Switch to the new code style
Signed-off-by: David Horstmann <david.horstmann@arm.com>
diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c
index 1efd132..0c2413e 100644
--- a/programs/psa/aead_demo.c
+++ b/programs/psa/aead_demo.c
@@ -57,20 +57,20 @@
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
!defined(MBEDTLS_CHACHAPOLY_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_PSA_CRYPTO_C and/or "
- "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
- "MBEDTLS_CHACHAPOLY_C not defined, and/or "
- "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n" );
- return( 0 );
+ printf("MBEDTLS_PSA_CRYPTO_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
+ "MBEDTLS_CHACHAPOLY_C not defined, and/or "
+ "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
+ return 0;
}
#else
/* The real program starts here. */
const char usage[] =
-"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
+ "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
const unsigned char iv1[12] = { 0x00 };
@@ -85,40 +85,41 @@
const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
/* Maximum total size of the messages */
-#define MSG1_SIZE ( sizeof( msg1_part1 ) + sizeof( msg1_part2 ) )
-#define MSG2_SIZE ( sizeof( msg2_part1 ) + sizeof( msg2_part2 ) )
-#define MSG_MAX_SIZE ( MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE )
+#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
+#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
+#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
/* Dummy key material - never do this in production!
* 32-byte is enough to all the key size supported by this program. */
const unsigned char key_bytes[32] = { 0x2a };
/* Print the contents of a buffer in hex */
-void print_buf( const char *title, uint8_t *buf, size_t len )
+void print_buf(const char *title, uint8_t *buf, size_t len)
{
- printf( "%s:", title );
- for( size_t i = 0; i < len; i++ )
- printf( " %02x", buf[i] );
- printf( "\n" );
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
}
/* Run a PSA function and bail out if it fails.
* The symbolic name of the error code can be recovered using:
* programs/psa/psa_constant_name status <value> */
-#define PSA_CHECK( expr ) \
+#define PSA_CHECK(expr) \
do \
{ \
- status = ( expr ); \
- if( status != PSA_SUCCESS ) \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
{ \
- printf( "Error %d at line %d: %s\n", \
- (int) status, \
- __LINE__, \
- #expr ); \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/*
* Prepare encryption material:
@@ -126,48 +127,48 @@
* - set up key
* - outputs: key and algorithm, which together hold all the information
*/
-static psa_status_t aead_prepare( const char *info,
- psa_key_id_t *key,
- psa_algorithm_t *alg )
+static psa_status_t aead_prepare(const char *info,
+ psa_key_id_t *key,
+ psa_algorithm_t *alg)
{
psa_status_t status;
/* Convert arg to alg + key_bits + key_type */
size_t key_bits;
psa_key_type_t key_type;
- if( strcmp( info, "aes128-gcm" ) == 0 ) {
+ if (strcmp(info, "aes128-gcm") == 0) {
*alg = PSA_ALG_GCM;
key_bits = 128;
key_type = PSA_KEY_TYPE_AES;
- } else if( strcmp( info, "aes256-gcm" ) == 0 ) {
+ } else if (strcmp(info, "aes256-gcm") == 0) {
*alg = PSA_ALG_GCM;
key_bits = 256;
key_type = PSA_KEY_TYPE_AES;
- } else if( strcmp( info, "aes128-gcm_8" ) == 0 ) {
+ } else if (strcmp(info, "aes128-gcm_8") == 0) {
*alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8);
key_bits = 128;
key_type = PSA_KEY_TYPE_AES;
- } else if( strcmp( info, "chachapoly" ) == 0 ) {
+ } else if (strcmp(info, "chachapoly") == 0) {
*alg = PSA_ALG_CHACHA20_POLY1305;
key_bits = 256;
key_type = PSA_KEY_TYPE_CHACHA20;
} else {
- puts( usage );
- return( PSA_ERROR_INVALID_ARGUMENT );
+ puts(usage);
+ return PSA_ERROR_INVALID_ARGUMENT;
}
/* Prepare key attributes */
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, *alg );
- psa_set_key_type( &attributes, key_type );
- psa_set_key_bits( &attributes, key_bits ); // optional
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, *alg);
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, key_bits); // optional
/* Import key */
- PSA_CHECK( psa_import_key( &attributes, key_bytes, key_bits / 8, key ) );
+ PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key));
exit:
- return( status );
+ return status;
}
/*
@@ -176,14 +177,14 @@
* All of this information was present in the command line argument, but his
* function demonstrates how each piece can be recovered from (key, alg).
*/
-static void aead_info( psa_key_id_t key, psa_algorithm_t alg )
+static void aead_info(psa_key_id_t key, psa_algorithm_t alg)
{
psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
- (void) psa_get_key_attributes( key, &attr );
- psa_key_type_t key_type = psa_get_key_type( &attr );
- size_t key_bits = psa_get_key_bits( &attr );
- psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( alg );
- size_t tag_len = PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg );
+ (void) psa_get_key_attributes(key, &attr);
+ psa_key_type_t key_type = psa_get_key_type(&attr);
+ size_t key_bits = psa_get_key_bits(&attr);
+ psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
+ size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg);
const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES"
: key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha"
@@ -192,102 +193,101 @@
: base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly"
: "???";
- printf( "%s, %u, %s, %u\n",
- type_str, (unsigned) key_bits, base_str, (unsigned) tag_len );
+ printf("%s, %u, %s, %u\n",
+ type_str, (unsigned) key_bits, base_str, (unsigned) tag_len);
}
/*
* Encrypt a 2-part message.
*/
-static int aead_encrypt( psa_key_id_t key, psa_algorithm_t alg,
- const unsigned char *iv, size_t iv_len,
- const unsigned char *ad, size_t ad_len,
- const unsigned char *part1, size_t part1_len,
- const unsigned char *part2, size_t part2_len )
+static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *part1, size_t part1_len,
+ const unsigned char *part2, size_t part2_len)
{
psa_status_t status;
size_t olen, olen_tag;
unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)];
- unsigned char *p = out, *end = out + sizeof( out );
+ unsigned char *p = out, *end = out + sizeof(out);
unsigned char tag[PSA_AEAD_TAG_MAX_SIZE];
psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT;
- PSA_CHECK( psa_aead_encrypt_setup( &op, key, alg ) );
+ PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg));
- PSA_CHECK( psa_aead_set_nonce( &op, iv, iv_len ) );
- PSA_CHECK( psa_aead_update_ad( &op, ad, ad_len ) );
- PSA_CHECK( psa_aead_update( &op, part1, part1_len, p, end - p, &olen ) );
+ PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len));
+ PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len));
+ PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen));
p += olen;
- PSA_CHECK( psa_aead_update( &op, part2, part2_len, p, end - p, &olen ) );
+ PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen));
p += olen;
- PSA_CHECK( psa_aead_finish( &op, p, end - p, &olen,
- tag, sizeof( tag ), &olen_tag ) );
+ PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen,
+ tag, sizeof(tag), &olen_tag));
p += olen;
- memcpy( p, tag, olen_tag );
+ memcpy(p, tag, olen_tag);
p += olen_tag;
olen = p - out;
- print_buf( "out", out, olen );
+ print_buf("out", out, olen);
exit:
- psa_aead_abort( &op ); // required on errors, harmless on success
- return( status );
+ psa_aead_abort(&op); // required on errors, harmless on success
+ return status;
}
/*
* AEAD demo: set up key/alg, print out info, encrypt messages.
