TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / bdf309ccdb51255a39abd1d29bbf19539263813b / . / programs / psa / key_ladder_demo.c
blob: 2c75ca4626564a064262b46b2111b5f211c94107 [file] [log] [blame]
Gilles Peskinef0fa4362018-07-16 17:08:43 +0200[diff] [blame]1/**
2 * PSA API key derivation demonstration
3 *
4 * This program calculates a key ladder: a chain of secret material, each
5 * derived from the previous one in a deterministic way based on a label.
6 * Two keys are identical if and only if they are derived from the same key
7 * using the same label.
8 *
9 * The initial key is called the master key. The master key is normally
10 * randomly generated, but it could itself be derived from another key.
11 *
12 * This program derives a series of keys called intermediate keys.
13 * The first intermediate key is derived from the master key using the
14 * first label passed on the command line. Each subsequent intermediate
15 * key is derived from the previous one using the next label passed
16 * on the command line.
17 *
18 * This program has four modes of operation:
19 *
20 * - "generate": generate a random master key.
21 * - "wrap": derive a wrapping key from the last intermediate key,
22 * and use that key to encrypt-and-authenticate some data.
23 * - "unwrap": derive a wrapping key from the last intermediate key,
24 * and use that key to decrypt-and-authenticate some
25 * ciphertext created by wrap mode.
26 * - "save": save the last intermediate key so that it can be reused as
27 * the master key in another run of the program.
28 *
29 * See the usage() output for the command line usage. See the file
30 * `key_ladder_demo.sh` for an example run.
31 */
32
33/* Copyright (C) 2018, ARM Limited, All Rights Reserved
34 * SPDX-License-Identifier: Apache-2.0
35 *
36 * Licensed under the Apache License, Version 2.0 (the "License"); you may
37 * not use this file except in compliance with the License.
38 * You may obtain a copy of the License at
39 *
40 * http://www.apache.org/licenses/LICENSE-2.0
41 *
42 * Unless required by applicable law or agreed to in writing, software
43 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
44 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45 * See the License for the specific language governing permissions and
46 * limitations under the License.
47 *
48 * This file is part of mbed TLS (https://tls.mbed.org)
49 */
50
51/* First include Mbed TLS headers to get the Mbed TLS configuration and
52 * platform definitions that we'll use in this program. Also include
53 * standard C headers for functions we'll use here. */
54#if !defined(MBEDTLS_CONFIG_FILE)
55#include "mbedtls/config.h"
56#else
57#include MBEDTLS_CONFIG_FILE
58#endif
59
60#if defined(MBEDTLS_PLATFORM_C)
61#include "mbedtls/platform.h"
62#else
63#include <stdlib.h>
64#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
65#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
66#define mbedtls_calloc calloc
67#define mbedtls_free free
68#define mbedtls_printf printf
69#endif
70#include <stdio.h>
71#include <string.h>
72
73#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
74
75/* If the build options we need are not enabled, compile a placeholder. */
76#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
77 !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
78 !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
79int main( void )
80{
81 mbedtls_printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
82 "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
83 "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
84 return( 0 );
85}
86#else
87
88/* The real program starts here. */
89
90
91
92#include <psa/crypto.h>
93
94/* Run a system function and bail out if it fails. */
95#define SYS_CHECK( expr ) \
96 do \
97 { \
98 if( ! ( expr ) ) \
99 { \
100 perror( #expr ); \
101 status = DEMO_ERROR; \
102 goto exit; \
103 } \
104 } \
105 while( 0 )
106
107/* Run a PSA function and bail out if it fails. */
108#define PSA_CHECK( expr ) \
109 do \
110 { \
111 status = ( expr ); \
112 if( status != PSA_SUCCESS ) \
113 { \
114 mbedtls_printf( "Error %d at line %u: %s\n", \
115 (int) status, \
116 __LINE__, \
117 #expr ); \
118 goto exit; \
119 } \
120 } \
121 while( 0 )
