mbedtls/programs
Janos Follath 71a4c9125b Add flag for removing deprecated API
Add the compile time option PSA_PRE_1_0_KEY_DERIVATION. If this is not
turned on, then the function `psa_key_derivation()` is removed.

Most of the tests regarding key derivation haven't been adapted to the
new API yet and some of them have only been adapted partially. When this
new option is turned off, the tests using the old API and test cases
using the old API of partially adapted tests are skipped.

The sole purpose of this option is to make the transition to the new API
smoother. Once the transition is complete it can and should be removed
along with the old API and its implementation.
2019-06-26 09:15:08 +01:00
..
aes programs, tests: Depend only on libmbedcrypto 2019-04-25 11:46:21 +01:00
hash programs, tests: Depend only on libmbedcrypto 2019-04-25 11:46:21 +01:00
pkey programs, tests: Depend only on libmbedcrypto 2019-04-25 11:46:21 +01:00
psa Add flag for removing deprecated API 2019-06-26 09:15:08 +01:00
random programs, tests: Depend only on libmbedcrypto 2019-04-25 11:46:21 +01:00
test Merge remote-tracking branch 'tls/development' into development 2019-05-01 14:12:43 +01:00
util programs, tests: Depend only on libmbedcrypto 2019-04-25 11:46:21 +01:00
.gitignore Remove programs that depend on TLS or X.509 2019-04-25 11:46:08 +01:00
CMakeLists.txt Remove programs that depend on TLS or X.509 2019-04-25 11:46:08 +01:00
Makefile programs, tests: Depend only on libmbedcrypto 2019-04-25 11:46:21 +01:00
README.md Remove programs that depend on TLS or X.509 2019-04-25 11:46:08 +01:00
wince_main.c

Mbed TLS sample programs

This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.

Symmetric cryptography (AES) examples

  • aes/aescrypt2.c: file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
    Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the pkcs5 module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).

  • aes/crypt_and_hash.c: file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.

Hash (digest) examples

Public-key cryptography examples

Generic public-key cryptography (pk) examples

  • pkey/gen_key.c: generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.

  • pkey/key_app.c: loads a PEM or DER public key or private key file and dumps its content.

  • pkey/key_app_writer.c: loads a PEM or DER public key or private key file and writes it to a new PEM or DER file.

  • pkey/pk_encrypt.c, pkey/pk_decrypt.c: loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface.

  • pkey/pk_sign.c, pkey/pk_verify.c: loads a PEM or DER private/public key file and uses the key to sign/verify a short string.

ECDSA and RSA signature examples

Diffie-Hellman key exchange examples

Bignum (mpi) usage examples

Random number generator (RNG) examples

  • random/gen_entropy.c: shows how to use the default entropy sources to generate random data.
    Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by random/gen_random_ctr_drbg.c.

  • random/gen_random_ctr_drbg.c: shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.

  • random/gen_random_havege.c: demonstrates the HAVEGE entropy collector.

Test utilities

Development utilities

  • util/pem2der.c: a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support.

  • util/strerror.c: prints the error description corresponding to an integer status returned by an Mbed TLS function.