*/
-static psa_status_t aead_demo( const char *info )
+static psa_status_t aead_demo(const char *info)
{
psa_status_t status;
psa_key_id_t key;
psa_algorithm_t alg;
- PSA_CHECK( aead_prepare( info, &key, &alg ) );
+ PSA_CHECK(aead_prepare(info, &key, &alg));
- aead_info( key, alg );
+ aead_info(key, alg);
- PSA_CHECK( aead_encrypt( key, alg,
- iv1, sizeof( iv1 ), add_data1, sizeof( add_data1 ),
- msg1_part1, sizeof( msg1_part1 ),
- msg1_part2, sizeof( msg1_part2 ) ) );
- PSA_CHECK( aead_encrypt( key, alg,
- iv2, sizeof( iv2 ), add_data2, sizeof( add_data2 ),
- msg2_part1, sizeof( msg2_part1 ),
- msg2_part2, sizeof( msg2_part2 ) ) );
+ PSA_CHECK(aead_encrypt(key, alg,
+ iv1, sizeof(iv1), add_data1, sizeof(add_data1),
+ msg1_part1, sizeof(msg1_part1),
+ msg1_part2, sizeof(msg1_part2)));
+ PSA_CHECK(aead_encrypt(key, alg,
+ iv2, sizeof(iv2), add_data2, sizeof(add_data2),
+ msg2_part1, sizeof(msg2_part1),
+ msg2_part2, sizeof(msg2_part2)));
exit:
- psa_destroy_key( key );
+ psa_destroy_key(key);
- return( status );
+ return status;
}
/*
* Main function
*/
-int main( int argc, char **argv )
+int main(int argc, char **argv)
{
psa_status_t status = PSA_SUCCESS;
/* Check usage */
- if( argc != 2 )
- {
- puts( usage );
- return( EXIT_FAILURE );
+ if (argc != 2) {
+ puts(usage);
+ return EXIT_FAILURE;
}
/* Initialize the PSA crypto library. */
- PSA_CHECK( psa_crypto_init( ) );
+ PSA_CHECK(psa_crypto_init());
/* Run the demo */
- PSA_CHECK( aead_demo( argv[1] ) );
+ PSA_CHECK(aead_demo(argv[1]));
/* Deinitialize the PSA crypto library. */
- mbedtls_psa_crypto_free( );
+ mbedtls_psa_crypto_free();
exit:
- return( status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
+ return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index 935d657..3f109d8 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -20,146 +20,145 @@
#include <stdio.h>
#include <stdlib.h>
-#define ASSERT( predicate ) \
+#define ASSERT(predicate) \
do \
{ \
- if( ! ( predicate ) ) \
+ if (!(predicate)) \
{ \
- printf( "\tassertion failed at %s:%d - '%s'\r\n", \
- __FILE__, __LINE__, #predicate); \
+ printf("\tassertion failed at %s:%d - '%s'\r\n", \
+ __FILE__, __LINE__, #predicate); \
goto exit; \
} \
- } while ( 0 )
+ } while (0)
-#define ASSERT_STATUS( actual, expected ) \
+#define ASSERT_STATUS(actual, expected) \
do \
{ \
- if( ( actual ) != ( expected ) ) \
+ if ((actual) != (expected)) \
{ \
- printf( "\tassertion failed at %s:%d - " \
- "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
- (psa_status_t) actual, (psa_status_t) expected ); \
+ printf("\tassertion failed at %s:%d - " \
+ "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
+ (psa_status_t) actual, (psa_status_t) expected); \
goto exit; \
} \
- } while ( 0 )
+ } while (0)
#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
!defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
!defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
- "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
- "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
- "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
- " defined.\r\n" );
- return( 0 );
+ printf("MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
+ "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
+ "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
+ "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
+ " defined.\r\n");
+ return 0;
}
#else
-static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
- const uint8_t * input,
- size_t input_size,
- size_t part_size,
- uint8_t * output,
- size_t output_size,
- size_t *output_len )
+static psa_status_t cipher_operation(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
{
psa_status_t status;
size_t bytes_to_write = 0, bytes_written = 0, len = 0;
*output_len = 0;
- while( bytes_written != input_size )
- {
- bytes_to_write = ( input_size - bytes_written > part_size ?
- part_size :
- input_size - bytes_written );
+ while (bytes_written != input_size) {
+ bytes_to_write = (input_size - bytes_written > part_size ?
