mbedtls/programs
Bence Szépkúti f744bd72ee Update license headers to Apache-2.0 OR GPL-2.0-or-later
This will allow us to ship the LTS branches in a single archive

This commit was generated using the following script:

# ========================
#!/bin/sh

header1='\ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later\
 *\
 *  This file is provided under the Apache License 2.0, or the\
 *  GNU General Public License v2.0 or later.\
 *\
 *  **********\
 *  Apache License 2.0:\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.\
 *\
 *  **********\
 *\
 *  **********\
 *  GNU General Public License v2.0 or later:\
 *\
 *  This program is free software; you can redistribute it and/or modify\
 *  it under the terms of the GNU General Public License as published by\
 *  the Free Software Foundation; either version 2 of the License, or\
 *  (at your option) any later version.\
 *\
 *  This program is distributed in the hope that it will be useful,\
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of\
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\
 *  GNU General Public License for more details.\
 *\
 *  You should have received a copy of the GNU General Public License along\
 *  with this program; if not, write to the Free Software Foundation, Inc.,\
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.\
 *\
 *  **********'

find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i "
# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I s/\/\*/&\n */

# Insert new copyright header
/SPDX-License-Identifier/ i\
$header1

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"

# Format copyright header for inclusion into scripts
header2=$(echo "$header1" | sed 's/^\\\? \* \?/#/')

find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i "
# Insert new copyright header
/SPDX-License-Identifier/ i\
$header2

# Delete old copyright header
/SPDX-License-Identifier/,$ {
  # Delete lines until the one preceding the mbedtls declaration
  N
  1,/This file is part of/ {
    /This file is part of/! D
  }
}
"
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:48:48 +02:00
..
aes Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
hash Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
pkey Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
random Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
ssl Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
test Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
util Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
x509 Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00
.gitignore Create programs/test/query_compile_time_config app 2019-02-07 10:32:31 +00:00
CMakeLists.txt
Makefile programs: Make make clean clean all programs always 2019-06-20 16:34:24 +01:00
README.md Remove ssl_cert_test sample app 2019-04-07 16:51:18 +03:00
wince_main.c Update license headers to Apache-2.0 OR GPL-2.0-or-later 2020-06-15 12:48:48 +02:00

Mbed TLS sample programs

This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.

Symmetric cryptography (AES) examples

  • aes/aescrypt2.c: file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
    Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the pkcs5 module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).

  • aes/crypt_and_hash.c: file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.

Hash (digest) examples

Public-key cryptography examples

Generic public-key cryptography (pk) examples

  • pkey/gen_key.c: generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.

  • pkey/key_app.c: loads a PEM or DER public key or private key file and dumps its content.

  • pkey/key_app_writer.c: loads a PEM or DER public key or private key file and writes it to a new PEM or DER file.

  • pkey/pk_encrypt.c, pkey/pk_decrypt.c: loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface.

  • pkey/pk_sign.c, pkey/pk_verify.c: loads a PEM or DER private/public key file and uses the key to sign/verify a short string.

ECDSA and RSA signature examples

Diffie-Hellman key exchange examples

  • pkey/dh_client.c, pkey/dh_server.c: secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.

  • pkey/ecdh_curve25519.c: demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.

Bignum (mpi) usage examples

Random number generator (RNG) examples

  • random/gen_entropy.c: shows how to use the default entropy sources to generate random data.
    Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by random/gen_random_ctr_drbg.c.

  • random/gen_random_ctr_drbg.c: shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.

  • random/gen_random_havege.c: demonstrates the HAVEGE entropy collector.

SSL/TLS examples

SSL/TLS sample applications

  • ssl/dtls_client.c: a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.

  • ssl/dtls_server.c: a simple DTLS server program, which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification.

  • ssl/mini_client.c: a minimalistic SSL client, which sends a short string and disconnects. This is primarily intended as a benchmark; for a better example of a typical TLS client, see ssl/ssl_client1.c.

  • ssl/ssl_client1.c: a simple HTTPS client that sends a fixed request and displays the response.

  • ssl/ssl_fork_server.c: a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the fork system call.

  • ssl/ssl_mail_client.c: a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with fixed content.

  • ssl/ssl_pthread_server.c: a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library.

  • ssl/ssl_server.c: a simple HTTPS server that sends a fixed response. It serves a single client at a time.

SSL/TLS feature demonstrators

Note: unlike most of the other programs under the programs/ directory, these two programs are not intended as a basis for writing an application. They combine most of the features supported by the library, and most applications require only a few features. To write a new application, we recommended that you start with ssl_client1.c or ssl_server.c, and then look inside ssl/ssl_client2.c or ssl/ssl_server2.c to see how to use the specific features that your application needs.

  • ssl/ssl_client2.c: an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features.

  • ssl/ssl_server2.c: an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features.

In addition to providing options for testing client-side features, the ssl_client2 program has options that allow you to trigger certain behaviors in the server. For example, there are options to select ciphersuites, or to force a renegotiation. These options are useful for testing the corresponding features in a TLS server. Likewise, ssl_server2 has options to activate certain behaviors that are useful for testing a TLS client.

Test utilities

Development utilities

  • util/pem2der.c: a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support.

  • util/strerror.c: prints the error description corresponding to an integer status returned by an Mbed TLS function.

X.509 certificate examples

  • x509/cert_app.c: connects to a TLS server and verifies its certificate chain.

  • x509/cert_req.c: generates a certificate signing request (CSR) for a private key.

  • x509/cert_write.c: signs a certificate signing request, or self-signs a certificate.

  • x509/crl_app.c: loads and dumps a certificate revocation list (CRL).

  • x509/req_app.c: loads and dumps a certificate signing request (CSR).