122
123/* To report operational errors in this program, use an error code that is
124 * different from every PSA error code. */
125#define DEMO_ERROR 120
126
127/* The maximum supported key ladder depth. */
128#define MAX_LADDER_DEPTH 10
129
130/* Salt to use when deriving an intermediate key. */
131#define DERIVE_KEY_SALT ( (uint8_t *) "key_ladder_demo.derive" )
132#define DERIVE_KEY_SALT_LENGTH ( strlen( (const char*) DERIVE_KEY_SALT ) )
133
134/* Salt to use when deriving a wrapping key. */
135#define WRAPPING_KEY_SALT ( (uint8_t *) "key_ladder_demo.wrap" )
136#define WRAPPING_KEY_SALT_LENGTH ( strlen( (const char*) WRAPPING_KEY_SALT ) )
137
138/* Size of the key derivation keys (applies both to the master key and
139 * to intermediate keys). */
140#define KEY_SIZE_BYTES 40
141
142/* Algorithm for key derivation. */
143#define KDF_ALG PSA_ALG_HKDF( PSA_ALG_SHA_256 )
144
145/* Type and size of the key used to wrap data. */
146#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES
147#define WRAPPING_KEY_BITS 128
148
149/* Cipher mode used to wrap data. */
150#define WRAPPING_ALG PSA_ALG_CCM
151
152/* Nonce size used to wrap data. */
153#define WRAPPING_IV_SIZE 13
154
155/* Header used in files containing wrapped data. We'll save this header
156 * directly without worrying about data representation issues such as
157 * integer sizes and endianness, because the data is meant to be read
158 * back by the same program on the same machine. */
159#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte
160#define WRAPPED_DATA_MAGIC_LENGTH ( sizeof( WRAPPED_DATA_MAGIC ) )
161typedef struct
162{
163 char magic[WRAPPED_DATA_MAGIC_LENGTH];
164 size_t ad_size; /* Size of the additional data, which is this header. */
165 size_t payload_size; /* Size of the encrypted data. */
166 /* Store the IV inside the additional data. It's convenient. */
167 uint8_t iv[WRAPPING_IV_SIZE];
168} wrapped_data_header_t;
169
170/* This program uses three key slots: one for the master key, one to
171 * derive intermediate keys, and one for the wrapping key. We use a
172 * single slot for all the intermediate keys because they are only
173 * needed successively, so each time we derive an intermediate key,
174 * we destroy the previous one. */
175static const psa_key_slot_t master_key_slot = 1;
176static const psa_key_slot_t derived_key_slot = 2;
177static const psa_key_slot_t wrapping_key_slot = 3;
178
179/* The modes that this program can operate in (see usage). */
180enum program_mode
181{
182 MODE_GENERATE,
183 MODE_SAVE,
184 MODE_UNWRAP,
185 MODE_WRAP
186};
187
188/* Save a key to a file. In the real world, you may want to export a derived
189 * key sometimes, to share it with another party. */
190static psa_status_t save_key( psa_key_slot_t key_slot,
191 const char *output_file_name )
192{
193 psa_status_t status = PSA_SUCCESS;
194 uint8_t key_data[KEY_SIZE_BYTES];
195 size_t key_size;
196 FILE *key_file = NULL;
197
198 PSA_CHECK( psa_export_key( key_slot,
199 key_data, sizeof( key_data ),
200 &key_size ) );
201 SYS_CHECK( ( key_file = fopen( output_file_name, "wb" ) ) != NULL );
202 SYS_CHECK( fwrite( key_data, 1, key_size, key_file ) == key_size );
203 SYS_CHECK( fclose( key_file ) == 0 );
204 key_file = NULL;
205
206exit:
207 if( key_file != NULL)
208 fclose( key_file );
209 return( status );
210}
211
212/* Generate a master key for use in this demo.
213 *
214 * Normally a master key would be non-exportable. For the purpose of this
215 * demo, we want to save it to a file, to avoid relying on the keystore
216 * capability of the PSA crypto library. */
217static psa_status_t generate( const char *key_file_name )
218{
219 psa_status_t status = PSA_SUCCESS;
220 psa_key_policy_t policy;
221
222 psa_key_policy_init( &policy );
223 psa_key_policy_set_usage( &policy,
224 PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
225 KDF_ALG );
226 PSA_CHECK( psa_set_key_policy( master_key_slot, &policy ) );
227
228 PSA_CHECK( psa_generate_key( master_key_slot,
229 PSA_KEY_TYPE_DERIVE,
230 PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
231 NULL, 0 ) );
232
233 PSA_CHECK( save_key( master_key_slot, key_file_name ) );
234
235exit:
236 return( status );
237}
238
239/* Load the master key from a file.