+ part_size :
+ input_size - bytes_written);
- status = psa_cipher_update( operation, input + bytes_written,
- bytes_to_write, output + *output_len,
- output_size - *output_len, &len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_update(operation, input + bytes_written,
+ bytes_to_write, output + *output_len,
+ output_size - *output_len, &len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
bytes_written += bytes_to_write;
*output_len += len;
}
- status = psa_cipher_finish( operation, output + *output_len,
- output_size - *output_len, &len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_finish(operation, output + *output_len,
+ output_size - *output_len, &len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
*output_len += len;
exit:
- return( status );
+ return status;
}
-static psa_status_t cipher_encrypt( psa_key_id_t key,
- psa_algorithm_t alg,
- uint8_t * iv,
- size_t iv_size,
- const uint8_t * input,
- size_t input_size,
- size_t part_size,
- uint8_t * output,
- size_t output_size,
- size_t *output_len )
+static psa_status_t cipher_encrypt(psa_key_id_t key,
+ psa_algorithm_t alg,
+ uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
{
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
size_t iv_len = 0;
- memset( &operation, 0, sizeof( operation ) );
- status = psa_cipher_encrypt_setup( &operation, key, alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ memset(&operation, 0, sizeof(operation));
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_generate_iv(&operation, iv, iv_size, &iv_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_operation( &operation, input, input_size, part_size,
- output, output_size, output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_operation(&operation, input, input_size, part_size,
+ output, output_size, output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_cipher_abort( &operation );
- return( status );
+ psa_cipher_abort(&operation);
+ return status;
}
-static psa_status_t cipher_decrypt( psa_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t * iv,
- size_t iv_size,
- const uint8_t * input,
- size_t input_size,
- size_t part_size,
- uint8_t * output,
- size_t output_size,
- size_t *output_len )
+static psa_status_t cipher_decrypt(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
{
psa_status_t status;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- memset( &operation, 0, sizeof( operation ) );
- status = psa_cipher_decrypt_setup( &operation, key, alg );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ memset(&operation, 0, sizeof(operation));
+ status = psa_cipher_decrypt_setup(&operation, key, alg);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = psa_cipher_set_iv( &operation, iv, iv_size );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_cipher_set_iv(&operation, iv, iv_size);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_operation( &operation, input, input_size, part_size,
- output, output_size, output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_operation(&operation, input, input_size, part_size,
+ output, output_size, output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_cipher_abort( &operation );
- return( status );
+ psa_cipher_abort(&operation);
+ return status;
}
static psa_status_t
-cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
+cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
{
enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
part_size = block_size,
};
@@ -174,40 +173,40 @@
uint8_t encrypt[block_size];
uint8_t decrypt[block_size];
- status = psa_generate_random( input, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, key_bits );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key( &attributes, &key );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_encrypt( key, alg, iv, sizeof( iv ),
- input, sizeof( input ), part_size,
- encrypt, sizeof( encrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_decrypt( key, alg, iv, sizeof( iv ),
- encrypt, output_len, part_size,
- decrypt, sizeof( decrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = memcmp( input, decrypt, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
+static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
{
enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 10,
@@ -222,40 +221,40 @@
uint8_t iv[block_size], input[input_size],
encrypt[input_size + block_size], decrypt[input_size + block_size];
- status = psa_generate_random( input, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, key_bits );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key( &attributes, &key );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_encrypt( key, alg, iv, sizeof( iv ),
- input, sizeof( input ), part_size,
- encrypt, sizeof( encrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_decrypt( key, alg, iv, sizeof( iv ),
- encrypt, output_len, part_size,
- decrypt, sizeof( decrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = memcmp( input, decrypt, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
+static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
{
enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( PSA_KEY_TYPE_AES ),
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
key_bits = 256,
input_size = 100,
part_size = 10,
@@ -269,63 +268,66 @@
uint8_t iv[block_size], input[input_size], encrypt[input_size],
decrypt[input_size];
- status = psa_generate_random( input, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, key_bits );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key( &attributes, &key );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_encrypt( key, alg, iv, sizeof( iv ),
- input, sizeof( input ), part_size,
- encrypt, sizeof( encrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = cipher_decrypt( key, alg, iv, sizeof( iv ),
- encrypt, output_len, part_size,
- decrypt, sizeof( decrypt ), &output_len );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
- status = memcmp( input, decrypt, sizeof( input ) );
- ASSERT_STATUS( status, PSA_SUCCESS );
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
exit:
- psa_destroy_key( key );
- return( status );
+ psa_destroy_key(key);
+ return status;
}
-static void cipher_examples( void )
+static void cipher_examples(void)
{
psa_status_t status;
- printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
- status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
- if( status == PSA_SUCCESS )
- printf( "\tsuccess!\r\n" );
+ printf("cipher encrypt/decrypt AES CBC no padding:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
- printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
- status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
- if( status == PSA_SUCCESS )
- printf( "\tsuccess!\r\n" );
+ printf("cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
- printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
- status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
- if( status == PSA_SUCCESS )
- printf( "\tsuccess!\r\n" );
+ printf("cipher encrypt/decrypt AES CTR multipart:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_ctr_multi();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
}
-int main( void )
+int main(void)
{
- ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
- cipher_examples( );
+ ASSERT(psa_crypto_init() == PSA_SUCCESS);
+ cipher_examples();
exit:
- mbedtls_psa_crypto_free( );
- return( 0 );
+ mbedtls_psa_crypto_free();
+ return 0;
}
#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC &&
MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */
diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c
index f949a89..f25cdeb 100644
--- a/programs/psa/hmac_demo.c
+++ b/programs/psa/hmac_demo.c
@@ -50,11 +50,11 @@
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_PSA_CRYPTO_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_PSA_CRYPTO_C not defined, "
- "and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n" );
- return( 0 );
+ printf("MBEDTLS_PSA_CRYPTO_C not defined, "
+ "and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
+ return 0;
}
#else
@@ -71,31 +71,32 @@
const unsigned char key_bytes[32] = { 0 };
/* Print the contents of a buffer in hex */
-void print_buf( const char *title, uint8_t *buf, size_t len )
+void print_buf(const char *title, uint8_t *buf, size_t len)
{
- printf( "%s:", title );
- for( size_t i = 0; i < len; i++ )
- printf( " %02x", buf[i] );
- printf( "\n" );
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
}
/* Run a PSA function and bail out if it fails.
