1#!/bin/sh 2# 3# Copyright The Mbed TLS Contributors 4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 5 6. "${0%/*}/../demo_common.sh" 7 8msg <<'EOF' 9This script demonstrates the use of the PSA cryptography interface to 10create a master key, derive a key from it and use that derived key to 11wrap some data using an AEAD algorithm. 12EOF 13 14depends_on MBEDTLS_SHA256_C MBEDTLS_MD_C MBEDTLS_AES_C MBEDTLS_CCM_C MBEDTLS_PSA_CRYPTO_C MBEDTLS_FS_IO 15 16program="${0%/*}"/key_ladder_demo 17 18if [ -e master.key ]; then 19 echo "# Reusing the existing master.key file." 20else 21 files_to_clean="$files_to_clean master.key" 22 run "Generate a master key." \ 23 "$program" generate master=master.key 24fi 25 26files_to_clean="$files_to_clean input.txt hello_world.wrap" 27echo "Here is some input. See it wrapped." >input.txt 28run "Derive a key and wrap some data with it." \ 29 "$program" wrap master=master.key label=hello label=world \ 30 input=input.txt output=hello_world.wrap 31 32files_to_clean="$files_to_clean hello_world.txt" 33run "Derive the same key again and unwrap the data." \ 34 "$program" unwrap master=master.key label=hello label=world \ 35 input=hello_world.wrap output=hello_world.txt 36run "Compare the unwrapped data with the original input." \ 37 cmp input.txt hello_world.txt 38 39files_to_clean="$files_to_clean hellow_orld.txt" 40run_bad "Derive a different key and attempt to unwrap the data." \ 41 "$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld 42 43files_to_clean="$files_to_clean hello.key" 44run "Save the first step of the key ladder, then load it as a master key and construct the rest of the ladder." \ 45 "$program" save master=master.key label=hello \ 46 input=hello_world.wrap output=hello.key 47run "Check that we get the same key by unwrapping data made by the other key." \ 48 "$program" unwrap master=hello.key label=world \ 49 input=hello_world.wrap output=hello_world.txt 50 51cleanup 52
