Remove Diffie-Hellman examples
These examples rely on the NET module, which we want to remove. In
theory we could remove just the dependency, but we decided to remove the
whole example because:
- They showcase some bad crypto: custom, undocumented protocol (not
obviously broken though, apart from authenticating only one side);
hard-coded limit of 512-bit size for the DH modulus (2048 is the
recommended minimum these days); direct use of the shared secret as a
key (instead of applying a KDF); encryption with ECB, custom
parameters and the client not having the ability to verify them.
- The programs use the DH API in the same way that TLS does, so they
have limited demonstration value.
- The programs only show finite-field DH, which is not used all that
much these days. What people want to see is mostly ECDH.
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 5a37a42..944a100 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -1,12 +1,6 @@
-add_executable(dh_client dh_client.c)
-target_link_libraries(dh_client mbedtls)
-
add_executable(dh_genprime dh_genprime.c)
target_link_libraries(dh_genprime mbedtls)
-add_executable(dh_server dh_server.c)
-target_link_libraries(dh_server mbedtls)
-
add_executable(ecdh_curve25519 ecdh_curve25519.c)
target_link_libraries(ecdh_curve25519 mbedtls)
@@ -58,6 +52,6 @@
add_executable(pk_decrypt pk_decrypt.c)
target_link_libraries(pk_decrypt mbedtls)
-install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
+install(TARGETS dh_genprime key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)