* The symbolic name of the error code can be recovered using:
* programs/psa/psa_constant_name status <value> */
-#define PSA_CHECK( expr ) \
+#define PSA_CHECK(expr) \
do \
{ \
- status = ( expr ); \
- if( status != PSA_SUCCESS ) \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
{ \
- printf( "Error %d at line %d: %s\n", \
- (int) status, \
- __LINE__, \
- #expr ); \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/*
* This function demonstrates computation of the HMAC of two messages using
@@ -113,40 +114,41 @@
psa_key_id_t key = 0;
/* prepare key */
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
- psa_set_key_bits( &attributes, 8 * sizeof( key_bytes ) ); // optional
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+ psa_set_key_bits(&attributes, 8 * sizeof(key_bytes)); // optional
- status = psa_import_key( &attributes,
- key_bytes, sizeof( key_bytes ), &key );
- if( status != PSA_SUCCESS )
- return( status );
+ status = psa_import_key(&attributes,
+ key_bytes, sizeof(key_bytes), &key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
/* prepare operation */
psa_mac_operation_t op = PSA_MAC_OPERATION_INIT;
size_t out_len = 0;
/* compute HMAC(key, msg1_part1 | msg1_part2) */
- PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
- PSA_CHECK( psa_mac_update( &op, msg1_part1, sizeof( msg1_part1 ) ) );
- PSA_CHECK( psa_mac_update( &op, msg1_part2, sizeof( msg1_part2 ) ) );
- PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
- print_buf( "msg1", out, out_len );
+ PSA_CHECK(psa_mac_sign_setup(&op, key, alg));
+ PSA_CHECK(psa_mac_update(&op, msg1_part1, sizeof(msg1_part1)));
+ PSA_CHECK(psa_mac_update(&op, msg1_part2, sizeof(msg1_part2)));
+ PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len));
+ print_buf("msg1", out, out_len);
/* compute HMAC(key, msg2_part1 | msg2_part2) */
- PSA_CHECK( psa_mac_sign_setup( &op, key, alg ) );
- PSA_CHECK( psa_mac_update( &op, msg2_part1, sizeof( msg2_part1 ) ) );
- PSA_CHECK( psa_mac_update( &op, msg2_part2, sizeof( msg2_part2 ) ) );
- PSA_CHECK( psa_mac_sign_finish( &op, out, sizeof( out ), &out_len ) );
- print_buf( "msg2", out, out_len );
+ PSA_CHECK(psa_mac_sign_setup(&op, key, alg));
+ PSA_CHECK(psa_mac_update(&op, msg2_part1, sizeof(msg2_part1)));
+ PSA_CHECK(psa_mac_update(&op, msg2_part2, sizeof(msg2_part2)));
+ PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len));
+ print_buf("msg2", out, out_len);
exit:
- psa_mac_abort( &op ); // needed on error, harmless on success
- psa_destroy_key( key );
- mbedtls_platform_zeroize( out, sizeof( out ) );
+ psa_mac_abort(&op); // needed on error, harmless on success
+ psa_destroy_key(key);
+ mbedtls_platform_zeroize(out, sizeof(out));
- return( status );
+ return status;
}
int main(void)
@@ -154,16 +156,16 @@
psa_status_t status = PSA_SUCCESS;
/* Initialize the PSA crypto library. */
- PSA_CHECK( psa_crypto_init( ) );
+ PSA_CHECK(psa_crypto_init());
/* Run the demo */
- PSA_CHECK( hmac_demo() );
+ PSA_CHECK(hmac_demo());
/* Deinitialize the PSA crypto library. */
- mbedtls_psa_crypto_free( );
+ mbedtls_psa_crypto_free();
exit:
- return( status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE );
+ return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index f40874e..f5c31de 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -66,47 +66,47 @@
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-int main( void )
+int main(void)
{
- printf( "MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
- "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
- "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
- "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
- "defined.\n" );
- return( 0 );
+ printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
+ "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
+ "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
+ "defined.\n");
+ return 0;
}
#else
/* The real program starts here. */
/* Run a system function and bail out if it fails. */
-#define SYS_CHECK( expr ) \
+#define SYS_CHECK(expr) \
do \
{ \
- if( ! ( expr ) ) \
+ if (!(expr)) \
{ \
- perror( #expr ); \
+ perror( #expr); \
status = DEMO_ERROR; \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/* Run a PSA function and bail out if it fails. */
-#define PSA_CHECK( expr ) \
+#define PSA_CHECK(expr) \
do \
{ \
- status = ( expr ); \
- if( status != PSA_SUCCESS ) \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
{ \
- printf( "Error %d at line %d: %s\n", \
- (int) status, \
- __LINE__, \
- #expr ); \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
goto exit; \
} \
} \
- while( 0 )
+ while (0)
/* To report operational errors in this program, use an error code that is
* different from every PSA error code. */
@@ -116,19 +116,19 @@
#define MAX_LADDER_DEPTH 10
/* Salt to use when deriving an intermediate key. */
-#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" )
-#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) )
+#define DERIVE_KEY_SALT ((uint8_t *) "key_ladder_demo.derive")
+#define DERIVE_KEY_SALT_LENGTH (strlen((const char *) DERIVE_KEY_SALT))
/* Salt to use when deriving a wrapping key. */
-#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" )
-#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) )
+#define WRAPPING_KEY_SALT ((uint8_t *) "key_ladder_demo.wrap")
+#define WRAPPING_KEY_SALT_LENGTH (strlen((const char *) WRAPPING_KEY_SALT))
/* Size of the key derivation keys (applies both to the master key and
* to intermediate keys). */
#define KEY_SIZE_BYTES 40
/* Algorithm for key derivation. */
-#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 )
+#define KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256)
/* Type and size of the key used to wrap data. */
#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES
@@ -145,9 +145,8 @@
* integer sizes and endianness, because the data is meant to be read
* back by the same program on the same machine. */
#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte
-#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) )
-typedef struct
-{
+#define WRAPPED_DATA_MAGIC_LENGTH (sizeof(WRAPPED_DATA_MAGIC))
+typedef struct {
char magic[WRAPPED_DATA_MAGIC_LENGTH];
size_t ad_size; /* Size of the additional data, which is this header. */
size_t payload_size; /* Size of the encrypted data. */
@@ -156,8 +155,7 @@
} wrapped_data_header_t;
/* The modes that this program can operate in (see usage). */
-enum program_mode
-{
+enum program_mode {
MODE_GENERATE,
MODE_SAVE,
MODE_UNWRAP,
@@ -166,28 +164,29 @@
/* Save a key to a file. In the real world, you may want to export a derived
* key sometimes, to share it with another party. */
-static psa_status_t save_key( psa_key_id_t key,
- const char *output_file_name )
+static psa_status_t save_key(psa_key_id_t key,
+ const char *output_file_name)
{
psa_status_t status = PSA_SUCCESS;
uint8_t key_data[KEY_SIZE_BYTES];
size_t key_size;
FILE *key_file = NULL;
- PSA_CHECK( psa_export_key( key,
- key_data, sizeof( key_data ),
- &key_size ) );
- SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
+ PSA_CHECK(psa_export_key(key,
+ key_data, sizeof(key_data),
+ &key_size));
+ SYS_CHECK((key_file = fopen(output_file_name, "wb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( key_file, NULL );
- SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
- SYS_CHECK( fclose( key_file ) == 0 );
+ mbedtls_setbuf(key_file, NULL);
+ SYS_CHECK(fwrite(key_data, 1, key_size, key_file) == key_size);
+ SYS_CHECK(fclose(key_file) == 0);
key_file = NULL;
exit:
- if( key_file != NULL)
- fclose( key_file );
- return( status );
+ if (key_file != NULL) {
+ fclose(key_file);
+ }
+ return status;
}
/* Generate a master key for use in this demo.