240 *
241 * In the real world, this master key would be stored in an internal memory
242 * and the storage would be managed by the keystore capability of the PSA
243 * crypto library. */
244static psa_status_t import_key_from_file( psa_key_slot_t key_slot,
245 psa_key_usage_t usage,
246 psa_algorithm_t alg,
247 const char *key_file_name )
248{
249 psa_status_t status = PSA_SUCCESS;
250 psa_key_policy_t policy;
251 uint8_t key_data[KEY_SIZE_BYTES];
252 size_t key_size;
253 FILE *key_file = NULL;
254 unsigned char extra_byte;
255
256 SYS_CHECK( ( key_file = fopen( key_file_name, "rb" ) ) != NULL );
257 SYS_CHECK( ( key_size = fread( key_data, 1, sizeof( key_data ),
258 key_file ) ) != 0 );
259 if( fread( &extra_byte, 1, 1, key_file ) != 0 )
260 {
261 mbedtls_printf( "Key file too large (max: %u).\n",
262 (unsigned) sizeof( key_data ) );
263 status = DEMO_ERROR;
264 goto exit;
265 }
266 SYS_CHECK( fclose( key_file ) == 0 );
267 key_file = NULL;
268
269 psa_key_policy_init( &policy );
270 psa_key_policy_set_usage( &policy, usage, alg );
271 PSA_CHECK( psa_set_key_policy( key_slot, &policy ) );
272 PSA_CHECK( psa_import_key( key_slot,
273 PSA_KEY_TYPE_DERIVE,
274 key_data, key_size ) );
275exit:
276 if( key_file != NULL )
277 fclose( key_file );
278 mbedtls_platform_zeroize( key_data, sizeof( key_data ) );
279 return( status );
280}
281
282/* Derive the intermediate keys, using the list of labels provided on
283 * the command line. */
284static psa_status_t derive_key_ladder( const char *ladder[],
285 size_t ladder_depth )
286{
287 psa_status_t status = PSA_SUCCESS;
288 psa_key_policy_t policy;
289 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
290 /* We'll derive the first intermediate key from the master key, then
291 * each subsequent intemediate key from the previous intemediate key. */
292 psa_key_slot_t parent_key_slot = master_key_slot;
293 size_t i;
294 psa_key_policy_init( &policy );
295 psa_key_policy_set_usage( &policy,
296 PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
297 KDF_ALG );
298
299 /* For each label in turn, ... */
300 for( i = 0; i < ladder_depth; i++ )
301 {
302 /* Start deriving material from the master key (if i=0) or from
303 * the current intermediate key (if i>0). */
304 PSA_CHECK( psa_key_derivation(
305 &generator,
306 parent_key_slot,
307 KDF_ALG,
308 DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH,
309 (uint8_t*) ladder[i], strlen( ladder[i] ),
310 KEY_SIZE_BYTES ) );
311 /* When the parent key is not the master key, destroy it,
312 * since it is no longer needed. */
313 if( i != 0 )
314 PSA_CHECK( psa_destroy_key( derived_key_slot ) );
315 PSA_CHECK( psa_set_key_policy( derived_key_slot, &policy ) );
316 /* Use the generator obtained from the parent key to create
317 * the next intermediate key. */
318 PSA_CHECK( psa_generator_import_key(
319 derived_key_slot,
320 PSA_KEY_TYPE_DERIVE,
321 PSA_BYTES_TO_BITS( KEY_SIZE_BYTES ),
322 &generator ) );
323 PSA_CHECK( psa_generator_abort( &generator ) );
324 parent_key_slot = derived_key_slot;
325 }
326
327exit:
328 psa_generator_abort( &generator );
329 return( status );
330}
331
332/* Derive a wrapping key from the last intermediate key. */
333static psa_status_t derive_wrapping_key( psa_key_usage_t usage )
334{
335 psa_status_t status = PSA_SUCCESS;
336 psa_key_policy_t policy;
337 psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
338
339 psa_key_policy_init( &policy );
340 psa_key_policy_set_usage( &policy, usage, WRAPPING_ALG );
