
|
#if defined(MBEDTLS_RSA_C)
|
|
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
|
|
{
|
|
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk );
|
|
|
|
if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL,
|
|
NULL, &E ) ) != 0 )
|
|
{
|
|
mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" );
|
|
goto cleanup;
|
|
}
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "N: ", &N, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "E: ", &E, 16, NULL ) );
|
|
}
|
|
else
|
|
#endif
|
|
#if defined(MBEDTLS_ECP_C)
|
|
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
|
|
{
|
|
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) );
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) );
|
|
}
|
|
else
|
|
#endif
|
|
{
|
|
mbedtls_printf("Do not know how to print key information for this type\n" );
|
|
goto cleanup;
|
|
}
|
|
}
|
|
else
|
|
goto usage;
|
|
|
|
exit_code = MBEDTLS_EXIT_SUCCESS;
|
|
|
|
cleanup:
|
|
|
|
#if defined(MBEDTLS_ERROR_C)
|
|
if( exit_code != MBEDTLS_EXIT_SUCCESS )
|
|
{
|
|
mbedtls_strerror( ret, buf, sizeof( buf ) );
|
|
mbedtls_printf( " ! Last error was: %s\n", buf );
|
|
}
|
|
#endif
|
|
|
|
mbedtls_pk_free( &pk );
|
|
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
|
|
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
|
|
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
|
|
|
|
#if defined(_WIN32)
|
|
mbedtls_printf( " + Press Enter to exit this program.\n" );
|
|
fflush( stdout ); getchar();
|
|
#endif
|
|
|
|
return( exit_code );
|
|
}
|
|
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
|