@@ -195,25 +194,25 @@
* Normally a master key would be non-exportable. For the purpose of this
* demo, we want to save it to a file, to avoid relying on the keystore
* capability of the PSA crypto library. */
-static psa_status_t generate( const char *key_file_name )
+static psa_status_t generate(const char *key_file_name)
{
psa_status_t status = PSA_SUCCESS;
psa_key_id_t key = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, KDF_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, KDF_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
- PSA_CHECK( psa_generate_key( &attributes, &key ) );
+ PSA_CHECK(psa_generate_key(&attributes, &key));
- PSA_CHECK( save_key( key, key_file_name ) );
+ PSA_CHECK(save_key(key, key_file_name));
exit:
- (void) psa_destroy_key( key );
- return( status );
+ (void) psa_destroy_key(key);
+ return status;
}
/* Load the master key from a file.
@@ -221,10 +220,10 @@
* In the real world, this master key would be stored in an internal memory
* and the storage would be managed by the keystore capability of the PSA
* crypto library. */
-static psa_status_t import_key_from_file( psa_key_usage_t usage,
- psa_algorithm_t alg,
- const char *key_file_name,
- psa_key_id_t *master_key )
+static psa_status_t import_key_from_file(psa_key_usage_t usage,
+ psa_algorithm_t alg,
+ const char *key_file_name,
+ psa_key_id_t *master_key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -233,38 +232,37 @@
FILE *key_file = NULL;
unsigned char extra_byte;
- SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
+ SYS_CHECK((key_file = fopen(key_file_name, "rb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( key_file, NULL );
- SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
- key_file ) ) != 0 );
- if( fread( &extra_byte, 1, 1, key_file ) != 0 )
- {
- printf( "Key file too large (max: %u).\n",
- (unsigned) sizeof( key_data ) );
+ mbedtls_setbuf(key_file, NULL);
+ SYS_CHECK((key_size = fread(key_data, 1, sizeof(key_data),
+ key_file)) != 0);
+ if (fread(&extra_byte, 1, 1, key_file) != 0) {
+ printf("Key file too large (max: %u).\n",
+ (unsigned) sizeof(key_data));
status = DEMO_ERROR;
goto exit;
}
- SYS_CHECK( fclose( key_file ) == 0 );
+ SYS_CHECK(fclose(key_file) == 0);
key_file = NULL;
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- PSA_CHECK( psa_import_key( &attributes, key_data, key_size, master_key ) );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_CHECK(psa_import_key(&attributes, key_data, key_size, master_key));
exit:
- if( key_file != NULL )
- fclose( key_file );
- mbedtls_platform_zeroize( key_data, sizeof( key_data ) );
- if( status != PSA_SUCCESS )
- {
+ if (key_file != NULL) {
+ fclose(key_file);
+ }
+ mbedtls_platform_zeroize(key_data, sizeof(key_data));
+ if (status != PSA_SUCCESS) {
/* If the key creation hasn't happened yet or has failed,
* *master_key is null. psa_destroy_key( 0 ) is
* guaranteed to do nothing and return PSA_SUCCESS. */
- (void) psa_destroy_key( *master_key );
+ (void) psa_destroy_key(*master_key);
*master_key = 0;
}
- return( status );
+ return status;
}
/* Derive the intermediate keys, using the list of labels provided on
@@ -272,60 +270,58 @@
* This function destroys the master key. On successful output, *key
* is the identifier of the final derived key.
*/
-static psa_status_t derive_key_ladder( const char *ladder[],
- size_t ladder_depth,
- psa_key_id_t *key )
+static psa_status_t derive_key_ladder(const char *ladder[],
+ size_t ladder_depth,
+ psa_key_id_t *key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
size_t i;
- psa_set_key_usage_flags( &attributes,
- PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT );
- psa_set_key_algorithm( &attributes, KDF_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_DERIVE );
- psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ) );
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, KDF_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
/* For each label in turn, ... */
- for( i = 0; i < ladder_depth; i++ )
- {
+ for (i = 0; i < ladder_depth; i++) {
/* Start deriving material from the master key (if i=0) or from
* the current intermediate key (if i>0). */
- PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SALT,
- DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH ) );
- PSA_CHECK( psa_key_derivation_input_key(
- &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
- *key ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- (uint8_t*) ladder[i], strlen( ladder[i] ) ) );
+ PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH));
+ PSA_CHECK(psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ *key));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ (uint8_t *) ladder[i], strlen(ladder[i])));
/* When the parent key is not the master key, destroy it,
* since it is no longer needed. */
- PSA_CHECK( psa_destroy_key( *key ) );
+ PSA_CHECK(psa_destroy_key(*key));
*key = 0;
/* Derive the next intermediate key from the parent key. */
- PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
- key ) );
- PSA_CHECK( psa_key_derivation_abort( &operation ) );
+ PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
+ key));
+ PSA_CHECK(psa_key_derivation_abort(&operation));
}
exit:
- psa_key_derivation_abort( &operation );
- if( status != PSA_SUCCESS )
- {
- psa_destroy_key( *key );
+ psa_key_derivation_abort(&operation);
+ if (status != PSA_SUCCESS) {
+ psa_destroy_key(*key);
*key = 0;
}
- return( status );
+ return status;
}
/* Derive a wrapping key from the last intermediate key. */
-static psa_status_t derive_wrapping_key( psa_key_usage_t usage,
- psa_key_id_t derived_key,
- psa_key_id_t *wrapping_key )
+static psa_status_t derive_wrapping_key(psa_key_usage_t usage,
+ psa_key_id_t derived_key,
+ psa_key_id_t *wrapping_key)
{
psa_status_t status = PSA_SUCCESS;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -335,33 +331,33 @@
/* Set up a key derivation operation from the key derived from
* the master key. */
- PSA_CHECK( psa_key_derivation_setup( &operation, KDF_ALG ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SALT,
- WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH ) );
- PSA_CHECK( psa_key_derivation_input_key(
- &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
- derived_key ) );