341 PSA_CHECK( psa_set_key_policy( wrapping_key_slot, &policy ) );
342
343 PSA_CHECK( psa_key_derivation(
344 &generator,
345 derived_key_slot,
346 KDF_ALG,
347 WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH,
348 NULL, 0,
349 PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) );
350 PSA_CHECK( psa_generator_import_key(
351 wrapping_key_slot,
352 PSA_KEY_TYPE_AES,
353 WRAPPING_KEY_BITS,
354 &generator ) );
355
356exit:
357 psa_generator_abort( &generator );
358 return( status );
359}
360
361static psa_status_t wrap_data( const char *input_file_name,
362 const char *output_file_name )
363{
364 psa_status_t status;
365 FILE *input_file = NULL;
366 FILE *output_file = NULL;
367 long input_position;
368 size_t input_size;
369 size_t buffer_size;
370 unsigned char *buffer = NULL;
371 size_t ciphertext_size;
372 wrapped_data_header_t header;
373
374 /* Find the size of the data to wrap. */
375 SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
376 SYS_CHECK( fseek( input_file, 0, SEEK_END ) == 0 );
377 SYS_CHECK( ( input_position = ftell( input_file ) ) != -1 );
378#if LONG_MAX > SIZE_MAX
379 if( input_position > SIZE_MAX )
380 {
381 mbedtls_printf( "Input file too large.\n" );
382 status = DEMO_ERROR;
383 goto exit;
384 }
385#endif
386 input_size = input_position;
387 buffer_size = PSA_AEAD_ENCRYPT_OUTPUT_SIZE( WRAPPING_ALG, input_size );
388 /* Check for integer overflow. */
389 if( buffer_size < input_size )
390 {
391 mbedtls_printf( "Input file too large.\n" );
392 status = DEMO_ERROR;
393 goto exit;
394 }
395
396 /* Load the data to wrap. */
397 SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
398 SYS_CHECK( ( buffer = mbedtls_calloc( 1, buffer_size ) ) != NULL );
399 SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
400 SYS_CHECK( fclose( input_file ) == 0 );
401 input_file = NULL;
402
403 /* Construct a header. */
404 memcpy( &header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH );
405 header.ad_size = sizeof( header );
406 header.payload_size = input_size;
407
408 /* Wrap the data. */
409 PSA_CHECK( psa_generate_random( header.iv, WRAPPING_IV_SIZE ) );
410 PSA_CHECK( psa_aead_encrypt( wrapping_key_slot, WRAPPING_ALG,
411 header.iv, WRAPPING_IV_SIZE,
412 (uint8_t *) &header, sizeof( header ),
413 buffer, input_size,
414 buffer, buffer_size,
415 &ciphertext_size ) );
416
417 /* Write the output. */
418 SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
419 SYS_CHECK( fwrite( &header, 1, sizeof( header ),
420 output_file ) == sizeof( header ) );
421 SYS_CHECK( fwrite( buffer, 1, ciphertext_size,
422 output_file ) == ciphertext_size );
423 SYS_CHECK( fclose( output_file ) == 0 );
424 output_file = NULL;
425
426exit:
427 if( input_file != NULL )
428 fclose( input_file );
429 if( output_file != NULL )
430 fclose( output_file );
431 if( buffer != NULL )
432 mbedtls_platform_zeroize( buffer, buffer_size );
433 mbedtls_free( buffer );
434 return( status );
435}
436
437static psa_status_t unwrap_data( const char *input_file_name,
438 const char *output_file_name )
439{
440 psa_status_t status;
441 FILE *input_file = NULL;
442 FILE *output_file = NULL;
443 unsigned char *buffer = NULL;
444 size_t ciphertext_size;
445 size_t plaintext_size;
446 wrapped_data_header_t header;
447 unsigned char extra_byte;
448
449 /* Load and validate the header. */
450 SYS_CHECK( ( input_file = fopen( input_file_name, "rb" ) ) != NULL );
451 SYS_CHECK( fread( &header, 1, sizeof( header ),
452 input_file ) == sizeof( header ) );