- PSA_CHECK( psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- NULL, 0 ) );
+ PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH));
+ PSA_CHECK(psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ derived_key));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0));
/* Create the wrapping key. */
- psa_set_key_usage_flags( &attributes, usage );
- psa_set_key_algorithm( &attributes, WRAPPING_ALG );
- psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
- psa_set_key_bits( &attributes, WRAPPING_KEY_BITS );
- PSA_CHECK( psa_key_derivation_output_key( &attributes, &operation,
- wrapping_key ) );
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, WRAPPING_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, WRAPPING_KEY_BITS);
+ PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
+ wrapping_key));
exit:
- psa_key_derivation_abort( &operation );
- return( status );
+ psa_key_derivation_abort(&operation);
+ return status;
}
-static psa_status_t wrap_data( const char *input_file_name,
- const char *output_file_name,
- psa_key_id_t wrapping_key )
+static psa_status_t wrap_data(const char *input_file_name,
+ const char *output_file_name,
+ psa_key_id_t wrapping_key)
{
psa_status_t status;
FILE *input_file = NULL;
@@ -376,78 +372,79 @@
wrapped_data_header_t header;
/* Find the size of the data to wrap. */
- SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
+ SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( input_file, NULL );
- SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
- SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
+ mbedtls_setbuf(input_file, NULL);
+ SYS_CHECK(fseek(input_file, 0, SEEK_END) == 0);
+ SYS_CHECK((input_position = ftell(input_file)) != -1);
#if LONG_MAX > SIZE_MAX
- if( input_position > SIZE_MAX )
- {
- printf( "Input file too large.\n" );
+ if (input_position > SIZE_MAX) {
+ printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
#endif
input_size = input_position;
- PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes ) );
- key_type = psa_get_key_type( &attributes );
+ PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
+ key_type = psa_get_key_type(&attributes);
buffer_size =
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, input_size );
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, input_size);
/* Check for integer overflow. */
- if( buffer_size < input_size )
- {
- printf( "Input file too large.\n" );
+ if (buffer_size < input_size) {
+ printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
/* Load the data to wrap. */
- SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
- SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL );
- SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
- SYS_CHECK( fclose( input_file ) == 0 );
+ SYS_CHECK(fseek(input_file, 0, SEEK_SET) == 0);
+ SYS_CHECK((buffer = calloc(1, buffer_size)) != NULL);
+ SYS_CHECK(fread(buffer, 1, input_size, input_file) == input_size);
+ SYS_CHECK(fclose(input_file) == 0);
input_file = NULL;
/* Construct a header. */
- memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH );
- header.ad_size = sizeof( header );
+ memcpy(&header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH);
+ header.ad_size = sizeof(header);
header.payload_size = input_size;
/* Wrap the data. */
- PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) );
- PSA_CHECK( psa_aead_encrypt( wrapping_key, WRAPPING_ALG,
- header.iv, WRAPPING_IV_SIZE,
- (uint8_t *) &header, sizeof( header ),
- buffer, input_size,
- buffer, buffer_size,
- &ciphertext_size ) );
+ PSA_CHECK(psa_generate_random(header.iv, WRAPPING_IV_SIZE));
+ PSA_CHECK(psa_aead_encrypt(wrapping_key, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof(header),
+ buffer, input_size,
+ buffer, buffer_size,
+ &ciphertext_size));
/* Write the output. */
- SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
+ SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( output_file, NULL );
- SYS_CHECK( fwrite( &header, 1, sizeof( header ),
- output_file ) == sizeof( header ) );
- SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
- output_file ) == ciphertext_size );
- SYS_CHECK( fclose( output_file ) == 0 );
+ mbedtls_setbuf(output_file, NULL);
+ SYS_CHECK(fwrite(&header, 1, sizeof(header),
+ output_file) == sizeof(header));
+ SYS_CHECK(fwrite(buffer, 1, ciphertext_size,
+ output_file) == ciphertext_size);
+ SYS_CHECK(fclose(output_file) == 0);
output_file = NULL;
exit:
- if( input_file != NULL )
- fclose( input_file );
- if( output_file != NULL )
- fclose( output_file );
- if( buffer != NULL )
- mbedtls_platform_zeroize( buffer, buffer_size );
- free( buffer );
- return( status );
+ if (input_file != NULL) {
+ fclose(input_file);
+ }
+ if (output_file != NULL) {
+ fclose(output_file);
+ }
+ if (buffer != NULL) {
+ mbedtls_platform_zeroize(buffer, buffer_size);
+ }
+ free(buffer);
+ return status;
}
-static psa_status_t unwrap_data( const char *input_file_name,
- const char *output_file_name,
- psa_key_id_t wrapping_key )
+static psa_status_t unwrap_data(const char *input_file_name,
+ const char *output_file_name,
+ psa_key_id_t wrapping_key)
{
psa_status_t status;
FILE *input_file = NULL;
@@ -461,128 +458,126 @@
unsigned char extra_byte;
/* Load and validate the header. */
- SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
+ SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( input_file, NULL );
- SYS_CHECK( fread( &header, 1, sizeof( header ),
- input_file ) == sizeof( header ) );
- if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
- WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
- {
- printf( "The input does not start with a valid magic header.\n" );
+ mbedtls_setbuf(input_file, NULL);
+ SYS_CHECK(fread(&header, 1, sizeof(header),
+ input_file) == sizeof(header));
+ if (memcmp(&header.magic, WRAPPED_DATA_MAGIC,
+ WRAPPED_DATA_MAGIC_LENGTH) != 0) {
+ printf("The input does not start with a valid magic header.\n");
status = DEMO_ERROR;
goto exit;
}
- if( header.ad_size != sizeof( header ) )
- {
- printf( "The header size is not correct.\n" );
+ if (header.ad_size != sizeof(header)) {
+ printf("The header size is not correct.\n");
status = DEMO_ERROR;
goto exit;
}
- PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes) );
- key_type = psa_get_key_type( &attributes);
+ PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
+ key_type = psa_get_key_type(&attributes);
ciphertext_size =
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, header.payload_size );
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, header.payload_size);
/* Check for integer overflow. */
- if( ciphertext_size < header.payload_size )
- {
- printf( "Input file too large.\n" );
+ if (ciphertext_size < header.payload_size) {
+ printf("Input file too large.\n");
status = DEMO_ERROR;
goto exit;
}
/* Load the payload data. */
- SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL );
- SYS_CHECK( fread( buffer, 1, ciphertext_size,
- input_file ) == ciphertext_size );
- if( fread( &extra_byte, 1, 1, input_file ) != 0 )
- {
- printf( "Extra garbage after ciphertext\n" );
+ SYS_CHECK((buffer = calloc(1, ciphertext_size)) != NULL);
+ SYS_CHECK(fread(buffer, 1, ciphertext_size,
+ input_file) == ciphertext_size);
+ if (fread(&extra_byte, 1, 1, input_file) != 0) {
+ printf("Extra garbage after ciphertext\n");
status = DEMO_ERROR;
goto exit;
}
- SYS_CHECK( fclose( input_file ) == 0 );
+ SYS_CHECK(fclose(input_file) == 0);
input_file = NULL;
/* Unwrap the data. */
- PSA_CHECK( psa_aead_decrypt( wrapping_key, WRAPPING_ALG,
- header.iv, WRAPPING_IV_SIZE,
- (uint8_t *) &header, sizeof( header ),
- buffer, ciphertext_size,
- buffer, ciphertext_size,
- &plaintext_size ) );
- if( plaintext_size != header.payload_size )
- {
- printf( "Incorrect payload size in the header.\n" );
+ PSA_CHECK(psa_aead_decrypt(wrapping_key, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof(header),
+ buffer, ciphertext_size,
+ buffer, ciphertext_size,
+ &plaintext_size));
+ if (plaintext_size != header.payload_size) {
+ printf("Incorrect payload size in the header.\n");
status = DEMO_ERROR;
goto exit;
}
/* Write the output. */
- SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
+ SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
/* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
- mbedtls_setbuf( output_file, NULL );
- SYS_CHECK( fwrite( buffer, 1, plaintext_size,
- output_file ) == plaintext_size );
- SYS_CHECK( fclose( output_file ) == 0 );
+ mbedtls_setbuf(output_file, NULL);
+ SYS_CHECK(fwrite(buffer, 1, plaintext_size,
+ output_file) == plaintext_size);
+ SYS_CHECK(fclose(output_file) == 0);
output_file = NULL;
exit:
- if( input_file != NULL )
- fclose( input_file );
- if( output_file != NULL )
- fclose( output_file );
- if( buffer != NULL )
- mbedtls_platform_zeroize( buffer, ciphertext_size );
- free( buffer );
- return( status );
+ if (input_file != NULL) {
+ fclose(input_file);
+ }
+ if (output_file != NULL) {
+ fclose(output_file);
+ }
+ if (buffer != NULL) {
+ mbedtls_platform_zeroize(buffer, ciphertext_size);
+ }
+ free(buffer);
+ return status;
}
-static psa_status_t run( enum program_mode mode,
- const char *key_file_name,
- const char *ladder[], size_t ladder_depth,
- const char *input_file_name,
- const char *output_file_name )
+static psa_status_t run(enum program_mode mode,
+ const char *key_file_name,
+ const char *ladder[], size_t ladder_depth,
+ const char *input_file_name,
+ const char *output_file_name)
{
psa_status_t status = PSA_SUCCESS;
psa_key_id_t derivation_key = 0;
psa_key_id_t wrapping_key = 0;
/* Initialize the PSA crypto library. */
- PSA_CHECK( psa_crypto_init( ) );
+ PSA_CHECK(psa_crypto_init());
/* Generate mode is unlike the others. Generate the master key and exit. */
- if( mode == MODE_GENERATE )
- return( generate( key_file_name ) );
+ if (mode == MODE_GENERATE) {
+ return generate(key_file_name);
+ }
/* Read the master key. */
- PSA_CHECK( import_key_from_file( PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
- KDF_ALG,
- key_file_name,
- &derivation_key ) );
+ PSA_CHECK(import_key_from_file(PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
+ KDF_ALG,
+ key_file_name,
+ &derivation_key));
/* Calculate the derived key for this session. */
- PSA_CHECK( derive_key_ladder( ladder, ladder_depth,
- &derivation_key ) );
+ PSA_CHECK(derive_key_ladder(ladder, ladder_depth,
+ &derivation_key));
- switch( mode )
- {
+ switch (mode) {
case MODE_SAVE:
- PSA_CHECK( save_key( derivation_key, output_file_name ) );
+ PSA_CHECK(save_key(derivation_key, output_file_name));
break;
case MODE_UNWRAP:
- PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT,
- derivation_key,
- &wrapping_key ) );
- PSA_CHECK( unwrap_data( input_file_name, output_file_name,
- wrapping_key ) );
+ PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_DECRYPT,
+ derivation_key,
+ &wrapping_key));
+ PSA_CHECK(unwrap_data(input_file_name, output_file_name,
+ wrapping_key));
break;
case MODE_WRAP:
- PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT,
- derivation_key,
- &wrapping_key ) );
- PSA_CHECK( wrap_data( input_file_name, output_file_name,
- wrapping_key ) );
+ PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_ENCRYPT,
+ derivation_key,
+ &wrapping_key));
+ PSA_CHECK(wrap_data(input_file_name, output_file_name,
+ wrapping_key));
break;
default:
/* Unreachable but some compilers don't realize it. */
@@ -593,35 +588,35 @@
/* Destroy any remaining key. Deinitializing the crypto library would do
* this anyway since they are volatile keys, but explicitly destroying
* keys makes the code easier to reuse. */
- (void) psa_destroy_key( derivation_key );
- (void) psa_destroy_key( wrapping_key );
+ (void) psa_destroy_key(derivation_key);
+ (void) psa_destroy_key(wrapping_key);
/* Deinitialize the PSA crypto library. */
- mbedtls_psa_crypto_free( );
- return( status );
+ mbedtls_psa_crypto_free();
+ return status;
}
-static void usage( void )
+static void usage(void)
{
- printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
- printf( "Demonstrate the usage of a key derivation ladder.\n" );
- printf( "\n" );
- printf( "Modes:\n" );
- printf( " generate Generate the master key\n" );
- printf( " save Save the derived key\n" );
- printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
- printf( " wrap Wrap (encrypt) input with the derived key\n" );
- printf( "\n" );
- printf( "Options:\n" );
- printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
- printf( " master=FILENAME File containing the master key (default: master.key)\n" );
- printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
- printf( " label=TEXT Label for the key derivation.\n" );
- printf( " This may be repeated multiple times.\n" );
- printf( " To get the same key, you must use the same master key\n" );
- printf( " and the same sequence of labels.\n" );
+ printf("Usage: key_ladder_demo MODE [OPTION=VALUE]...\n");
+ printf("Demonstrate the usage of a key derivation ladder.\n");
+ printf("\n");
+ printf("Modes:\n");
+ printf(" generate Generate the master key\n");
+ printf(" save Save the derived key\n");
+ printf(" unwrap Unwrap (decrypt) input with the derived key\n");
+ printf(" wrap Wrap (encrypt) input with the derived key\n");
+ printf("\n");
+ printf("Options:\n");
+ printf(" input=FILENAME Input file (required for wrap/unwrap)\n");
+ printf(" master=FILENAME File containing the master key (default: master.key)\n");
+ printf(" output=FILENAME Output file (required for save/wrap/unwrap)\n");
+ printf(" label=TEXT Label for the key derivation.\n");
+ printf(" This may be repeated multiple times.\n");
+ printf(" To get the same key, you must use the same master key\n");
+ printf(" and the same sequence of labels.\n");
}
-int main( int argc, char *argv[] )
+int main(int argc, char *argv[])
{
const char *key_file_name = "master.key";
const char *input_file_name = NULL;
@@ -632,86 +627,76 @@
enum program_mode mode;
psa_status_t status;
- if( argc <= 1 ||
- strcmp( argv[1], "help" ) == 0 ||
- strcmp( argv[1], "-help" ) == 0 ||
- strcmp( argv[1], "--help" ) == 0 )
- {
- usage( );
- return( EXIT_SUCCESS );
+ if (argc <= 1 ||
+ strcmp(argv[1], "help") == 0 ||
+ strcmp(argv[1], "-help") == 0 ||
+ strcmp(argv[1], "--help") == 0) {
+ usage();
+ return EXIT_SUCCESS;
}
- for( i = 2; i < argc; i++ )
- {
- char *q = strchr( argv[i], '=' );
- if( q == NULL )
- {
- printf( "Missing argument to option %s\n", argv[i] );
+ for (i = 2; i < argc; i++) {
+ char *q = strchr(argv[i], '=');
+ if (q == NULL) {
+ printf("Missing argument to option %s\n", argv[i]);
goto usage_failure;
}
*q = 0;
++q;
- if( strcmp( argv[i], "input" ) == 0 )
+ if (strcmp(argv[i], "input") == 0) {
input_file_name = q;
- else if( strcmp( argv[i], "label" ) == 0 )
- {
- if( ladder_depth == MAX_LADDER_DEPTH )
- {
- printf( "Maximum ladder depth %u exceeded.\n",
- (unsigned) MAX_LADDER_DEPTH );
- return( EXIT_FAILURE );
+ } else if (strcmp(argv[i], "label") == 0) {
+ if (ladder_depth == MAX_LADDER_DEPTH) {
+ printf("Maximum ladder depth %u exceeded.\n",
+ (unsigned) MAX_LADDER_DEPTH);
+ return EXIT_FAILURE;
}
ladder[ladder_depth] = q;
++ladder_depth;
- }
- else if( strcmp( argv[i], "master" ) == 0 )
+ } else if (strcmp(argv[i], "master") == 0) {
key_file_name = q;
- else if( strcmp( argv[i], "output" ) == 0 )
+ } else if (strcmp(argv[i], "output") == 0) {
output_file_name = q;
- else
- {
- printf( "Unknown option: %s\n", argv[i] );
+ } else {
+ printf("Unknown option: %s\n", argv[i]);
goto usage_failure;
}
}
- if( strcmp( argv[1], "generate" ) == 0 )
+ if (strcmp(argv[1], "generate") == 0) {
mode = MODE_GENERATE;
- else if( strcmp( argv[1], "save" ) == 0 )
+ } else if (strcmp(argv[1], "save") == 0) {
mode = MODE_SAVE;
- else if( strcmp( argv[1], "unwrap" ) == 0 )
+ } else if (strcmp(argv[1], "unwrap") == 0) {
mode = MODE_UNWRAP;
- else if( strcmp( argv[1], "wrap" ) == 0 )
+ } else if (strcmp(argv[1], "wrap") == 0) {
mode = MODE_WRAP;
- else
- {
- printf( "Unknown action: %s\n", argv[1] );
+ } else {
+ printf("Unknown action: %s\n", argv[1]);
goto usage_failure;
}
- if( input_file_name == NULL &&
- ( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
- {
- printf( "Required argument missing: input\n" );
- return( DEMO_ERROR );
+ if (input_file_name == NULL &&
+ (mode == MODE_WRAP || mode == MODE_UNWRAP)) {
+ printf("Required argument missing: input\n");
+ return DEMO_ERROR;
}
- if( output_file_name == NULL &&
- ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
- {
- printf( "Required argument missing: output\n" );
- return( DEMO_ERROR );
+ if (output_file_name == NULL &&
+ (mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP)) {
+ printf("Required argument missing: output\n");
+ return DEMO_ERROR;
}
- status = run( mode, key_file_name,
- ladder, ladder_depth,
- input_file_name, output_file_name );
- return( status == PSA_SUCCESS ?
- EXIT_SUCCESS :
- EXIT_FAILURE );
+ status = run(mode, key_file_name,
+ ladder, ladder_depth,
+ input_file_name, output_file_name);
+ return status == PSA_SUCCESS ?
+ EXIT_SUCCESS :
+ EXIT_FAILURE;
usage_failure:
- usage( );
- return( EXIT_FAILURE );
+ usage();
+ return EXIT_FAILURE;
}
#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C &&
MBEDTLS_AES_C && MBEDTLS_CCM_C &&
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
index b5fea04..8842685 100644
--- a/programs/psa/psa_constant_names.c
+++ b/programs/psa/psa_constant_names.c
@@ -26,29 +26,29 @@
/* This block is present to support Visual Studio builds prior to 2015 */
#if defined(_MSC_VER) && _MSC_VER < 1900
#include <stdarg.h>
-int snprintf( char *s, size_t n, const char *fmt, ... )
+int snprintf(char *s, size_t n, const char *fmt, ...)
{
int ret;
va_list argp;
/* Avoid calling the invalid parameter handler by checking ourselves */
- if( s == NULL || n == 0 || fmt == NULL )
- return( -1 );
+ if (s == NULL || n == 0 || fmt == NULL) {
+ return -1;
+ }
- va_start( argp, fmt );
+ va_start(argp, fmt);
#if defined(_TRUNCATE) && !defined(__MINGW32__)
- ret = _vsnprintf_s( s, n, _TRUNCATE, fmt, argp );
+ ret = _vsnprintf_s(s, n, _TRUNCATE, fmt, argp);
#else
- ret = _vsnprintf( s, n, fmt, argp );
- if( ret < 0 || (size_t) ret == n )
- {
+ ret = _vsnprintf(s, n, fmt, argp);
+ if (ret < 0 || (size_t) ret == n) {
s[n-1] = '\0';
ret = -1;
}
#endif
- va_end( argp );
+ va_end(argp);
- return( ret );
+ return ret;
}
#endif
@@ -69,7 +69,9 @@
unsigned long value)
{
size_t n = snprintf(*buffer, buffer_size - *required_size, format, value);
- if (n < buffer_size - *required_size) *buffer += n;
+ if (n < buffer_size - *required_size) {
+ *buffer += n;
+ }
*required_size += n;
}
@@ -288,8 +290,7 @@
{
if (argc <= 1 ||
!strcmp(argv[1], "help") ||
- !strcmp(argv[1], "--help"))
- {
+ !strcmp(argv[1], "--help")) {
usage(argv[0]);
return EXIT_FAILURE;
}