453 if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
454 WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
455 {
456 mbedtls_printf( "The input does not start with a valid magic header.\n" );
457 status = DEMO_ERROR;
458 goto exit;
459 }
460 if( header.ad_size != sizeof( header ) )
461 {
462 mbedtls_printf( "The header size is not correct.\n" );
463 status = DEMO_ERROR;
464 goto exit;
465 }
466 ciphertext_size =
467 PSA_AEAD_ENCRYPT_OUTPUT_SIZE( WRAPPING_ALG, header.payload_size );
468 /* Check for integer overflow. */
469 if( ciphertext_size < header.payload_size )
470 {
471 mbedtls_printf( "Input file too large.\n" );
472 status = DEMO_ERROR;
473 goto exit;
474 }
475
476 /* Load the payload data. */
477 SYS_CHECK( ( buffer = mbedtls_calloc( 1, ciphertext_size ) ) != NULL );
478 SYS_CHECK( fread( buffer, 1, ciphertext_size,
479 input_file ) == ciphertext_size );
480 if( fread( &extra_byte, 1, 1, input_file ) != 0 )
481 {
482 mbedtls_printf( "Extra garbage after ciphertext\n" );
483 status = DEMO_ERROR;
484 goto exit;
485 }
486 SYS_CHECK( fclose( input_file ) == 0 );
487 input_file = NULL;
488
489 /* Unwrap the data. */
490 PSA_CHECK( psa_aead_decrypt( wrapping_key_slot, WRAPPING_ALG,
491 header.iv, WRAPPING_IV_SIZE,
492 (uint8_t *) &header, sizeof( header ),
493 buffer, ciphertext_size,
494 buffer, ciphertext_size,
495 &plaintext_size ) );
496 if( plaintext_size != header.payload_size )
497 {
498 mbedtls_printf( "Incorrect payload size in the header.\n" );
499 status = DEMO_ERROR;
500 goto exit;
501 }
502
503 /* Write the output. */
504 SYS_CHECK( ( output_file = fopen( output_file_name, "wb" ) ) != NULL );
505 SYS_CHECK( fwrite( buffer, 1, plaintext_size,
506 output_file ) == plaintext_size );
507 SYS_CHECK( fclose( output_file ) == 0 );
508 output_file = NULL;
509
510exit:
511 if( input_file != NULL )
512 fclose( input_file );
513 if( output_file != NULL )
514 fclose( output_file );
515 if( buffer != NULL )
516 mbedtls_platform_zeroize( buffer, ciphertext_size );
517 mbedtls_free( buffer );
518 return( status );
519}
520
521static psa_status_t run( enum program_mode mode,
522 const char *key_file_name,
523 const char *ladder[], size_t ladder_depth,
524 const char *input_file_name,
525 const char *output_file_name )
526{
527 psa_status_t status = PSA_SUCCESS;
528
529 /* Initialize the PSA crypto library. */
530 PSA_CHECK( psa_crypto_init( ) );
531
532 /* Generate mode is unlike the others. Generate the master key and exit. */
533 if( mode == MODE_GENERATE )
534 return( generate( key_file_name ) );
535
536 /* Read the master key. */
537 PSA_CHECK( import_key_from_file( master_key_slot,
538 PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
539 KDF_ALG,
540 key_file_name ) );
541
542 /* Calculate the derived key for this session. */
543 PSA_CHECK( derive_key_ladder( ladder, ladder_depth ) );
544
545 switch( mode )
546 {
547 case MODE_SAVE:
548 PSA_CHECK( save_key( derived_key_slot, output_file_name ) );
549 break;
550 case MODE_UNWRAP:
551 PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_DECRYPT ) );
552 PSA_CHECK( unwrap_data( input_file_name, output_file_name ) );
553 break;
554 case MODE_WRAP:
555 PSA_CHECK( derive_wrapping_key( PSA_KEY_USAGE_ENCRYPT ) );
556 PSA_CHECK( wrap_data( input_file_name, output_file_name ) );
557 break;
558 default:
559 /* Unreachable but some compilers don't realize it. */
560 break;
561 }
562
563exit:
564 /* Deinitialize the PSA crypto library. */
565 mbedtls_psa_crypto_free( );
566 return( status );
567}
568
569static void usage( void )
570{
571 mbedtls_printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
572 mbedtls_printf( "Demonstrate the usage of a key derivation ladder.\n" );
573 mbedtls_printf( "\n" );
574 mbedtls_printf( "Modes:\n" );
575 mbedtls_printf( " generate Generate the master key\n" );
576 mbedtls_printf( " save Save the derived key\n" );
577 mbedtls_printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
578 mbedtls_printf( " wrap Wrap (encrypt) input with the derived key\n" );
579 mbedtls_printf( "\n" );
580 mbedtls_printf( "Options:\n" );
581 mbedtls_printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
582 mbedtls_printf( " master=FILENAME File containing the master key (default: master.key)\n" );
583 mbedtls_printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
584 mbedtls_printf( " label=TEXT Label for the key derivation.\n" );
585 mbedtls_printf( " This may be repeated multiple times.\n" );
586 mbedtls_printf( " To get the same key, you must use the same master key\n" );
587 mbedtls_printf( " and the same sequence of labels.\n" );
588}
589
590int main( int argc, char *argv[] )
591{
592 char *key_file_name = "master.key";
593 char *input_file_name = NULL;
594 char *output_file_name = NULL;
595 const char *ladder[MAX_LADDER_DEPTH];
596 size_t ladder_depth = 0;
597 int i;
598 enum program_mode mode;
599 psa_status_t status;
600
601 if( argc <= 1 ||
602 strcmp( argv[1], "help" ) == 0 ||
603 strcmp( argv[1], "-help" ) == 0 ||
604 strcmp( argv[1], "--help" ) == 0 )
605 {
606 usage( );
607 return( MBEDTLS_EXIT_SUCCESS );
608 }
609
610 for( i = 2; i < argc; i++ )
611 {
612 char *q = strchr( argv[i], '=' );
613 if( q == NULL )
614 {
615 mbedtls_printf( "Missing argument to option %s\n", argv[i] );
616 goto usage_failure;
617 }
618 *q = 0;
619 ++q;
620 if( strcmp( argv[i], "input" ) == 0 )
621 input_file_name = q;
622 else if( strcmp( argv[i], "label" ) == 0 )
623 {
624 if( ladder_depth == MAX_LADDER_DEPTH )
625 {
626 mbedtls_printf( "Maximum ladder depth %u exceeded.\n",
627 (unsigned) MAX_LADDER_DEPTH );
628 return( MBEDTLS_EXIT_FAILURE );
629 }
630 ladder[ladder_depth] = q;
631 ++ladder_depth;
632 }
633 else if( strcmp( argv[i], "master" ) == 0 )
634 key_file_name = q;
635 else if( strcmp( argv[i], "output" ) == 0 )
636 output_file_name = q;
637 else
638 {
639 mbedtls_printf( "Unknown option: %s\n", argv[i] );
640 goto usage_failure;
641 }
642 }
643
644 if( strcmp( argv[1], "generate" ) == 0 )
645 mode = MODE_GENERATE;
646 else if( strcmp( argv[1], "save" ) == 0 )
647 mode = MODE_SAVE;
648 else if( strcmp( argv[1], "unwrap" ) == 0 )
649 mode = MODE_UNWRAP;
650 else if( strcmp( argv[1], "wrap" ) == 0 )
651 mode = MODE_WRAP;
652 else
653 {
654 mbedtls_printf( "Unknown action: %s\n", argv[1] );
655 goto usage_failure;
656 }
657
658 if( input_file_name == NULL &&
659 ( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
660 {
661 mbedtls_printf( "Required argument missing: input\n" );
662 return( DEMO_ERROR );
663 }
664 if( output_file_name == NULL &&
665 ( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
666 {
667 mbedtls_printf( "Required argument missing: output\n" );
668 return( DEMO_ERROR );
669 }
670
671 status = run( mode, key_file_name,
672 ladder, ladder_depth,
673 input_file_name, output_file_name );
674 return( status == PSA_SUCCESS ?
675 MBEDTLS_EXIT_SUCCESS :
676 MBEDTLS_EXIT_FAILURE );
677
678usage_failure:
679 usage( );
680 return( MBEDTLS_EXIT_FAILURE );
681}
682#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */