From b1d6eaf2f793f8be7dcbc39db5f5fd56fd99d31a Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Fri, 14 May 2021 11:00:46 +0200 Subject: [PATCH] mbedtls: make style --- common/mbedtls/aes.c | 1742 +++--- common/mbedtls/aes.h | 144 +- common/mbedtls/aesni.c | 606 +- common/mbedtls/aesni.h | 28 +- common/mbedtls/arc4.c | 90 +- common/mbedtls/arc4.h | 17 +- common/mbedtls/aria.c | 780 ++- common/mbedtls/aria.h | 67 +- common/mbedtls/asn1.h | 94 +- common/mbedtls/asn1parse.c | 421 +- common/mbedtls/asn1write.c | 397 +- common/mbedtls/asn1write.h | 82 +- common/mbedtls/base64.c | 232 +- common/mbedtls/base64.h | 10 +- common/mbedtls/bignum.c | 2294 ++++--- common/mbedtls/bignum.h | 257 +- common/mbedtls/blowfish.c | 359 +- common/mbedtls/blowfish.h | 59 +- common/mbedtls/bn_mul.h | 2 +- common/mbedtls/camellia.c | 1104 ++-- common/mbedtls/camellia.h | 69 +- common/mbedtls/ccm.c | 385 +- common/mbedtls/ccm.h | 57 +- common/mbedtls/certs.c | 148 +- common/mbedtls/certs.h | 22 +- common/mbedtls/chacha20.c | 276 +- common/mbedtls/chacha20.h | 39 +- common/mbedtls/chachapoly.c | 450 +- common/mbedtls/chachapoly.h | 72 +- common/mbedtls/check_config.h | 2 +- common/mbedtls/cipher.c | 1411 ++--- common/mbedtls/cipher.h | 193 +- common/mbedtls/cipher_internal.h | 78 +- common/mbedtls/cipher_wrap.c | 752 ++- common/mbedtls/cmac.c | 702 +-- common/mbedtls/cmac.h | 33 +- common/mbedtls/ctr_drbg.c | 725 ++- common/mbedtls/ctr_drbg.h | 63 +- common/mbedtls/debug.c | 352 +- common/mbedtls/debug.h | 59 +- common/mbedtls/des.c | 651 +- common/mbedtls/des.h | 82 +- common/mbedtls/dhm.c | 597 +- common/mbedtls/dhm.h | 55 +- common/mbedtls/ecdh.c | 605 +- common/mbedtls/ecdh.h | 81 +- common/mbedtls/ecdsa.c | 730 ++- common/mbedtls/ecdsa.h | 103 +- common/mbedtls/ecjpake.c | 899 ++- common/mbedtls/ecjpake.h | 59 +- common/mbedtls/ecp.c | 2535 ++++---- common/mbedtls/ecp.h | 205 +- common/mbedtls/ecp_curves.c | 1225 ++-- common/mbedtls/ecp_internal.h | 46 +- common/mbedtls/entropy.c | 449 +- common/mbedtls/entropy.h | 38 +- common/mbedtls/entropy_poll.c | 143 +- common/mbedtls/entropy_poll.h | 24 +- common/mbedtls/error.c | 582 +- common/mbedtls/error.h | 6 +- common/mbedtls/gcm.c | 1149 ++-- common/mbedtls/gcm.h | 85 +- common/mbedtls/havege.c | 40 +- common/mbedtls/havege.h | 9 +- common/mbedtls/hkdf.c | 117 +- common/mbedtls/hkdf.h | 22 +- common/mbedtls/hmac_drbg.c | 417 +- common/mbedtls/hmac_drbg.h | 63 +- common/mbedtls/md.c | 528 +- common/mbedtls/md.h | 77 +- common/mbedtls/md2.c | 242 +- common/mbedtls/md2.h | 53 +- common/mbedtls/md4.c | 384 +- common/mbedtls/md4.h | 57 +- common/mbedtls/md5.c | 416 +- common/mbedtls/md5.h | 57 +- common/mbedtls/md_internal.h | 5 +- common/mbedtls/memory_buffer_alloc.c | 516 +- common/mbedtls/memory_buffer_alloc.h | 18 +- common/mbedtls/net_sockets.c | 426 +- common/mbedtls/net_sockets.h | 35 +- common/mbedtls/nist_kw.c | 654 +- common/mbedtls/nist_kw.h | 31 +- common/mbedtls/oid.c | 217 +- common/mbedtls/oid.h | 47 +- common/mbedtls/padlock.c | 146 +- common/mbedtls/padlock.h | 22 +- common/mbedtls/pem.c | 386 +- common/mbedtls/pem.h | 21 +- common/mbedtls/pk.c | 538 +- common/mbedtls/pk.h | 192 +- common/mbedtls/pk_internal.h | 72 +- common/mbedtls/pk_wrap.c | 784 ++- common/mbedtls/pkcs11.c | 165 +- common/mbedtls/pkcs11.h | 72 +- common/mbedtls/pkcs12.c | 258 +- common/mbedtls/pkcs12.h | 26 +- common/mbedtls/pkcs5.c | 323 +- common/mbedtls/pkcs5.h | 18 +- common/mbedtls/pkparse.c | 1214 ++-- common/mbedtls/pkwrite.c | 449 +- common/mbedtls/platform.c | 217 +- common/mbedtls/platform.h | 59 +- common/mbedtls/platform_time.h | 4 +- common/mbedtls/platform_util.c | 37 +- common/mbedtls/platform_util.h | 14 +- common/mbedtls/poly1305.c | 358 +- common/mbedtls/poly1305.h | 31 +- common/mbedtls/psa_crypto.c | 5157 ++++++++-------- common/mbedtls/psa_crypto_client.c | 49 +- common/mbedtls/psa_crypto_core.h | 79 +- common/mbedtls/psa_crypto_driver_wrappers.c | 819 ++- common/mbedtls/psa_crypto_driver_wrappers.h | 32 +- common/mbedtls/psa_crypto_ecp.c | 477 +- common/mbedtls/psa_crypto_ecp.h | 40 +- common/mbedtls/psa_crypto_invasive.h | 6 +- common/mbedtls/psa_crypto_its.h | 5 +- common/mbedtls/psa_crypto_random_impl.h | 50 +- common/mbedtls/psa_crypto_rsa.c | 510 +- common/mbedtls/psa_crypto_rsa.h | 38 +- common/mbedtls/psa_crypto_se.c | 278 +- common/mbedtls/psa_crypto_se.h | 33 +- common/mbedtls/psa_crypto_slot_management.c | 306 +- common/mbedtls/psa_crypto_slot_management.h | 45 +- common/mbedtls/psa_crypto_storage.c | 369 +- common/mbedtls/psa_crypto_storage.h | 58 +- common/mbedtls/psa_its_file.c | 195 +- common/mbedtls/psa_util.h | 224 +- common/mbedtls/ripemd160.c | 458 +- common/mbedtls/ripemd160.h | 57 +- common/mbedtls/rsa.c | 2183 ++++--- common/mbedtls/rsa.h | 299 +- common/mbedtls/rsa_internal.c | 334 +- common/mbedtls/rsa_internal.h | 36 +- common/mbedtls/sha1.c | 473 +- common/mbedtls/sha1.h | 57 +- common/mbedtls/sha256.c | 469 +- common/mbedtls/sha256.h | 63 +- common/mbedtls/sha512.c | 505 +- common/mbedtls/sha512.h | 75 +- common/mbedtls/ssl.h | 656 +- common/mbedtls/ssl_cache.c | 164 +- common/mbedtls/ssl_cache.h | 18 +- common/mbedtls/ssl_ciphersuites.c | 2739 +++++---- common/mbedtls/ssl_ciphersuites.h | 99 +- common/mbedtls/ssl_cli.c | 4036 ++++++------- common/mbedtls/ssl_cookie.c | 166 +- common/mbedtls/ssl_cookie.h | 15 +- common/mbedtls/ssl_internal.h | 375 +- common/mbedtls/ssl_invasive.h | 20 +- common/mbedtls/ssl_msg.c | 5225 ++++++++-------- common/mbedtls/ssl_srv.c | 4011 ++++++------- common/mbedtls/ssl_ticket.c | 281 +- common/mbedtls/ssl_ticket.h | 20 +- common/mbedtls/ssl_tls.c | 5915 +++++++++---------- common/mbedtls/ssl_tls13_keys.c | 261 +- common/mbedtls/ssl_tls13_keys.h | 46 +- common/mbedtls/threading.c | 88 +- common/mbedtls/threading.h | 21 +- common/mbedtls/timing.c | 286 +- common/mbedtls/timing.h | 18 +- common/mbedtls/version.c | 19 +- common/mbedtls/version.h | 8 +- common/mbedtls/version_features.c | 24 +- common/mbedtls/x509.c | 785 ++- common/mbedtls/x509.h | 81 +- common/mbedtls/x509_create.c | 387 +- common/mbedtls/x509_crl.c | 580 +- common/mbedtls/x509_crl.h | 22 +- common/mbedtls/x509_crt.c | 2483 ++++---- common/mbedtls/x509_crt.h | 225 +- common/mbedtls/x509_csr.c | 270 +- common/mbedtls/x509_csr.h | 58 +- common/mbedtls/x509write_crt.c | 512 +- common/mbedtls/x509write_csr.c | 282 +- common/mbedtls/xtea.c | 180 +- common/mbedtls/xtea.h | 31 +- 177 files changed, 37224 insertions(+), 41821 deletions(-) diff --git a/common/mbedtls/aes.c b/common/mbedtls/aes.c index 3f616427a..832228818 100644 --- a/common/mbedtls/aes.c +++ b/common/mbedtls/aes.c @@ -89,8 +89,7 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -static const unsigned char FSb[256] = -{ +static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, @@ -220,8 +219,7 @@ static const uint32_t FT3[256] = { FT }; /* * Reverse S-box */ -static const unsigned char RSb[256] = -{ +static const unsigned char RSb[256] = { 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, @@ -351,8 +349,7 @@ static const uint32_t RT3[256] = { RT }; /* * Round constants */ -static const uint32_t RCON[10] = -{ +static const uint32_t RCON[10] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x0000001B, 0x00000036 @@ -396,8 +393,7 @@ static uint32_t RCON[10]; static int aes_init_done = 0; -static void aes_gen_tables( void ) -{ +static void aes_gen_tables(void) { int i, x, y, z; int pow[256]; int log[256]; @@ -405,20 +401,18 @@ static void aes_gen_tables( void ) /* * compute pow and log tables over GF(2^8) */ - for( i = 0, x = 1; i < 256; i++ ) - { + for (i = 0, x = 1; i < 256; i++) { pow[i] = x; log[x] = i; - x = ( x ^ XTIME( x ) ) & 0xFF; + x = (x ^ XTIME(x)) & 0xFF; } /* * calculate the round constants */ - for( i = 0, x = 1; i < 10; i++ ) - { + for (i = 0, x = 1; i < 10; i++) { RCON[i] = (uint32_t) x; - x = XTIME( x ) & 0xFF; + x = XTIME(x) & 0xFF; } /* @@ -427,14 +421,17 @@ static void aes_gen_tables( void ) FSb[0x00] = 0x63; RSb[0x63] = 0x00; - for( i = 1; i < 256; i++ ) - { + for (i = 1; i < 256; i++) { x = pow[255 - log[i]]; - y = x; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; - x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; - x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; - x ^= y; y = ( ( y << 1 ) | ( y >> 7 ) ) & 0xFF; + y = x; + y = ((y << 1) | (y >> 7)) & 0xFF; + x ^= y; + y = ((y << 1) | (y >> 7)) & 0xFF; + x ^= y; + y = ((y << 1) | (y >> 7)) & 0xFF; + x ^= y; + y = ((y << 1) | (y >> 7)) & 0xFF; x ^= y ^ 0x63; FSb[i] = (unsigned char) x; @@ -444,34 +441,33 @@ static void aes_gen_tables( void ) /* * generate the forward and reverse tables */ - for( i = 0; i < 256; i++ ) - { + for (i = 0; i < 256; i++) { x = FSb[i]; - y = XTIME( x ) & 0xFF; - z = ( y ^ x ) & 0xFF; + y = XTIME(x) & 0xFF; + z = (y ^ x) & 0xFF; - FT0[i] = ( (uint32_t) y ) ^ - ( (uint32_t) x << 8 ) ^ - ( (uint32_t) x << 16 ) ^ - ( (uint32_t) z << 24 ); + FT0[i] = ((uint32_t) y) ^ + ((uint32_t) x << 8) ^ + ((uint32_t) x << 16) ^ + ((uint32_t) z << 24); #if !defined(MBEDTLS_AES_FEWER_TABLES) - FT1[i] = ROTL8( FT0[i] ); - FT2[i] = ROTL8( FT1[i] ); - FT3[i] = ROTL8( FT2[i] ); + FT1[i] = ROTL8(FT0[i]); + FT2[i] = ROTL8(FT1[i]); + FT3[i] = ROTL8(FT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ x = RSb[i]; - RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^ - ( (uint32_t) MUL( 0x09, x ) << 8 ) ^ - ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ - ( (uint32_t) MUL( 0x0B, x ) << 24 ); + RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ + ((uint32_t) MUL(0x09, x) << 8) ^ + ((uint32_t) MUL(0x0D, x) << 16) ^ + ((uint32_t) MUL(0x0B, x) << 24); #if !defined(MBEDTLS_AES_FEWER_TABLES) - RT1[i] = ROTL8( RT0[i] ); - RT2[i] = ROTL8( RT1[i] ); - RT3[i] = ROTL8( RT2[i] ); + RT1[i] = ROTL8(RT0[i]); + RT2[i] = ROTL8(RT1[i]); + RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ } } @@ -510,37 +506,33 @@ static void aes_gen_tables( void ) #endif /* MBEDTLS_AES_FEWER_TABLES */ -void mbedtls_aes_init( mbedtls_aes_context *ctx ) -{ - AES_VALIDATE( ctx != NULL ); +void mbedtls_aes_init(mbedtls_aes_context *ctx) { + AES_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_aes_context ) ); + memset(ctx, 0, sizeof(mbedtls_aes_context)); } -void mbedtls_aes_free( mbedtls_aes_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_aes_free(mbedtls_aes_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context)); } #if defined(MBEDTLS_CIPHER_MODE_XTS) -void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ) -{ - AES_VALIDATE( ctx != NULL ); +void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx) { + AES_VALIDATE(ctx != NULL); - mbedtls_aes_init( &ctx->crypt ); - mbedtls_aes_init( &ctx->tweak ); + mbedtls_aes_init(&ctx->crypt); + mbedtls_aes_init(&ctx->tweak); } -void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) { + if (ctx == NULL) return; - mbedtls_aes_free( &ctx->crypt ); - mbedtls_aes_free( &ctx->tweak ); + mbedtls_aes_free(&ctx->crypt); + mbedtls_aes_free(&ctx->tweak); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -548,62 +540,63 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ) * AES key schedule (encryption) */ #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits) { unsigned int i; uint32_t *RK; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - switch( keybits ) - { - case 128: ctx->nr = 10; break; - case 192: ctx->nr = 12; break; - case 256: ctx->nr = 14; break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + switch (keybits) { + case 128: + ctx->nr = 10; + break; + case 192: + ctx->nr = 12; + break; + case 256: + ctx->nr = 14; + break; + default : + return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); } #if !defined(MBEDTLS_AES_ROM_TABLES) - if( aes_init_done == 0 ) - { + if (aes_init_done == 0) { aes_gen_tables(); aes_init_done = 1; } #endif #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) - if( aes_padlock_ace == -1 ) - aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE ); + if (aes_padlock_ace == -1) + aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); - if( aes_padlock_ace ) - ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ); + if (aes_padlock_ace) + ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf); else #endif - ctx->rk = RK = ctx->buf; + ctx->rk = RK = ctx->buf; #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) - return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) ); + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) + return (mbedtls_aesni_setkey_enc((unsigned char *) ctx->rk, key, keybits)); #endif - for( i = 0; i < ( keybits >> 5 ); i++ ) - { - GET_UINT32_LE( RK[i], key, i << 2 ); + for (i = 0; i < (keybits >> 5); i++) { + GET_UINT32_LE(RK[i], key, i << 2); } - switch( ctx->nr ) - { + switch (ctx->nr) { case 10: - for( i = 0; i < 10; i++, RK += 4 ) - { + for (i = 0; i < 10; i++, RK += 4) { RK[4] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[3] ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(RK[3] >> 8) & 0xFF ]) ^ + ((uint32_t) FSb[(RK[3] >> 16) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(RK[3] >> 24) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(RK[3]) & 0xFF ] << 24); RK[5] = RK[1] ^ RK[4]; RK[6] = RK[2] ^ RK[5]; @@ -613,13 +606,12 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, case 12: - for( i = 0; i < 8; i++, RK += 6 ) - { + for (i = 0; i < 8; i++, RK += 6) { RK[6] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[5] ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(RK[5] >> 8) & 0xFF ]) ^ + ((uint32_t) FSb[(RK[5] >> 16) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(RK[5] >> 24) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(RK[5]) & 0xFF ] << 24); RK[7] = RK[1] ^ RK[6]; RK[8] = RK[2] ^ RK[7]; @@ -631,23 +623,22 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, case 14: - for( i = 0; i < 7; i++, RK += 8 ) - { + for (i = 0; i < 7; i++, RK += 8) { RK[8] = RK[0] ^ RCON[i] ^ - ( (uint32_t) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[7] ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(RK[7] >> 8) & 0xFF ]) ^ + ((uint32_t) FSb[(RK[7] >> 16) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(RK[7] >> 24) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(RK[7]) & 0xFF ] << 24); RK[9] = RK[1] ^ RK[8]; RK[10] = RK[2] ^ RK[9]; RK[11] = RK[3] ^ RK[10]; RK[12] = RK[4] ^ - ( (uint32_t) FSb[ ( RK[11] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(RK[11]) & 0xFF ]) ^ + ((uint32_t) FSb[(RK[11] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(RK[11] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(RK[11] >> 24) & 0xFF ] << 24); RK[13] = RK[5] ^ RK[12]; RK[14] = RK[6] ^ RK[13]; @@ -656,7 +647,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, break; } - return( 0 ); + return (0); } #endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */ @@ -664,40 +655,38 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * AES key schedule (decryption) */ #if !defined(MBEDTLS_AES_SETKEY_DEC_ALT) -int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits) { int i, j, ret; mbedtls_aes_context cty; uint32_t *RK; uint32_t *SK; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - mbedtls_aes_init( &cty ); + mbedtls_aes_init(&cty); #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16) - if( aes_padlock_ace == -1 ) - aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE ); + if (aes_padlock_ace == -1) + aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); - if( aes_padlock_ace ) - ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ); + if (aes_padlock_ace) + ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf); else #endif - ctx->rk = RK = ctx->buf; + ctx->rk = RK = ctx->buf; /* Also checks keybits */ - if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 ) + if ((ret = mbedtls_aes_setkey_enc(&cty, key, keybits)) != 0) goto exit; ctx->nr = cty.nr; #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) - { - mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk, - (const unsigned char *) cty.rk, ctx->nr ); + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { + mbedtls_aesni_inverse_key((unsigned char *) ctx->rk, + (const unsigned char *) cty.rk, ctx->nr); goto exit; } #endif @@ -709,14 +698,12 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, *RK++ = *SK++; *RK++ = *SK++; - for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) - { - for( j = 0; j < 4; j++, SK++ ) - { - *RK++ = AES_RT0( FSb[ ( *SK ) & 0xFF ] ) ^ - AES_RT1( FSb[ ( *SK >> 8 ) & 0xFF ] ) ^ - AES_RT2( FSb[ ( *SK >> 16 ) & 0xFF ] ) ^ - AES_RT3( FSb[ ( *SK >> 24 ) & 0xFF ] ); + for (i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8) { + for (j = 0; j < 4; j++, SK++) { + *RK++ = AES_RT0(FSb[(*SK) & 0xFF ]) ^ + AES_RT1(FSb[(*SK >> 8) & 0xFF ]) ^ + AES_RT2(FSb[(*SK >> 16) & 0xFF ]) ^ + AES_RT3(FSb[(*SK >> 24) & 0xFF ]); } } @@ -726,28 +713,29 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, *RK++ = *SK++; exit: - mbedtls_aes_free( &cty ); + mbedtls_aes_free(&cty); - return( ret ); + return (ret); } #endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -static int mbedtls_aes_xts_decode_keys( const unsigned char *key, - unsigned int keybits, - const unsigned char **key1, - unsigned int *key1bits, - const unsigned char **key2, - unsigned int *key2bits ) -{ +static int mbedtls_aes_xts_decode_keys(const unsigned char *key, + unsigned int keybits, + const unsigned char **key1, + unsigned int *key1bits, + const unsigned char **key2, + unsigned int *key2bits) { const unsigned int half_keybits = keybits / 2; const unsigned int half_keybytes = half_keybits / 8; - switch( keybits ) - { - case 256: break; - case 512: break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); + switch (keybits) { + case 256: + break; + case 512: + break; + default : + return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); } *key1bits = half_keybits; @@ -758,54 +746,52 @@ static int mbedtls_aes_xts_decode_keys( const unsigned char *key, return 0; } -int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ +int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, + &key2, &key2bits); + if (ret != 0) + return (ret); /* Set the tweak key. Always set tweak key for the encryption mode. */ - ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); + if (ret != 0) + return (ret); /* Set crypt key for encryption. */ - return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits ); + return mbedtls_aes_setkey_enc(&ctx->crypt, key1, key1bits); } -int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits) -{ +int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( key != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(key != NULL); - ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits, - &key2, &key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_xts_decode_keys(key, keybits, &key1, &key1bits, + &key2, &key2bits); + if (ret != 0) + return (ret); /* Set the tweak key. Always set tweak key for encryption. */ - ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_setkey_enc(&ctx->tweak, key2, key2bits); + if (ret != 0) + return (ret); /* Set crypt key for decryption. */ - return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits ); + return mbedtls_aes_setkey_dec(&ctx->crypt, key1, key1bits); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -861,72 +847,72 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, * AES-ECB block encryption */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) -int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ +int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { int i; uint32_t *RK = ctx->rk; - struct - { + struct { uint32_t X[4]; uint32_t Y[4]; } t; - GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; - GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; - GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; - GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; + GET_UINT32_LE(t.X[0], input, 0); + t.X[0] ^= *RK++; + GET_UINT32_LE(t.X[1], input, 4); + t.X[1] ^= *RK++; + GET_UINT32_LE(t.X[2], input, 8); + t.X[2] ^= *RK++; + GET_UINT32_LE(t.X[3], input, 12); + t.X[3] ^= *RK++; - for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) - { - AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); + for (i = (ctx->nr >> 1) - 1; i > 0; i--) { + AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); + AES_FROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); } - AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_FROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); t.X[0] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[0] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(t.Y[0]) & 0xFF ]) ^ + ((uint32_t) FSb[(t.Y[1] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(t.Y[2] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(t.Y[3] >> 24) & 0xFF ] << 24); t.X[1] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[1] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(t.Y[1]) & 0xFF ]) ^ + ((uint32_t) FSb[(t.Y[2] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(t.Y[3] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(t.Y[0] >> 24) & 0xFF ] << 24); t.X[2] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[2] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(t.Y[2]) & 0xFF ]) ^ + ((uint32_t) FSb[(t.Y[3] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(t.Y[0] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(t.Y[1] >> 24) & 0xFF ] << 24); t.X[3] = *RK++ ^ \ - ( (uint32_t) FSb[ ( t.Y[3] ) & 0xFF ] ) ^ - ( (uint32_t) FSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) FSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) FSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) FSb[(t.Y[3]) & 0xFF ]) ^ + ((uint32_t) FSb[(t.Y[0] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) FSb[(t.Y[1] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) FSb[(t.Y[2] >> 24) & 0xFF ] << 24); - PUT_UINT32_LE( t.X[0], output, 0 ); - PUT_UINT32_LE( t.X[1], output, 4 ); - PUT_UINT32_LE( t.X[2], output, 8 ); - PUT_UINT32_LE( t.X[3], output, 12 ); + PUT_UINT32_LE(t.X[0], output, 0); + PUT_UINT32_LE(t.X[1], output, 4); + PUT_UINT32_LE(t.X[2], output, 8); + PUT_UINT32_LE(t.X[3], output, 12); - mbedtls_platform_zeroize( &t, sizeof( t ) ); + mbedtls_platform_zeroize(&t, sizeof(t)); - return( 0 ); + return (0); } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); +void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { + mbedtls_internal_aes_encrypt(ctx, input, output); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -934,99 +920,97 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * AES-ECB block decryption */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) -int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ +int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { int i; uint32_t *RK = ctx->rk; - struct - { + struct { uint32_t X[4]; uint32_t Y[4]; } t; - GET_UINT32_LE( t.X[0], input, 0 ); t.X[0] ^= *RK++; - GET_UINT32_LE( t.X[1], input, 4 ); t.X[1] ^= *RK++; - GET_UINT32_LE( t.X[2], input, 8 ); t.X[2] ^= *RK++; - GET_UINT32_LE( t.X[3], input, 12 ); t.X[3] ^= *RK++; + GET_UINT32_LE(t.X[0], input, 0); + t.X[0] ^= *RK++; + GET_UINT32_LE(t.X[1], input, 4); + t.X[1] ^= *RK++; + GET_UINT32_LE(t.X[2], input, 8); + t.X[2] ^= *RK++; + GET_UINT32_LE(t.X[3], input, 12); + t.X[3] ^= *RK++; - for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- ) - { - AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); - AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] ); + for (i = (ctx->nr >> 1) - 1; i > 0; i--) { + AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); + AES_RROUND(t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3]); } - AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] ); + AES_RROUND(t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3]); t.X[0] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[0] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[3] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[2] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[1] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) RSb[(t.Y[0]) & 0xFF ]) ^ + ((uint32_t) RSb[(t.Y[3] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) RSb[(t.Y[2] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) RSb[(t.Y[1] >> 24) & 0xFF ] << 24); t.X[1] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[1] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[0] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[3] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[2] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) RSb[(t.Y[1]) & 0xFF ]) ^ + ((uint32_t) RSb[(t.Y[0] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) RSb[(t.Y[3] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) RSb[(t.Y[2] >> 24) & 0xFF ] << 24); t.X[2] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[2] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[1] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[0] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[3] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) RSb[(t.Y[2]) & 0xFF ]) ^ + ((uint32_t) RSb[(t.Y[1] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) RSb[(t.Y[0] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) RSb[(t.Y[3] >> 24) & 0xFF ] << 24); t.X[3] = *RK++ ^ \ - ( (uint32_t) RSb[ ( t.Y[3] ) & 0xFF ] ) ^ - ( (uint32_t) RSb[ ( t.Y[2] >> 8 ) & 0xFF ] << 8 ) ^ - ( (uint32_t) RSb[ ( t.Y[1] >> 16 ) & 0xFF ] << 16 ) ^ - ( (uint32_t) RSb[ ( t.Y[0] >> 24 ) & 0xFF ] << 24 ); + ((uint32_t) RSb[(t.Y[3]) & 0xFF ]) ^ + ((uint32_t) RSb[(t.Y[2] >> 8) & 0xFF ] << 8) ^ + ((uint32_t) RSb[(t.Y[1] >> 16) & 0xFF ] << 16) ^ + ((uint32_t) RSb[(t.Y[0] >> 24) & 0xFF ] << 24); - PUT_UINT32_LE( t.X[0], output, 0 ); - PUT_UINT32_LE( t.X[1], output, 4 ); - PUT_UINT32_LE( t.X[2], output, 8 ); - PUT_UINT32_LE( t.X[3], output, 12 ); + PUT_UINT32_LE(t.X[0], output, 0); + PUT_UINT32_LE(t.X[1], output, 4); + PUT_UINT32_LE(t.X[2], output, 8); + PUT_UINT32_LE(t.X[3], output, 12); - mbedtls_platform_zeroize( &t, sizeof( t ) ); + mbedtls_platform_zeroize(&t, sizeof(t)); - return( 0 ); + return (0); } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); +void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]) { + mbedtls_internal_aes_decrypt(ctx, input, output); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ /* * AES-ECB block encryption/decryption */ -int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); +int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) - return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) ); + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) + return (mbedtls_aesni_crypt_ecb(ctx, mode, input, output)); #endif #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) - if( aes_padlock_ace ) - { - if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 ) - return( 0 ); + if (aes_padlock_ace) { + if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) + return (0); // If padlock data misaligned, we just fall back to // unaccelerated mode @@ -1034,41 +1018,39 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, } #endif - if( mode == MBEDTLS_AES_ENCRYPT ) - return( mbedtls_internal_aes_encrypt( ctx, input, output ) ); + if (mode == MBEDTLS_AES_ENCRYPT) + return (mbedtls_internal_aes_encrypt(ctx, input, output)); else - return( mbedtls_internal_aes_decrypt( ctx, input, output ) ); + return (mbedtls_internal_aes_decrypt(ctx, input, output)); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * AES-CBC buffer encryption/decryption */ -int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[16]; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); - if( length % 16 ) - return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH ); + if (length % 16) + return (MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH); #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) - if( aes_padlock_ace ) - { - if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 ) - return( 0 ); + if (aes_padlock_ace) { + if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) + return (0); // If padlock data misaligned, we just fall back to // unaccelerated mode @@ -1076,32 +1058,27 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, } #endif - if( mode == MBEDTLS_AES_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 16 ); - mbedtls_aes_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_AES_DECRYPT) { + while (length > 0) { + memcpy(temp, input, 16); + mbedtls_aes_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 16; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, 16 ); + memcpy(iv, temp, 16); input += 16; output += 16; length -= 16; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < 16; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_aes_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 16 ); + mbedtls_aes_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, 16); input += 16; output += 16; @@ -1109,7 +1086,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -1154,31 +1131,29 @@ typedef unsigned char mbedtls_be128[16]; * for machine endianess and hence works correctly on both big and little * endian machines. */ -static void mbedtls_gf128mul_x_ble( unsigned char r[16], - const unsigned char x[16] ) -{ +static void mbedtls_gf128mul_x_ble(unsigned char r[16], + const unsigned char x[16]) { uint64_t a, b, ra, rb; - GET_UINT64_LE( a, x, 0 ); - GET_UINT64_LE( b, x, 8 ); + GET_UINT64_LE(a, x, 0); + GET_UINT64_LE(b, x, 8); - ra = ( a << 1 ) ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) ); - rb = ( a >> 63 ) | ( b << 1 ); + ra = (a << 1) ^ 0x0087 >> (8 - ((b >> 63) << 3)); + rb = (a >> 63) | (b << 1); - PUT_UINT64_LE( ra, r, 0 ); - PUT_UINT64_LE( rb, r, 8 ); + PUT_UINT64_LE(ra, r, 0); + PUT_UINT64_LE(rb, r, 8); } /* * AES-XTS buffer encryption/decryption */ -int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t blocks = length / 16; size_t leftover = length % 16; @@ -1186,61 +1161,58 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, unsigned char prev_tweak[16]; unsigned char tmp[16]; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( data_unit != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(data_unit != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); /* Data units must be at least 16 bytes long. */ - if( length < 16 ) + if (length < 16) return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */ - if( length > ( 1 << 20 ) * 16 ) + if (length > (1 << 20) * 16) return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; /* Compute the tweak. */ - ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT, - data_unit, tweak ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_crypt_ecb(&ctx->tweak, MBEDTLS_AES_ENCRYPT, + data_unit, tweak); + if (ret != 0) + return (ret); - while( blocks-- ) - { + while (blocks--) { size_t i; - if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 ) - { + if (leftover && (mode == MBEDTLS_AES_DECRYPT) && blocks == 0) { /* We are on the last block in a decrypt operation that has * leftover bytes, so we need to use the next tweak for this block, * and this tweak for the lefover bytes. Save the current tweak for * the leftovers and then update the current tweak for use on this, * the last full block. */ - memcpy( prev_tweak, tweak, sizeof( tweak ) ); - mbedtls_gf128mul_x_ble( tweak, tweak ); + memcpy(prev_tweak, tweak, sizeof(tweak)); + mbedtls_gf128mul_x_ble(tweak, tweak); } - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) tmp[i] = input[i] ^ tweak[i]; - ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); + if (ret != 0) + return (ret); - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) output[i] = tmp[i] ^ tweak[i]; /* Update the tweak for the next block. */ - mbedtls_gf128mul_x_ble( tweak, tweak ); + mbedtls_gf128mul_x_ble(tweak, tweak); output += 16; input += 16; } - if( leftover ) - { + if (leftover) { /* If we are on the leftover bytes in a decrypt operation, we need to * use the previous tweak for these bytes (as saved in prev_tweak). */ unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak; @@ -1254,28 +1226,27 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * byte of cyphertext we won't steal. At the same time, copy the * remainder of the input for this final round (since the loop bounds * are the same). */ - for( i = 0; i < leftover; i++ ) - { + for (i = 0; i < leftover; i++) { output[i] = prev_output[i]; tmp[i] = input[i] ^ t[i]; } /* Copy ciphertext bytes from the previous block for input in this * round. */ - for( ; i < 16; i++ ) + for (; i < 16; i++) tmp[i] = prev_output[i] ^ t[i]; - ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ecb(&ctx->crypt, mode, tmp, tmp); + if (ret != 0) return ret; /* Write the result back to the previous block, overriding the previous * output we copied. */ - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) prev_output[i] = tmp[i] ^ t[i]; } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -1283,98 +1254,90 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, /* * AES-CFB128 buffer encryption/decryption */ -int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int c; size_t n; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( iv_off != NULL ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(iv_off != NULL); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); n = *iv_off; - if( n > 15 ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if (n > 15) + return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - if( mode == MBEDTLS_AES_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + if (mode == MBEDTLS_AES_DECRYPT) { + while (length--) { + if (n == 0) + mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); + *output++ = (unsigned char)(c ^ iv[n]); iv[n] = (unsigned char) c; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + } else { + while (length--) { + if (n == 0) + mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } } *iv_off = n; - return( 0 ); + return (0); } /* * AES-CFB8 buffer encryption/decryption */ -int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { unsigned char c; unsigned char ov[17]; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || - mode == MBEDTLS_AES_DECRYPT ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); - while( length-- ) - { - memcpy( ov, iv, 16 ); - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT || + mode == MBEDTLS_AES_DECRYPT); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); + while (length--) { + memcpy(ov, iv, 16); + mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); - if( mode == MBEDTLS_AES_DECRYPT ) + if (mode == MBEDTLS_AES_DECRYPT) ov[16] = *input; - c = *output++ = (unsigned char)( iv[0] ^ *input++ ); + c = *output++ = (unsigned char)(iv[0] ^ *input++); - if( mode == MBEDTLS_AES_ENCRYPT ) + if (mode == MBEDTLS_AES_ENCRYPT) ov[16] = c; - memcpy( iv, ov + 1, 16 ); + memcpy(iv, ov + 1, 16); } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -1382,44 +1345,41 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, /* * AES-OFB (Output Feedback Mode) buffer encryption/decryption */ -int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int ret = 0; size_t n; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( iv_off != NULL ); - AES_VALIDATE_RET( iv != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(iv_off != NULL); + AES_VALIDATE_RET(iv != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); n = *iv_off; - if( n > 15 ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if (n > 15) + return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - while( length-- ) - { - if( n == 0 ) - { - ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); - if( ret != 0 ) + while (length--) { + if (n == 0) { + ret = mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, iv, iv); + if (ret != 0) goto exit; } *output++ = *input++ ^ iv[n]; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *iv_off = n; exit: - return( ret ); + return (ret); } #endif /* MBEDTLS_CIPHER_MODE_OFB */ @@ -1427,47 +1387,45 @@ exit: /* * AES-CTR buffer encryption/decryption */ -int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - AES_VALIDATE_RET( ctx != NULL ); - AES_VALIDATE_RET( nc_off != NULL ); - AES_VALIDATE_RET( nonce_counter != NULL ); - AES_VALIDATE_RET( stream_block != NULL ); - AES_VALIDATE_RET( input != NULL ); - AES_VALIDATE_RET( output != NULL ); + AES_VALIDATE_RET(ctx != NULL); + AES_VALIDATE_RET(nc_off != NULL); + AES_VALIDATE_RET(nonce_counter != NULL); + AES_VALIDATE_RET(stream_block != NULL); + AES_VALIDATE_RET(input != NULL); + AES_VALIDATE_RET(output != NULL); n = *nc_off; - if ( n > 0x0F ) - return( MBEDTLS_ERR_AES_BAD_INPUT_DATA ); + if (n > 0x0F) + return (MBEDTLS_ERR_AES_BAD_INPUT_DATA); - while( length-- ) - { - if( n == 0 ) { - mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block ); + while (length--) { + if (n == 0) { + mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block); - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = 16; i > 0; i--) + if (++nonce_counter[i - 1] != 0) break; } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char)(c ^ stream_block[n]); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *nc_off = n; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ @@ -1479,45 +1437,65 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, * * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip */ -static const unsigned char aes_test_ecb_dec[3][16] = -{ - { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, - 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 }, - { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2, - 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 }, - { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D, - 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE } +static const unsigned char aes_test_ecb_dec[3][16] = { + { + 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58, + 0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 + }, + { + 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2, + 0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 + }, + { + 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D, + 0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE + } }; -static const unsigned char aes_test_ecb_enc[3][16] = -{ - { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73, - 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F }, - { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11, - 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 }, - { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D, - 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 } +static const unsigned char aes_test_ecb_enc[3][16] = { + { + 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73, + 0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F + }, + { + 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11, + 0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 + }, + { + 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D, + 0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 + } }; #if defined(MBEDTLS_CIPHER_MODE_CBC) -static const unsigned char aes_test_cbc_dec[3][16] = -{ - { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, - 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 }, - { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, - 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B }, - { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, - 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 } +static const unsigned char aes_test_cbc_dec[3][16] = { + { + 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73, + 0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 + }, + { + 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75, + 0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B + }, + { + 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75, + 0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 + } }; -static const unsigned char aes_test_cbc_enc[3][16] = -{ - { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84, - 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D }, - { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, - 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 }, - { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, - 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 } +static const unsigned char aes_test_cbc_enc[3][16] = { + { + 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84, + 0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D + }, + { + 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB, + 0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 + }, + { + 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5, + 0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 + } }; #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -1527,27 +1505,30 @@ static const unsigned char aes_test_cbc_enc[3][16] = * * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf */ -static const unsigned char aes_test_cfb128_key[3][32] = -{ - { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, - { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, - { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } +static const unsigned char aes_test_cfb128_key[3][32] = { + { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C + }, + { + 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B + }, + { + 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 + } }; -static const unsigned char aes_test_cfb128_iv[16] = -{ +static const unsigned char aes_test_cfb128_iv[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; -static const unsigned char aes_test_cfb128_pt[64] = -{ +static const unsigned char aes_test_cfb128_pt[64] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, @@ -1558,32 +1539,37 @@ static const unsigned char aes_test_cfb128_pt[64] = 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 }; -static const unsigned char aes_test_cfb128_ct[3][64] = -{ - { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, - 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, - 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F, - 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B, - 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40, - 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF, - 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E, - 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 }, - { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, - 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, - 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21, - 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A, - 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1, - 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9, - 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0, - 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF }, - { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, - 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, - 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8, - 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B, - 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92, - 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9, - 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8, - 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 } +static const unsigned char aes_test_cfb128_ct[3][64] = { + { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, + 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, + 0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F, + 0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B, + 0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40, + 0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF, + 0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E, + 0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 + }, + { + 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, + 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, + 0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21, + 0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A, + 0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1, + 0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9, + 0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0, + 0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF + }, + { + 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, + 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, + 0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8, + 0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B, + 0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92, + 0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9, + 0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8, + 0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 + } }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -1593,27 +1579,30 @@ static const unsigned char aes_test_cfb128_ct[3][64] = * * https://csrc.nist.gov/publications/detail/sp/800-38a/final */ -static const unsigned char aes_test_ofb_key[3][32] = -{ - { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }, - { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }, - { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } +static const unsigned char aes_test_ofb_key[3][32] = { + { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C + }, + { + 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B + }, + { + 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 + } }; -static const unsigned char aes_test_ofb_iv[16] = -{ +static const unsigned char aes_test_ofb_iv[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; -static const unsigned char aes_test_ofb_pt[64] = -{ +static const unsigned char aes_test_ofb_pt[64] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, @@ -1624,32 +1613,37 @@ static const unsigned char aes_test_ofb_pt[64] = 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 }; -static const unsigned char aes_test_ofb_ct[3][64] = -{ - { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, - 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, - 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, - 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25, - 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6, - 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc, - 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78, - 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e }, - { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, - 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, - 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, - 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01, - 0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f, - 0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2, - 0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e, - 0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a }, - { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, - 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, - 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, - 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d, - 0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed, - 0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08, - 0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8, - 0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84 } +static const unsigned char aes_test_ofb_ct[3][64] = { + { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, + 0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A, + 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, + 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25, + 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6, + 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc, + 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78, + 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e + }, + { + 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB, + 0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74, + 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, + 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01, + 0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f, + 0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2, + 0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e, + 0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a + }, + { + 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B, + 0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60, + 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, + 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d, + 0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed, + 0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08, + 0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8, + 0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84 + } }; #endif /* MBEDTLS_CIPHER_MODE_OFB */ @@ -1660,60 +1654,80 @@ static const unsigned char aes_test_ofb_ct[3][64] = * http://www.faqs.org/rfcs/rfc3686.html */ -static const unsigned char aes_test_ctr_key[3][16] = -{ - { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, - 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, - { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, - 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, - { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, - 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } +static const unsigned char aes_test_ctr_key[3][16] = { + { + 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, + 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E + }, + { + 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, + 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 + }, + { + 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, + 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC + } }; -static const unsigned char aes_test_ctr_nonce_counter[3][16] = -{ - { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, - 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, - { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, - 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } +static const unsigned char aes_test_ctr_nonce_counter[3][16] = { + { + 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + }, + { + 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, + 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 + }, + { + 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, + 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 + } }; -static const unsigned char aes_test_ctr_pt[3][48] = -{ - { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, - 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, +static const unsigned char aes_test_ctr_pt[3][48] = { + { + 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, + 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 + }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, - 0x20, 0x21, 0x22, 0x23 } + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x22, 0x23 + } }; -static const unsigned char aes_test_ctr_ct[3][48] = -{ - { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79, - 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 }, - { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9, - 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88, - 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8, - 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 }, - { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9, - 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7, - 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36, - 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53, - 0x25, 0xB2, 0x07, 0x2F } +static const unsigned char aes_test_ctr_ct[3][48] = { + { + 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79, + 0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 + }, + { + 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9, + 0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88, + 0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8, + 0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 + }, + { + 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9, + 0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7, + 0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36, + 0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53, + 0x25, 0xB2, 0x07, 0x2F + } }; static const int aes_test_ctr_len[3] = - { 16, 32, 36 }; +{ 16, 32, 36 }; #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -1724,62 +1738,82 @@ static const int aes_test_ctr_len[3] = * https://web.archive.org/web/20150629024421/http://grouper.ieee.org/groups/1619/email/pdf00086.pdf * (Archived from original at http://grouper.ieee.org/groups/1619/email/pdf00086.pdf) */ -static const unsigned char aes_test_xts_key[][32] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, - { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, - 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 }, +static const unsigned char aes_test_xts_key[][32] = { + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 + }, + { + 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, + 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 + }, }; -static const unsigned char aes_test_xts_pt32[][32] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, - { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, - 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 }, +static const unsigned char aes_test_xts_pt32[][32] = { + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + { + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 + }, + { + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 + }, }; -static const unsigned char aes_test_xts_ct32[][32] = -{ - { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, - 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, - 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, - 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e }, - { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, - 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, - 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, - 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 }, - { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, - 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, - 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, - 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 }, +static const unsigned char aes_test_xts_ct32[][32] = { + { + 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec, + 0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92, + 0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85, + 0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e + }, + { + 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e, + 0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b, + 0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4, + 0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 + }, + { + 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a, + 0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2, + 0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53, + 0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 + }, }; -static const unsigned char aes_test_xts_data_unit[][16] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, +static const unsigned char aes_test_xts_data_unit[][16] = { + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + { + 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + { + 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, }; #endif /* MBEDTLS_CIPHER_MODE_XTS */ @@ -1787,8 +1821,7 @@ static const unsigned char aes_test_xts_data_unit[][16] = /* * Checkup routine */ -int mbedtls_aes_self_test( int verbose ) -{ +int mbedtls_aes_self_test(int verbose) { int ret = 0, i, j, u, mode; unsigned int keybits; unsigned char key[32]; @@ -1813,32 +1846,28 @@ int mbedtls_aes_self_test( int verbose ) #endif mbedtls_aes_context ctx; - memset( key, 0, 32 ); - mbedtls_aes_init( &ctx ); + memset(key, 0, 32); + mbedtls_aes_init(&ctx); /* * ECB mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-ECB-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-ECB-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); - memset( buf, 0, 16 ); + memset(buf, 0, 16); - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + if (mode == MBEDTLS_AES_DECRYPT) { + ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_ecb_dec[u]; - } - else - { - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + } else { + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); aes_tests = aes_test_ecb_enc[u]; } @@ -1847,62 +1876,53 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - for( j = 0; j < 10000; j++ ) - { - ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf ); - if( ret != 0 ) + for (j = 0; j < 10000; j++) { + ret = mbedtls_aes_crypt_ecb(&ctx, mode, buf, buf); + if (ret != 0) goto exit; } - if( memcmp( buf, aes_tests, 16 ) != 0 ) - { + if (memcmp(buf, aes_tests, 16) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * CBC mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-CBC-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-CBC-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); - memset( iv , 0, 16 ); - memset( prv, 0, 16 ); - memset( buf, 0, 16 ); + memset(iv, 0, 16); + memset(prv, 0, 16); + memset(buf, 0, 16); - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + if (mode == MBEDTLS_AES_DECRYPT) { + ret = mbedtls_aes_setkey_dec(&ctx, key, keybits); aes_tests = aes_test_cbc_dec[u]; - } - else - { - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + } else { + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); aes_tests = aes_test_cbc_enc[u]; } @@ -1911,301 +1931,269 @@ int mbedtls_aes_self_test( int verbose ) * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - for( j = 0; j < 10000; j++ ) - { - if( mode == MBEDTLS_AES_ENCRYPT ) - { + for (j = 0; j < 10000; j++) { + if (mode == MBEDTLS_AES_ENCRYPT) { unsigned char tmp[16]; - memcpy( tmp, prv, 16 ); - memcpy( prv, buf, 16 ); - memcpy( buf, tmp, 16 ); + memcpy(tmp, prv, 16); + memcpy(prv, buf, 16); + memcpy(buf, tmp, 16); } - ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_cbc(&ctx, mode, 16, iv, buf, buf); + if (ret != 0) goto exit; } - if( memcmp( buf, aes_tests, 16 ) != 0 ) - { + if (memcmp(buf, aes_tests, 16) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) /* * CFB128 mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-CFB128-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-CFB128-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); - memcpy( iv, aes_test_cfb128_iv, 16 ); - memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); + memcpy(iv, aes_test_cfb128_iv, 16); + memcpy(key, aes_test_cfb128_key[u], keybits / 8); offset = 0; - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); /* * AES-192 is an optional feature that may be unavailable when * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_cfb128_ct[u], 64 ); + if (mode == MBEDTLS_AES_DECRYPT) { + memcpy(buf, aes_test_cfb128_ct[u], 64); aes_tests = aes_test_cfb128_pt; - } - else - { - memcpy( buf, aes_test_cfb128_pt, 64 ); + } else { + memcpy(buf, aes_test_cfb128_pt, 64); aes_tests = aes_test_cfb128_ct[u]; } - ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_cfb128(&ctx, mode, 64, &offset, iv, buf, buf); + if (ret != 0) goto exit; - if( memcmp( buf, aes_tests, 64 ) != 0 ) - { + if (memcmp(buf, aes_tests, 64) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) /* * OFB mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; keybits = 128 + u * 64; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-OFB-%3u (%s): ", keybits, - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-OFB-%3u (%s): ", keybits, + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); - memcpy( iv, aes_test_ofb_iv, 16 ); - memcpy( key, aes_test_ofb_key[u], keybits / 8 ); + memcpy(iv, aes_test_ofb_iv, 16); + memcpy(key, aes_test_ofb_key[u], keybits / 8); offset = 0; - ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + ret = mbedtls_aes_setkey_enc(&ctx, key, keybits); /* * AES-192 is an optional feature that may be unavailable when * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192) { + mbedtls_printf("skipped\n"); continue; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_ofb_ct[u], 64 ); + if (mode == MBEDTLS_AES_DECRYPT) { + memcpy(buf, aes_test_ofb_ct[u], 64); aes_tests = aes_test_ofb_pt; - } - else - { - memcpy( buf, aes_test_ofb_pt, 64 ); + } else { + memcpy(buf, aes_test_ofb_pt, 64); aes_tests = aes_test_ofb_ct[u]; } - ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ofb(&ctx, 64, &offset, iv, buf, buf); + if (ret != 0) goto exit; - if( memcmp( buf, aes_tests, 64 ) != 0 ) - { + if (memcmp(buf, aes_tests, 64) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * CTR mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-CTR-128 (%s): ", - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-CTR-128 (%s): ", + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); - memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); - memcpy( key, aes_test_ctr_key[u], 16 ); + memcpy(nonce_counter, aes_test_ctr_nonce_counter[u], 16); + memcpy(key, aes_test_ctr_key[u], 16); offset = 0; - if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 ) + if ((ret = mbedtls_aes_setkey_enc(&ctx, key, 128)) != 0) goto exit; len = aes_test_ctr_len[u]; - if( mode == MBEDTLS_AES_DECRYPT ) - { - memcpy( buf, aes_test_ctr_ct[u], len ); + if (mode == MBEDTLS_AES_DECRYPT) { + memcpy(buf, aes_test_ctr_ct[u], len); aes_tests = aes_test_ctr_pt[u]; - } - else - { - memcpy( buf, aes_test_ctr_pt[u], len ); + } else { + memcpy(buf, aes_test_ctr_pt[u], len); aes_tests = aes_test_ctr_ct[u]; } - ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, - stream_block, buf, buf ); - if( ret != 0 ) + ret = mbedtls_aes_crypt_ctr(&ctx, len, &offset, nonce_counter, + stream_block, buf, buf); + if (ret != 0) goto exit; - if( memcmp( buf, aes_tests, len ) != 0 ) - { + if (memcmp(buf, aes_tests, len) != 0) { ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) { - static const int num_tests = - sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key); - mbedtls_aes_xts_context ctx_xts; + static const int num_tests = + sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key); + mbedtls_aes_xts_context ctx_xts; - /* - * XTS mode - */ - mbedtls_aes_xts_init( &ctx_xts ); + /* + * XTS mode + */ + mbedtls_aes_xts_init(&ctx_xts); - for( i = 0; i < num_tests << 1; i++ ) - { - const unsigned char *data_unit; - u = i >> 1; - mode = i & 1; + for (i = 0; i < num_tests << 1; i++) { + const unsigned char *data_unit; + u = i >> 1; + mode = i & 1; - if( verbose != 0 ) - mbedtls_printf( " AES-XTS-128 (%s): ", - ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-XTS-128 (%s): ", + (mode == MBEDTLS_AES_DECRYPT) ? "dec" : "enc"); - memset( key, 0, sizeof( key ) ); - memcpy( key, aes_test_xts_key[u], 32 ); - data_unit = aes_test_xts_data_unit[u]; + memset(key, 0, sizeof(key)); + memcpy(key, aes_test_xts_key[u], 32); + data_unit = aes_test_xts_data_unit[u]; - len = sizeof( *aes_test_xts_ct32 ); + len = sizeof(*aes_test_xts_ct32); - if( mode == MBEDTLS_AES_DECRYPT ) - { - ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 ); - if( ret != 0) + if (mode == MBEDTLS_AES_DECRYPT) { + ret = mbedtls_aes_xts_setkey_dec(&ctx_xts, key, 256); + if (ret != 0) + goto exit; + memcpy(buf, aes_test_xts_ct32[u], len); + aes_tests = aes_test_xts_pt32[u]; + } else { + ret = mbedtls_aes_xts_setkey_enc(&ctx_xts, key, 256); + if (ret != 0) + goto exit; + memcpy(buf, aes_test_xts_pt32[u], len); + aes_tests = aes_test_xts_ct32[u]; + } + + + ret = mbedtls_aes_crypt_xts(&ctx_xts, mode, len, data_unit, + buf, buf); + if (ret != 0) goto exit; - memcpy( buf, aes_test_xts_ct32[u], len ); - aes_tests = aes_test_xts_pt32[u]; - } - else - { - ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 ); - if( ret != 0) + + if (memcmp(buf, aes_tests, len) != 0) { + ret = 1; goto exit; - memcpy( buf, aes_test_xts_pt32[u], len ); - aes_tests = aes_test_xts_ct32[u]; + } + + if (verbose != 0) + mbedtls_printf("passed\n"); } + if (verbose != 0) + mbedtls_printf("\n"); - ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit, - buf, buf ); - if( ret != 0 ) - goto exit; - - if( memcmp( buf, aes_tests, len ) != 0 ) - { - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - mbedtls_aes_xts_free( &ctx_xts ); + mbedtls_aes_xts_free(&ctx_xts); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ ret = 0; exit: - if( ret != 0 && verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0 && verbose != 0) + mbedtls_printf("failed\n"); - mbedtls_aes_free( &ctx ); + mbedtls_aes_free(&ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/aes.h b/common/mbedtls/aes.h index 052f47c9d..0ca3a20db 100644 --- a/common/mbedtls/aes.h +++ b/common/mbedtls/aes.h @@ -82,8 +82,7 @@ extern "C" { /** * \brief The AES context-type definition. */ -typedef struct mbedtls_aes_context -{ +typedef struct mbedtls_aes_context { int nr; /*!< The number of rounds. */ uint32_t *rk; /*!< AES round keys. */ uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can @@ -101,8 +100,7 @@ mbedtls_aes_context; /** * \brief The AES XTS context-type definition. */ -typedef struct mbedtls_aes_xts_context -{ +typedef struct mbedtls_aes_xts_context { mbedtls_aes_context crypt; /*!< The AES context to use for AES block encryption or decryption. */ mbedtls_aes_context tweak; /*!< The AES context used for tweak @@ -122,7 +120,7 @@ typedef struct mbedtls_aes_xts_context * * \param ctx The AES context to initialize. This must not be \c NULL. */ -void mbedtls_aes_init( mbedtls_aes_context *ctx ); +void mbedtls_aes_init(mbedtls_aes_context *ctx); /** * \brief This function releases and clears the specified AES context. @@ -131,7 +129,7 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx ); * If this is \c NULL, this function does nothing. * Otherwise, the context must have been at least initialized. */ -void mbedtls_aes_free( mbedtls_aes_context *ctx ); +void mbedtls_aes_free(mbedtls_aes_context *ctx); #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -142,7 +140,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx ); * * \param ctx The AES XTS context to initialize. This must not be \c NULL. */ -void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); +void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx); /** * \brief This function releases and clears the specified AES XTS context. @@ -151,7 +149,7 @@ void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx ); * If this is \c NULL, this function does nothing. * Otherwise, the context must have been at least initialized. */ -void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); +void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx); #endif /* MBEDTLS_CIPHER_MODE_XTS */ /** @@ -169,8 +167,8 @@ void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx ); * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ -int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits); /** * \brief This function sets the decryption key. @@ -187,8 +185,8 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key, * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ -int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, + unsigned int keybits); #if defined(MBEDTLS_CIPHER_MODE_XTS) /** @@ -207,9 +205,9 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key, * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ -int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief This function prepares an XTS context for decryption and @@ -227,9 +225,9 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure. */ -int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx, + const unsigned char *key, + unsigned int keybits); #endif /* MBEDTLS_CIPHER_MODE_XTS */ /** @@ -255,10 +253,10 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, * \return \c 0 on success. */ -int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -302,12 +300,12 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH * on failure. */ -int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -346,12 +344,12 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, * smaller than an AES block in size (16 Bytes) or if \p * length is larger than 2^20 blocks (16 MiB). */ -int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, - int mode, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx, + int mode, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -394,13 +392,13 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, * * \return \c 0 on success. */ -int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); /** * \brief This function performs an AES-CFB8 encryption or decryption @@ -438,12 +436,12 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ -int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /*MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) @@ -492,12 +490,12 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ -int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_OFB */ @@ -578,13 +576,13 @@ int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ -int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ /** @@ -598,9 +596,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ -int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Internal AES block decryption function. This is only @@ -613,9 +611,9 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, * * \return \c 0 on success. */ -int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -633,9 +631,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block. * \param output Output (ciphertext) block. */ -MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Deprecated internal AES block decryption function @@ -647,9 +645,9 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * \param input Ciphertext block. * \param output Output (plaintext) block. */ -MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt(mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -662,7 +660,7 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_aes_self_test( int verbose ); +int mbedtls_aes_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/aesni.c b/common/mbedtls/aesni.c index 996292ff6..7a89a298b 100644 --- a/common/mbedtls/aesni.c +++ b/common/mbedtls/aesni.c @@ -45,22 +45,20 @@ /* * AES-NI support detection routine */ -int mbedtls_aesni_has_support( unsigned int what ) -{ +int mbedtls_aesni_has_support(unsigned int what) { static int done = 0; static unsigned int c = 0; - if( ! done ) - { - asm( "movl $1, %%eax \n\t" - "cpuid \n\t" - : "=c" (c) - : - : "eax", "ebx", "edx" ); + if (! done) { + asm("movl $1, %%eax \n\t" + "cpuid \n\t" + : "=c"(c) + : + : "eax", "ebx", "edx"); done = 1; } - return( ( c & what ) != 0 ); + return ((c & what) != 0); } /* @@ -92,155 +90,152 @@ int mbedtls_aesni_has_support( unsigned int what ) /* * AES-NI AES-ECB block en(de)cryption */ -int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ - asm( "movdqu (%3), %%xmm0 \n\t" // load input - "movdqu (%1), %%xmm1 \n\t" // load round key 0 - "pxor %%xmm1, %%xmm0 \n\t" // round 0 - "add $16, %1 \n\t" // point to next round key - "subl $1, %0 \n\t" // normal rounds = nr - 1 - "test %2, %2 \n\t" // mode? - "jz 2f \n\t" // 0 = decrypt +int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { + asm("movdqu (%3), %%xmm0 \n\t" // load input + "movdqu (%1), %%xmm1 \n\t" // load round key 0 + "pxor %%xmm1, %%xmm0 \n\t" // round 0 + "add $16, %1 \n\t" // point to next round key + "subl $1, %0 \n\t" // normal rounds = nr - 1 + "test %2, %2 \n\t" // mode? + "jz 2f \n\t" // 0 = decrypt - "1: \n\t" // encryption loop - "movdqu (%1), %%xmm1 \n\t" // load round key - AESENC xmm1_xmm0 "\n\t" // do round - "add $16, %1 \n\t" // point to next round key - "subl $1, %0 \n\t" // loop - "jnz 1b \n\t" - "movdqu (%1), %%xmm1 \n\t" // load round key - AESENCLAST xmm1_xmm0 "\n\t" // last round - "jmp 3f \n\t" + "1: \n\t" // encryption loop + "movdqu (%1), %%xmm1 \n\t" // load round key + AESENC xmm1_xmm0 "\n\t" // do round + "add $16, %1 \n\t" // point to next round key + "subl $1, %0 \n\t" // loop + "jnz 1b \n\t" + "movdqu (%1), %%xmm1 \n\t" // load round key + AESENCLAST xmm1_xmm0 "\n\t" // last round + "jmp 3f \n\t" - "2: \n\t" // decryption loop - "movdqu (%1), %%xmm1 \n\t" - AESDEC xmm1_xmm0 "\n\t" // do round - "add $16, %1 \n\t" - "subl $1, %0 \n\t" - "jnz 2b \n\t" - "movdqu (%1), %%xmm1 \n\t" // load round key - AESDECLAST xmm1_xmm0 "\n\t" // last round + "2: \n\t" // decryption loop + "movdqu (%1), %%xmm1 \n\t" + AESDEC xmm1_xmm0 "\n\t" // do round + "add $16, %1 \n\t" + "subl $1, %0 \n\t" + "jnz 2b \n\t" + "movdqu (%1), %%xmm1 \n\t" // load round key + AESDECLAST xmm1_xmm0 "\n\t" // last round - "3: \n\t" - "movdqu %%xmm0, (%4) \n\t" // export output - : - : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output) - : "memory", "cc", "xmm0", "xmm1" ); + "3: \n\t" + "movdqu %%xmm0, (%4) \n\t" // export output + : + : "r"(ctx->nr), "r"(ctx->rk), "r"(mode), "r"(input), "r"(output) + : "memory", "cc", "xmm0", "xmm1"); - return( 0 ); + return (0); } /* * GCM multiplication: c = a times b in GF(2^128) * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5. */ -void mbedtls_aesni_gcm_mult( unsigned char c[16], - const unsigned char a[16], - const unsigned char b[16] ) -{ +void mbedtls_aesni_gcm_mult(unsigned char c[16], + const unsigned char a[16], + const unsigned char b[16]) { unsigned char aa[16], bb[16], cc[16]; size_t i; /* The inputs are in big-endian order, so byte-reverse them */ - for( i = 0; i < 16; i++ ) - { + for (i = 0; i < 16; i++) { aa[i] = a[15 - i]; bb[i] = b[15 - i]; } - asm( "movdqu (%0), %%xmm0 \n\t" // a1:a0 - "movdqu (%1), %%xmm1 \n\t" // b1:b0 + asm("movdqu (%0), %%xmm0 \n\t" // a1:a0 + "movdqu (%1), %%xmm1 \n\t" // b1:b0 - /* - * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1 - * using [CLMUL-WP] algorithm 1 (p. 13). - */ - "movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0 - "movdqa %%xmm1, %%xmm3 \n\t" // same - "movdqa %%xmm1, %%xmm4 \n\t" // same - PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0 - PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0 - PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0 - PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0 - "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0 - "movdqa %%xmm4, %%xmm3 \n\t" // same - "psrldq $8, %%xmm4 \n\t" // 0:e1+f1 - "pslldq $8, %%xmm3 \n\t" // e0+f0:0 - "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1 - "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0 + /* + * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1 + * using [CLMUL-WP] algorithm 1 (p. 13). + */ + "movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0 + "movdqa %%xmm1, %%xmm3 \n\t" // same + "movdqa %%xmm1, %%xmm4 \n\t" // same + PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0 + PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0 + PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0 + PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0 + "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0 + "movdqa %%xmm4, %%xmm3 \n\t" // same + "psrldq $8, %%xmm4 \n\t" // 0:e1+f1 + "pslldq $8, %%xmm3 \n\t" // e0+f0:0 + "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1 + "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0 - /* - * Now shift the result one bit to the left, - * taking advantage of [CLMUL-WP] eq 27 (p. 20) - */ - "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0 - "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2 - "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1 - "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1 - "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63 - "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63 - "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63 - "pslldq $8, %%xmm3 \n\t" // r0>>63:0 - "pslldq $8, %%xmm4 \n\t" // r2>>63:0 - "psrldq $8, %%xmm5 \n\t" // 0:r1>>63 - "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1 - "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1 - "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63 + /* + * Now shift the result one bit to the left, + * taking advantage of [CLMUL-WP] eq 27 (p. 20) + */ + "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0 + "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2 + "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1 + "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1 + "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63 + "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63 + "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63 + "pslldq $8, %%xmm3 \n\t" // r0>>63:0 + "pslldq $8, %%xmm4 \n\t" // r2>>63:0 + "psrldq $8, %%xmm5 \n\t" // 0:r1>>63 + "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1 + "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1 + "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63 - /* - * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1 - * using [CLMUL-WP] algorithm 5 (p. 20). - * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted). - */ - /* Step 2 (1) */ - "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0 - "movdqa %%xmm1, %%xmm4 \n\t" // same - "movdqa %%xmm1, %%xmm5 \n\t" // same - "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a - "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b - "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c + /* + * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1 + * using [CLMUL-WP] algorithm 5 (p. 20). + * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted). + */ + /* Step 2 (1) */ + "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0 + "movdqa %%xmm1, %%xmm4 \n\t" // same + "movdqa %%xmm1, %%xmm5 \n\t" // same + "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a + "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b + "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c - /* Step 2 (2) */ - "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b - "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c - "pslldq $8, %%xmm3 \n\t" // a+b+c:0 - "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0 + /* Step 2 (2) */ + "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b + "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c + "pslldq $8, %%xmm3 \n\t" // a+b+c:0 + "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0 - /* Steps 3 and 4 */ - "movdqa %%xmm1,%%xmm0 \n\t" // d:x0 - "movdqa %%xmm1,%%xmm4 \n\t" // same - "movdqa %%xmm1,%%xmm5 \n\t" // same - "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0' - "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0' - "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0' - "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0' - "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0' - // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing - // bits carried from d. Now get those\t bits back in. - "movdqa %%xmm1,%%xmm3 \n\t" // d:x0 - "movdqa %%xmm1,%%xmm4 \n\t" // same - "movdqa %%xmm1,%%xmm5 \n\t" // same - "psllq $63, %%xmm3 \n\t" // d<<63:stuff - "psllq $62, %%xmm4 \n\t" // d<<62:stuff - "psllq $57, %%xmm5 \n\t" // d<<57:stuff - "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff - "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff - "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d - "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0 - "pxor %%xmm1, %%xmm0 \n\t" // h1:h0 - "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0 + /* Steps 3 and 4 */ + "movdqa %%xmm1,%%xmm0 \n\t" // d:x0 + "movdqa %%xmm1,%%xmm4 \n\t" // same + "movdqa %%xmm1,%%xmm5 \n\t" // same + "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0' + "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0' + "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0' + "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0' + "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0' + // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing + // bits carried from d. Now get those\t bits back in. + "movdqa %%xmm1,%%xmm3 \n\t" // d:x0 + "movdqa %%xmm1,%%xmm4 \n\t" // same + "movdqa %%xmm1,%%xmm5 \n\t" // same + "psllq $63, %%xmm3 \n\t" // d<<63:stuff + "psllq $62, %%xmm4 \n\t" // d<<62:stuff + "psllq $57, %%xmm5 \n\t" // d<<57:stuff + "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff + "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff + "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d + "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0 + "pxor %%xmm1, %%xmm0 \n\t" // h1:h0 + "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0 - "movdqu %%xmm0, (%2) \n\t" // done - : - : "r" (aa), "r" (bb), "r" (cc) - : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" ); + "movdqu %%xmm0, (%2) \n\t" // done + : + : "r"(aa), "r"(bb), "r"(cc) + : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5"); /* Now byte-reverse the outputs */ - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) c[i] = cc[15 - i]; return; @@ -249,214 +244,215 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], /* * Compute decryption round keys from encryption round keys */ -void mbedtls_aesni_inverse_key( unsigned char *invkey, - const unsigned char *fwdkey, int nr ) -{ +void mbedtls_aesni_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, int nr) { unsigned char *ik = invkey; const unsigned char *fk = fwdkey + 16 * nr; - memcpy( ik, fk, 16 ); + memcpy(ik, fk, 16); - for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 ) - asm( "movdqu (%0), %%xmm0 \n\t" - AESIMC xmm0_xmm0 "\n\t" - "movdqu %%xmm0, (%1) \n\t" - : - : "r" (fk), "r" (ik) - : "memory", "xmm0" ); + for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) + asm("movdqu (%0), %%xmm0 \n\t" + AESIMC xmm0_xmm0 "\n\t" + "movdqu %%xmm0, (%1) \n\t" + : + : "r"(fk), "r"(ik) + : "memory", "xmm0"); - memcpy( ik, fk, 16 ); + memcpy(ik, fk, 16); } /* * Key expansion, 128-bit case */ -static void aesni_setkey_enc_128( unsigned char *rk, - const unsigned char *key ) -{ - asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key - "movdqu %%xmm0, (%0) \n\t" // as round key 0 - "jmp 2f \n\t" // skip auxiliary routine +static void aesni_setkey_enc_128(unsigned char *rk, + const unsigned char *key) { + asm("movdqu (%1), %%xmm0 \n\t" // copy the original key + "movdqu %%xmm0, (%0) \n\t" // as round key 0 + "jmp 2f \n\t" // skip auxiliary routine - /* - * Finish generating the next round key. - * - * On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff - * with X = rot( sub( r3 ) ) ^ RCON. - * - * On exit, xmm0 is r7:r6:r5:r4 - * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3 - * and those are written to the round key buffer. - */ - "1: \n\t" - "pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X - "pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4 - "pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0 - "pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4 - "pslldq $4, %%xmm0 \n\t" // etc - "pxor %%xmm0, %%xmm1 \n\t" - "pslldq $4, %%xmm0 \n\t" - "pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time! - "add $16, %0 \n\t" // point to next round key - "movdqu %%xmm0, (%0) \n\t" // write it - "ret \n\t" + /* + * Finish generating the next round key. + * + * On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff + * with X = rot( sub( r3 ) ) ^ RCON. + * + * On exit, xmm0 is r7:r6:r5:r4 + * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3 + * and those are written to the round key buffer. + */ + "1: \n\t" + "pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X + "pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4 + "pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0 + "pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4 + "pslldq $4, %%xmm0 \n\t" // etc + "pxor %%xmm0, %%xmm1 \n\t" + "pslldq $4, %%xmm0 \n\t" + "pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time! + "add $16, %0 \n\t" // point to next round key + "movdqu %%xmm0, (%0) \n\t" // write it + "ret \n\t" - /* Main "loop" */ - "2: \n\t" - AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t" - AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t" - : - : "r" (rk), "r" (key) - : "memory", "cc", "0" ); + /* Main "loop" */ + "2: \n\t" + AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t" + AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t" + : + : "r"(rk), "r"(key) + : "memory", "cc", "0"); } /* * Key expansion, 192-bit case */ -static void aesni_setkey_enc_192( unsigned char *rk, - const unsigned char *key ) -{ - asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key - "movdqu %%xmm0, (%0) \n\t" - "add $16, %0 \n\t" - "movq 16(%1), %%xmm1 \n\t" - "movq %%xmm1, (%0) \n\t" - "add $8, %0 \n\t" - "jmp 2f \n\t" // skip auxiliary routine +static void aesni_setkey_enc_192(unsigned char *rk, + const unsigned char *key) { + asm("movdqu (%1), %%xmm0 \n\t" // copy original round key + "movdqu %%xmm0, (%0) \n\t" + "add $16, %0 \n\t" + "movq 16(%1), %%xmm1 \n\t" + "movq %%xmm1, (%0) \n\t" + "add $8, %0 \n\t" + "jmp 2f \n\t" // skip auxiliary routine - /* - * Finish generating the next 6 quarter-keys. - * - * On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4 - * and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON. - * - * On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10 - * and those are written to the round key buffer. - */ - "1: \n\t" - "pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X - "pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4 - "pslldq $4, %%xmm0 \n\t" // etc - "pxor %%xmm0, %%xmm2 \n\t" - "pslldq $4, %%xmm0 \n\t" - "pxor %%xmm0, %%xmm2 \n\t" - "pslldq $4, %%xmm0 \n\t" - "pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6 - "movdqu %%xmm0, (%0) \n\t" - "add $16, %0 \n\t" - "pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9 - "pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10 - "pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0 - "pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10 - "movq %%xmm1, (%0) \n\t" - "add $8, %0 \n\t" - "ret \n\t" + /* + * Finish generating the next 6 quarter-keys. + * + * On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4 + * and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON. + * + * On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10 + * and those are written to the round key buffer. + */ + "1: \n\t" + "pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X + "pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4 + "pslldq $4, %%xmm0 \n\t" // etc + "pxor %%xmm0, %%xmm2 \n\t" + "pslldq $4, %%xmm0 \n\t" + "pxor %%xmm0, %%xmm2 \n\t" + "pslldq $4, %%xmm0 \n\t" + "pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6 + "movdqu %%xmm0, (%0) \n\t" + "add $16, %0 \n\t" + "pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9 + "pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10 + "pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0 + "pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10 + "movq %%xmm1, (%0) \n\t" + "add $8, %0 \n\t" + "ret \n\t" - "2: \n\t" - AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t" + "2: \n\t" + AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t" - : - : "r" (rk), "r" (key) - : "memory", "cc", "0" ); + : + : "r"(rk), "r"(key) + : "memory", "cc", "0"); } /* * Key expansion, 256-bit case */ -static void aesni_setkey_enc_256( unsigned char *rk, - const unsigned char *key ) -{ - asm( "movdqu (%1), %%xmm0 \n\t" - "movdqu %%xmm0, (%0) \n\t" - "add $16, %0 \n\t" - "movdqu 16(%1), %%xmm1 \n\t" - "movdqu %%xmm1, (%0) \n\t" - "jmp 2f \n\t" // skip auxiliary routine +static void aesni_setkey_enc_256(unsigned char *rk, + const unsigned char *key) { + asm("movdqu (%1), %%xmm0 \n\t" + "movdqu %%xmm0, (%0) \n\t" + "add $16, %0 \n\t" + "movdqu 16(%1), %%xmm1 \n\t" + "movdqu %%xmm1, (%0) \n\t" + "jmp 2f \n\t" // skip auxiliary routine - /* - * Finish generating the next two round keys. - * - * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and - * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON - * - * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12 - * and those have been written to the output buffer. - */ - "1: \n\t" - "pshufd $0xff, %%xmm2, %%xmm2 \n\t" - "pxor %%xmm0, %%xmm2 \n\t" - "pslldq $4, %%xmm0 \n\t" - "pxor %%xmm0, %%xmm2 \n\t" - "pslldq $4, %%xmm0 \n\t" - "pxor %%xmm0, %%xmm2 \n\t" - "pslldq $4, %%xmm0 \n\t" - "pxor %%xmm2, %%xmm0 \n\t" - "add $16, %0 \n\t" - "movdqu %%xmm0, (%0) \n\t" + /* + * Finish generating the next two round keys. + * + * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and + * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON + * + * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12 + * and those have been written to the output buffer. + */ + "1: \n\t" + "pshufd $0xff, %%xmm2, %%xmm2 \n\t" + "pxor %%xmm0, %%xmm2 \n\t" + "pslldq $4, %%xmm0 \n\t" + "pxor %%xmm0, %%xmm2 \n\t" + "pslldq $4, %%xmm0 \n\t" + "pxor %%xmm0, %%xmm2 \n\t" + "pslldq $4, %%xmm0 \n\t" + "pxor %%xmm2, %%xmm0 \n\t" + "add $16, %0 \n\t" + "movdqu %%xmm0, (%0) \n\t" - /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 ) - * and proceed to generate next round key from there */ - AESKEYGENA xmm0_xmm2 ",0x00 \n\t" - "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" - "pxor %%xmm1, %%xmm2 \n\t" - "pslldq $4, %%xmm1 \n\t" - "pxor %%xmm1, %%xmm2 \n\t" - "pslldq $4, %%xmm1 \n\t" - "pxor %%xmm1, %%xmm2 \n\t" - "pslldq $4, %%xmm1 \n\t" - "pxor %%xmm2, %%xmm1 \n\t" - "add $16, %0 \n\t" - "movdqu %%xmm1, (%0) \n\t" - "ret \n\t" + /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 ) + * and proceed to generate next round key from there */ + AESKEYGENA xmm0_xmm2 ",0x00 \n\t" + "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" + "pxor %%xmm1, %%xmm2 \n\t" + "pslldq $4, %%xmm1 \n\t" + "pxor %%xmm1, %%xmm2 \n\t" + "pslldq $4, %%xmm1 \n\t" + "pxor %%xmm1, %%xmm2 \n\t" + "pslldq $4, %%xmm1 \n\t" + "pxor %%xmm2, %%xmm1 \n\t" + "add $16, %0 \n\t" + "movdqu %%xmm1, (%0) \n\t" + "ret \n\t" - /* - * Main "loop" - Generating one more key than necessary, - * see definition of mbedtls_aes_context.buf - */ - "2: \n\t" - AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" - AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" - : - : "r" (rk), "r" (key) - : "memory", "cc", "0" ); + /* + * Main "loop" - Generating one more key than necessary, + * see definition of mbedtls_aes_context.buf + */ + "2: \n\t" + AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" + AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" + : + : "r"(rk), "r"(key) + : "memory", "cc", "0"); } /* * Key expansion, wrapper */ -int mbedtls_aesni_setkey_enc( unsigned char *rk, - const unsigned char *key, - size_t bits ) -{ - switch( bits ) - { - case 128: aesni_setkey_enc_128( rk, key ); break; - case 192: aesni_setkey_enc_192( rk, key ); break; - case 256: aesni_setkey_enc_256( rk, key ); break; - default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); +int mbedtls_aesni_setkey_enc(unsigned char *rk, + const unsigned char *key, + size_t bits) { + switch (bits) { + case 128: + aesni_setkey_enc_128(rk, key); + break; + case 192: + aesni_setkey_enc_192(rk, key); + break; + case 256: + aesni_setkey_enc_256(rk, key); + break; + default : + return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); } - return( 0 ); + return (0); } #endif /* MBEDTLS_HAVE_X86_64 */ diff --git a/common/mbedtls/aesni.h b/common/mbedtls/aesni.h index c1d22f59a..ea2c6b85f 100644 --- a/common/mbedtls/aesni.h +++ b/common/mbedtls/aesni.h @@ -59,7 +59,7 @@ extern "C" { * * \return 1 if CPU has support for the feature, 0 otherwise */ -int mbedtls_aesni_has_support( unsigned int what ); +int mbedtls_aesni_has_support(unsigned int what); /** * \brief Internal AES-NI AES-ECB block encryption and decryption @@ -74,10 +74,10 @@ int mbedtls_aesni_has_support( unsigned int what ); * * \return 0 on success (cannot fail) */ -int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Internal GCM multiplication: c = a * b in GF(2^128) @@ -92,9 +92,9 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, * \note Both operands and result are bit strings interpreted as * elements of GF(2^128) as per the GCM spec. */ -void mbedtls_aesni_gcm_mult( unsigned char c[16], - const unsigned char a[16], - const unsigned char b[16] ); +void mbedtls_aesni_gcm_mult(unsigned char c[16], + const unsigned char a[16], + const unsigned char b[16]); /** * \brief Internal round key inversion. This function computes @@ -107,9 +107,9 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16], * \param fwdkey Original round keys (for encryption) * \param nr Number of rounds (that is, number of round keys minus one) */ -void mbedtls_aesni_inverse_key( unsigned char *invkey, - const unsigned char *fwdkey, - int nr ); +void mbedtls_aesni_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, + int nr); /** * \brief Internal key expansion for encryption @@ -123,9 +123,9 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey, * * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH */ -int mbedtls_aesni_setkey_enc( unsigned char *rk, - const unsigned char *key, - size_t bits ); +int mbedtls_aesni_setkey_enc(unsigned char *rk, + const unsigned char *key, + size_t bits); #ifdef __cplusplus } diff --git a/common/mbedtls/arc4.c b/common/mbedtls/arc4.c index b34dc5e75..9a7cfff6f 100644 --- a/common/mbedtls/arc4.c +++ b/common/mbedtls/arc4.c @@ -42,25 +42,22 @@ #if !defined(MBEDTLS_ARC4_ALT) -void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); +void mbedtls_arc4_init(mbedtls_arc4_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_arc4_context)); } -void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_arc4_free(mbedtls_arc4_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_arc4_context)); } /* * ARC4 key schedule */ -void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, - unsigned int keylen ) -{ +void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key, + unsigned int keylen) { int i, j, a; unsigned int k; unsigned char *m; @@ -69,17 +66,16 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, ctx->y = 0; m = ctx->m; - for( i = 0; i < 256; i++ ) + for (i = 0; i < 256; i++) m[i] = (unsigned char) i; j = k = 0; - for( i = 0; i < 256; i++, k++ ) - { - if( k >= keylen ) k = 0; + for (i = 0; i < 256; i++, k++) { + if (k >= keylen) k = 0; a = m[i]; - j = ( j + a + key[k] ) & 0xFF; + j = (j + a + key[k]) & 0xFF; m[i] = m[j]; m[j] = (unsigned char) a; } @@ -88,9 +84,8 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, /* * ARC4 cipher function */ -int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, + unsigned char *output) { int x, y, a, b; size_t i; unsigned char *m; @@ -99,22 +94,23 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned y = ctx->y; m = ctx->m; - for( i = 0; i < length; i++ ) - { - x = ( x + 1 ) & 0xFF; a = m[x]; - y = ( y + a ) & 0xFF; b = m[y]; + for (i = 0; i < length; i++) { + x = (x + 1) & 0xFF; + a = m[x]; + y = (y + a) & 0xFF; + b = m[y]; m[x] = (unsigned char) b; m[y] = (unsigned char) a; output[i] = (unsigned char) - ( input[i] ^ m[(unsigned char)( a + b )] ); + (input[i] ^ m[(unsigned char)(a + b)]); } ctx->x = x; ctx->y = y; - return( 0 ); + return (0); } #endif /* !MBEDTLS_ARC4_ALT */ @@ -125,22 +121,19 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned * * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0 */ -static const unsigned char arc4_test_key[3][8] = -{ +static const unsigned char arc4_test_key[3][8] = { { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; -static const unsigned char arc4_test_pt[3][8] = -{ +static const unsigned char arc4_test_pt[3][8] = { { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; -static const unsigned char arc4_test_ct[3][8] = -{ +static const unsigned char arc4_test_ct[3][8] = { { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 }, { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 }, { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A } @@ -149,45 +142,42 @@ static const unsigned char arc4_test_ct[3][8] = /* * Checkup routine */ -int mbedtls_arc4_self_test( int verbose ) -{ +int mbedtls_arc4_self_test(int verbose) { int i, ret = 0; unsigned char ibuf[8]; unsigned char obuf[8]; mbedtls_arc4_context ctx; - mbedtls_arc4_init( &ctx ); + mbedtls_arc4_init(&ctx); - for( i = 0; i < 3; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ARC4 test #%d: ", i + 1 ); + for (i = 0; i < 3; i++) { + if (verbose != 0) + mbedtls_printf(" ARC4 test #%d: ", i + 1); - memcpy( ibuf, arc4_test_pt[i], 8 ); + memcpy(ibuf, arc4_test_pt[i], 8); - mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 ); - mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf ); + mbedtls_arc4_setup(&ctx, arc4_test_key[i], 8); + mbedtls_arc4_crypt(&ctx, 8, ibuf, obuf); - if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(obuf, arc4_test_ct[i], 8) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); exit: - mbedtls_arc4_free( &ctx ); + mbedtls_arc4_free(&ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/arc4.h b/common/mbedtls/arc4.h index 17728f417..bef4b4a09 100644 --- a/common/mbedtls/arc4.h +++ b/common/mbedtls/arc4.h @@ -52,8 +52,7 @@ extern "C" { * security risk. We recommend considering stronger ciphers instead. * */ -typedef struct mbedtls_arc4_context -{ +typedef struct mbedtls_arc4_context { int x; /*!< permutation index */ int y; /*!< permutation index */ unsigned char m[256]; /*!< permutation table */ @@ -74,7 +73,7 @@ mbedtls_arc4_context; * instead. * */ -void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); +void mbedtls_arc4_init(mbedtls_arc4_context *ctx); /** * \brief Clear ARC4 context @@ -86,7 +85,7 @@ void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); * instead. * */ -void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); +void mbedtls_arc4_free(mbedtls_arc4_context *ctx); /** * \brief ARC4 key schedule @@ -100,8 +99,8 @@ void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); * instead. * */ -void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, - unsigned int keylen ); +void mbedtls_arc4_setup(mbedtls_arc4_context *ctx, const unsigned char *key, + unsigned int keylen); /** * \brief ARC4 cipher function @@ -118,8 +117,8 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, * instead. * */ -int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, - unsigned char *output ); +int mbedtls_arc4_crypt(mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, + unsigned char *output); #if defined(MBEDTLS_SELF_TEST) @@ -133,7 +132,7 @@ int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned * instead. * */ -int mbedtls_arc4_self_test( int verbose ); +int mbedtls_arc4_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/aria.c b/common/mbedtls/aria.c index 187563552..119ba02fb 100644 --- a/common/mbedtls/aria.c +++ b/common/mbedtls/aria.c @@ -92,20 +92,18 @@ #if defined(__GNUC__) && \ ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \ __ARM_ARCH >= 6 -static inline uint32_t aria_p1( uint32_t x ) -{ +static inline uint32_t aria_p1(uint32_t x) { uint32_t r; - __asm( "rev16 %0, %1" : "=l" (r) : "l" (x) ); - return( r ); + __asm("rev16 %0, %1" : "=l"(r) : "l"(x)); + return (r); } #define ARIA_P1 aria_p1 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \ ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 ) -static inline uint32_t aria_p1( uint32_t x ) -{ +static inline uint32_t aria_p1(uint32_t x) { uint32_t r; - __asm( "rev16 r, x" ); - return( r ); + __asm("rev16 r, x"); + return (r); } #define ARIA_P1 aria_p1 #endif @@ -143,30 +141,27 @@ static inline uint32_t aria_p1( uint32_t x ) #if defined(__GNUC__) && \ ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \ __ARM_ARCH >= 6 -static inline uint32_t aria_p3( uint32_t x ) -{ +static inline uint32_t aria_p3(uint32_t x) { uint32_t r; - __asm( "rev %0, %1" : "=l" (r) : "l" (x) ); - return( r ); + __asm("rev %0, %1" : "=l"(r) : "l"(x)); + return (r); } #define ARIA_P3 aria_p3 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \ ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 ) -static inline uint32_t aria_p3( uint32_t x ) -{ +static inline uint32_t aria_p3(uint32_t x) { uint32_t r; - __asm( "rev r, x" ); - return( r ); + __asm("rev r, x"); + return (r); } #define ARIA_P3 aria_p3 #endif #endif /* arm */ #if defined(__GNUC__) && \ defined(__i386__) || defined(__amd64__) || defined( __x86_64__) -static inline uint32_t aria_p3( uint32_t x ) -{ - __asm( "bswap %0" : "=r" (x) : "0" (x) ); - return( x ); +static inline uint32_t aria_p3(uint32_t x) { + __asm("bswap %0" : "=r"(x) : "0"(x)); + return (x); } #define ARIA_P3 aria_p3 #endif /* x86 gnuc */ @@ -198,28 +193,27 @@ static inline uint32_t aria_p3( uint32_t x ) * half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4. * The implementation below uses only P1 and P2 as they are sufficient. */ -static inline void aria_a( uint32_t *a, uint32_t *b, - uint32_t *c, uint32_t *d ) -{ +static inline void aria_a(uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d) { uint32_t ta, tb, tc; ta = *b; // 4567 *b = *a; // 0123 - *a = ARIA_P2( ta ); // 6745 - tb = ARIA_P2( *d ); // efcd - *d = ARIA_P1( *c ); // 98ba - *c = ARIA_P1( tb ); // fedc + *a = ARIA_P2(ta); // 6745 + tb = ARIA_P2(*d); // efcd + *d = ARIA_P1(*c); // 98ba + *c = ARIA_P1(tb); // fedc ta ^= *d; // 4567+98ba - tc = ARIA_P2( *b ); // 2301 - ta = ARIA_P1( ta ) ^ tc ^ *c; // 2301+5476+89ab+fedc - tb ^= ARIA_P2( *d ); // ba98+efcd - tc ^= ARIA_P1( *a ); // 2301+7654 + tc = ARIA_P2(*b); // 2301 + ta = ARIA_P1(ta) ^ tc ^ *c; // 2301+5476+89ab+fedc + tb ^= ARIA_P2(*d); // ba98+efcd + tc ^= ARIA_P1(*a); // 2301+7654 *b ^= ta ^ tb; // 0123+2301+5476+89ab+ba98+efcd+fedc OUT - tb = ARIA_P2( tb ) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc - *a ^= ARIA_P1( tb ); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT - ta = ARIA_P2( ta ); // 0123+7654+ab89+dcfe - *d ^= ARIA_P1( ta ) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT - tc = ARIA_P2( tc ); // 0123+5476 - *c ^= ARIA_P1( tc ) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT + tb = ARIA_P2(tb) ^ ta; // 2301+5476+89ab+98ba+cdef+fedc + *a ^= ARIA_P1(tb); // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT + ta = ARIA_P2(ta); // 0123+7654+ab89+dcfe + *d ^= ARIA_P1(ta) ^ tc; // 1032+2301+6745+7654+98ba+ba98+cdef OUT + tc = ARIA_P2(tc); // 0123+5476 + *c ^= ARIA_P1(tc) ^ ta; // 0123+1032+4567+7654+ab89+dcfe+fedc OUT } /* @@ -230,24 +224,23 @@ static inline void aria_a( uint32_t *a, uint32_t *b, * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1 * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2 */ -static inline void aria_sl( uint32_t *a, uint32_t *b, - uint32_t *c, uint32_t *d, - const uint8_t sa[256], const uint8_t sb[256], - const uint8_t sc[256], const uint8_t sd[256] ) -{ - *a = ( (uint32_t) sa[ *a & 0xFF] ) ^ +static inline void aria_sl(uint32_t *a, uint32_t *b, + uint32_t *c, uint32_t *d, + const uint8_t sa[256], const uint8_t sb[256], + const uint8_t sc[256], const uint8_t sd[256]) { + *a = ((uint32_t) sa[ *a & 0xFF]) ^ (((uint32_t) sb[(*a >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*a >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *a >> 24 ]) << 24); - *b = ( (uint32_t) sa[ *b & 0xFF] ) ^ + *b = ((uint32_t) sa[ *b & 0xFF]) ^ (((uint32_t) sb[(*b >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*b >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *b >> 24 ]) << 24); - *c = ( (uint32_t) sa[ *c & 0xFF] ) ^ + *c = ((uint32_t) sa[ *c & 0xFF]) ^ (((uint32_t) sb[(*c >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*c >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *c >> 24 ]) << 24); - *d = ( (uint32_t) sa[ *d & 0xFF] ) ^ + *d = ((uint32_t) sa[ *d & 0xFF]) ^ (((uint32_t) sb[(*d >> 8) & 0xFF]) << 8) ^ (((uint32_t) sc[(*d >> 16) & 0xFF]) << 16) ^ (((uint32_t) sd[ *d >> 24 ]) << 24); @@ -256,8 +249,7 @@ static inline void aria_sl( uint32_t *a, uint32_t *b, /* * S-Boxes */ -static const uint8_t aria_sb1[256] = -{ +static const uint8_t aria_sb1[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, @@ -282,8 +274,7 @@ static const uint8_t aria_sb1[256] = 0xB0, 0x54, 0xBB, 0x16 }; -static const uint8_t aria_sb2[256] = -{ +static const uint8_t aria_sb2[256] = { 0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46, 0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B, 0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 0x1D, 0x06, 0x41, 0x6B, @@ -308,8 +299,7 @@ static const uint8_t aria_sb2[256] = 0xAF, 0xBA, 0xB5, 0x81 }; -static const uint8_t aria_is1[256] = -{ +static const uint8_t aria_is1[256] = { 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32, @@ -334,8 +324,7 @@ static const uint8_t aria_is1[256] = 0x55, 0x21, 0x0C, 0x7D }; -static const uint8_t aria_is2[256] = -{ +static const uint8_t aria_is2[256] = { 0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1, 0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3, 0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 0x81, 0x65, 0xF5, 0x89, @@ -363,9 +352,8 @@ static const uint8_t aria_is2[256] = /* * Helper for key schedule: r = FO( p, k ) ^ x */ -static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], - const uint32_t k[4], const uint32_t x[4] ) -{ +static void aria_fo_xor(uint32_t r[4], const uint32_t p[4], + const uint32_t k[4], const uint32_t x[4]) { uint32_t a, b, c, d; a = p[0] ^ k[0]; @@ -373,8 +361,8 @@ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); - aria_a( &a, &b, &c, &d ); + aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2); + aria_a(&a, &b, &c, &d); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -385,9 +373,8 @@ static void aria_fo_xor( uint32_t r[4], const uint32_t p[4], /* * Helper for key schedule: r = FE( p, k ) ^ x */ -static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], - const uint32_t k[4], const uint32_t x[4] ) -{ +static void aria_fe_xor(uint32_t r[4], const uint32_t p[4], + const uint32_t k[4], const uint32_t x[4]) { uint32_t a, b, c, d; a = p[0] ^ k[0]; @@ -395,8 +382,8 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], c = p[2] ^ k[2]; d = p[3] ^ k[3]; - aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); - aria_a( &a, &b, &c, &d ); + aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2); + aria_a(&a, &b, &c, &d); r[0] = a ^ x[0]; r[1] = b ^ x[1]; @@ -410,24 +397,22 @@ static void aria_fe_xor( uint32_t r[4], const uint32_t p[4], * We chose to store bytes into 32-bit words in little-endian format (see * GET/PUT_UINT32_LE) so we need to reverse bytes here. */ -static void aria_rot128( uint32_t r[4], const uint32_t a[4], - const uint32_t b[4], uint8_t n ) -{ +static void aria_rot128(uint32_t r[4], const uint32_t a[4], + const uint32_t b[4], uint8_t n) { uint8_t i, j; uint32_t t, u; const uint8_t n1 = n % 32; // bit offset const uint8_t n2 = n1 ? 32 - n1 : 0; // reverse bit offset - j = ( n / 32 ) % 4; // initial word offset - t = ARIA_P3( b[j] ); // big endian - for( i = 0; i < 4; i++ ) - { - j = ( j + 1 ) % 4; // get next word, big endian - u = ARIA_P3( b[j] ); + j = (n / 32) % 4; // initial word offset + t = ARIA_P3(b[j]); // big endian + for (i = 0; i < 4; i++) { + j = (j + 1) % 4; // get next word, big endian + u = ARIA_P3(b[j]); t <<= n1; // rotate t |= u >> n2; - t = ARIA_P3( t ); // back to little endian + t = ARIA_P3(t); // back to little endian r[i] = a[i] ^ t; // store t = u; // move to next word } @@ -436,12 +421,10 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4], /* * Set encryption key */ -int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, - const unsigned char *key, unsigned int keybits ) -{ +int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits) { /* round constant masks */ - const uint32_t rc[3][4] = - { + const uint32_t rc[3][4] = { { 0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA }, { 0xCC4AB16D, 0x20C8219E, 0xD5B128FF, 0xB0E25DEF }, { 0x1D3792DB, 0x70E92621, 0x75972403, 0x0EC9E804 } @@ -449,74 +432,68 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, int i; uint32_t w[4][4], *w2; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( key != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(key != NULL); - if( keybits != 128 && keybits != 192 && keybits != 256 ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + if (keybits != 128 && keybits != 192 && keybits != 256) + return (MBEDTLS_ERR_ARIA_BAD_INPUT_DATA); /* Copy key to W0 (and potential remainder to W1) */ - GET_UINT32_LE( w[0][0], key, 0 ); - GET_UINT32_LE( w[0][1], key, 4 ); - GET_UINT32_LE( w[0][2], key, 8 ); - GET_UINT32_LE( w[0][3], key, 12 ); + GET_UINT32_LE(w[0][0], key, 0); + GET_UINT32_LE(w[0][1], key, 4); + GET_UINT32_LE(w[0][2], key, 8); + GET_UINT32_LE(w[0][3], key, 12); - memset( w[1], 0, 16 ); - if( keybits >= 192 ) - { - GET_UINT32_LE( w[1][0], key, 16 ); // 192 bit key - GET_UINT32_LE( w[1][1], key, 20 ); + memset(w[1], 0, 16); + if (keybits >= 192) { + GET_UINT32_LE(w[1][0], key, 16); // 192 bit key + GET_UINT32_LE(w[1][1], key, 20); } - if( keybits == 256 ) - { - GET_UINT32_LE( w[1][2], key, 24 ); // 256 bit key - GET_UINT32_LE( w[1][3], key, 28 ); + if (keybits == 256) { + GET_UINT32_LE(w[1][2], key, 24); // 256 bit key + GET_UINT32_LE(w[1][3], key, 28); } - i = ( keybits - 128 ) >> 6; // index: 0, 1, 2 + i = (keybits - 128) >> 6; // index: 0, 1, 2 ctx->nr = 12 + 2 * i; // no. rounds: 12, 14, 16 - aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR + aria_fo_xor(w[1], w[0], rc[i], w[1]); // W1 = FO(W0, CK1) ^ KR i = i < 2 ? i + 1 : 0; - aria_fe_xor( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0 + aria_fe_xor(w[2], w[1], rc[i], w[0]); // W2 = FE(W1, CK2) ^ W0 i = i < 2 ? i + 1 : 0; - aria_fo_xor( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1 + aria_fo_xor(w[3], w[2], rc[i], w[1]); // W3 = FO(W2, CK3) ^ W1 - for( i = 0; i < 4; i++ ) // create round keys - { + for (i = 0; i < 4; i++) { // create round keys w2 = w[(i + 1) & 3]; - aria_rot128( ctx->rk[i ], w[i], w2, 128 - 19 ); - aria_rot128( ctx->rk[i + 4], w[i], w2, 128 - 31 ); - aria_rot128( ctx->rk[i + 8], w[i], w2, 61 ); - aria_rot128( ctx->rk[i + 12], w[i], w2, 31 ); + aria_rot128(ctx->rk[i ], w[i], w2, 128 - 19); + aria_rot128(ctx->rk[i + 4], w[i], w2, 128 - 31); + aria_rot128(ctx->rk[i + 8], w[i], w2, 61); + aria_rot128(ctx->rk[i + 12], w[i], w2, 31); } - aria_rot128( ctx->rk[16], w[0], w[1], 19 ); + aria_rot128(ctx->rk[16], w[0], w[1], 19); /* w holds enough info to reconstruct the round keys */ - mbedtls_platform_zeroize( w, sizeof( w ) ); + mbedtls_platform_zeroize(w, sizeof(w)); - return( 0 ); + return (0); } /* * Set decryption key */ -int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, - const unsigned char *key, unsigned int keybits ) -{ +int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, + const unsigned char *key, unsigned int keybits) { int i, j, k, ret; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( key != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(key != NULL); - ret = mbedtls_aria_setkey_enc( ctx, key, keybits ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_aria_setkey_enc(ctx, key, keybits); + if (ret != 0) + return (ret); /* flip the order of round keys */ - for( i = 0, j = ctx->nr; i < j; i++, j-- ) - { - for( k = 0; k < 4; k++ ) - { + for (i = 0, j = ctx->nr; i < j; i++, j--) { + for (k = 0; k < 4; k++) { uint32_t t = ctx->rk[i][k]; ctx->rk[i][k] = ctx->rk[j][k]; ctx->rk[j][k] = t; @@ -524,45 +501,42 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, } /* apply affine transform to middle keys */ - for( i = 1; i < ctx->nr; i++ ) - { - aria_a( &ctx->rk[i][0], &ctx->rk[i][1], - &ctx->rk[i][2], &ctx->rk[i][3] ); + for (i = 1; i < ctx->nr; i++) { + aria_a(&ctx->rk[i][0], &ctx->rk[i][1], + &ctx->rk[i][2], &ctx->rk[i][3]); } - return( 0 ); + return (0); } /* * Encrypt a block */ -int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ) -{ +int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx, + const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]) { int i; uint32_t a, b, c, d; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( input != NULL ); - ARIA_VALIDATE_RET( output != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(input != NULL); + ARIA_VALIDATE_RET(output != NULL); - GET_UINT32_LE( a, input, 0 ); - GET_UINT32_LE( b, input, 4 ); - GET_UINT32_LE( c, input, 8 ); - GET_UINT32_LE( d, input, 12 ); + GET_UINT32_LE(a, input, 0); + GET_UINT32_LE(b, input, 4); + GET_UINT32_LE(c, input, 8); + GET_UINT32_LE(d, input, 12); i = 0; - while( 1 ) - { + while (1) { a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; i++; - aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 ); - aria_a( &a, &b, &c, &d ); + aria_sl(&a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2); + aria_a(&a, &b, &c, &d); a ^= ctx->rk[i][0]; b ^= ctx->rk[i][1]; @@ -570,10 +544,10 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, d ^= ctx->rk[i][3]; i++; - aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 ); - if( i >= ctx->nr ) + aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2); + if (i >= ctx->nr) break; - aria_a( &a, &b, &c, &d ); + aria_a(&a, &b, &c, &d); } /* final key mixing */ @@ -582,80 +556,72 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, c ^= ctx->rk[i][2]; d ^= ctx->rk[i][3]; - PUT_UINT32_LE( a, output, 0 ); - PUT_UINT32_LE( b, output, 4 ); - PUT_UINT32_LE( c, output, 8 ); - PUT_UINT32_LE( d, output, 12 ); + PUT_UINT32_LE(a, output, 0); + PUT_UINT32_LE(b, output, 4); + PUT_UINT32_LE(c, output, 8); + PUT_UINT32_LE(d, output, 12); - return( 0 ); + return (0); } /* Initialize context */ -void mbedtls_aria_init( mbedtls_aria_context *ctx ) -{ - ARIA_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_aria_context ) ); +void mbedtls_aria_init(mbedtls_aria_context *ctx) { + ARIA_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_aria_context)); } /* Clear context */ -void mbedtls_aria_free( mbedtls_aria_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_aria_free(mbedtls_aria_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aria_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context)); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * ARIA-CBC buffer encryption/decryption */ -int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT || - mode == MBEDTLS_ARIA_DECRYPT ); - ARIA_VALIDATE_RET( length == 0 || input != NULL ); - ARIA_VALIDATE_RET( length == 0 || output != NULL ); - ARIA_VALIDATE_RET( iv != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT || + mode == MBEDTLS_ARIA_DECRYPT); + ARIA_VALIDATE_RET(length == 0 || input != NULL); + ARIA_VALIDATE_RET(length == 0 || output != NULL); + ARIA_VALIDATE_RET(iv != NULL); - if( length % MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); + if (length % MBEDTLS_ARIA_BLOCKSIZE) + return (MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH); - if( mode == MBEDTLS_ARIA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE ); - mbedtls_aria_crypt_ecb( ctx, input, output ); + if (mode == MBEDTLS_ARIA_DECRYPT) { + while (length > 0) { + memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE); + mbedtls_aria_crypt_ecb(ctx, input, output); - for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE ); + memcpy(iv, temp, MBEDTLS_ARIA_BLOCKSIZE); input += MBEDTLS_ARIA_BLOCKSIZE; output += MBEDTLS_ARIA_BLOCKSIZE; length -= MBEDTLS_ARIA_BLOCKSIZE; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_aria_crypt_ecb( ctx, output, output ); - memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE ); + mbedtls_aria_crypt_ecb(ctx, output, output); + memcpy(iv, output, MBEDTLS_ARIA_BLOCKSIZE); input += MBEDTLS_ARIA_BLOCKSIZE; output += MBEDTLS_ARIA_BLOCKSIZE; @@ -663,7 +629,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -671,63 +637,57 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, /* * ARIA-CFB128 buffer encryption/decryption */ -int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { unsigned char c; size_t n; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT || - mode == MBEDTLS_ARIA_DECRYPT ); - ARIA_VALIDATE_RET( length == 0 || input != NULL ); - ARIA_VALIDATE_RET( length == 0 || output != NULL ); - ARIA_VALIDATE_RET( iv != NULL ); - ARIA_VALIDATE_RET( iv_off != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT || + mode == MBEDTLS_ARIA_DECRYPT); + ARIA_VALIDATE_RET(length == 0 || input != NULL); + ARIA_VALIDATE_RET(length == 0 || output != NULL); + ARIA_VALIDATE_RET(iv != NULL); + ARIA_VALIDATE_RET(iv_off != NULL); n = *iv_off; /* An overly large value of n can lead to an unlimited * buffer overflow. Therefore, guard against this * outside of parameter validation. */ - if( n >= MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + if (n >= MBEDTLS_ARIA_BLOCKSIZE) + return (MBEDTLS_ERR_ARIA_BAD_INPUT_DATA); - if( mode == MBEDTLS_ARIA_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_aria_crypt_ecb( ctx, iv, iv ); + if (mode == MBEDTLS_ARIA_DECRYPT) { + while (length--) { + if (n == 0) + mbedtls_aria_crypt_ecb(ctx, iv, iv); c = *input++; *output++ = c ^ iv[n]; iv[n] = c; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_aria_crypt_ecb( ctx, iv, iv ); + } else { + while (length--) { + if (n == 0) + mbedtls_aria_crypt_ecb(ctx, iv, iv); - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } } *iv_off = n; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -735,50 +695,48 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, /* * ARIA-CTR buffer encryption/decryption */ -int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - ARIA_VALIDATE_RET( ctx != NULL ); - ARIA_VALIDATE_RET( length == 0 || input != NULL ); - ARIA_VALIDATE_RET( length == 0 || output != NULL ); - ARIA_VALIDATE_RET( nonce_counter != NULL ); - ARIA_VALIDATE_RET( stream_block != NULL ); - ARIA_VALIDATE_RET( nc_off != NULL ); + ARIA_VALIDATE_RET(ctx != NULL); + ARIA_VALIDATE_RET(length == 0 || input != NULL); + ARIA_VALIDATE_RET(length == 0 || output != NULL); + ARIA_VALIDATE_RET(nonce_counter != NULL); + ARIA_VALIDATE_RET(stream_block != NULL); + ARIA_VALIDATE_RET(nc_off != NULL); n = *nc_off; /* An overly large value of n can lead to an unlimited * buffer overflow. Therefore, guard against this * outside of parameter validation. */ - if( n >= MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + if (n >= MBEDTLS_ARIA_BLOCKSIZE) + return (MBEDTLS_ERR_ARIA_BAD_INPUT_DATA); - while( length-- ) - { - if( n == 0 ) { - mbedtls_aria_crypt_ecb( ctx, nonce_counter, - stream_block ); + while (length--) { + if (n == 0) { + mbedtls_aria_crypt_ecb(ctx, nonce_counter, + stream_block); - for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) + if (++nonce_counter[i - 1] != 0) break; } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char)(c ^ stream_block[n]); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *nc_off = n; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* !MBEDTLS_ARIA_ALT */ @@ -788,28 +746,31 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, /* * Basic ARIA ECB test vectors from RFC 5794 */ -static const uint8_t aria_test1_ecb_key[32] = // test key -{ +static const uint8_t aria_test1_ecb_key[32] = { // test key 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, // 128 bit 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, // 192 bit 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F // 256 bit }; -static const uint8_t aria_test1_ecb_pt[MBEDTLS_ARIA_BLOCKSIZE] = // plaintext -{ +static const uint8_t aria_test1_ecb_pt[MBEDTLS_ARIA_BLOCKSIZE] = { // plaintext 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // same for all 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF // key sizes }; -static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = // ciphertext -{ - { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit - 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 }, - { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit - 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 }, - { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit - 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC } +static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = { // ciphertext + { + 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73, // 128 bit + 0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 + }, + { + 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA, // 192 bit + 0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 + }, + { + 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F, // 256 bit + 0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC + } }; /* @@ -818,16 +779,14 @@ static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] = // c */ #if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \ defined(MBEDTLS_CIPHER_MODE_CTR)) -static const uint8_t aria_test2_key[32] = -{ +static const uint8_t aria_test2_key[32] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 128 bit 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, // 192 bit 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff // 256 bit }; -static const uint8_t aria_test2_pt[48] = -{ +static const uint8_t aria_test2_pt[48] = { 0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa, // same for all 0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb, 0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc, @@ -838,82 +797,96 @@ static const uint8_t aria_test2_pt[48] = #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)) -static const uint8_t aria_test2_iv[MBEDTLS_ARIA_BLOCKSIZE] = -{ +static const uint8_t aria_test2_iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78, // same for CBC, CFB 0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0 // CTR has zero IV }; #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) -static const uint8_t aria_test2_cbc_ct[3][48] = // CBC ciphertext -{ - { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key - 0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34, - 0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64, - 0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38, - 0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c, - 0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 }, - { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key - 0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f, - 0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1, - 0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5, - 0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92, - 0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e }, - { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key - 0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab, - 0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef, - 0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52, - 0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5, - 0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b } +static const uint8_t aria_test2_cbc_ct[3][48] = { // CBC ciphertext + { + 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10, // 128-bit key + 0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34, + 0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64, + 0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38, + 0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c, + 0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 + }, + { + 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c, // 192-bit key + 0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f, + 0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1, + 0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5, + 0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92, + 0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e + }, + { + 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1, // 256-bit key + 0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab, + 0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef, + 0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52, + 0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5, + 0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b + } }; #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static const uint8_t aria_test2_cfb_ct[3][48] = // CFB ciphertext -{ - { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key - 0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00, - 0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a, - 0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01, - 0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96, - 0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b }, - { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key - 0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c, - 0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94, - 0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59, - 0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86, - 0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b }, - { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key - 0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35, - 0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70, - 0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa, - 0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c, - 0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 } +static const uint8_t aria_test2_cfb_ct[3][48] = { // CFB ciphertext + { + 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38, // 128-bit key + 0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00, + 0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a, + 0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01, + 0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96, + 0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b + }, + { + 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54, // 192-bit key + 0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c, + 0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94, + 0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59, + 0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86, + 0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b + }, + { + 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2, // 256-bit key + 0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35, + 0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70, + 0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa, + 0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c, + 0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 + } }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext -{ - { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key - 0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1, - 0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1, - 0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f, - 0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71, - 0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 }, - { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key - 0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce, - 0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde, - 0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79, - 0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce, - 0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf }, - { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key - 0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2, - 0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89, - 0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f, - 0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7, - 0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 } +static const uint8_t aria_test2_ctr_ct[3][48] = { // CTR ciphertext + { + 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c, // 128-bit key + 0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1, + 0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1, + 0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f, + 0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71, + 0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 + }, + { + 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19, // 192-bit key + 0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce, + 0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde, + 0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79, + 0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce, + 0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf + }, + { + 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17, // 256-bit key + 0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2, + 0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89, + 0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f, + 0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7, + 0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 + } }; #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -930,8 +903,7 @@ static const uint8_t aria_test2_ctr_ct[3][48] = // CTR ciphertext /* * Checkup routine */ -int mbedtls_aria_self_test( int verbose ) -{ +int mbedtls_aria_self_test(int verbose) { int i; uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; @@ -949,123 +921,119 @@ int mbedtls_aria_self_test( int verbose ) /* * Test set 1 */ - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* test ECB encryption */ - if( verbose ) - mbedtls_printf( " ARIA-ECB-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i ); - mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk ); - if( memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) + if (verbose) + mbedtls_printf(" ARIA-ECB-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i); + mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk); + if (memcmp(blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE) != 0) ARIA_SELF_TEST_IF_FAIL; /* test ECB decryption */ - if( verbose ) - mbedtls_printf( " ARIA-ECB-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i ); - mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk ); - if( memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE ) != 0 ) + if (verbose) + mbedtls_printf(" ARIA-ECB-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i); + mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk); + if (memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE) != 0) ARIA_SELF_TEST_IF_FAIL; } - if( verbose ) - mbedtls_printf( "\n" ); + if (verbose) + mbedtls_printf("\n"); /* * Test set 2 */ #if defined(MBEDTLS_CIPHER_MODE_CBC) - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* Test CBC encryption */ - if( verbose ) - mbedtls_printf( " ARIA-CBC-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0x55, sizeof( buf ) ); - mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, - aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_cbc_ct[i], 48 ) != 0 ) + if (verbose) + mbedtls_printf(" ARIA-CBC-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0x55, sizeof(buf)); + mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv, + aria_test2_pt, buf); + if (memcmp(buf, aria_test2_cbc_ct[i], 48) != 0) ARIA_SELF_TEST_IF_FAIL; /* Test CBC decryption */ - if( verbose ) - mbedtls_printf( " ARIA-CBC-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0xAA, sizeof( buf ) ); - mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, - aria_test2_cbc_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) + if (verbose) + mbedtls_printf(" ARIA-CBC-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0xAA, sizeof(buf)); + mbedtls_aria_crypt_cbc(&ctx, MBEDTLS_ARIA_DECRYPT, 48, iv, + aria_test2_cbc_ct[i], buf); + if (memcmp(buf, aria_test2_pt, 48) != 0) ARIA_SELF_TEST_IF_FAIL; } - if( verbose ) - mbedtls_printf( "\n" ); + if (verbose) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* Test CFB encryption */ - if( verbose ) - mbedtls_printf( " ARIA-CFB-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0x55, sizeof( buf ) ); + if (verbose) + mbedtls_printf(" ARIA-CFB-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0x55, sizeof(buf)); j = 0; - mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, - aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 ) + mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv, + aria_test2_pt, buf); + if (memcmp(buf, aria_test2_cfb_ct[i], 48) != 0) ARIA_SELF_TEST_IF_FAIL; /* Test CFB decryption */ - if( verbose ) - mbedtls_printf( " ARIA-CFB-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE ); - memset( buf, 0xAA, sizeof( buf ) ); + if (verbose) + mbedtls_printf(" ARIA-CFB-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE); + memset(buf, 0xAA, sizeof(buf)); j = 0; - mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, - iv, aria_test2_cfb_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) + mbedtls_aria_crypt_cfb128(&ctx, MBEDTLS_ARIA_DECRYPT, 48, &j, + iv, aria_test2_cfb_ct[i], buf); + if (memcmp(buf, aria_test2_pt, 48) != 0) ARIA_SELF_TEST_IF_FAIL; } - if( verbose ) - mbedtls_printf( "\n" ); + if (verbose) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) - for( i = 0; i < 3; i++ ) - { + for (i = 0; i < 3; i++) { /* Test CTR encryption */ - if( verbose ) - mbedtls_printf( " ARIA-CTR-%d (enc): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 - memset( buf, 0x55, sizeof( buf ) ); + if (verbose) + mbedtls_printf(" ARIA-CTR-%d (enc): ", 128 + 64 * i); + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0 + memset(buf, 0x55, sizeof(buf)); j = 0; - mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, - aria_test2_pt, buf ); - if( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 ) + mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk, + aria_test2_pt, buf); + if (memcmp(buf, aria_test2_ctr_ct[i], 48) != 0) ARIA_SELF_TEST_IF_FAIL; /* Test CTR decryption */ - if( verbose ) - mbedtls_printf( " ARIA-CTR-%d (dec): ", 128 + 64 * i ); - mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i ); - memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE ); // IV = 0 - memset( buf, 0xAA, sizeof( buf ) ); + if (verbose) + mbedtls_printf(" ARIA-CTR-%d (dec): ", 128 + 64 * i); + mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i); + memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE); // IV = 0 + memset(buf, 0xAA, sizeof(buf)); j = 0; - mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk, - aria_test2_ctr_ct[i], buf ); - if( memcmp( buf, aria_test2_pt, 48 ) != 0 ) + mbedtls_aria_crypt_ctr(&ctx, 48, &j, iv, blk, + aria_test2_ctr_ct[i], buf); + if (memcmp(buf, aria_test2_pt, 48) != 0) ARIA_SELF_TEST_IF_FAIL; } - if( verbose ) - mbedtls_printf( "\n" ); + if (verbose) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CTR */ - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/aria.h b/common/mbedtls/aria.h index a4b27b33b..305f42f6c 100644 --- a/common/mbedtls/aria.h +++ b/common/mbedtls/aria.h @@ -72,8 +72,7 @@ extern "C" { /** * \brief The ARIA context-type definition. */ -typedef struct mbedtls_aria_context -{ +typedef struct mbedtls_aria_context { unsigned char nr; /*!< The number of rounds (12, 14 or 16) */ /*! The ARIA round keys. */ uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; @@ -92,7 +91,7 @@ mbedtls_aria_context; * * \param ctx The ARIA context to initialize. This must not be \c NULL. */ -void mbedtls_aria_init( mbedtls_aria_context *ctx ); +void mbedtls_aria_init(mbedtls_aria_context *ctx); /** * \brief This function releases and clears the specified ARIA context. @@ -101,7 +100,7 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx ); * case this function returns immediately. If it is not \c NULL, * it must point to an initialized ARIA context. */ -void mbedtls_aria_free( mbedtls_aria_context *ctx ); +void mbedtls_aria_free(mbedtls_aria_context *ctx); /** * \brief This function sets the encryption key. @@ -118,9 +117,9 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief This function sets the decryption key. @@ -137,9 +136,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief This function performs an ARIA single-block encryption or @@ -161,9 +160,9 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, - const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] ); +int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx, + const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -207,12 +206,12 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -257,13 +256,13 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -344,13 +343,13 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_SELF_TEST) @@ -359,7 +358,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx, * * \return \c 0 on success, or \c 1 on failure. */ -int mbedtls_aria_self_test( int verbose ); +int mbedtls_aria_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/common/mbedtls/asn1.h b/common/mbedtls/asn1.h index 6b791966f..fe881af2d 100644 --- a/common/mbedtls/asn1.h +++ b/common/mbedtls/asn1.h @@ -146,8 +146,7 @@ extern "C" { /** * Type-length-value structure that allows for ASN1 using DER. */ -typedef struct mbedtls_asn1_buf -{ +typedef struct mbedtls_asn1_buf { int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ size_t len; /**< ASN1 length, in octets. */ unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ @@ -157,8 +156,7 @@ mbedtls_asn1_buf; /** * Container for ASN1 bit strings. */ -typedef struct mbedtls_asn1_bitstring -{ +typedef struct mbedtls_asn1_bitstring { size_t len; /**< ASN1 length, in octets. */ unsigned char unused_bits; /**< Number of unused bits at the end of the string */ unsigned char *p; /**< Raw ASN1 data for the bit string */ @@ -168,8 +166,7 @@ mbedtls_asn1_bitstring; /** * Container for a sequence of ASN.1 items */ -typedef struct mbedtls_asn1_sequence -{ +typedef struct mbedtls_asn1_sequence { mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */ } @@ -178,8 +175,7 @@ mbedtls_asn1_sequence; /** * Container for a sequence or list of 'named' ASN.1 data items */ -typedef struct mbedtls_asn1_named_data -{ +typedef struct mbedtls_asn1_named_data { mbedtls_asn1_buf oid; /**< The object identifier. */ mbedtls_asn1_buf val; /**< The named value. */ struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */ @@ -205,9 +201,9 @@ mbedtls_asn1_named_data; * would end beyond \p end. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ); +int mbedtls_asn1_get_len(unsigned char **p, + const unsigned char *end, + size_t *len); /** * \brief Get the tag and length of the element. @@ -230,9 +226,9 @@ int mbedtls_asn1_get_len( unsigned char **p, * would end beyond \p end. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. */ -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ); +int mbedtls_asn1_get_tag(unsigned char **p, + const unsigned char *end, + size_t *len, int tag); /** * \brief Retrieve a boolean ASN.1 tag and its value. @@ -249,9 +245,9 @@ int mbedtls_asn1_get_tag( unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BOOLEAN. */ -int mbedtls_asn1_get_bool( unsigned char **p, - const unsigned char *end, - int *val ); +int mbedtls_asn1_get_bool(unsigned char **p, + const unsigned char *end, + int *val); /** * \brief Retrieve an integer ASN.1 tag and its value. @@ -270,9 +266,9 @@ int mbedtls_asn1_get_bool( unsigned char **p, * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does * not fit in an \c int. */ -int mbedtls_asn1_get_int( unsigned char **p, - const unsigned char *end, - int *val ); +int mbedtls_asn1_get_int(unsigned char **p, + const unsigned char *end, + int *val); /** * \brief Retrieve an enumerated ASN.1 tag and its value. @@ -291,9 +287,9 @@ int mbedtls_asn1_get_int( unsigned char **p, * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does * not fit in an \c int. */ -int mbedtls_asn1_get_enum( unsigned char **p, - const unsigned char *end, - int *val ); +int mbedtls_asn1_get_enum(unsigned char **p, + const unsigned char *end, + int *val); /** * \brief Retrieve a bitstring ASN.1 tag and its value. @@ -312,8 +308,8 @@ int mbedtls_asn1_get_enum( unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BIT STRING. */ -int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, - mbedtls_asn1_bitstring *bs ); +int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end, + mbedtls_asn1_bitstring *bs); /** * \brief Retrieve a bitstring ASN.1 tag without unused bits and its @@ -333,9 +329,9 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BIT STRING. */ -int mbedtls_asn1_get_bitstring_null( unsigned char **p, - const unsigned char *end, - size_t *len ); +int mbedtls_asn1_get_bitstring_null(unsigned char **p, + const unsigned char *end, + size_t *len); /** * \brief Parses and splits an ASN.1 "SEQUENCE OF ". @@ -384,10 +380,10 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 SEQUENCE. */ -int mbedtls_asn1_get_sequence_of( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_sequence *cur, - int tag ); +int mbedtls_asn1_get_sequence_of(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_sequence *cur, + int tag); /** * \brief Free a heap-allocated linked list presentation of * an ASN.1 sequence, including the first element. @@ -409,7 +405,7 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p, * be \c NULL, in which case this functions returns * immediately. */ -void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ); +void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq); /** * \brief Traverse an ASN.1 SEQUENCE container and @@ -501,9 +497,9 @@ int mbedtls_asn1_traverse_sequence_of( const unsigned char *end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, - int (*cb)( void *ctx, int tag, - unsigned char* start, size_t len ), - void *ctx ); + int (*cb)(void *ctx, int tag, + unsigned char *start, size_t len), + void *ctx); #if defined(MBEDTLS_BIGNUM_C) /** @@ -524,9 +520,9 @@ int mbedtls_asn1_traverse_sequence_of( * not fit in an \c int. * \return An MPI error code if the parsed value is too large. */ -int mbedtls_asn1_get_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ); +int mbedtls_asn1_get_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X); #endif /* MBEDTLS_BIGNUM_C */ /** @@ -545,9 +541,9 @@ int mbedtls_asn1_get_mpi( unsigned char **p, * * \return 0 if successful or a specific ASN.1 or MPI error code. */ -int mbedtls_asn1_get_alg( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ); +int mbedtls_asn1_get_alg(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params); /** * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no @@ -564,9 +560,9 @@ int mbedtls_asn1_get_alg( unsigned char **p, * * \return 0 if successful or a specific ASN.1 or MPI error code. */ -int mbedtls_asn1_get_alg_null( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg ); +int mbedtls_asn1_get_alg_null(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg); /** * \brief Find a specific named_data entry in a sequence or list based on @@ -578,8 +574,8 @@ int mbedtls_asn1_get_alg_null( unsigned char **p, * * \return NULL if not found, or a pointer to the existing entry. */ -mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, - const char *oid, size_t len ); +mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list, + const char *oid, size_t len); /** * \brief Free a mbedtls_asn1_named_data entry @@ -588,7 +584,7 @@ mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data * * This function calls mbedtls_free() on * `entry->oid.p` and `entry->val.p`. */ -void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); +void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry); /** * \brief Free all entries in a mbedtls_asn1_named_data list. @@ -598,7 +594,7 @@ void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); * mbedtls_free() on each list element and * sets \c *head to \c NULL. */ -void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ); +void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head); #ifdef __cplusplus } diff --git a/common/mbedtls/asn1parse.c b/common/mbedtls/asn1parse.c index 22747d3ba..98460e055 100644 --- a/common/mbedtls/asn1parse.c +++ b/common/mbedtls/asn1parse.c @@ -42,203 +42,191 @@ /* * ASN.1 DER decoding routines */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ) -{ - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); +int mbedtls_asn1_get_len(unsigned char **p, + const unsigned char *end, + size_t *len) { + if ((end - *p) < 1) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - if( ( **p & 0x80 ) == 0 ) + if ((**p & 0x80) == 0) *len = *(*p)++; - else - { - switch( **p & 0x7F ) - { - case 1: - if( ( end - *p ) < 2 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + else { + switch (**p & 0x7F) { + case 1: + if ((end - *p) < 2) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - *len = (*p)[1]; - (*p) += 2; - break; + *len = (*p)[1]; + (*p) += 2; + break; - case 2: - if( ( end - *p ) < 3 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + case 2: + if ((end - *p) < 3) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2]; - (*p) += 3; - break; + *len = ((size_t)(*p)[1] << 8) | (*p)[2]; + (*p) += 3; + break; - case 3: - if( ( end - *p ) < 4 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + case 3: + if ((end - *p) < 4) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - *len = ( (size_t)(*p)[1] << 16 ) | - ( (size_t)(*p)[2] << 8 ) | (*p)[3]; - (*p) += 4; - break; + *len = ((size_t)(*p)[1] << 16) | + ((size_t)(*p)[2] << 8) | (*p)[3]; + (*p) += 4; + break; - case 4: - if( ( end - *p ) < 5 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + case 4: + if ((end - *p) < 5) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) | - ( (size_t)(*p)[3] << 8 ) | (*p)[4]; - (*p) += 5; - break; + *len = ((size_t)(*p)[1] << 24) | ((size_t)(*p)[2] << 16) | + ((size_t)(*p)[3] << 8) | (*p)[4]; + (*p) += 5; + break; - default: - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + default: + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); } } - if( *len > (size_t) ( end - *p ) ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (*len > (size_t)(end - *p)) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - return( 0 ); + return (0); } -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ) -{ - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); +int mbedtls_asn1_get_tag(unsigned char **p, + const unsigned char *end, + size_t *len, int tag) { + if ((end - *p) < 1) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); - if( **p != tag ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (**p != tag) + return (MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); (*p)++; - return( mbedtls_asn1_get_len( p, end, len ) ); + return (mbedtls_asn1_get_len(p, end, len)); } -int mbedtls_asn1_get_bool( unsigned char **p, - const unsigned char *end, - int *val ) -{ +int mbedtls_asn1_get_bool(unsigned char **p, + const unsigned char *end, + int *val) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) + return (ret); - if( len != 1 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (len != 1) + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); - *val = ( **p != 0 ) ? 1 : 0; + *val = (**p != 0) ? 1 : 0; (*p)++; - return( 0 ); + return (0); } -static int asn1_get_tagged_int( unsigned char **p, - const unsigned char *end, - int tag, int *val ) -{ +static int asn1_get_tagged_int(unsigned char **p, + const unsigned char *end, + int tag, int *val) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) + return (ret); /* * len==0 is malformed (0 must be represented as 020100 for INTEGER, * or 0A0100 for ENUMERATED tags */ - if( len == 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (len == 0) + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); /* This is a cryptography library. Reject negative integers. */ - if( ( **p & 0x80 ) != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if ((**p & 0x80) != 0) + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); /* Skip leading zeros. */ - while( len > 0 && **p == 0 ) - { - ++( *p ); + while (len > 0 && **p == 0) { + ++(*p); --len; } /* Reject integers that don't fit in an int. This code assumes that * the int type has no padding bit. */ - if( len > sizeof( int ) ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); - if( len == sizeof( int ) && ( **p & 0x80 ) != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (len > sizeof(int)) + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); + if (len == sizeof(int) && (**p & 0x80) != 0) + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); *val = 0; - while( len-- > 0 ) - { - *val = ( *val << 8 ) | **p; + while (len-- > 0) { + *val = (*val << 8) | **p; (*p)++; } - return( 0 ); + return (0); } -int mbedtls_asn1_get_int( unsigned char **p, +int mbedtls_asn1_get_int(unsigned char **p, + const unsigned char *end, + int *val) { + return (asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val)); +} + +int mbedtls_asn1_get_enum(unsigned char **p, const unsigned char *end, - int *val ) -{ - return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) ); -} - -int mbedtls_asn1_get_enum( unsigned char **p, - const unsigned char *end, - int *val ) -{ - return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) ); + int *val) { + return (asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val)); } #if defined(MBEDTLS_BIGNUM_C) -int mbedtls_asn1_get_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ) -{ +int mbedtls_asn1_get_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) + return (ret); - ret = mbedtls_mpi_read_binary( X, *p, len ); + ret = mbedtls_mpi_read_binary(X, *p, len); *p += len; - return( ret ); + return (ret); } #endif /* MBEDTLS_BIGNUM_C */ -int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, - mbedtls_asn1_bitstring *bs) -{ +int mbedtls_asn1_get_bitstring(unsigned char **p, const unsigned char *end, + mbedtls_asn1_bitstring *bs) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Certificate type is a single byte bitstring */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) + return (ret); /* Check length, subtract one for actual bit string length */ - if( bs->len < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (bs->len < 1) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); bs->len -= 1; /* Get number of unused bits, ensure unused bits <= 7 */ bs->unused_bits = **p; - if( bs->unused_bits > 7 ) - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (bs->unused_bits > 7) + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); (*p)++; /* Get actual bitstring */ bs->p = *p; *p += bs->len; - if( *p != end ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* @@ -250,105 +238,94 @@ int mbedtls_asn1_traverse_sequence_of( const unsigned char *end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, - int (*cb)( void *ctx, int tag, - unsigned char *start, size_t len ), - void *ctx ) -{ + int (*cb)(void *ctx, int tag, + unsigned char *start, size_t len), + void *ctx) { int ret; size_t len; /* Get main sequence tag */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return (ret); } - if( *p + len != end ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p + len != end) + return (MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - while( *p < end ) - { + while (*p < end) { unsigned char const tag = *(*p)++; - if( ( tag & tag_must_mask ) != tag_must_val ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if ((tag & tag_must_mask) != tag_must_val) + return (MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) + return (ret); - if( ( tag & tag_may_mask ) == tag_may_val ) - { - if( cb != NULL ) - { - ret = cb( ctx, tag, *p, len ); - if( ret != 0 ) - return( ret ); + if ((tag & tag_may_mask) == tag_may_val) { + if (cb != NULL) { + ret = cb(ctx, tag, *p, len); + if (ret != 0) + return (ret); } } *p += len; } - return( 0 ); + return (0); } /* * Get a bit string without unused bits */ -int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, - size_t *len ) -{ +int mbedtls_asn1_get_bitstring_null(unsigned char **p, const unsigned char *end, + size_t *len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) + return (ret); - if( *len == 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_DATA ); - --( *len ); + if (*len == 0) + return (MBEDTLS_ERR_ASN1_INVALID_DATA); + --(*len); - if( **p != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_DATA ); - ++( *p ); + if (**p != 0) + return (MBEDTLS_ERR_ASN1_INVALID_DATA); + ++(*p); - return( 0 ); + return (0); } -void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ) -{ - while( seq != NULL ) - { +void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq) { + while (seq != NULL) { mbedtls_asn1_sequence *next = seq->next; - mbedtls_platform_zeroize( seq, sizeof( *seq ) ); - mbedtls_free( seq ); + mbedtls_platform_zeroize(seq, sizeof(*seq)); + mbedtls_free(seq); seq = next; } } -typedef struct -{ +typedef struct { int tag; mbedtls_asn1_sequence *cur; } asn1_get_sequence_of_cb_ctx_t; -static int asn1_get_sequence_of_cb( void *ctx, - int tag, - unsigned char *start, - size_t len ) -{ +static int asn1_get_sequence_of_cb(void *ctx, + int tag, + unsigned char *start, + size_t len) { asn1_get_sequence_of_cb_ctx_t *cb_ctx = (asn1_get_sequence_of_cb_ctx_t *) ctx; mbedtls_asn1_sequence *cur = cb_ctx->cur; - if( cur->buf.p != NULL ) - { + if (cur->buf.p != NULL) { cur->next = - mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - if( cur->next == NULL ) - return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + if (cur->next == NULL) + return (MBEDTLS_ERR_ASN1_ALLOC_FAILED); cur = cur->next; } @@ -358,124 +335,114 @@ static int asn1_get_sequence_of_cb( void *ctx, cur->buf.tag = tag; cb_ctx->cur = cur; - return( 0 ); + return (0); } /* * Parses and splits an ASN.1 "SEQUENCE OF " */ -int mbedtls_asn1_get_sequence_of( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_sequence *cur, - int tag) -{ +int mbedtls_asn1_get_sequence_of(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_sequence *cur, + int tag) { asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur }; - memset( cur, 0, sizeof( mbedtls_asn1_sequence ) ); - return( mbedtls_asn1_traverse_sequence_of( + memset(cur, 0, sizeof(mbedtls_asn1_sequence)); + return (mbedtls_asn1_traverse_sequence_of( p, end, 0xFF, tag, 0, 0, - asn1_get_sequence_of_cb, &cb_ctx ) ); + asn1_get_sequence_of_cb, &cb_ctx)); } -int mbedtls_asn1_get_alg( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ) -{ +int mbedtls_asn1_get_alg(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (ret); - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) + return (MBEDTLS_ERR_ASN1_OUT_OF_DATA); alg->tag = **p; end = *p + len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) + return (ret); alg->p = *p; *p += alg->len; - if( *p == end ) - { - mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); - return( 0 ); + if (*p == end) { + mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf)); + return (0); } params->tag = **p; (*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_len(p, end, ¶ms->len)) != 0) + return (ret); params->p = *p; *p += params->len; - if( *p != end ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } -int mbedtls_asn1_get_alg_null( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg ) -{ +int mbedtls_asn1_get_alg_null(unsigned char **p, + const unsigned char *end, + mbedtls_asn1_buf *alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf params; - memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) ); + memset(¶ms, 0, sizeof(mbedtls_asn1_buf)); - if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_alg(p, end, alg, ¶ms)) != 0) + return (ret); - if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 ) - return( MBEDTLS_ERR_ASN1_INVALID_DATA ); + if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) + return (MBEDTLS_ERR_ASN1_INVALID_DATA); - return( 0 ); + return (0); } -void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) -{ - if( cur == NULL ) +void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur) { + if (cur == NULL) return; - mbedtls_free( cur->oid.p ); - mbedtls_free( cur->val.p ); + mbedtls_free(cur->oid.p); + mbedtls_free(cur->val.p); - mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); + mbedtls_platform_zeroize(cur, sizeof(mbedtls_asn1_named_data)); } -void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) -{ +void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head) { mbedtls_asn1_named_data *cur; - while( ( cur = *head ) != NULL ) - { + while ((cur = *head) != NULL) { *head = cur->next; - mbedtls_asn1_free_named_data( cur ); - mbedtls_free( cur ); + mbedtls_asn1_free_named_data(cur); + mbedtls_free(cur); } } -mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, - const char *oid, size_t len ) -{ - while( list != NULL ) - { - if( list->oid.len == len && - memcmp( list->oid.p, oid, len ) == 0 ) - { +mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list, + const char *oid, size_t len) { + while (list != NULL) { + if (list->oid.len == len && + memcmp(list->oid.p, oid, len) == 0) { break; } list = list->next; } - return( list ); + return (list); } #endif /* MBEDTLS_ASN1_PARSE_C */ diff --git a/common/mbedtls/asn1write.c b/common/mbedtls/asn1write.c index deb1a2ff6..6c2d26685 100644 --- a/common/mbedtls/asn1write.c +++ b/common/mbedtls/asn1write.c @@ -34,447 +34,406 @@ #define mbedtls_free free #endif -int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len ) -{ - if( len < 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); +int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len) { + if (len < 0x80) { + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = (unsigned char) len; - return( 1 ); + return (1); } - if( len <= 0xFF ) - { - if( *p - start < 2 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len <= 0xFF) { + if (*p - start < 2) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = (unsigned char) len; *--(*p) = 0x81; - return( 2 ); + return (2); } - if( len <= 0xFFFF ) - { - if( *p - start < 3 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len <= 0xFFFF) { + if (*p - start < 3) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - *--(*p) = ( len ) & 0xFF; - *--(*p) = ( len >> 8 ) & 0xFF; + *--(*p) = (len) & 0xFF; + *--(*p) = (len >> 8) & 0xFF; *--(*p) = 0x82; - return( 3 ); + return (3); } - if( len <= 0xFFFFFF ) - { - if( *p - start < 4 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (len <= 0xFFFFFF) { + if (*p - start < 4) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - *--(*p) = ( len ) & 0xFF; - *--(*p) = ( len >> 8 ) & 0xFF; - *--(*p) = ( len >> 16 ) & 0xFF; + *--(*p) = (len) & 0xFF; + *--(*p) = (len >> 8) & 0xFF; + *--(*p) = (len >> 16) & 0xFF; *--(*p) = 0x83; - return( 4 ); + return (4); } #if SIZE_MAX > 0xFFFFFFFF - if( len <= 0xFFFFFFFF ) + if (len <= 0xFFFFFFFF) #endif { - if( *p - start < 5 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p - start < 5) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); - *--(*p) = ( len ) & 0xFF; - *--(*p) = ( len >> 8 ) & 0xFF; - *--(*p) = ( len >> 16 ) & 0xFF; - *--(*p) = ( len >> 24 ) & 0xFF; + *--(*p) = (len) & 0xFF; + *--(*p) = (len >> 8) & 0xFF; + *--(*p) = (len >> 16) & 0xFF; + *--(*p) = (len >> 24) & 0xFF; *--(*p) = 0x84; - return( 5 ); + return (5); } #if SIZE_MAX > 0xFFFFFFFF - return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + return (MBEDTLS_ERR_ASN1_INVALID_LENGTH); #endif } -int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag ) -{ - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); +int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag) { + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = tag; - return( 1 ); + return (1); } -int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ) -{ +int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size) { size_t len = 0; - if( *p < start || (size_t)( *p - start ) < size ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t)(*p - start) < size) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); len = size; (*p) -= len; - memcpy( *p, buf, len ); + memcpy(*p, buf, len); - return( (int) len ); + return ((int) len); } #if defined(MBEDTLS_BIGNUM_C) -int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X ) -{ +int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, const mbedtls_mpi *X) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; // Write the MPI // - len = mbedtls_mpi_size( X ); + len = mbedtls_mpi_size(X); - if( *p < start || (size_t)( *p - start ) < len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t)(*p - start) < len) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); (*p) -= len; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len)); // DER format assumes 2s complement for numbers, so the leftmost bit // should be 0 for positive numbers and 1 for negative numbers. // - if( X->s ==1 && **p & 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (X->s == 1 && **p & 0x80) { + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER)); ret = (int) len; cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_BIGNUM_C */ -int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ) -{ +int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; // Write NULL // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL)); - return( (int) len ); + return ((int) len); } -int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len ) -{ +int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) oid, oid_len ) ); - MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) oid, oid_len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - return( (int) len ); + return ((int) len); } -int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - size_t par_len ) -{ +int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + size_t par_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( par_len == 0 ) - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) ); + if (par_len == 0) + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start)); else len += par_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return ((int) len); } -int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) -{ +int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = (boolean) ? 255 : 0; len++; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN)); - return( (int) len ); + return ((int) len); } -static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag ) -{ +static int asn1_write_tagged_int(unsigned char **p, unsigned char *start, int val, int tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - do - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + do { + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); len += 1; *--(*p) = val & 0xff; val >>= 8; - } - while( val > 0 ); + } while (val > 0); - if( **p & 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (**p & 0x80) { + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - return( (int) len ); + return ((int) len); } -int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ) -{ - return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) ); +int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val) { + return (asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER)); } -int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ) -{ - return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) ); +int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val) { + return (asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED)); } -int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, - const char *text, size_t text_len ) -{ +int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag, + const char *text, size_t text_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) text, text_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) text, text_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - return( (int) len ); + return ((int) len); } -int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ) -{ - return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) ); +int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len) { + return (mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len)); } -int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ) -{ - return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) ); +int mbedtls_asn1_write_printable_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len) { + return (mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len)); } -int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ) -{ - return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) ); +int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len) { + return (mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len)); } -int mbedtls_asn1_write_named_bitstring( unsigned char **p, - unsigned char *start, - const unsigned char *buf, - size_t bits ) -{ +int mbedtls_asn1_write_named_bitstring(unsigned char **p, + unsigned char *start, + const unsigned char *buf, + size_t bits) { size_t unused_bits, byte_len; const unsigned char *cur_byte; unsigned char cur_byte_shifted; unsigned char bit; - byte_len = ( bits + 7 ) / 8; - unused_bits = ( byte_len * 8 ) - bits; + byte_len = (bits + 7) / 8; + unused_bits = (byte_len * 8) - bits; /* * Named bitstrings require that trailing 0s are excluded in the encoding * of the bitstring. Trailing 0s are considered part of the 'unused' bits * when encoding this value in the first content octet */ - if( bits != 0 ) - { + if (bits != 0) { cur_byte = buf + byte_len - 1; cur_byte_shifted = *cur_byte >> unused_bits; - for( ; ; ) - { + for (; ;) { bit = cur_byte_shifted & 0x1; cur_byte_shifted >>= 1; - if( bit != 0 ) + if (bit != 0) break; bits--; - if( bits == 0 ) + if (bits == 0) break; - if( bits % 8 == 0 ) + if (bits % 8 == 0) cur_byte_shifted = *--cur_byte; } } - return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) ); + return (mbedtls_asn1_write_bitstring(p, start, buf, bits)); } -int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t bits ) -{ +int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t bits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; size_t unused_bits, byte_len; - byte_len = ( bits + 7 ) / 8; - unused_bits = ( byte_len * 8 ) - bits; + byte_len = (bits + 7) / 8; + unused_bits = (byte_len * 8) - bits; - if( *p < start || (size_t)( *p - start ) < byte_len + 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t)(*p - start) < byte_len + 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); len = byte_len + 1; /* Write the bitstring. Ensure the unused bits are zeroed */ - if( byte_len > 0 ) - { + if (byte_len > 0) { byte_len--; - *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 ); - ( *p ) -= byte_len; - memcpy( *p, buf, byte_len ); + *--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1); + (*p) -= byte_len; + memcpy(*p, buf, byte_len); } /* Write unused bits */ - *--( *p ) = (unsigned char)unused_bits; + *--(*p) = (unsigned char)unused_bits; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); - return( (int) len ); + return ((int) len); } -int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ) -{ +int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - return( (int) len ); + return ((int) len); } /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ static mbedtls_asn1_named_data *asn1_find_named_data( - mbedtls_asn1_named_data *list, - const char *oid, size_t len ) -{ - while( list != NULL ) - { - if( list->oid.len == len && - memcmp( list->oid.p, oid, len ) == 0 ) - { + mbedtls_asn1_named_data *list, + const char *oid, size_t len) { + while (list != NULL) { + if (list->oid.len == len && + memcmp(list->oid.p, oid, len) == 0) { break; } list = list->next; } - return( list ); + return (list); } mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( - mbedtls_asn1_named_data **head, - const char *oid, size_t oid_len, - const unsigned char *val, - size_t val_len ) -{ + mbedtls_asn1_named_data **head, + const char *oid, size_t oid_len, + const unsigned char *val, + size_t val_len) { mbedtls_asn1_named_data *cur; - if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) - { + if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) { // Add new entry if not present yet based on OID // - cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, - sizeof(mbedtls_asn1_named_data) ); - if( cur == NULL ) - return( NULL ); + cur = (mbedtls_asn1_named_data *)mbedtls_calloc(1, + sizeof(mbedtls_asn1_named_data)); + if (cur == NULL) + return (NULL); cur->oid.len = oid_len; - cur->oid.p = mbedtls_calloc( 1, oid_len ); - if( cur->oid.p == NULL ) - { - mbedtls_free( cur ); - return( NULL ); + cur->oid.p = mbedtls_calloc(1, oid_len); + if (cur->oid.p == NULL) { + mbedtls_free(cur); + return (NULL); } - memcpy( cur->oid.p, oid, oid_len ); + memcpy(cur->oid.p, oid, oid_len); cur->val.len = val_len; - if( val_len != 0 ) - { - cur->val.p = mbedtls_calloc( 1, val_len ); - if( cur->val.p == NULL ) - { - mbedtls_free( cur->oid.p ); - mbedtls_free( cur ); - return( NULL ); + if (val_len != 0) { + cur->val.p = mbedtls_calloc(1, val_len); + if (cur->val.p == NULL) { + mbedtls_free(cur->oid.p); + mbedtls_free(cur); + return (NULL); } } cur->next = *head; *head = cur; - } - else if( val_len == 0 ) - { - mbedtls_free( cur->val.p ); + } else if (val_len == 0) { + mbedtls_free(cur->val.p); cur->val.p = NULL; - } - else if( cur->val.len != val_len ) - { + } else if (cur->val.len != val_len) { /* * Enlarge existing value buffer if needed * Preserve old data until the allocation succeeded, to leave list in * a consistent state in case allocation fails. */ - void *p = mbedtls_calloc( 1, val_len ); - if( p == NULL ) - return( NULL ); + void *p = mbedtls_calloc(1, val_len); + if (p == NULL) + return (NULL); - mbedtls_free( cur->val.p ); + mbedtls_free(cur->val.p); cur->val.p = p; cur->val.len = val_len; } - if( val != NULL ) - memcpy( cur->val.p, val, val_len ); + if (val != NULL) + memcpy(cur->val.p, val, val_len); - return( cur ); + return (cur); } #endif /* MBEDTLS_ASN1_WRITE_C */ diff --git a/common/mbedtls/asn1write.h b/common/mbedtls/asn1write.h index 44afae0e5..6a4ccff6f 100644 --- a/common/mbedtls/asn1write.h +++ b/common/mbedtls/asn1write.h @@ -55,8 +55,8 @@ extern "C" { * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, - size_t len ); +int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, + size_t len); /** * \brief Write an ASN.1 tag in ASN.1 format. * @@ -69,8 +69,8 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, - unsigned char tag ); +int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, + unsigned char tag); /** * \brief Write raw buffer data. @@ -85,8 +85,8 @@ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ); +int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size); #if defined(MBEDTLS_BIGNUM_C) /** @@ -103,8 +103,8 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, - const mbedtls_mpi *X ); +int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, + const mbedtls_mpi *X); #endif /* MBEDTLS_BIGNUM_C */ /** @@ -119,7 +119,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ); +int mbedtls_asn1_write_null(unsigned char **p, unsigned char *start); /** * \brief Write an OID tag (#MBEDTLS_ASN1_OID) and data @@ -135,8 +135,8 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ); * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len ); +int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len); /** * \brief Write an AlgorithmIdentifier sequence in ASN.1 format. @@ -153,10 +153,10 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, - unsigned char *start, - const char *oid, size_t oid_len, - size_t par_len ); +int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, + unsigned char *start, + const char *oid, size_t oid_len, + size_t par_len); /** * \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value @@ -171,8 +171,8 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, - int boolean ); +int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, + int boolean); /** * \brief Write an int tag (#MBEDTLS_ASN1_INTEGER) and value @@ -188,7 +188,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); +int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val); /** * \brief Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value @@ -203,7 +203,7 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val ); * \return The number of bytes written to \p p on success. * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ); +int mbedtls_asn1_write_enum(unsigned char **p, unsigned char *start, int val); /** * \brief Write a string in ASN.1 format using a specific @@ -222,9 +222,9 @@ int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ); * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, - int tag, const char *text, - size_t text_len ); +int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, + int tag, const char *text, + size_t text_len); /** * \brief Write a string in ASN.1 format using the PrintableString @@ -241,9 +241,9 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_printable_string( unsigned char **p, - unsigned char *start, - const char *text, size_t text_len ); +int mbedtls_asn1_write_printable_string(unsigned char **p, + unsigned char *start, + const char *text, size_t text_len); /** * \brief Write a UTF8 string in ASN.1 format using the UTF8String @@ -260,8 +260,8 @@ int mbedtls_asn1_write_printable_string( unsigned char **p, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); +int mbedtls_asn1_write_utf8_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len); /** * \brief Write a string in ASN.1 format using the IA5String @@ -278,8 +278,8 @@ int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, - const char *text, size_t text_len ); +int mbedtls_asn1_write_ia5_string(unsigned char **p, unsigned char *start, + const char *text, size_t text_len); /** * \brief Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and @@ -295,8 +295,8 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t bits ); +int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t bits); /** * \brief This function writes a named bitstring tag @@ -315,10 +315,10 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_named_bitstring( unsigned char **p, - unsigned char *start, - const unsigned char *buf, - size_t bits ); +int mbedtls_asn1_write_named_bitstring(unsigned char **p, + unsigned char *start, + const unsigned char *buf, + size_t bits); /** * \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING) @@ -334,8 +334,8 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p, * \return The number of bytes written to \p p on success. * \return A negative error code on failure. */ -int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, - const unsigned char *buf, size_t size ); +int mbedtls_asn1_write_octet_string(unsigned char **p, unsigned char *start, + const unsigned char *buf, size_t size); /** * \brief Create or find a specific named_data entry for writing in a @@ -358,10 +358,10 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, * \return A pointer to the new / existing entry on success. * \return \c NULL if if there was a memory allocation error. */ -mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list, - const char *oid, size_t oid_len, - const unsigned char *val, - size_t val_len ); +mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list, + const char *oid, size_t oid_len, + const unsigned char *val, + size_t val_len); #ifdef __cplusplus } diff --git a/common/mbedtls/base64.c b/common/mbedtls/base64.c index 1a05226ef..6f2834628 100644 --- a/common/mbedtls/base64.c +++ b/common/mbedtls/base64.c @@ -35,8 +35,7 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -static const unsigned char base64_enc_map[64] = -{ +static const unsigned char base64_enc_map[64] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', @@ -46,21 +45,20 @@ static const unsigned char base64_enc_map[64] = '8', '9', '+', '/' }; -static const unsigned char base64_dec_map[128] = -{ +static const unsigned char base64_dec_map[128] = { 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 127, 62, 127, 127, 127, 63, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 127, 127, + 54, 55, 56, 57, 58, 59, 60, 61, 127, 127, 127, 64, 127, 127, 127, 0, 1, 2, 3, 4, - 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, - 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, - 25, 127, 127, 127, 127, 127, 127, 26, 27, 28, - 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 127, 127, 127, 127, 127 + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 127, 127, 127, 127, 127, 127, 26, 27, 28, + 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, + 49, 50, 51, 127, 127, 127, 127, 127 }; #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ @@ -68,9 +66,8 @@ static const unsigned char base64_dec_map[128] = /* * Constant flow conditional assignment to unsigned char */ -static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src, - unsigned char condition ) -{ +static void mbedtls_base64_cond_assign_uchar(unsigned char *dest, const unsigned char *const src, + unsigned char condition) { /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ #if defined(_MSC_VER) @@ -79,7 +76,7 @@ static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsign #endif /* Generate bitmask from condition, mask will either be 0xFF or 0 */ - unsigned char mask = ( condition | -condition ); + unsigned char mask = (condition | -condition); mask >>= 7; mask = -mask; @@ -87,15 +84,14 @@ static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsign #pragma warning( pop ) #endif - *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask ); + *dest = ((*src) & mask) | ((*dest) & ~mask); } /* * Constant flow conditional assignment to uint_32 */ -static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src, - uint32_t condition ) -{ +static void mbedtls_base64_cond_assign_uint32(uint32_t *dest, const uint32_t src, + uint32_t condition) { /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ #if defined(_MSC_VER) @@ -104,7 +100,7 @@ static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t s #endif /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */ - uint32_t mask = ( condition | -condition ); + uint32_t mask = (condition | -condition); mask >>= 31; mask = -mask; @@ -112,14 +108,13 @@ static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t s #pragma warning( pop ) #endif - *dest = ( src & mask ) | ( ( *dest ) & ~mask ); + *dest = (src & mask) | ((*dest) & ~mask); } /* * Constant flow check for equality */ -static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) -{ +static unsigned char mbedtls_base64_eq(size_t in_a, size_t in_b) { size_t difference = in_a ^ in_b; /* MSVC has a warning about unary minus on unsigned integer types, @@ -136,23 +131,21 @@ static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) #endif /* cope with the varying size of size_t per platform */ - difference >>= ( sizeof( difference ) * 8 - 1 ); + difference >>= (sizeof(difference) * 8 - 1); - return (unsigned char) ( 1 ^ difference ); + return (unsigned char)(1 ^ difference); } /* * Constant flow lookup into table. */ -static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table, - const size_t table_size, const size_t table_index ) -{ +static unsigned char mbedtls_base64_table_lookup(const unsigned char *const table, + const size_t table_size, const size_t table_index) { size_t i; unsigned char result = 0; - for( i = 0; i < table_size; ++i ) - { - mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) ); + for (i = 0; i < table_size; ++i) { + mbedtls_base64_cond_assign_uchar(&result, &table[i], mbedtls_base64_eq(i, table_index)); } return result; @@ -161,70 +154,64 @@ static unsigned char mbedtls_base64_table_lookup( const unsigned char * const ta /* * Encode a buffer into base64 format */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ) -{ +int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen) { size_t i, n; int C1, C2, C3; unsigned char *p; - if( slen == 0 ) - { + if (slen == 0) { *olen = 0; - return( 0 ); + return (0); } - n = slen / 3 + ( slen % 3 != 0 ); + n = slen / 3 + (slen % 3 != 0); - if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 ) - { + if (n > (BASE64_SIZE_T_MAX - 1) / 4) { *olen = BASE64_SIZE_T_MAX; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); } n *= 4; - if( ( dlen < n + 1 ) || ( NULL == dst ) ) - { + if ((dlen < n + 1) || (NULL == dst)) { *olen = n + 1; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); } - n = ( slen / 3 ) * 3; + n = (slen / 3) * 3; - for( i = 0, p = dst; i < n; i += 3 ) - { + for (i = 0, p = dst; i < n; i += 3) { C1 = *src++; C2 = *src++; C3 = *src++; - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( C1 >> 2 ) & 0x3F ) ); + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + ((C1 >> 2) & 0x3F)); - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) ); + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + ((((C1 & 3) << 4) + (C2 >> 4)) & 0x3F)); - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) ); + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + ((((C2 & 15) << 2) + (C3 >> 6)) & 0x3F)); - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( C3 & 0x3F ) ); + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + (C3 & 0x3F)); } - if( i < slen ) - { + if (i < slen) { C1 = *src++; - C2 = ( ( i + 1 ) < slen ) ? *src++ : 0; + C2 = ((i + 1) < slen) ? *src++ : 0; - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( C1 >> 2 ) & 0x3F ) ); + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + ((C1 >> 2) & 0x3F)); - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) ); + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + ((((C1 & 3) << 4) + (C2 >> 4)) & 0x3F)); - if( ( i + 1 ) < slen ) - *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), - ( ( ( C2 & 15 ) << 2 ) & 0x3F ) ); + if ((i + 1) < slen) + *p++ = mbedtls_base64_table_lookup(base64_enc_map, sizeof(base64_enc_map), + (((C2 & 15) << 2) & 0x3F)); else *p++ = '='; *p++ = '='; @@ -233,107 +220,99 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, *olen = p - dst; *p = 0; - return( 0 ); + return (0); } /* * Decode a base64-formatted buffer */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ) -{ +int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen) { size_t i, n; uint32_t j, x; unsigned char *p; unsigned char dec_map_lookup; /* First pass: check for validity and get output length */ - for( i = n = j = 0; i < slen; i++ ) - { + for (i = n = j = 0; i < slen; i++) { /* Skip spaces before checking for EOL */ x = 0; - while( i < slen && src[i] == ' ' ) - { + while (i < slen && src[i] == ' ') { ++i; ++x; } /* Spaces at end of buffer are OK */ - if( i == slen ) + if (i == slen) break; - if( ( slen - i ) >= 2 && - src[i] == '\r' && src[i + 1] == '\n' ) + if ((slen - i) >= 2 && + src[i] == '\r' && src[i + 1] == '\n') continue; - if( src[i] == '\n' ) + if (src[i] == '\n') continue; /* Space inside a line is an error */ - if( x != 0 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if (x != 0) + return (MBEDTLS_ERR_BASE64_INVALID_CHARACTER); - if( src[i] == '=' && ++j > 2 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if (src[i] == '=' && ++j > 2) + return (MBEDTLS_ERR_BASE64_INVALID_CHARACTER); - dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] ); + dec_map_lookup = mbedtls_base64_table_lookup(base64_dec_map, sizeof(base64_dec_map), src[i]); - if( src[i] > 127 || dec_map_lookup == 127 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if (src[i] > 127 || dec_map_lookup == 127) + return (MBEDTLS_ERR_BASE64_INVALID_CHARACTER); - if( dec_map_lookup < 64 && j != 0 ) - return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); + if (dec_map_lookup < 64 && j != 0) + return (MBEDTLS_ERR_BASE64_INVALID_CHARACTER); n++; } - if( n == 0 ) - { + if (n == 0) { *olen = 0; - return( 0 ); + return (0); } /* The following expression is to calculate the following formula without * risk of integer overflow in n: * n = ( ( n * 6 ) + 7 ) >> 3; */ - n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); + n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3); n -= j; - if( dst == NULL || dlen < n ) - { + if (dst == NULL || dlen < n) { *olen = n; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); } - for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ ) - { - if( *src == '\r' || *src == '\n' || *src == ' ' ) + for (j = 3, n = x = 0, p = dst; i > 0; i--, src++) { + if (*src == '\r' || *src == '\n' || *src == ' ') continue; - dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src ); + dec_map_lookup = mbedtls_base64_table_lookup(base64_dec_map, sizeof(base64_dec_map), *src); - mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) ); - x = ( x << 6 ) | ( dec_map_lookup & 0x3F ); + mbedtls_base64_cond_assign_uint32(&j, j - 1, mbedtls_base64_eq(dec_map_lookup, 64)); + x = (x << 6) | (dec_map_lookup & 0x3F); - if( ++n == 4 ) - { + if (++n == 4) { n = 0; - if( j > 0 ) *p++ = (unsigned char)( x >> 16 ); - if( j > 1 ) *p++ = (unsigned char)( x >> 8 ); - if( j > 2 ) *p++ = (unsigned char)( x ); + if (j > 0) *p++ = (unsigned char)(x >> 16); + if (j > 1) *p++ = (unsigned char)(x >> 8); + if (j > 2) *p++ = (unsigned char)(x); } } *olen = p - dst; - return( 0 ); + return (0); } #if defined(MBEDTLS_SELF_TEST) -static const unsigned char base64_test_dec[64] = -{ +static const unsigned char base64_test_dec[64] = { 0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD, 0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01, 0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09, @@ -351,44 +330,41 @@ static const unsigned char base64_test_enc[] = /* * Checkup routine */ -int mbedtls_base64_self_test( int verbose ) -{ +int mbedtls_base64_self_test(int verbose) { size_t len; const unsigned char *src; unsigned char buffer[128]; - if( verbose != 0 ) - mbedtls_printf( " Base64 encoding test: " ); + if (verbose != 0) + mbedtls_printf(" Base64 encoding test: "); src = base64_test_dec; - if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 || - memcmp( base64_test_enc, buffer, 88 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 || + memcmp(base64_test_enc, buffer, 88) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } - if( verbose != 0 ) - mbedtls_printf( "passed\n Base64 decoding test: " ); + if (verbose != 0) + mbedtls_printf("passed\n Base64 decoding test: "); src = base64_test_enc; - if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 || - memcmp( base64_test_dec, buffer, 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 || + memcmp(base64_test_dec, buffer, 64) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } - if( verbose != 0 ) - mbedtls_printf( "passed\n\n" ); + if (verbose != 0) + mbedtls_printf("passed\n\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/base64.h b/common/mbedtls/base64.h index 7e73a8bd1..8940d73ca 100644 --- a/common/mbedtls/base64.h +++ b/common/mbedtls/base64.h @@ -56,8 +56,8 @@ extern "C" { * \note Call this function with dlen = 0 to obtain the * required buffer size in *olen */ -int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); +int mbedtls_base64_encode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen); /** * \brief Decode a base64-formatted buffer @@ -76,8 +76,8 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, * \note Call this function with *dst = NULL or dlen = 0 to obtain * the required buffer size in *olen */ -int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, - const unsigned char *src, size_t slen ); +int mbedtls_base64_decode(unsigned char *dst, size_t dlen, size_t *olen, + const unsigned char *src, size_t slen); #if defined(MBEDTLS_SELF_TEST) /** @@ -85,7 +85,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_base64_self_test( int verbose ); +int mbedtls_base64_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/bignum.c b/common/mbedtls/bignum.c index e74a1ade0..7c0daebd3 100644 --- a/common/mbedtls/bignum.c +++ b/common/mbedtls/bignum.c @@ -73,17 +73,15 @@ #define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) /* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) -{ - mbedtls_platform_zeroize( v, ciL * n ); +static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n) { + mbedtls_platform_zeroize(v, ciL * n); } /* * Initialize one MPI */ -void mbedtls_mpi_init( mbedtls_mpi *X ) -{ - MPI_VALIDATE( X != NULL ); +void mbedtls_mpi_init(mbedtls_mpi *X) { + MPI_VALIDATE(X != NULL); X->s = 1; X->n = 0; @@ -93,15 +91,13 @@ void mbedtls_mpi_init( mbedtls_mpi *X ) /* * Unallocate one MPI */ -void mbedtls_mpi_free( mbedtls_mpi *X ) -{ - if( X == NULL ) +void mbedtls_mpi_free(mbedtls_mpi *X) { + if (X == NULL) return; - if( X->p != NULL ) - { - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + if (X->p != NULL) { + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } X->s = 1; @@ -112,129 +108,118 @@ void mbedtls_mpi_free( mbedtls_mpi *X ) /* * Enlarge to the specified number of limbs */ -int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) -{ +int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) + return (MBEDTLS_ERR_MPI_ALLOC_FAILED); - if( X->n < nblimbs ) - { - if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if (X->n < nblimbs) { + if ((p = (mbedtls_mpi_uint *)mbedtls_calloc(nblimbs, ciL)) == NULL) + return (MBEDTLS_ERR_MPI_ALLOC_FAILED); - if( X->p != NULL ) - { - memcpy( p, X->p, X->n * ciL ); - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + if (X->p != NULL) { + memcpy(p, X->p, X->n * ciL); + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } X->n = nblimbs; X->p = p; } - return( 0 ); + return (0); } /* * Resize down as much as possible, * while keeping at least the specified number of limbs */ -int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) -{ +int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; size_t i; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) + return (MBEDTLS_ERR_MPI_ALLOC_FAILED); /* Actually resize up if there are currently fewer than nblimbs limbs. */ - if( X->n <= nblimbs ) - return( mbedtls_mpi_grow( X, nblimbs ) ); + if (X->n <= nblimbs) + return (mbedtls_mpi_grow(X, nblimbs)); /* After this point, then X->n > nblimbs and in particular X->n > 0. */ - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) + for (i = X->n - 1; i > 0; i--) + if (X->p[i] != 0) break; i++; - if( i < nblimbs ) + if (i < nblimbs) i = nblimbs; - if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + if ((p = (mbedtls_mpi_uint *)mbedtls_calloc(i, ciL)) == NULL) + return (MBEDTLS_ERR_MPI_ALLOC_FAILED); - if( X->p != NULL ) - { - memcpy( p, X->p, i * ciL ); - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + if (X->p != NULL) { + memcpy(p, X->p, i * ciL); + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } X->n = i; X->p = p; - return( 0 ); + return (0); } /* * Copy the contents of Y into X */ -int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) -{ +int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y) { int ret = 0; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - if( X == Y ) - return( 0 ); + if (X == Y) + return (0); - if( Y->n == 0 ) - { - mbedtls_mpi_free( X ); - return( 0 ); + if (Y->n == 0) { + mbedtls_mpi_free(X); + return (0); } - for( i = Y->n - 1; i > 0; i-- ) - if( Y->p[i] != 0 ) + for (i = Y->n - 1; i > 0; i--) + if (Y->p[i] != 0) break; i++; X->s = Y->s; - if( X->n < i ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); - } - else - { - memset( X->p + i, 0, ( X->n - i ) * ciL ); + if (X->n < i) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i)); + } else { + memset(X->p + i, 0, (X->n - i) * ciL); } - memcpy( X->p, Y->p, i * ciL ); + memcpy(X->p, Y->p, i * ciL); cleanup: - return( ret ); + return (ret); } /* * Swap the contents of X and Y */ -void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) -{ +void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y) { mbedtls_mpi T; - MPI_VALIDATE( X != NULL ); - MPI_VALIDATE( Y != NULL ); + MPI_VALIDATE(X != NULL); + MPI_VALIDATE(Y != NULL); - memcpy( &T, X, sizeof( mbedtls_mpi ) ); - memcpy( X, Y, sizeof( mbedtls_mpi ) ); - memcpy( Y, &T, sizeof( mbedtls_mpi ) ); + memcpy(&T, X, sizeof(mbedtls_mpi)); + memcpy(X, Y, sizeof(mbedtls_mpi)); + memcpy(Y, &T, sizeof(mbedtls_mpi)); } /* @@ -243,14 +228,13 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) * dest and src must be arrays of limbs of size n. * assign must be 0 or 1. */ -static void mpi_safe_cond_assign( size_t n, - mbedtls_mpi_uint *dest, - const mbedtls_mpi_uint *src, - unsigned char assign ) -{ +static void mpi_safe_cond_assign(size_t n, + mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *src, + unsigned char assign) { size_t i; - for( i = 0; i < n; i++ ) - dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign; + for (i = 0; i < n; i++) + dest[i] = dest[i] * (1 - assign) + src[i] * assign; } /* @@ -258,27 +242,26 @@ static void mpi_safe_cond_assign( size_t n, * about whether the assignment was made or not. * (Leaking information about the respective sizes of X and Y is ok however.) */ -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ) -{ +int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign) { int ret = 0; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); /* make sure assign is 0 or 1 in a time-constant manner */ - assign = (assign | (unsigned char)-assign) >> 7; + assign = (assign | (unsigned char) - assign) >> 7; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); - X->s = X->s * ( 1 - assign ) + Y->s * assign; + X->s = X->s * (1 - assign) + Y->s * assign; - mpi_safe_cond_assign( Y->n, X->p, Y->p, assign ); + mpi_safe_cond_assign(Y->n, X->p, Y->p, assign); - for( i = Y->n; i < X->n; i++ ) - X->p[i] *= ( 1 - assign ); + for (i = Y->n; i < X->n; i++) + X->p[i] *= (1 - assign); cleanup: - return( ret ); + return (ret); } /* @@ -287,69 +270,65 @@ cleanup: * Here it is not ok to simply swap the pointers, which whould lead to * different memory access patterns when X and Y are used afterwards. */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap ) -{ +int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap) { int ret, s; size_t i; mbedtls_mpi_uint tmp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - if( X == Y ) - return( 0 ); + if (X == Y) + return (0); /* make sure swap is 0 or 1 in a time-constant manner */ - swap = (swap | (unsigned char)-swap) >> 7; + swap = (swap | (unsigned char) - swap) >> 7; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); s = X->s; - X->s = X->s * ( 1 - swap ) + Y->s * swap; - Y->s = Y->s * ( 1 - swap ) + s * swap; + X->s = X->s * (1 - swap) + Y->s * swap; + Y->s = Y->s * (1 - swap) + s * swap; - for( i = 0; i < X->n; i++ ) - { + for (i = 0; i < X->n; i++) { tmp = X->p[i]; - X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap; - Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap; + X->p[i] = X->p[i] * (1 - swap) + Y->p[i] * swap; + Y->p[i] = Y->p[i] * (1 - swap) + tmp * swap; } cleanup: - return( ret ); + return (ret); } /* * Set value from integer */ -int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) -{ +int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); - memset( X->p, 0, X->n * ciL ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); + memset(X->p, 0, X->n * ciL); - X->p[0] = ( z < 0 ) ? -z : z; - X->s = ( z < 0 ) ? -1 : 1; + X->p[0] = (z < 0) ? -z : z; + X->s = (z < 0) ? -1 : 1; cleanup: - return( ret ); + return (ret); } /* * Get a specific bit */ -int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) -{ - MPI_VALIDATE_RET( X != NULL ); +int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos) { + MPI_VALIDATE_RET(X != NULL); - if( X->n * biL <= pos ) - return( 0 ); + if (X->n * biL <= pos) + return (0); - return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); + return ((X->p[pos / biL] >> (pos % biL)) & 0x01); } /* Get a specific byte, without range checks. */ @@ -359,59 +338,54 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) /* * Set a bit to a specific value of 0 or 1 */ -int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ) -{ +int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val) { int ret = 0; size_t off = pos / biL; size_t idx = pos % biL; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( val != 0 && val != 1 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (val != 0 && val != 1) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - if( X->n * biL <= pos ) - { - if( val == 0 ) - return( 0 ); + if (X->n * biL <= pos) { + if (val == 0) + return (0); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, off + 1)); } - X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx ); + X->p[off] &= ~((mbedtls_mpi_uint) 0x01 << idx); X->p[off] |= (mbedtls_mpi_uint) val << idx; cleanup: - return( ret ); + return (ret); } /* * Return the number of less significant zero-bits */ -size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) -{ +size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) { size_t i, j, count = 0; - MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0); - for( i = 0; i < X->n; i++ ) - for( j = 0; j < biL; j++, count++ ) - if( ( ( X->p[i] >> j ) & 1 ) != 0 ) - return( count ); + for (i = 0; i < X->n; i++) + for (j = 0; j < biL; j++, count++) + if (((X->p[i] >> j) & 1) != 0) + return (count); - return( 0 ); + return (0); } /* * Count leading zero bits in a given integer */ -static size_t mbedtls_clz( const mbedtls_mpi_uint x ) -{ +static size_t mbedtls_clz(const mbedtls_mpi_uint x) { size_t j; mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); - for( j = 0; j < biL; j++ ) - { - if( x & mask ) break; + for (j = 0; j < biL; j++) { + if (x & mask) break; mask >>= 1; } @@ -422,219 +396,196 @@ static size_t mbedtls_clz( const mbedtls_mpi_uint x ) /* * Return the number of bits */ -size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ) -{ +size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X) { size_t i, j; - if( X->n == 0 ) - return( 0 ); + if (X->n == 0) + return (0); - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) + for (i = X->n - 1; i > 0; i--) + if (X->p[i] != 0) break; - j = biL - mbedtls_clz( X->p[i] ); + j = biL - mbedtls_clz(X->p[i]); - return( ( i * biL ) + j ); + return ((i * biL) + j); } /* * Return the total size in bytes */ -size_t mbedtls_mpi_size( const mbedtls_mpi *X ) -{ - return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 ); +size_t mbedtls_mpi_size(const mbedtls_mpi *X) { + return ((mbedtls_mpi_bitlen(X) + 7) >> 3); } /* * Convert an ASCII character to digit value */ -static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c ) -{ +static int mpi_get_digit(mbedtls_mpi_uint *d, int radix, char c) { *d = 255; - if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30; - if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; - if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; + if (c >= 0x30 && c <= 0x39) *d = c - 0x30; + if (c >= 0x41 && c <= 0x46) *d = c - 0x37; + if (c >= 0x61 && c <= 0x66) *d = c - 0x57; - if( *d >= (mbedtls_mpi_uint) radix ) - return( MBEDTLS_ERR_MPI_INVALID_CHARACTER ); + if (*d >= (mbedtls_mpi_uint) radix) + return (MBEDTLS_ERR_MPI_INVALID_CHARACTER); - return( 0 ); + return (0); } /* * Import from an ASCII string */ -int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) -{ +int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j, slen, n; mbedtls_mpi_uint d; mbedtls_mpi T; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( s != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(s != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); - slen = strlen( s ); + slen = strlen(s); - if( radix == 16 ) - { - if( slen > MPI_SIZE_T_MAX >> 2 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix == 16) { + if (slen > MPI_SIZE_T_MAX >> 2) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - n = BITS_TO_LIMBS( slen << 2 ); + n = BITS_TO_LIMBS(slen << 2); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( i = slen, j = 0; i > 0; i--, j++ ) - { - if( i == 1 && s[i - 1] == '-' ) - { + for (i = slen, j = 0; i > 0; i--, j++) { + if (i == 1 && s[i - 1] == '-') { X->s = -1; break; } - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); - X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); + MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i - 1])); + X->p[j / (2 * ciL)] |= d << ((j % (2 * ciL)) << 2); } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( i = 0; i < slen; i++ ) - { - if( i == 0 && s[i] == '-' ) - { + for (i = 0; i < slen; i++) { + if (i == 0 && s[i] == '-') { X->s = -1; continue; } - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) ); + MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i])); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, radix)); - if( X->s == 1 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) ); + if (X->s == 1) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, d)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, &T, d)); } } } cleanup: - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - return( ret ); + return (ret); } /* * Helper to write the digits high-order first. */ -static int mpi_write_hlp( mbedtls_mpi *X, int radix, - char **p, const size_t buflen ) -{ +static int mpi_write_hlp(mbedtls_mpi *X, int radix, + char **p, const size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_uint r; size_t length = 0; char *p_end = *p + buflen; - do - { - if( length >= buflen ) - { - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + do { + if (length >= buflen) { + return (MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); } - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, radix)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_int(X, NULL, X, radix)); /* * Write the residue in the current position, as an ASCII character. */ - if( r < 0xA ) - *(--p_end) = (char)( '0' + r ); + if (r < 0xA) + *(--p_end) = (char)('0' + r); else - *(--p_end) = (char)( 'A' + ( r - 0xA ) ); + *(--p_end) = (char)('A' + (r - 0xA)); length++; - } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 ); + } while (mbedtls_mpi_cmp_int(X, 0) != 0); - memmove( *p, p_end, length ); + memmove(*p, p_end, length); *p += length; cleanup: - return( ret ); + return (ret); } /* * Export into an ASCII string */ -int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ) -{ +int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, + char *buf, size_t buflen, size_t *olen) { int ret = 0; size_t n; char *p; mbedtls_mpi T; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( olen != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(olen != NULL); + MPI_VALIDATE_RET(buflen == 0 || buf != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */ - if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present + n = mbedtls_mpi_bitlen(X); /* Number of bits necessary to present `n`. */ + if (radix >= 4) n >>= 1; /* Number of 4-adic digits necessary to present * `n`. If radix > 4, this might be a strict * overapproximation of the number of * radix-adic digits needed to present `n`. */ - if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to + if (radix >= 16) n >>= 1; /* Number of hexadecimal digits necessary to * present `n`. */ n += 1; /* Terminating null byte */ n += 1; /* Compensate for the divisions above, which round down `n` * in case it's not even. */ n += 1; /* Potential '-'-sign. */ - n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing, + n += (n & 1); /* Make n even to have enough space for hexadecimal writing, * which always uses an even number of hex-digits. */ - if( buflen < n ) - { + if (buflen < n) { *olen = n; - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); } p = buf; - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); - if( X->s == -1 ) - { + if (X->s == -1) { *p++ = '-'; buflen--; } - if( radix == 16 ) - { + if (radix == 16) { int c; size_t i, j, k; - for( i = X->n, k = 0; i > 0; i-- ) - { - for( j = ciL; j > 0; j-- ) - { - c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF; + for (i = X->n, k = 0; i > 0; i--) { + for (j = ciL; j > 0; j--) { + c = (X->p[i - 1] >> ((j - 1) << 3)) & 0xFF; - if( c == 0 && k == 0 && ( i + j ) != 2 ) + if (c == 0 && k == 0 && (i + j) != 2) continue; *(p++) = "0123456789ABCDEF" [c / 16]; @@ -642,15 +593,13 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, k = 1; } } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T, X)); - if( T.s == -1 ) + if (T.s == -1) T.s = 1; - MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) ); + MBEDTLS_MPI_CHK(mpi_write_hlp(&T, radix, &p, buflen)); } *p++ = '\0'; @@ -658,17 +607,16 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, cleanup: - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - return( ret ); + return (ret); } #if defined(MBEDTLS_FS_IO) /* * Read X from an opened file */ -int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) -{ +int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin) { mbedtls_mpi_uint d; size_t slen; char *p; @@ -678,36 +626,35 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) */ char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( fin != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(fin != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - memset( s, 0, sizeof( s ) ); - if( fgets( s, sizeof( s ) - 1, fin ) == NULL ) - return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); + memset(s, 0, sizeof(s)); + if (fgets(s, sizeof(s) - 1, fin) == NULL) + return (MBEDTLS_ERR_MPI_FILE_IO_ERROR); - slen = strlen( s ); - if( slen == sizeof( s ) - 2 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + slen = strlen(s); + if (slen == sizeof(s) - 2) + return (MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); - if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; } - if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; } + if (slen > 0 && s[slen - 1] == '\n') { slen--; s[slen] = '\0'; } + if (slen > 0 && s[slen - 1] == '\r') { slen--; s[slen] = '\0'; } p = s + slen; - while( p-- > s ) - if( mpi_get_digit( &d, radix, *p ) != 0 ) + while (p-- > s) + if (mpi_get_digit(&d, radix, *p) != 0) break; - return( mbedtls_mpi_read_string( X, radix, p + 1 ) ); + return (mbedtls_mpi_read_string(X, radix, p + 1)); } /* * Write X into an opened file (or stdout if fout == NULL) */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout ) -{ +int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE *fout) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n, slen, plen; /* @@ -715,34 +662,32 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE * newline characters and '\0' */ char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (radix < 2 || radix > 16) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - memset( s, 0, sizeof( s ) ); + memset(s, 0, sizeof(s)); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(X, radix, s, sizeof(s) - 2, &n)); - if( p == NULL ) p = ""; + if (p == NULL) p = ""; - plen = strlen( p ); - slen = strlen( s ); + plen = strlen(p); + slen = strlen(s); s[slen++] = '\r'; s[slen++] = '\n'; - if( fout != NULL ) - { - if( fwrite( p, 1, plen, fout ) != plen || - fwrite( s, 1, slen, fout ) != slen ) - return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); - } - else - mbedtls_printf( "%s%s", p, s ); + if (fout != NULL) { + if (fwrite(p, 1, plen, fout) != plen || + fwrite(s, 1, slen, fout) != slen) + return (MBEDTLS_ERR_MPI_FILE_IO_ERROR); + } else + mbedtls_printf("%s%s", p, s); cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ @@ -750,33 +695,30 @@ cleanup: /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint * into the storage form used by mbedtls_mpi. */ -static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x ) -{ +static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c(mbedtls_mpi_uint x) { uint8_t i; unsigned char *x_ptr; mbedtls_mpi_uint tmp = 0; - for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ ) - { + for (i = 0, x_ptr = (unsigned char *) &x; i < ciL; i++, x_ptr++) { tmp <<= CHAR_BIT; - tmp |= (mbedtls_mpi_uint) *x_ptr; + tmp |= (mbedtls_mpi_uint) * x_ptr; } - return( tmp ); + return (tmp); } -static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) -{ +static mbedtls_mpi_uint mpi_uint_bigendian_to_host(mbedtls_mpi_uint x) { #if defined(__BYTE_ORDER__) -/* Nothing to do on bigendian systems. */ + /* Nothing to do on bigendian systems. */ #if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ ) - return( x ); + return (x); #endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */ #if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ ) -/* For GCC and Clang, have builtins for byte swapping. */ + /* For GCC and Clang, have builtins for byte swapping. */ #if defined(__GNUC__) && defined(__GNUC_PREREQ) #if __GNUC_PREREQ(4,3) #define have_bswap @@ -792,12 +734,11 @@ static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) #if defined(have_bswap) /* The compiler is hopefully able to statically evaluate this! */ - switch( sizeof(mbedtls_mpi_uint) ) - { + switch (sizeof(mbedtls_mpi_uint)) { case 4: - return( __builtin_bswap32(x) ); + return (__builtin_bswap32(x)); case 8: - return( __builtin_bswap64(x) ); + return (__builtin_bswap64(x)); } #endif #endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */ @@ -805,14 +746,13 @@ static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x ) /* Fall back to C-based reordering if we don't know the byte order * or we couldn't use a compiler-specific builtin. */ - return( mpi_uint_bigendian_to_host_c( x ) ); + return (mpi_uint_bigendian_to_host_c(x)); } -static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) -{ +static void mpi_bigendian_to_host(mbedtls_mpi_uint *const p, size_t limbs) { mbedtls_mpi_uint *cur_limb_left; mbedtls_mpi_uint *cur_limb_right; - if( limbs == 0 ) + if (limbs == 0) return; /* @@ -824,15 +764,14 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) * than the right index (it's not a problem if limbs is odd and the * indices coincide in the last iteration). */ - for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 ); - cur_limb_left <= cur_limb_right; - cur_limb_left++, cur_limb_right-- ) - { + for (cur_limb_left = p, cur_limb_right = p + (limbs - 1); + cur_limb_left <= cur_limb_right; + cur_limb_left++, cur_limb_right--) { mbedtls_mpi_uint tmp; /* Note that if cur_limb_left == cur_limb_right, * this code effectively swaps the bytes only once. */ - tmp = mpi_uint_bigendian_to_host( *cur_limb_left ); - *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right ); + tmp = mpi_uint_bigendian_to_host(*cur_limb_left); + *cur_limb_left = mpi_uint_bigendian_to_host(*cur_limb_right); *cur_limb_right = tmp; } } @@ -840,24 +779,22 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) /* * Import X from unsigned binary data, little endian */ -int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, - const unsigned char *buf, size_t buflen ) -{ +int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, + const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; - size_t const limbs = CHARS_TO_LIMBS( buflen ); + size_t const limbs = CHARS_TO_LIMBS(buflen); /* Ensure that target MPI has exactly the necessary number of limbs */ - if( X->n != limbs ) - { - mbedtls_mpi_free( X ); - mbedtls_mpi_init( X ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + if (X->n != limbs) { + mbedtls_mpi_free(X); + mbedtls_mpi_init(X); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, limbs)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( i = 0; i < buflen; i++ ) + for (i = 0; i < buflen; i++) X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); cleanup: @@ -867,39 +804,36 @@ cleanup: * upon failure is not necessary because failure only can happen before any * input is copied. */ - return( ret ); + return (ret); } /* * Import X from unsigned binary data, big endian */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) -{ +int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t const overhead = ( limbs * ciL ) - buflen; + size_t const limbs = CHARS_TO_LIMBS(buflen); + size_t const overhead = (limbs * ciL) - buflen; unsigned char *Xp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(buflen == 0 || buf != NULL); /* Ensure that target MPI has exactly the necessary number of limbs */ - if( X->n != limbs ) - { - mbedtls_mpi_free( X ); - mbedtls_mpi_init( X ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + if (X->n != limbs) { + mbedtls_mpi_free(X); + mbedtls_mpi_init(X); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, limbs)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); /* Avoid calling `memcpy` with NULL source argument, * even if buflen is 0. */ - if( buf != NULL ) - { - Xp = (unsigned char*) X->p; - memcpy( Xp + overhead, buf, buflen ); + if (buf != NULL) { + Xp = (unsigned char *) X->p; + memcpy(Xp + overhead, buf, buflen); - mpi_bigendian_to_host( X->p, limbs ); + mpi_bigendian_to_host(X->p, limbs); } cleanup: @@ -909,66 +843,58 @@ cleanup: * upon failure is not necessary because failure only can happen before any * input is copied. */ - return( ret ); + return (ret); } /* * Export X into unsigned binary data, little endian */ -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ) -{ +int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, + unsigned char *buf, size_t buflen) { size_t stored_bytes = X->n * ciL; size_t bytes_to_copy; size_t i; - if( stored_bytes < buflen ) - { + if (stored_bytes < buflen) { bytes_to_copy = stored_bytes; - } - else - { + } else { bytes_to_copy = buflen; /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + for (i = bytes_to_copy; i < stored_bytes; i++) { + if (GET_BYTE(X, i) != 0) + return (MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); } } - for( i = 0; i < bytes_to_copy; i++ ) - buf[i] = GET_BYTE( X, i ); + for (i = 0; i < bytes_to_copy; i++) + buf[i] = GET_BYTE(X, i); - if( stored_bytes < buflen ) - { + if (stored_bytes < buflen) { /* Write trailing 0 bytes */ - memset( buf + stored_bytes, 0, buflen - stored_bytes ); + memset(buf + stored_bytes, 0, buflen - stored_bytes); } - return( 0 ); + return (0); } /* * Export X into unsigned binary data, big endian */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ) -{ +int mbedtls_mpi_write_binary(const mbedtls_mpi *X, + unsigned char *buf, size_t buflen) { size_t stored_bytes; size_t bytes_to_copy; unsigned char *p; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(buflen == 0 || buf != NULL); stored_bytes = X->n * ciL; - if( stored_bytes < buflen ) - { + if (stored_bytes < buflen) { /* There is enough space in the output buffer. Write initial * null bytes and record the position at which to start * writing the significant bytes. In this case, the execution @@ -976,66 +902,59 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, * number. */ bytes_to_copy = stored_bytes; p = buf + buflen - stored_bytes; - memset( buf, 0, buflen - stored_bytes ); - } - else - { + memset(buf, 0, buflen - stored_bytes); + } else { /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ bytes_to_copy = buflen; p = buf; - for( i = bytes_to_copy; i < stored_bytes; i++ ) - { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + for (i = bytes_to_copy; i < stored_bytes; i++) { + if (GET_BYTE(X, i) != 0) + return (MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); } } - for( i = 0; i < bytes_to_copy; i++ ) - p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); + for (i = 0; i < bytes_to_copy; i++) + p[bytes_to_copy - i - 1] = GET_BYTE(X, i); - return( 0 ); + return (0); } /* * Left-shift: X <<= count */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) -{ +int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, v0, t1; mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - v0 = count / (biL ); + v0 = count / (biL); t1 = count & (biL - 1); - i = mbedtls_mpi_bitlen( X ) + count; + i = mbedtls_mpi_bitlen(X) + count; - if( X->n * biL < i ) - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); + if (X->n * biL < i) + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, BITS_TO_LIMBS(i))); ret = 0; /* * shift by count / limb_size */ - if( v0 > 0 ) - { - for( i = X->n; i > v0; i-- ) + if (v0 > 0) { + for (i = X->n; i > v0; i--) X->p[i - 1] = X->p[i - v0 - 1]; - for( ; i > 0; i-- ) + for (; i > 0; i--) X->p[i - 1] = 0; } /* * shift by count % limb_size */ - if( t1 > 0 ) - { - for( i = v0; i < X->n; i++ ) - { + if (t1 > 0) { + for (i = v0; i < X->n; i++) { r1 = X->p[i] >> (biL - t1); X->p[i] <<= t1; X->p[i] |= r0; @@ -1045,43 +964,39 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) cleanup: - return( ret ); + return (ret); } /* * Right-shift: X >>= count */ -int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) -{ +int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count) { size_t i, v0, v1; mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); v0 = count / biL; v1 = count & (biL - 1); - if( v0 > X->n || ( v0 == X->n && v1 > 0 ) ) - return mbedtls_mpi_lset( X, 0 ); + if (v0 > X->n || (v0 == X->n && v1 > 0)) + return mbedtls_mpi_lset(X, 0); /* * shift by count / limb_size */ - if( v0 > 0 ) - { - for( i = 0; i < X->n - v0; i++ ) + if (v0 > 0) { + for (i = 0; i < X->n - v0; i++) X->p[i] = X->p[i + v0]; - for( ; i < X->n; i++ ) + for (; i < X->n; i++) X->p[i] = 0; } /* * shift by count % limb_size */ - if( v1 > 0 ) - { - for( i = X->n; i > 0; i-- ) - { + if (v1 > 0) { + for (i = X->n; i > 0; i--) { r1 = X->p[i - 1] << (biL - v1); X->p[i - 1] >>= v1; X->p[i - 1] |= r0; @@ -1089,74 +1004,70 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) } } - return( 0 ); + return (0); } /* * Compare unsigned values */ -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ) -{ +int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) + for (i = X->n; i > 0; i--) + if (X->p[i - 1] != 0) break; - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) + for (j = Y->n; j > 0; j--) + if (Y->p[j - 1] != 0) break; - if( i == 0 && j == 0 ) - return( 0 ); + if (i == 0 && j == 0) + return (0); - if( i > j ) return( 1 ); - if( j > i ) return( -1 ); + if (i > j) return (1); + if (j > i) return (-1); - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( 1 ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -1 ); + for (; i > 0; i--) { + if (X->p[i - 1] > Y->p[i - 1]) return (1); + if (X->p[i - 1] < Y->p[i - 1]) return (-1); } - return( 0 ); + return (0); } /* * Compare signed values */ -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) -{ +int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) + for (i = X->n; i > 0; i--) + if (X->p[i - 1] != 0) break; - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) + for (j = Y->n; j > 0; j--) + if (Y->p[j - 1] != 0) break; - if( i == 0 && j == 0 ) - return( 0 ); + if (i == 0 && j == 0) + return (0); - if( i > j ) return( X->s ); - if( j > i ) return( -Y->s ); + if (i > j) return (X->s); + if (j > i) return (-Y->s); - if( X->s > 0 && Y->s < 0 ) return( 1 ); - if( Y->s > 0 && X->s < 0 ) return( -1 ); + if (X->s > 0 && Y->s < 0) return (1); + if (Y->s > 0 && X->s < 0) return (-1); - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( X->s ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s ); + for (; i > 0; i--) { + if (X->p[i - 1] > Y->p[i - 1]) return (X->s); + if (X->p[i - 1] < Y->p[i - 1]) return (-X->s); } - return( 0 ); + return (0); } /** Decide if an integer is less than the other, without branches. @@ -1166,21 +1077,20 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) * * \return 1 if \p x is less than \p y, 0 otherwise */ -static unsigned ct_lt_mpi_uint( const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y ) -{ +static unsigned ct_lt_mpi_uint(const mbedtls_mpi_uint x, + const mbedtls_mpi_uint y) { mbedtls_mpi_uint ret; mbedtls_mpi_uint cond; /* * Check if the most significant bits (MSB) of the operands are different. */ - cond = ( x ^ y ); + cond = (x ^ y); /* * If the MSB are the same then the difference x-y will be negative (and * have its MSB set to 1 during conversion to unsigned) if and only if x> ( biL - 1 ); + ret = ret >> (biL - 1); return (unsigned) ret; } @@ -1197,33 +1107,32 @@ static unsigned ct_lt_mpi_uint( const mbedtls_mpi_uint x, /* * Compare signed values in constant time */ -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, - unsigned *ret ) -{ +int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, + unsigned *ret) { size_t i; /* The value of any of these variables is either 0 or 1 at all times. */ unsigned cond, done, X_is_negative, Y_is_negative; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - MPI_VALIDATE_RET( ret != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(Y != NULL); + MPI_VALIDATE_RET(ret != NULL); - if( X->n != Y->n ) + if (X->n != Y->n) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; /* * Set sign_N to 1 if N >= 0, 0 if N < 0. * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. */ - X_is_negative = ( X->s & 2 ) >> 1; - Y_is_negative = ( Y->s & 2 ) >> 1; + X_is_negative = (X->s & 2) >> 1; + Y_is_negative = (Y->s & 2) >> 1; /* * If the signs are different, then the positive operand is the bigger. * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - cond = ( X_is_negative ^ Y_is_negative ); + cond = (X_is_negative ^ Y_is_negative); *ret = cond & X_is_negative; /* @@ -1232,8 +1141,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, */ done = cond; - for( i = X->n; i > 0; i-- ) - { + for (i = X->n; i > 0; i--) { /* * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both * X and Y are negative. @@ -1241,8 +1149,8 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = ct_lt_mpi_uint( Y->p[i - 1], X->p[i - 1] ); - *ret |= cond & ( 1 - done ) & X_is_negative; + cond = ct_lt_mpi_uint(Y->p[i - 1], X->p[i - 1]); + *ret |= cond & (1 - done) & X_is_negative; done |= cond; /* @@ -1252,88 +1160,91 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = ct_lt_mpi_uint( X->p[i - 1], Y->p[i - 1] ); - *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative ); + cond = ct_lt_mpi_uint(X->p[i - 1], Y->p[i - 1]); + *ret |= cond & (1 - done) & (1 - X_is_negative); done |= cond; } - return( 0 ); + return (0); } /* * Compare signed values */ -int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) -{ +int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z) { mbedtls_mpi Y; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); + MPI_VALIDATE_RET(X != NULL); - *p = ( z < 0 ) ? -z : z; - Y.s = ( z < 0 ) ? -1 : 1; + *p = (z < 0) ? -z : z; + Y.s = (z < 0) ? -1 : 1; Y.n = 1; Y.p = p; - return( mbedtls_mpi_cmp_mpi( X, &Y ) ); + return (mbedtls_mpi_cmp_mpi(X, &Y)); } /* * Unsigned addition: X = |A| + |B| (HAC 14.7) */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi_uint *o, *p, c, tmp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - if( X == B ) - { - const mbedtls_mpi *T = A; A = X; B = T; + if (X == B) { + const mbedtls_mpi *T = A; + A = X; + B = T; } - if( X != A ) - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) ); + if (X != A) + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); /* * X should always be positive as a result of unsigned additions. */ X->s = 1; - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) + for (j = B->n; j > 0; j--) + if (B->p[j - 1] != 0) break; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); - o = B->p; p = X->p; c = 0; + o = B->p; + p = X->p; + c = 0; /* * tmp is used because it might happen that p == o */ - for( i = 0; i < j; i++, o++, p++ ) - { - tmp= *o; - *p += c; c = ( *p < c ); - *p += tmp; c += ( *p < tmp ); + for (i = 0; i < j; i++, o++, p++) { + tmp = *o; + *p += c; + c = (*p < c); + *p += tmp; + c += (*p < tmp); } - while( c != 0 ) - { - if( i >= X->n ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) ); + while (c != 0) { + if (i >= X->n) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + 1)); p = X->p + i; } - *p += c; c = ( *p < c ); i++; p++; + *p += c; + c = (*p < c); + i++; + p++; } cleanup: - return( ret ); + return (ret); } /** @@ -1351,45 +1262,43 @@ cleanup: * \return 1 if `d < s`. * 0 if `d >= s`. */ -static mbedtls_mpi_uint mpi_sub_hlp( size_t n, - mbedtls_mpi_uint *d, - const mbedtls_mpi_uint *s ) -{ +static mbedtls_mpi_uint mpi_sub_hlp(size_t n, + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *s) { size_t i; mbedtls_mpi_uint c, z; - for( i = c = 0; i < n; i++, s++, d++ ) - { - z = ( *d < c ); *d -= c; - c = ( *d < *s ) + z; *d -= *s; + for (i = c = 0; i < n; i++, s++, d++) { + z = (*d < c); + *d -= c; + c = (*d < *s) + z; + *d -= *s; } - return( c ); + return (c); } /* * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10) */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { mbedtls_mpi TB; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; mbedtls_mpi_uint carry; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init( &TB ); + mbedtls_mpi_init(&TB); - if( X == B ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + if (X == B) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB; } - if( X != A ) - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) ); + if (X != A) + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); /* * X should always be positive as a result of unsigned subtractions. @@ -1398,26 +1307,23 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi ret = 0; - for( n = B->n; n > 0; n-- ) - if( B->p[n - 1] != 0 ) + for (n = B->n; n > 0; n--) + if (B->p[n - 1] != 0) break; - if( n > A->n ) - { + if (n > A->n) { /* B >= (2^ciL)^n > A */ ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; goto cleanup; } - carry = mpi_sub_hlp( n, X->p, B->p ); - if( carry != 0 ) - { + carry = mpi_sub_hlp(n, X->p, B->p); + if (carry != 0) { /* Propagate the carry to the first nonzero limb of X. */ - for( ; n < X->n && X->p[n] == 0; n++ ) + for (; n < X->n && X->p[n] == 0; n++) --X->p[n]; /* If we ran out of space for the carry, it means that the result * is negative. */ - if( n == X->n ) - { + if (n == X->n) { ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; goto cleanup; } @@ -1426,115 +1332,99 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi cleanup: - mbedtls_mpi_free( &TB ); + mbedtls_mpi_free(&TB); - return( ret ); + return (ret); } /* * Signed addition: X = A + B */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); s = A->s; - if( A->s * B->s < 0 ) - { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); + if (A->s * B->s < 0) { + if (mbedtls_mpi_cmp_abs(A, B) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B)); X->s = s; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); X->s = -s; } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); X->s = s; } cleanup: - return( ret ); + return (ret); } /* * Signed subtraction: X = A - B */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); s = A->s; - if( A->s * B->s > 0 ) - { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); + if (A->s * B->s > 0) { + if (mbedtls_mpi_cmp_abs(A, B) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B)); X->s = s; - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); X->s = -s; } - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); X->s = s; } cleanup: - return( ret ); + return (ret); } /* * Signed addition: X = A + b */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ) -{ +int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; + p[0] = (b < 0) ? -b : b; + _B.s = (b < 0) ? -1 : 1; _B.n = 1; _B.p = p; - return( mbedtls_mpi_add_mpi( X, A, &_B ) ); + return (mbedtls_mpi_add_mpi(X, A, &_B)); } /* * Signed subtraction: X = A - b */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ) -{ +int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; + p[0] = (b < 0) ? -b : b; + _B.s = (b < 0) ? -1 : 1; _B.n = 1; _B.p = p; - return( mbedtls_mpi_sub_mpi( X, A, &_B ) ); + return (mbedtls_mpi_sub_mpi(X, A, &_B)); } /* @@ -1546,29 +1436,25 @@ static * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn) * appears to need this to prevent bad ARM code generation at -O3. */ -__attribute__ ((noinline)) +__attribute__((noinline)) #endif -void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b ) -{ +void mpi_mul_hlp(size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b) { mbedtls_mpi_uint c = 0, t = 0; #if defined(MULADDC_HUIT) - for( ; i >= 8; i -= 8 ) - { + for (; i >= 8; i -= 8) { MULADDC_INIT MULADDC_HUIT MULADDC_STOP } - for( ; i > 0; i-- ) - { + for (; i > 0; i--) { MULADDC_INIT MULADDC_CORE MULADDC_STOP } #else /* MULADDC_HUIT */ - for( ; i >= 16; i -= 16 ) - { + for (; i >= 16; i -= 16) { MULADDC_INIT MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE @@ -1582,8 +1468,7 @@ void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mp MULADDC_STOP } - for( ; i >= 8; i -= 8 ) - { + for (; i >= 8; i -= 8) { MULADDC_INIT MULADDC_CORE MULADDC_CORE MULADDC_CORE MULADDC_CORE @@ -1593,8 +1478,7 @@ void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mp MULADDC_STOP } - for( ; i > 0; i-- ) - { + for (; i > 0; i--) { MULADDC_INIT MULADDC_CORE MULADDC_STOP @@ -1604,81 +1488,81 @@ void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mp t++; do { - *d += c; c = ( *d < c ); d++; - } - while( c != 0 ); + *d += c; + c = (*d < c); + d++; + } while (c != 0); } /* * Baseline multiplication: X = A * B (HAC 14.12) */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi TA, TB; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); + mbedtls_mpi_init(&TA); + mbedtls_mpi_init(&TB); - if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; } - if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; } + if (X == A) { MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA; } + if (X == B) { MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB; } - for( i = A->n; i > 0; i-- ) - if( A->p[i - 1] != 0 ) + for (i = A->n; i > 0; i--) + if (A->p[i - 1] != 0) break; - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) + for (j = B->n; j > 0; j--) + if (B->p[j - 1] != 0) break; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - for( ; j > 0; j-- ) - mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); + for (; j > 0; j--) + mpi_mul_hlp(i, A->p, X->p + j - 1, B->p[j - 1]); X->s = A->s * B->s; cleanup: - mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA ); + mbedtls_mpi_free(&TB); + mbedtls_mpi_free(&TA); - return( ret ); + return (ret); } /* * Baseline multiplication: X = A * b */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b ) -{ +int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); _B.s = 1; _B.n = 1; _B.p = p; p[0] = b; - return( mbedtls_mpi_mul_mpi( X, A, &_B ) ); + return (mbedtls_mpi_mul_mpi(X, A, &_B)); } /* * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and * mbedtls_mpi_uint divisor, d */ -static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, - mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r ) -{ +static mbedtls_mpi_uint mbedtls_int_div_int(mbedtls_mpi_uint u1, + mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r) { #if defined(MBEDTLS_HAVE_UDBL) mbedtls_t_udbl dividend, quotient; #else const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH; - const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1; + const mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint) 1 << biH) - 1; mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; mbedtls_mpi_uint u0_msw, u0_lsw; size_t s; @@ -1687,22 +1571,21 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Check for overflow */ - if( 0 == d || u1 >= d ) - { + if (0 == d || u1 >= d) { if (r != NULL) *r = ~0; - return ( ~0 ); + return (~0); } #if defined(MBEDTLS_HAVE_UDBL) dividend = (mbedtls_t_udbl) u1 << biL; dividend |= (mbedtls_t_udbl) u0; quotient = dividend / d; - if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 ) - quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1; + if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) + quotient = ((mbedtls_t_udbl) 1 << biL) - 1; - if( r != NULL ) - *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) ); + if (r != NULL) + *r = (mbedtls_mpi_uint)(dividend - (quotient * d)); return (mbedtls_mpi_uint) quotient; #else @@ -1715,11 +1598,11 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Normalize the divisor, d, and dividend, u0, u1 */ - s = mbedtls_clz( d ); + s = mbedtls_clz(d); d = d << s; u1 = u1 << s; - u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) ); + u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint)s >> (biL - 1)); u0 = u0 << s; d1 = d >> biH; @@ -1734,28 +1617,26 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, q1 = u1 / d1; r0 = u1 - d1 * q1; - while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) - { + while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) { q1 -= 1; r0 += d1; - if ( r0 >= radix ) break; + if (r0 >= radix) break; } - rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); + rAX = (u1 * radix) + (u0_msw - q1 * d); q0 = rAX / d1; r0 = rAX - q0 * d1; - while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) - { + while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) { q0 -= 1; r0 += d1; - if ( r0 >= radix ) break; + if (r0 >= radix) break; } if (r != NULL) - *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; + *r = (rAX * radix + u0_lsw - q0 * d) >> s; quotient = q1 * radix + q0; @@ -1766,21 +1647,22 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, /* * Division by mbedtls_mpi: A = Q * B + R (HAC 14.20) */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ) -{ +int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, t, k; mbedtls_mpi X, Y, Z, T1, T2; mbedtls_mpi_uint TP2[3]; - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - if( mbedtls_mpi_cmp_int( B, 0 ) == 0 ) - return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); + if (mbedtls_mpi_cmp_int(B, 0) == 0) + return (MBEDTLS_ERR_MPI_DIVISION_BY_ZERO); - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); - mbedtls_mpi_init( &T1 ); + mbedtls_mpi_init(&X); + mbedtls_mpi_init(&Y); + mbedtls_mpi_init(&Z); + mbedtls_mpi_init(&T1); /* * Avoid dynamic memory allocations for constant-size T2. * @@ -1789,196 +1671,181 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * buffer. */ T2.s = 1; - T2.n = sizeof( TP2 ) / sizeof( *TP2 ); + T2.n = sizeof(TP2) / sizeof(*TP2); T2.p = TP2; - if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) - { - if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) ); - if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) ); - return( 0 ); + if (mbedtls_mpi_cmp_abs(A, B) < 0) { + if (Q != NULL) MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0)); + if (R != NULL) MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A)); + return (0); } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B)); X.s = Y.s = 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, 2)); - k = mbedtls_mpi_bitlen( &Y ) % biL; - if( k < biL - 1 ) - { + k = mbedtls_mpi_bitlen(&Y) % biL; + if (k < biL - 1) { k = biL - 1 - k; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) ); - } - else k = 0; + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k)); + } else k = 0; n = X.n - 1; t = Y.n - 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); - while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 ) - { + while (mbedtls_mpi_cmp_mpi(&X, &Y) >= 0) { Z.p[n - t]++; - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &Y)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); - for( i = n; i > t ; i-- ) - { - if( X.p[i] >= Y.p[t] ) + for (i = n; i > t ; i--) { + if (X.p[i] >= Y.p[t]) Z.p[i - t - 1] = ~0; - else - { - Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1], - Y.p[t], NULL); + else { + Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], + Y.p[t], NULL); } - T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2]; - T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1]; + T2.p[0] = (i < 2) ? 0 : X.p[i - 2]; + T2.p[1] = (i < 1) ? 0 : X.p[i - 1]; T2.p[2] = X.p[i]; Z.p[i - t - 1]++; - do - { + do { Z.p[i - t - 1]--; - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) ); - T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1]; + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&T1, 0)); + T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; T1.p[1] = Y.p[t]; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); - } - while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &T1, Z.p[i - t - 1])); + } while (mbedtls_mpi_cmp_mpi(&T1, &T2) > 0); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1])); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1)); - if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) ); + if (mbedtls_mpi_cmp_int(&X, 0) < 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1)); Z.p[i - t - 1]--; } } - if( Q != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) ); + if (Q != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z)); Q->s = A->s * B->s; } - if( R != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) ); + if (R != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&X, k)); X.s = A->s; - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X)); - if( mbedtls_mpi_cmp_int( R, 0 ) == 0 ) + if (mbedtls_mpi_cmp_int(R, 0) == 0) R->s = 1; } cleanup: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); - mbedtls_mpi_free( &T1 ); - mbedtls_platform_zeroize( TP2, sizeof( TP2 ) ); + mbedtls_mpi_free(&X); + mbedtls_mpi_free(&Y); + mbedtls_mpi_free(&Z); + mbedtls_mpi_free(&T1); + mbedtls_platform_zeroize(TP2, sizeof(TP2)); - return( ret ); + return (ret); } /* * Division by int: A = Q * b + R */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, - const mbedtls_mpi *A, - mbedtls_mpi_sint b ) -{ +int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, + const mbedtls_mpi *A, + mbedtls_mpi_sint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(A != NULL); - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; + p[0] = (b < 0) ? -b : b; + _B.s = (b < 0) ? -1 : 1; _B.n = 1; _B.p = p; - return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) ); + return (mbedtls_mpi_div_mpi(Q, R, A, &_B)); } /* * Modulo: R = A mod B */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET( R != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(R != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - if( mbedtls_mpi_cmp_int( B, 0 ) < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + if (mbedtls_mpi_cmp_int(B, 0) < 0) + return (MBEDTLS_ERR_MPI_NEGATIVE_VALUE); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B)); - while( mbedtls_mpi_cmp_int( R, 0 ) < 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) ); + while (mbedtls_mpi_cmp_int(R, 0) < 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B)); - while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) ); + while (mbedtls_mpi_cmp_mpi(R, B) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B)); cleanup: - return( ret ); + return (ret); } /* * Modulo: r = A mod b */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b ) -{ +int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b) { size_t i; mbedtls_mpi_uint x, y, z; - MPI_VALIDATE_RET( r != NULL ); - MPI_VALIDATE_RET( A != NULL ); + MPI_VALIDATE_RET(r != NULL); + MPI_VALIDATE_RET(A != NULL); - if( b == 0 ) - return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); + if (b == 0) + return (MBEDTLS_ERR_MPI_DIVISION_BY_ZERO); - if( b < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + if (b < 0) + return (MBEDTLS_ERR_MPI_NEGATIVE_VALUE); /* * handle trivial cases */ - if( b == 1 ) - { + if (b == 1) { *r = 0; - return( 0 ); + return (0); } - if( b == 2 ) - { + if (b == 2) { *r = A->p[0] & 1; - return( 0 ); + return (0); } /* * general case */ - for( i = A->n, y = 0; i > 0; i-- ) - { + for (i = A->n, y = 0; i > 0; i--) { x = A->p[i - 1]; - y = ( y << biH ) | ( x >> biH ); + y = (y << biH) | (x >> biH); z = y / b; y -= z * b; x <<= biH; - y = ( y << biH ) | ( x >> biH ); + y = (y << biH) | (x >> biH); z = y / b; y -= z * b; } @@ -1987,27 +1854,26 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_ * If A is negative, then the current y represents a negative value. * Flipping it to the positive side. */ - if( A->s < 0 && y != 0 ) + if (A->s < 0 && y != 0) y = b - y; *r = y; - return( 0 ); + return (0); } /* * Fast Montgomery initialization (thanks to Tom St Denis) */ -static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) -{ +static void mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N) { mbedtls_mpi_uint x, m0 = N->p[0]; unsigned int i; x = m0; - x += ( ( m0 + 2 ) & 4 ) << 1; + x += ((m0 + 2) & 4) << 1; - for( i = biL; i >= 8; i /= 2 ) - x *= ( 2 - ( m0 * x ) ); + for (i = biL; i >= 8; i /= 2) + x *= (2 - (m0 * x)); *mm = ~x + 1; } @@ -2034,30 +1900,29 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) * Note that unlike the usual convention in the library * for `const mbedtls_mpi*`, the content of T can change. */ -static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, - const mbedtls_mpi *T ) -{ +static void mpi_montmul(mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, + const mbedtls_mpi *T) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; - memset( T->p, 0, T->n * ciL ); + memset(T->p, 0, T->n * ciL); d = T->p; n = N->n; - m = ( B->n < n ) ? B->n : n; + m = (B->n < n) ? B->n : n; - for( i = 0; i < n; i++ ) - { + for (i = 0; i < n; i++) { /* * T = (T + u0*B + u1*N) / 2^biL */ u0 = A->p[i]; - u1 = ( d[0] + u0 * B->p[0] ) * mm; + u1 = (d[0] + u0 * B->p[0]) * mm; - mpi_mul_hlp( m, B->p, d, u0 ); - mpi_mul_hlp( n, N->p, d, u1 ); + mpi_mul_hlp(m, B->p, d, u0); + mpi_mul_hlp(n, N->p, d, u1); - *d++ = u0; d[n + 1] = 0; + *d++ = u0; + d[n + 1] = 0; } /* At this point, d is either the desired result or the desired result @@ -2066,19 +1931,19 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* Copy the n least significant limbs of d to A, so that * A = d if d < N (recall that N has n limbs). */ - memcpy( A->p, d, n * ciL ); + memcpy(A->p, d, n * ciL); /* If d >= N then we want to set A to d - N. To prevent timing attacks, * do the calculation without using conditional tests. */ /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; - d[n] -= mpi_sub_hlp( n, d, N->p ); + d[n] -= mpi_sub_hlp(n, d, N->p); /* If d0 < N then d < (2^biL)^n * so d[n] == 0 and we want to keep A as it is. * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n * so d[n] == 1 and we want to set A to the result of the subtraction * which is d - (2^biL)^n, i.e. the n least significant limbs of d. * This exactly corresponds to a conditional assignment. */ - mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] ); + mpi_safe_cond_assign(n, A->p, d, (unsigned char) d[n]); } /* @@ -2086,25 +1951,23 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * * See mpi_montmul() regarding constraints and guarantees on the parameters. */ -static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, const mbedtls_mpi *T ) -{ +static void mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; U.n = U.s = (int) z; U.p = &z; - mpi_montmul( A, &U, N, mm, T ); + mpi_montmul(A, &U, N, mm, T); } /* * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *E, const mbedtls_mpi *N, - mbedtls_mpi *_RR ) -{ +int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *_RR) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t wbits, wsize, one = 1; size_t i, j, nblimbs; @@ -2113,51 +1976,51 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; int neg; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( E != NULL ); - MPI_VALIDATE_RET( N != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(E != NULL); + MPI_VALIDATE_RET(N != NULL); - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(E, 0) < 0) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS || - mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS ) - return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS || + mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); /* * Init temps and window size */ - mpi_montg_init( &mm, N ); - mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T ); - mbedtls_mpi_init( &Apos ); - memset( W, 0, sizeof( W ) ); + mpi_montg_init(&mm, N); + mbedtls_mpi_init(&RR); + mbedtls_mpi_init(&T); + mbedtls_mpi_init(&Apos); + memset(W, 0, sizeof(W)); - i = mbedtls_mpi_bitlen( E ); + i = mbedtls_mpi_bitlen(E); - wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : - ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; + wsize = (i > 671) ? 6 : (i > 239) ? 5 : + (i > 79) ? 4 : (i > 23) ? 3 : 1; #if( MBEDTLS_MPI_WINDOW_SIZE < 6 ) - if( wsize > MBEDTLS_MPI_WINDOW_SIZE ) + if (wsize > MBEDTLS_MPI_WINDOW_SIZE) wsize = MBEDTLS_MPI_WINDOW_SIZE; #endif j = N->n + 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T, j * 2)); /* * Compensate for negative A (and correct at the end) */ - neg = ( A->s == -1 ); - if( neg ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) ); + neg = (A->s == -1); + if (neg) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Apos, A)); Apos.s = 1; A = &Apos; } @@ -2165,56 +2028,52 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * If 1st call, pre-compute R^2 mod N */ - if( _RR == NULL || _RR->p == NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) ); + if (_RR == NULL || _RR->p == NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N)); - if( _RR != NULL ) - memcpy( _RR, &RR, sizeof( mbedtls_mpi ) ); - } - else - memcpy( &RR, _RR, sizeof( mbedtls_mpi ) ); + if (_RR != NULL) + memcpy(_RR, &RR, sizeof(mbedtls_mpi)); + } else + memcpy(&RR, _RR, sizeof(mbedtls_mpi)); /* * W[1] = A * R^2 * R^-1 mod N = A * R mod N */ - if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) ); + if (mbedtls_mpi_cmp_mpi(A, N) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&W[1], A, N)); else - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[1], A)); - mpi_montmul( &W[1], &RR, N, mm, &T ); + mpi_montmul(&W[1], &RR, N, mm, &T); /* * X = R^2 * R^-1 mod N = R mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &RR)); + mpi_montred(X, N, mm, &T); - if( wsize > 1 ) - { + if (wsize > 1) { /* * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) */ - j = one << ( wsize - 1 ); + j = one << (wsize - 1); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[j], N->n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[j], &W[1])); - for( i = 0; i < wsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); + for (i = 0; i < wsize - 1; i++) + mpi_montmul(&W[j], &W[j], N, mm, &T); /* * W[i] = W[i - 1] * W[1] */ - for( i = j + 1; i < ( one << wsize ); i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); + for (i = j + 1; i < (one << wsize); i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[i], N->n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[i], &W[i - 1])); - mpi_montmul( &W[i], &W[1], N, mm, &T ); + mpi_montmul(&W[i], &W[1], N, mm, &T); } } @@ -2224,16 +2083,14 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, wbits = 0; state = 0; - while( 1 ) - { - if( bufsize == 0 ) - { - if( nblimbs == 0 ) + while (1) { + if (bufsize == 0) { + if (nblimbs == 0) break; nblimbs--; - bufsize = sizeof( mbedtls_mpi_uint ) << 3; + bufsize = sizeof(mbedtls_mpi_uint) << 3; } bufsize--; @@ -2243,15 +2100,14 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * skip leading 0s */ - if( ei == 0 && state == 0 ) + if (ei == 0 && state == 0) continue; - if( ei == 0 && state == 1 ) - { + if (ei == 0 && state == 1) { /* * out of window, square X */ - mpi_montmul( X, X, N, mm, &T ); + mpi_montmul(X, X, N, mm, &T); continue; } @@ -2261,20 +2117,19 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, state = 2; nbits++; - wbits |= ( ei << ( wsize - nbits ) ); + wbits |= (ei << (wsize - nbits)); - if( nbits == wsize ) - { + if (nbits == wsize) { /* * X = X^wsize R^-1 mod N */ - for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); + for (i = 0; i < wsize; i++) + mpi_montmul(X, X, N, mm, &T); /* * X = X * W[wbits] R^-1 mod N */ - mpi_montmul( X, &W[wbits], N, mm, &T ); + mpi_montmul(X, &W[wbits], N, mm, &T); state--; nbits = 0; @@ -2285,94 +2140,91 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * process the remaining bits */ - for( i = 0; i < nbits; i++ ) - { - mpi_montmul( X, X, N, mm, &T ); + for (i = 0; i < nbits; i++) { + mpi_montmul(X, X, N, mm, &T); wbits <<= 1; - if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + if ((wbits & (one << wsize)) != 0) + mpi_montmul(X, &W[1], N, mm, &T); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); + mpi_montred(X, N, mm, &T); - if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) - { + if (neg && E->n != 0 && (E->p[0] & 1) != 0) { X->s = -1; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, N, X)); } cleanup: - for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) - mbedtls_mpi_free( &W[i] ); + for (i = (one << (wsize - 1)); i < (one << wsize); i++) + mbedtls_mpi_free(&W[i]); - mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos ); + mbedtls_mpi_free(&W[1]); + mbedtls_mpi_free(&T); + mbedtls_mpi_free(&Apos); - if( _RR == NULL || _RR->p == NULL ) - mbedtls_mpi_free( &RR ); + if (_RR == NULL || _RR->p == NULL) + mbedtls_mpi_free(&RR); - return( ret ); + return (ret); } /* * Greatest common divisor: G = gcd(A, B) (HAC 14.54) */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ +int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t lz, lzt; mbedtls_mpi TA, TB; - MPI_VALIDATE_RET( G != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); + MPI_VALIDATE_RET(G != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); + mbedtls_mpi_init(&TA); + mbedtls_mpi_init(&TB); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); - lz = mbedtls_mpi_lsb( &TA ); - lzt = mbedtls_mpi_lsb( &TB ); + lz = mbedtls_mpi_lsb(&TA); + lzt = mbedtls_mpi_lsb(&TB); - if( lzt < lz ) + if (lzt < lz) lz = lzt; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, lz)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, lz)); TA.s = TB.s = 1; - while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) ); + while (mbedtls_mpi_cmp_int(&TA, 0) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, mbedtls_mpi_lsb(&TA))); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, mbedtls_mpi_lsb(&TB))); - if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) ); + if (mbedtls_mpi_cmp_mpi(&TA, &TB) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TA, &TA, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, 1)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TB, &TB, &TA)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, 1)); } } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&TB, lz)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(G, &TB)); cleanup: - mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB ); + mbedtls_mpi_free(&TA); + mbedtls_mpi_free(&TB); - return( ret ); + return (ret); } /* @@ -2382,159 +2234,157 @@ cleanup: * regardless of the platform endianness (useful when f_rng is actually * deterministic, eg for tests). */ -int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( size ); - size_t const overhead = ( limbs * ciL ) - size; + size_t const limbs = CHARS_TO_LIMBS(size); + size_t const overhead = (limbs * ciL) - size; unsigned char *Xp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); /* Ensure that target MPI has exactly the necessary number of limbs */ - if( X->n != limbs ) - { - mbedtls_mpi_free( X ); - mbedtls_mpi_init( X ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + if (X->n != limbs) { + mbedtls_mpi_free(X); + mbedtls_mpi_init(X); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, limbs)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); - Xp = (unsigned char*) X->p; - MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) ); + Xp = (unsigned char *) X->p; + MBEDTLS_MPI_CHK(f_rng(p_rng, Xp + overhead, size)); - mpi_bigendian_to_host( X->p, limbs ); + mpi_bigendian_to_host(X->p, limbs); cleanup: - return( ret ); + return (ret); } /* * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ) -{ +int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( N != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(A != NULL); + MPI_VALIDATE_RET(N != NULL); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(N, 1) <= 0) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 ); - mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV ); - mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 ); + mbedtls_mpi_init(&TA); + mbedtls_mpi_init(&TU); + mbedtls_mpi_init(&U1); + mbedtls_mpi_init(&U2); + mbedtls_mpi_init(&G); + mbedtls_mpi_init(&TB); + mbedtls_mpi_init(&TV); + mbedtls_mpi_init(&V1); + mbedtls_mpi_init(&V2); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N)); - if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&G, 1) != 0) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TU, &TA)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U2, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V1, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V2, 1)); - do - { - while( ( TU.p[0] & 1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) ); + do { + while ((TU.p[0] & 1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TU, 1)); - if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) ); + if ((U1.p[0] & 1) != 0 || (U2.p[0] & 1) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&U1, &U1, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &TA)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U2, 1)); } - while( ( TV.p[0] & 1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) ); + while ((TV.p[0] & 1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TV, 1)); - if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) ); + if ((V1.p[0] & 1) != 0 || (V2.p[0] & 1) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &TA)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V2, 1)); } - if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) ); + if (mbedtls_mpi_cmp_mpi(&TU, &TV) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TU, &TU, &TV)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U1, &U1, &V1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &V2)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TV, &TV, &TU)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, &U1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &U2)); } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) ); - } - } - while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 ); + } while (mbedtls_mpi_cmp_int(&TU, 0) != 0); - while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) ); + while (mbedtls_mpi_cmp_int(&V1, 0) < 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N)); - while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) ); + while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &V1)); cleanup: - mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 ); - mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV ); - mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 ); + mbedtls_mpi_free(&TA); + mbedtls_mpi_free(&TU); + mbedtls_mpi_free(&U1); + mbedtls_mpi_free(&U2); + mbedtls_mpi_free(&G); + mbedtls_mpi_free(&TB); + mbedtls_mpi_free(&TV); + mbedtls_mpi_free(&V1); + mbedtls_mpi_free(&V2); - return( ret ); + return (ret); } #if defined(MBEDTLS_GENPRIME) -static const int small_prime[] = -{ - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313, - 317, 331, 337, 347, 349, 353, 359, 367, - 373, 379, 383, 389, 397, 401, 409, 419, - 421, 431, 433, 439, 443, 449, 457, 461, - 463, 467, 479, 487, 491, 499, 503, 509, - 521, 523, 541, 547, 557, 563, 569, 571, - 577, 587, 593, 599, 601, 607, 613, 617, - 619, 631, 641, 643, 647, 653, 659, 661, - 673, 677, 683, 691, 701, 709, 719, 727, - 733, 739, 743, 751, 757, 761, 769, 773, - 787, 797, 809, 811, 821, 823, 827, 829, - 839, 853, 857, 859, 863, 877, 881, 883, - 887, 907, 911, 919, 929, 937, 941, 947, - 953, 967, 971, 977, 983, 991, 997, -103 +static const int small_prime[] = { + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313, + 317, 331, 337, 347, 349, 353, 359, 367, + 373, 379, 383, 389, 397, 401, 409, 419, + 421, 431, 433, 439, 443, 449, 457, 461, + 463, 467, 479, 487, 491, 499, 503, 509, + 521, 523, 541, 547, 557, 563, 569, 571, + 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, + 673, 677, 683, 691, 701, 709, 719, 727, + 733, 739, 743, 751, 757, 761, 769, 773, + 787, 797, 809, 811, 821, 823, 827, 829, + 839, 853, 857, 859, 863, 877, 881, 883, + 887, 907, 911, 919, 929, 937, 941, 947, + 953, 967, 971, 977, 983, 991, 997, -103 }; /* @@ -2546,70 +2396,68 @@ static const int small_prime[] = * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime * other negative: error */ -static int mpi_check_small_factors( const mbedtls_mpi *X ) -{ +static int mpi_check_small_factors(const mbedtls_mpi *X) { int ret = 0; size_t i; mbedtls_mpi_uint r; - if( ( X->p[0] & 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + if ((X->p[0] & 1) == 0) + return (MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); - for( i = 0; small_prime[i] > 0; i++ ) - { - if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 ) - return( 1 ); + for (i = 0; small_prime[i] > 0; i++) { + if (mbedtls_mpi_cmp_int(X, small_prime[i]) <= 0) + return (1); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, small_prime[i])); - if( r == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + if (r == 0) + return (MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); } cleanup: - return( ret ); + return (ret); } /* * Miller-Rabin pseudo-primality test (HAC 4.24) */ -static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret, count; size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); - mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); - mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A ); - mbedtls_mpi_init( &RR ); + mbedtls_mpi_init(&W); + mbedtls_mpi_init(&R); + mbedtls_mpi_init(&T); + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&RR); /* * W = |X| - 1 * R = W >> lsb( W ) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) ); - s = mbedtls_mpi_lsb( &W ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&W, X, 1)); + s = mbedtls_mpi_lsb(&W); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R, &W)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&R, s)); - for( i = 0; i < rounds; i++ ) - { + for (i = 0; i < rounds; i++) { /* * pick a random A, 1 < A < |X| - 1 */ count = 0; do { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&A, X->n * ciL, f_rng, p_rng)); - j = mbedtls_mpi_bitlen( &A ); - k = mbedtls_mpi_bitlen( &W ); + j = mbedtls_mpi_bitlen(&A); + k = mbedtls_mpi_bitlen(&W); if (j > k) { - A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1; + A.p[A.n - 1] &= ((mbedtls_mpi_uint) 1 << (k - (A.n - 1) * biL - 1)) - 1; } if (count++ > 30) { @@ -2617,28 +2465,27 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, goto cleanup; } - } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 || - mbedtls_mpi_cmp_int( &A, 1 ) <= 0 ); + } while (mbedtls_mpi_cmp_mpi(&A, &W) >= 0 || + mbedtls_mpi_cmp_int(&A, 1) <= 0); /* * A = A^R mod |X| */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&A, &A, &R, X, &RR)); - if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 || - mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) + if (mbedtls_mpi_cmp_mpi(&A, &W) == 0 || + mbedtls_mpi_cmp_int(&A, 1) == 0) continue; j = 1; - while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ) - { + while (j < s && mbedtls_mpi_cmp_mpi(&A, &W) != 0) { /* * A = A * A mod |X| */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &A, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&A, &T, X)); - if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) + if (mbedtls_mpi_cmp_int(&A, 1) == 0) break; j++; @@ -2647,73 +2494,71 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, /* * not prime if A != |X| - 1 or A == 1 */ - if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 || - mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) - { + if (mbedtls_mpi_cmp_mpi(&A, &W) != 0 || + mbedtls_mpi_cmp_int(&A, 1) == 0) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; break; } } cleanup: - mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); - mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A ); - mbedtls_mpi_free( &RR ); + mbedtls_mpi_free(&W); + mbedtls_mpi_free(&R); + mbedtls_mpi_free(&T); + mbedtls_mpi_free(&A); + mbedtls_mpi_free(&RR); - return( ret ); + return (ret); } /* * Pseudo-primality test: small factors, then Miller-Rabin */ -int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi XX; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); XX.s = 1; XX.n = X->n; XX.p = X->p; - if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 || - mbedtls_mpi_cmp_int( &XX, 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + if (mbedtls_mpi_cmp_int(&XX, 0) == 0 || + mbedtls_mpi_cmp_int(&XX, 1) == 0) + return (MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); - if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 ) - return( 0 ); + if (mbedtls_mpi_cmp_int(&XX, 2) == 0) + return (0); - if( ( ret = mpi_check_small_factors( &XX ) ) != 0 ) - { - if( ret == 1 ) - return( 0 ); + if ((ret = mpi_check_small_factors(&XX)) != 0) { + if (ret == 1) + return (0); - return( ret ); + return (ret); } - return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) ); + return (mpi_miller_rabin(&XX, rounds, f_rng, p_rng)); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Pseudo-primality test, error probability 2^-80 */ -int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); +int mbedtls_mpi_is_prime(const mbedtls_mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); /* * In the past our key generation aimed for an error rate of at most * 2^-80. Since this function is deprecated, aim for the same certainty * here as well. */ - return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) ); + return (mbedtls_mpi_is_prime_ext(X, 40, f_rng, p_rng)); } #endif @@ -2724,10 +2569,9 @@ int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * be either 1024 bits or 1536 bits long, and flags must contain * MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR. */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { #ifdef MBEDTLS_HAVE_INT64 // ceil(2^63.5) #define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL @@ -2741,56 +2585,49 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, mbedtls_mpi_uint r; mbedtls_mpi Y; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); + MPI_VALIDATE_RET(X != NULL); + MPI_VALIDATE_RET(f_rng != NULL); - if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - mbedtls_mpi_init( &Y ); + mbedtls_mpi_init(&Y); - n = BITS_TO_LIMBS( nbits ); + n = BITS_TO_LIMBS(nbits); - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 ) - { + if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR) == 0) { /* * 2^-80 error probability, number of rounds chosen per HAC, table 4.4 */ - rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 : - ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 : - ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 ); - } - else - { + rounds = ((nbits >= 1300) ? 2 : (nbits >= 850) ? 3 : + (nbits >= 650) ? 4 : (nbits >= 350) ? 8 : + (nbits >= 250) ? 12 : (nbits >= 150) ? 18 : 27); + } else { /* * 2^-100 error probability, number of rounds computed based on HAC, * fact 4.48 */ - rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 : - ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 : - ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 : - ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 ); + rounds = ((nbits >= 1450) ? 4 : (nbits >= 1150) ? 5 : + (nbits >= 1000) ? 6 : (nbits >= 850) ? 7 : + (nbits >= 750) ? 8 : (nbits >= 500) ? 13 : + (nbits >= 250) ? 28 : (nbits >= 150) ? 40 : 51); } - while( 1 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); + while (1) { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng)); /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */ - if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue; + if (X->p[n - 1] < CEIL_MAXUINT_DIV_SQRT2) continue; k = n * biL; - if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); + if (k > nbits) MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(X, k - nbits)); X->p[0] |= 1; - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) - { - ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng ); + if ((flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) == 0) { + ret = mbedtls_mpi_is_prime_ext(X, rounds, f_rng, p_rng); - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) goto cleanup; - } - else - { + } else { /* * An necessary condition for Y and X = 2Y + 1 to be prime * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). @@ -2799,31 +2636,30 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, X->p[0] |= 2; - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); - if( r == 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); - else if( r == 1 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, 3)); + if (r == 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 8)); + else if (r == 1) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 4)); /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, 1)); - while( 1 ) - { + while (1) { /* * First, check small factors for X and Y * before doing Miller-Rabin on any of them */ - if( ( ret = mpi_check_small_factors( X ) ) == 0 && - ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, rounds, f_rng, p_rng ) ) - == 0 && - ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng ) ) - == 0 ) + if ((ret = mpi_check_small_factors(X)) == 0 && + (ret = mpi_check_small_factors(&Y)) == 0 && + (ret = mpi_miller_rabin(X, rounds, f_rng, p_rng)) + == 0 && + (ret = mpi_miller_rabin(&Y, rounds, f_rng, p_rng)) + == 0) goto cleanup; - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) goto cleanup; /* @@ -2831,17 +2667,17 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) * so up Y by 6 and X by 12. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 12)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&Y, &Y, 6)); } } } cleanup: - mbedtls_mpi_free( &Y ); + mbedtls_mpi_free(&Y); - return( ret ); + return (ret); } #endif /* MBEDTLS_GENPRIME */ @@ -2850,8 +2686,7 @@ cleanup: #define GCD_PAIR_COUNT 3 -static const int gcd_pairs[GCD_PAIR_COUNT][3] = -{ +static const int gcd_pairs[GCD_PAIR_COUNT][3] = { { 693, 609, 21 }, { 1764, 868, 28 }, { 768454923, 542167814, 1 } @@ -2860,162 +2695,165 @@ static const int gcd_pairs[GCD_PAIR_COUNT][3] = /* * Checkup routine */ -int mbedtls_mpi_self_test( int verbose ) -{ +int mbedtls_mpi_self_test(int verbose) { int ret, i; mbedtls_mpi A, E, N, X, Y, U, V; - mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X ); - mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V ); + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&E); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&X); + mbedtls_mpi_init(&Y); + mbedtls_mpi_init(&U); + mbedtls_mpi_init(&V); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16, - "EFE021C2645FD1DC586E69184AF4A31E" \ - "D5F53E93B5F123FA41680867BA110131" \ - "944FE7952E2517337780CB0DB80E61AA" \ - "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&A, 16, + "EFE021C2645FD1DC586E69184AF4A31E" \ + "D5F53E93B5F123FA41680867BA110131" \ + "944FE7952E2517337780CB0DB80E61AA" \ + "E7C8DDC6C5C6AADEB34EB38A2F40D5E6")); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16, - "B2E7EFD37075B9F03FF989C7C5051C20" \ - "34D2A323810251127E7BF8625A4F49A5" \ - "F3E27F4DA8BD59C47D6DAABA4C8127BD" \ - "5B5C25763222FEFCCFC38B832366C29E" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 16, + "B2E7EFD37075B9F03FF989C7C5051C20" \ + "34D2A323810251127E7BF8625A4F49A5" \ + "F3E27F4DA8BD59C47D6DAABA4C8127BD" \ + "5B5C25763222FEFCCFC38B832366C29E")); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16, - "0066A198186C18C10B2F5ED9B522752A" \ - "9830B69916E535C8F047518A889A43A5" \ - "94B6BED27A168D31D4A52F88925AA8F5" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&N, 16, + "0066A198186C18C10B2F5ED9B522752A" \ + "9830B69916E535C8F047518A889A43A5" \ + "94B6BED27A168D31D4A52F88925AA8F5")); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&X, &A, &N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "602AB7ECA597A3D6B56FF9829A5E8B85" \ - "9E857EA95A03512E2BAE7391688D264A" \ - "A5663B0341DB9CCFD2C4C5F421FEC814" \ - "8001B72E848A38CAE1C65F78E56ABDEF" \ - "E12D3C039B8A02D6BE593F0BBBDA56F1" \ - "ECF677152EF804370C1A305CAF3B5BF1" \ - "30879B56C61DE584A0F53A2447A51E" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "602AB7ECA597A3D6B56FF9829A5E8B85" \ + "9E857EA95A03512E2BAE7391688D264A" \ + "A5663B0341DB9CCFD2C4C5F421FEC814" \ + "8001B72E848A38CAE1C65F78E56ABDEF" \ + "E12D3C039B8A02D6BE593F0BBBDA56F1" \ + "ECF677152EF804370C1A305CAF3B5BF1" \ + "30879B56C61DE584A0F53A2447A51E")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #1 (mul_mpi): " ); + if (verbose != 0) + mbedtls_printf(" MPI test #1 (mul_mpi): "); - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&X, &Y, &A, &N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "256567336059E52CAE22925474705F39A94" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "256567336059E52CAE22925474705F39A94")); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16, - "6613F26162223DF488E9CD48CC132C7A" \ - "0AC93C701B001B092E4E5B9F73BCD27B" \ - "9EE50D0657C77F374E903CDFA4C642" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&V, 16, + "6613F26162223DF488E9CD48CC132C7A" \ + "0AC93C701B001B092E4E5B9F73BCD27B" \ + "9EE50D0657C77F374E903CDFA4C642")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #2 (div_mpi): " ); + if (verbose != 0) + mbedtls_printf(" MPI test #2 (div_mpi): "); - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 || - mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0 || + mbedtls_mpi_cmp_mpi(&Y, &V) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&X, &A, &E, &N, NULL)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "36E139AEA55215609D2816998ED020BB" \ - "BD96C37890F65171D948E9BC7CBAA4D9" \ - "325D24D6A3C12710F10A09FA08AB87" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "36E139AEA55215609D2816998ED020BB" \ + "BD96C37890F65171D948E9BC7CBAA4D9" \ + "325D24D6A3C12710F10A09FA08AB87")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #3 (exp_mod): " ); + if (verbose != 0) + mbedtls_printf(" MPI test #3 (exp_mod): "); - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&X, &A, &N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \ - "C3DBA76456363A10869622EAC2DD84EC" \ - "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \ + "C3DBA76456363A10869622EAC2DD84EC" \ + "C5B8A74DAC4D09E03B5E0BE779F2DF61")); - if( verbose != 0 ) - mbedtls_printf( " MPI test #4 (inv_mod): " ); + if (verbose != 0) + mbedtls_printf(" MPI test #4 (inv_mod): "); - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_mpi_cmp_mpi(&X, &U) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( " MPI test #5 (simple gcd): " ); + if (verbose != 0) + mbedtls_printf(" MPI test #5 (simple gcd): "); - for( i = 0; i < GCD_PAIR_COUNT; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) ); + for (i = 0; i < GCD_PAIR_COUNT; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&X, gcd_pairs[i][0])); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Y, gcd_pairs[i][1])); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&A, &X, &Y)); - if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed at %d\n", i ); + if (mbedtls_mpi_cmp_int(&A, gcd_pairs[i][2]) != 0) { + if (verbose != 0) + mbedtls_printf("failed at %d\n", i); ret = 1; goto cleanup; } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); cleanup: - if( ret != 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); + if (ret != 0 && verbose != 0) + mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); - mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X ); - mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V ); + mbedtls_mpi_free(&A); + mbedtls_mpi_free(&E); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&X); + mbedtls_mpi_free(&Y); + mbedtls_mpi_free(&U); + mbedtls_mpi_free(&V); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/bignum.h b/common/mbedtls/bignum.h index 637360e30..aa1aed00f 100644 --- a/common/mbedtls/bignum.h +++ b/common/mbedtls/bignum.h @@ -115,63 +115,63 @@ * disabled by defining MBEDTLS_NO_UDBL_DIVISION. */ #if !defined(MBEDTLS_HAVE_INT32) - #if defined(_MSC_VER) && defined(_M_AMD64) - /* Always choose 64-bit when using MSC */ - #if !defined(MBEDTLS_HAVE_INT64) - #define MBEDTLS_HAVE_INT64 - #endif /* !MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #elif defined(__GNUC__) && ( \ +#if defined(_MSC_VER) && defined(_M_AMD64) +/* Always choose 64-bit when using MSC */ +#if !defined(MBEDTLS_HAVE_INT64) +#define MBEDTLS_HAVE_INT64 +#endif /* !MBEDTLS_HAVE_INT64 */ +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; +#elif defined(__GNUC__) && ( \ defined(__amd64__) || defined(__x86_64__) || \ defined(__ppc64__) || defined(__powerpc64__) || \ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) || \ defined(__aarch64__) ) - #if !defined(MBEDTLS_HAVE_INT64) - #define MBEDTLS_HAVE_INT64 - #endif /* MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION */ - #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* - * __ARMCC_VERSION is defined for both armcc and armclang and - * __aarch64__ is only defined by armclang when compiling 64-bit code - */ - #if !defined(MBEDTLS_HAVE_INT64) - #define MBEDTLS_HAVE_INT64 - #endif /* !MBEDTLS_HAVE_INT64 */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION */ - #elif defined(MBEDTLS_HAVE_INT64) - /* Force 64-bit integers with unknown compiler */ - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - #endif +#if !defined(MBEDTLS_HAVE_INT64) +#define MBEDTLS_HAVE_INT64 +#endif /* MBEDTLS_HAVE_INT64 */ +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; +#if !defined(MBEDTLS_NO_UDBL_DIVISION) +/* mbedtls_t_udbl defined as 128-bit unsigned int */ +typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); +#define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_NO_UDBL_DIVISION */ +#elif defined(__ARMCC_VERSION) && defined(__aarch64__) +/* + * __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ +#if !defined(MBEDTLS_HAVE_INT64) +#define MBEDTLS_HAVE_INT64 +#endif /* !MBEDTLS_HAVE_INT64 */ +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; +#if !defined(MBEDTLS_NO_UDBL_DIVISION) +/* mbedtls_t_udbl defined as 128-bit unsigned int */ +typedef __uint128_t mbedtls_t_udbl; +#define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_NO_UDBL_DIVISION */ +#elif defined(MBEDTLS_HAVE_INT64) +/* Force 64-bit integers with unknown compiler */ +typedef int64_t mbedtls_mpi_sint; +typedef uint64_t mbedtls_mpi_uint; +#endif #endif /* !MBEDTLS_HAVE_INT32 */ #if !defined(MBEDTLS_HAVE_INT64) - /* Default to 32-bit compilation */ - #if !defined(MBEDTLS_HAVE_INT32) - #define MBEDTLS_HAVE_INT32 - #endif /* !MBEDTLS_HAVE_INT32 */ - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION */ +/* Default to 32-bit compilation */ +#if !defined(MBEDTLS_HAVE_INT32) +#define MBEDTLS_HAVE_INT32 +#endif /* !MBEDTLS_HAVE_INT32 */ +typedef int32_t mbedtls_mpi_sint; +typedef uint32_t mbedtls_mpi_uint; +#if !defined(MBEDTLS_NO_UDBL_DIVISION) +typedef uint64_t mbedtls_t_udbl; +#define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus @@ -181,8 +181,7 @@ extern "C" { /** * \brief MPI structure */ -typedef struct mbedtls_mpi -{ +typedef struct mbedtls_mpi { int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ size_t n; /*!< total # of limbs */ mbedtls_mpi_uint *p; /*!< pointer to limbs */ @@ -197,7 +196,7 @@ mbedtls_mpi; * * \param X The MPI context to initialize. This must not be \c NULL. */ -void mbedtls_mpi_init( mbedtls_mpi *X ); +void mbedtls_mpi_init(mbedtls_mpi *X); /** * \brief This function frees the components of an MPI context. @@ -206,7 +205,7 @@ void mbedtls_mpi_init( mbedtls_mpi *X ); * in which case this function is a no-op. If it is * not \c NULL, it must point to an initialized MPI. */ -void mbedtls_mpi_free( mbedtls_mpi *X ); +void mbedtls_mpi_free(mbedtls_mpi *X); /** * \brief Enlarge an MPI to the specified number of limbs. @@ -221,7 +220,7 @@ void mbedtls_mpi_free( mbedtls_mpi *X ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); +int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs); /** * \brief This function resizes an MPI downwards, keeping at least the @@ -238,7 +237,7 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ); * (this can only happen when resizing up). * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); +int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs); /** * \brief Make a copy of an MPI. @@ -253,7 +252,7 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); +int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y); /** * \brief Swap the contents of two MPIs. @@ -261,7 +260,7 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ); * \param X The first MPI. It must be initialized. * \param Y The second MPI. It must be initialized. */ -void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); +void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y); /** * \brief Perform a safe conditional copy of MPI which doesn't @@ -287,7 +286,7 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ); +int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign); /** * \brief Perform a safe conditional swap which doesn't @@ -312,7 +311,7 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned * \return Another negative error code on other kinds of failure. * */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign ); +int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign); /** * \brief Store integer value in MPI. @@ -324,7 +323,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char as * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); +int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z); /** * \brief Get a specific bit from an MPI. @@ -336,7 +335,7 @@ int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ); * of \c X is unset or set. * \return A negative error code on failure. */ -int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); +int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos); /** * \brief Modify a specific bit in an MPI. @@ -353,7 +352,7 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); +int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val); /** * \brief Return the number of bits of value \c 0 before the @@ -367,7 +366,7 @@ int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ); * \return The number of bits of value \c 0 before the least significant * bit of value \c 1 in \p X. */ -size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); +size_t mbedtls_mpi_lsb(const mbedtls_mpi *X); /** * \brief Return the number of bits up to and including the most @@ -381,7 +380,7 @@ size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ); * \return The number of bits up to and including the most * significant bit of value \c 1. */ -size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); +size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X); /** * \brief Return the total size of an MPI value in bytes. @@ -396,7 +395,7 @@ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ); * \return The least number of bytes capable of storing * the absolute value of \p X. */ -size_t mbedtls_mpi_size( const mbedtls_mpi *X ); +size_t mbedtls_mpi_size(const mbedtls_mpi *X); /** * \brief Import an MPI from an ASCII string. @@ -408,7 +407,7 @@ size_t mbedtls_mpi_size( const mbedtls_mpi *X ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); +int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s); /** * \brief Export an MPI to an ASCII string. @@ -432,8 +431,8 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ); * size of \p buf required for a successful call. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ); +int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, + char *buf, size_t buflen, size_t *olen); #if defined(MBEDTLS_FS_IO) /** @@ -457,7 +456,7 @@ int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, * is too small. * \return Another negative error code on failure. */ -int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); +int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin); /** * \brief Export an MPI into an opened file. @@ -474,8 +473,8 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, - int radix, FILE *fout ); +int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, + int radix, FILE *fout); #endif /* MBEDTLS_FS_IO */ /** @@ -490,8 +489,8 @@ int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, - size_t buflen ); +int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, + size_t buflen); /** * \brief Import X from unsigned binary data, little endian @@ -505,8 +504,8 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, - const unsigned char *buf, size_t buflen ); +int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, + const unsigned char *buf, size_t buflen); /** * \brief Export X into unsigned binary data, big endian. @@ -523,8 +522,8 @@ int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, - size_t buflen ); +int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, + size_t buflen); /** * \brief Export X into unsigned binary data, little endian. @@ -541,8 +540,8 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ); +int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, + unsigned char *buf, size_t buflen); /** * \brief Perform a left-shift on an MPI: X <<= count @@ -554,7 +553,7 @@ int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); +int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count); /** * \brief Perform a right-shift on an MPI: X >>= count @@ -566,7 +565,7 @@ int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); +int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count); /** * \brief Compare the absolute values of two MPIs. @@ -578,7 +577,7 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ); * \return \c -1 if `|X|` is lesser than `|Y|`. * \return \c 0 if `|X|` is equal to `|Y|`. */ -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); +int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y); /** * \brief Compare two MPIs. @@ -590,7 +589,7 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ); * \return \c -1 if \p X is lesser than \p Y. * \return \c 0 if \p X is equal to \p Y. */ -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); +int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y); /** * \brief Check if an MPI is less than the other in constant time. @@ -607,8 +606,8 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ); * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of * the two input MPIs is not the same. */ -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, - unsigned *ret ); +int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, + unsigned *ret); /** * \brief Compare an MPI with an integer. @@ -620,7 +619,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * \return \c -1 if \p X is lesser than \p z. * \return \c 0 if \p X is equal to \p z. */ -int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); +int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z); /** * \brief Perform an unsigned addition of MPIs: X = |A| + |B| @@ -633,8 +632,8 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform an unsigned subtraction of MPIs: X = |A| - |B| @@ -648,8 +647,8 @@ int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a signed addition of MPIs: X = A + B @@ -662,8 +661,8 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a signed subtraction of MPIs: X = A - B @@ -676,8 +675,8 @@ int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a signed addition of an MPI and an integer: X = A + b @@ -690,8 +689,8 @@ int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a signed subtraction of an MPI and an integer: @@ -705,8 +704,8 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a multiplication of two MPIs: X = A * B @@ -720,8 +719,8 @@ int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a multiplication of an MPI with an unsigned integer: @@ -736,8 +735,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, - mbedtls_mpi_uint b ); +int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_uint b); /** * \brief Perform a division with remainder of two MPIs: @@ -757,8 +756,8 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a division with remainder of an MPI by an integer: @@ -778,8 +777,8 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a modular reduction. R = A mod B @@ -798,8 +797,8 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failure. * */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Perform a modular reduction with respect to an integer. @@ -817,8 +816,8 @@ int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, - mbedtls_mpi_sint b ); +int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, + mbedtls_mpi_sint b); /** * \brief Perform a sliding-window exponentiation: X = A^E mod N @@ -846,9 +845,9 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, * \return Another negative error code on different kinds of failures. * */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *E, const mbedtls_mpi *N, - mbedtls_mpi *_RR ); +int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *_RR); /** * \brief Fill an MPI with a number of random bytes. @@ -867,9 +866,9 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * as a big-endian representation of an MPI; this can * be relevant in applications like deterministic ECDSA. */ -int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Compute the greatest common divisor: G = gcd(A, B) @@ -882,8 +881,8 @@ int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, - const mbedtls_mpi *B ); +int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, + const mbedtls_mpi *B); /** * \brief Compute the modular inverse: X = A^-1 mod N @@ -901,8 +900,8 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse * with respect to \p N. */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *N ); +int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *N); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -929,9 +928,9 @@ int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. * \return Another negative error code on other kinds of failure. */ -MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime(const mbedtls_mpi *X, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -962,9 +961,9 @@ MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Flags for mbedtls_mpi_gen_prime() * @@ -995,9 +994,9 @@ typedef enum { * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between * \c 3 and #MBEDTLS_MPI_MAX_BITS. */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_SELF_TEST) @@ -1006,7 +1005,7 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_mpi_self_test( int verbose ); +int mbedtls_mpi_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/blowfish.c b/common/mbedtls/blowfish.c index 76da44897..6f46b6514 100644 --- a/common/mbedtls/blowfish.c +++ b/common/mbedtls/blowfish.c @@ -64,47 +64,44 @@ #endif static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = { - 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L, - 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L, - 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL, - 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L, - 0x9216D5D9L, 0x8979FB1BL + 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L, + 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L, + 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL, + 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L, + 0x9216D5D9L, 0x8979FB1BL }; /* declarations of data at the end of this file */ static const uint32_t S[4][256]; -static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x ) -{ - unsigned short a, b, c, d; - uint32_t y; +static uint32_t F(mbedtls_blowfish_context *ctx, uint32_t x) { + unsigned short a, b, c, d; + uint32_t y; - d = (unsigned short)(x & 0xFF); - x >>= 8; - c = (unsigned short)(x & 0xFF); - x >>= 8; - b = (unsigned short)(x & 0xFF); - x >>= 8; - a = (unsigned short)(x & 0xFF); - y = ctx->S[0][a] + ctx->S[1][b]; - y = y ^ ctx->S[2][c]; - y = y + ctx->S[3][d]; + d = (unsigned short)(x & 0xFF); + x >>= 8; + c = (unsigned short)(x & 0xFF); + x >>= 8; + b = (unsigned short)(x & 0xFF); + x >>= 8; + a = (unsigned short)(x & 0xFF); + y = ctx->S[0][a] + ctx->S[1][b]; + y = y ^ ctx->S[2][c]; + y = y + ctx->S[3][d]; - return( y ); + return (y); } -static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) -{ +static void blowfish_enc(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr) { uint32_t Xl, Xr, temp; short i; Xl = *xl; Xr = *xr; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i ) - { + for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i) { Xl = Xl ^ ctx->P[i]; - Xr = F( ctx, Xl ) ^ Xr; + Xr = F(ctx, Xl) ^ Xr; temp = Xl; Xl = Xr; @@ -122,18 +119,16 @@ static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr = Xr; } -static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) -{ +static void blowfish_dec(mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr) { uint32_t Xl, Xr, temp; short i; Xl = *xl; Xr = *xr; - for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i ) - { + for (i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i) { Xl = Xl ^ ctx->P[i]; - Xr = F( ctx, Xl ) ^ Xr; + Xr = F(ctx, Xl) ^ Xr; temp = Xl; Xl = Xr; @@ -151,55 +146,48 @@ static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr = Xr; } -void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ) -{ - BLOWFISH_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_blowfish_context ) ); +void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx) { + BLOWFISH_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_blowfish_context)); } -void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_blowfish_context)); } /* * Blowfish key schedule */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, - const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx, + const unsigned char *key, + unsigned int keybits) { unsigned int i, j, k; uint32_t data, datal, datar; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( key != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(key != NULL); - if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || - keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || - keybits % 8 != 0 ) - { - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + if (keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || + keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || + keybits % 8 != 0) { + return (MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA); } keybits >>= 3; - for( i = 0; i < 4; i++ ) - { - for( j = 0; j < 256; j++ ) + for (i = 0; i < 4; i++) { + for (j = 0; j < 256; j++) ctx->S[i][j] = S[i][j]; } j = 0; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i ) - { + for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i) { data = 0x00000000; - for( k = 0; k < 4; ++k ) - { - data = ( data << 8 ) | key[j++]; - if( j >= keybits ) + for (k = 0; k < 4; ++k) { + data = (data << 8) | key[j++]; + if (j >= keybits) j = 0; } ctx->P[i] = P[i] ^ data; @@ -208,107 +196,94 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, datal = 0x00000000; datar = 0x00000000; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 ) - { - blowfish_enc( ctx, &datal, &datar ); + for (i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2) { + blowfish_enc(ctx, &datal, &datar); ctx->P[i] = datal; ctx->P[i + 1] = datar; } - for( i = 0; i < 4; i++ ) - { - for( j = 0; j < 256; j += 2 ) - { - blowfish_enc( ctx, &datal, &datar ); + for (i = 0; i < 4; i++) { + for (j = 0; j < 256; j += 2) { + blowfish_enc(ctx, &datal, &datar); ctx->S[i][j] = datal; ctx->S[i][j + 1] = datar; } } - return( 0 ); + return (0); } /* * Blowfish-ECB block encryption/decryption */ -int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, - int mode, - const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ) -{ +int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx, + int mode, + const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE]) { uint32_t X0, X1; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( input != NULL ); - BLOWFISH_VALIDATE_RET( output != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT); + BLOWFISH_VALIDATE_RET(input != NULL); + BLOWFISH_VALIDATE_RET(output != NULL); - GET_UINT32_BE( X0, input, 0 ); - GET_UINT32_BE( X1, input, 4 ); + GET_UINT32_BE(X0, input, 0); + GET_UINT32_BE(X1, input, 4); - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - blowfish_dec( ctx, &X0, &X1 ); - } - else /* MBEDTLS_BLOWFISH_ENCRYPT */ - { - blowfish_enc( ctx, &X0, &X1 ); + if (mode == MBEDTLS_BLOWFISH_DECRYPT) { + blowfish_dec(ctx, &X0, &X1); + } else { /* MBEDTLS_BLOWFISH_ENCRYPT */ + blowfish_enc(ctx, &X0, &X1); } - PUT_UINT32_BE( X0, output, 0 ); - PUT_UINT32_BE( X1, output, 4 ); + PUT_UINT32_BE(X0, output, 0); + PUT_UINT32_BE(X1, output, 4); - return( 0 ); + return (0); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * Blowfish-CBC buffer encryption/decryption */ -int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_blowfish_crypt_cbc(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( iv != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT); + BLOWFISH_VALIDATE_RET(iv != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || input != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || output != NULL); - if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); + if (length % MBEDTLS_BLOWFISH_BLOCKSIZE) + return (MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH); - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE ); - mbedtls_blowfish_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_BLOWFISH_DECRYPT) { + while (length > 0) { + memcpy(temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE); + mbedtls_blowfish_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE ); + memcpy(iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE); input += MBEDTLS_BLOWFISH_BLOCKSIZE; output += MBEDTLS_BLOWFISH_BLOCKSIZE; length -= MBEDTLS_BLOWFISH_BLOCKSIZE; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_blowfish_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE ); + mbedtls_blowfish_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE); input += MBEDTLS_BLOWFISH_BLOCKSIZE; output += MBEDTLS_BLOWFISH_BLOCKSIZE; @@ -316,7 +291,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -324,59 +299,53 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, /* * Blowfish CFB buffer encryption/decryption */ -int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_blowfish_crypt_cfb64(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int c; size_t n; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( iv != NULL ); - BLOWFISH_VALIDATE_RET( iv_off != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(mode == MBEDTLS_BLOWFISH_ENCRYPT || + mode == MBEDTLS_BLOWFISH_DECRYPT); + BLOWFISH_VALIDATE_RET(iv != NULL); + BLOWFISH_VALIDATE_RET(iv_off != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || input != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || output != NULL); n = *iv_off; - if( n >= 8 ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + if (n >= 8) + return (MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA); - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv ); + if (mode == MBEDTLS_BLOWFISH_DECRYPT) { + while (length--) { + if (n == 0) + mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv); c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); + *output++ = (unsigned char)(c ^ iv[n]); iv[n] = (unsigned char) c; - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; + n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv ); + } else { + while (length--) { + if (n == 0) + mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv); - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++); - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; + n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE; } } *iv_off = n; - return( 0 ); + return (0); } #endif /*MBEDTLS_CIPHER_MODE_CFB */ @@ -384,51 +353,50 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, /* * Blowfish CTR buffer encryption/decryption */ -int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_blowfish_crypt_ctr(mbedtls_blowfish_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( nonce_counter != NULL ); - BLOWFISH_VALIDATE_RET( stream_block != NULL ); - BLOWFISH_VALIDATE_RET( nc_off != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); + BLOWFISH_VALIDATE_RET(ctx != NULL); + BLOWFISH_VALIDATE_RET(nonce_counter != NULL); + BLOWFISH_VALIDATE_RET(stream_block != NULL); + BLOWFISH_VALIDATE_RET(nc_off != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || input != NULL); + BLOWFISH_VALIDATE_RET(length == 0 || output != NULL); n = *nc_off; - if( n >= 8 ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + if (n >= 8) + return (MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA); - while( length-- ) - { - if( n == 0 ) { - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter, - stream_block ); + while (length--) { + if (n == 0) { + mbedtls_blowfish_crypt_ecb(ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter, + stream_block); - for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i--) + if (++nonce_counter[i - 1] != 0) break; } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char)(c ^ stream_block[n]); - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; + n = (n + 1) % MBEDTLS_BLOWFISH_BLOCKSIZE; } *nc_off = n; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ static const uint32_t S[4][256] = { - { 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L, + { + 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L, 0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L, 0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L, 0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL, @@ -491,8 +459,10 @@ static const uint32_t S[4][256] = { 0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L, 0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L, 0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L, - 0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL }, - { 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L, + 0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL + }, + { + 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L, 0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L, 0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L, 0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL, @@ -555,8 +525,10 @@ static const uint32_t S[4][256] = { 0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L, 0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L, 0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L, - 0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L }, - { 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L, + 0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L + }, + { + 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L, 0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L, 0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL, 0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L, @@ -619,8 +591,10 @@ static const uint32_t S[4][256] = { 0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L, 0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL, 0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L, - 0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L }, - { 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL, + 0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L + }, + { + 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL, 0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL, 0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL, 0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L, @@ -683,7 +657,8 @@ static const uint32_t S[4][256] = { 0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL, 0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L, 0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL, - 0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L } + 0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L + } }; #endif /* !MBEDTLS_BLOWFISH_ALT */ diff --git a/common/mbedtls/blowfish.h b/common/mbedtls/blowfish.h index c2a6ff916..456a5c31a 100644 --- a/common/mbedtls/blowfish.h +++ b/common/mbedtls/blowfish.h @@ -62,8 +62,7 @@ extern "C" { /** * \brief Blowfish context structure */ -typedef struct mbedtls_blowfish_context -{ +typedef struct mbedtls_blowfish_context { uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ uint32_t S[4][256]; /*!< key dependent S-boxes */ } @@ -79,7 +78,7 @@ mbedtls_blowfish_context; * \param ctx The Blowfish context to be initialized. * This must not be \c NULL. */ -void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); +void mbedtls_blowfish_init(mbedtls_blowfish_context *ctx); /** * \brief Clear a Blowfish context. @@ -89,7 +88,7 @@ void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); * returns immediately. If it is not \c NULL, it must * point to an initialized Blowfish context. */ -void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); +void mbedtls_blowfish_free(mbedtls_blowfish_context *ctx); /** * \brief Perform a Blowfish key schedule operation. @@ -103,8 +102,8 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, - unsigned int keybits ); +int mbedtls_blowfish_setkey(mbedtls_blowfish_context *ctx, const unsigned char *key, + unsigned int keybits); /** * \brief Perform a Blowfish-ECB block encryption/decryption operation. @@ -122,10 +121,10 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, - int mode, - const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ); +int mbedtls_blowfish_crypt_ecb(mbedtls_blowfish_context *ctx, + int mode, + const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -156,12 +155,12 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_blowfish_crypt_cbc(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -196,13 +195,13 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_blowfish_crypt_cfb64(mbedtls_blowfish_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /*MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -269,13 +268,13 @@ int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); +int mbedtls_blowfish_crypt_ctr(mbedtls_blowfish_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], + unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #ifdef __cplusplus diff --git a/common/mbedtls/bn_mul.h b/common/mbedtls/bn_mul.h index 17d057f3a..8fa9d9125 100644 --- a/common/mbedtls/bn_mul.h +++ b/common/mbedtls/bn_mul.h @@ -467,7 +467,7 @@ "addx %%g1, 0, %%o2 \n\t" \ "inc 4, %%o1 \n\t" - #define MULADDC_STOP \ +#define MULADDC_STOP \ "st %%o2, %0 \n\t" \ "stx %%o1, %1 \n\t" \ "stx %%o0, %2 \n\t" \ diff --git a/common/mbedtls/camellia.c b/common/mbedtls/camellia.c index d60f93188..7b49f9aae 100644 --- a/common/mbedtls/camellia.c +++ b/common/mbedtls/camellia.c @@ -72,8 +72,7 @@ } #endif -static const unsigned char SIGMA_CHARS[6][8] = -{ +static const unsigned char SIGMA_CHARS[6][8] = { { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b }, { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 }, { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe }, @@ -84,24 +83,23 @@ static const unsigned char SIGMA_CHARS[6][8] = #if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) -static const unsigned char FSb[256] = -{ - 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, - 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, - 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, - 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, - 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, - 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, - 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, - 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, - 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, - 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, - 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, - 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, - 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, - 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, - 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, - 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158 +static const unsigned char FSb[256] = { + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 }; #define SBOX1(n) FSb[(n)] @@ -111,84 +109,80 @@ static const unsigned char FSb[256] = #else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ -static const unsigned char FSb[256] = -{ - 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, - 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, - 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, - 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, - 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, - 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, - 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, - 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, - 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, - 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, - 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, - 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, - 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, - 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, - 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, - 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 +static const unsigned char FSb[256] = { + 112, 130, 44, 236, 179, 39, 192, 229, 228, 133, 87, 53, 234, 12, 174, 65, + 35, 239, 107, 147, 69, 25, 165, 33, 237, 14, 79, 78, 29, 101, 146, 189, + 134, 184, 175, 143, 124, 235, 31, 206, 62, 48, 220, 95, 94, 197, 11, 26, + 166, 225, 57, 202, 213, 71, 93, 61, 217, 1, 90, 214, 81, 86, 108, 77, + 139, 13, 154, 102, 251, 204, 176, 45, 116, 18, 43, 32, 240, 177, 132, 153, + 223, 76, 203, 194, 52, 126, 118, 5, 109, 183, 169, 49, 209, 23, 4, 215, + 20, 88, 58, 97, 222, 27, 17, 28, 50, 15, 156, 22, 83, 24, 242, 34, + 254, 68, 207, 178, 195, 181, 122, 145, 36, 8, 232, 168, 96, 252, 105, 80, + 170, 208, 160, 125, 161, 137, 98, 151, 84, 91, 30, 149, 224, 255, 100, 210, + 16, 196, 0, 72, 163, 247, 117, 219, 138, 3, 230, 218, 9, 63, 221, 148, + 135, 92, 131, 2, 205, 74, 144, 51, 115, 103, 246, 243, 157, 127, 191, 226, + 82, 155, 216, 38, 200, 55, 198, 59, 129, 150, 111, 75, 19, 190, 99, 46, + 233, 121, 167, 140, 159, 110, 188, 142, 41, 245, 249, 182, 47, 253, 180, 89, + 120, 152, 6, 106, 231, 70, 113, 186, 212, 37, 171, 66, 136, 162, 141, 250, + 114, 7, 185, 85, 248, 238, 172, 10, 54, 73, 42, 104, 60, 56, 241, 164, + 64, 40, 211, 123, 187, 201, 67, 193, 21, 227, 173, 244, 119, 199, 128, 158 }; -static const unsigned char FSb2[256] = -{ - 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, - 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, - 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, - 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, - 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, - 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, - 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, - 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, - 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, - 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, - 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, - 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, - 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, - 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, - 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, - 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 +static const unsigned char FSb2[256] = { + 224, 5, 88, 217, 103, 78, 129, 203, 201, 11, 174, 106, 213, 24, 93, 130, + 70, 223, 214, 39, 138, 50, 75, 66, 219, 28, 158, 156, 58, 202, 37, 123, + 13, 113, 95, 31, 248, 215, 62, 157, 124, 96, 185, 190, 188, 139, 22, 52, + 77, 195, 114, 149, 171, 142, 186, 122, 179, 2, 180, 173, 162, 172, 216, 154, + 23, 26, 53, 204, 247, 153, 97, 90, 232, 36, 86, 64, 225, 99, 9, 51, + 191, 152, 151, 133, 104, 252, 236, 10, 218, 111, 83, 98, 163, 46, 8, 175, + 40, 176, 116, 194, 189, 54, 34, 56, 100, 30, 57, 44, 166, 48, 229, 68, + 253, 136, 159, 101, 135, 107, 244, 35, 72, 16, 209, 81, 192, 249, 210, 160, + 85, 161, 65, 250, 67, 19, 196, 47, 168, 182, 60, 43, 193, 255, 200, 165, + 32, 137, 0, 144, 71, 239, 234, 183, 21, 6, 205, 181, 18, 126, 187, 41, + 15, 184, 7, 4, 155, 148, 33, 102, 230, 206, 237, 231, 59, 254, 127, 197, + 164, 55, 177, 76, 145, 110, 141, 118, 3, 45, 222, 150, 38, 125, 198, 92, + 211, 242, 79, 25, 63, 220, 121, 29, 82, 235, 243, 109, 94, 251, 105, 178, + 240, 49, 12, 212, 207, 140, 226, 117, 169, 74, 87, 132, 17, 69, 27, 245, + 228, 14, 115, 170, 241, 221, 89, 20, 108, 146, 84, 208, 120, 112, 227, 73, + 128, 80, 167, 246, 119, 147, 134, 131, 42, 199, 91, 233, 238, 143, 1, 61 }; -static const unsigned char FSb3[256] = -{ - 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, - 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, - 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, - 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, - 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, - 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, - 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, - 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, - 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, - 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, - 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, - 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, - 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, - 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, - 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, - 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 +static const unsigned char FSb3[256] = { + 56, 65, 22, 118, 217, 147, 96, 242, 114, 194, 171, 154, 117, 6, 87, 160, + 145, 247, 181, 201, 162, 140, 210, 144, 246, 7, 167, 39, 142, 178, 73, 222, + 67, 92, 215, 199, 62, 245, 143, 103, 31, 24, 110, 175, 47, 226, 133, 13, + 83, 240, 156, 101, 234, 163, 174, 158, 236, 128, 45, 107, 168, 43, 54, 166, + 197, 134, 77, 51, 253, 102, 88, 150, 58, 9, 149, 16, 120, 216, 66, 204, + 239, 38, 229, 97, 26, 63, 59, 130, 182, 219, 212, 152, 232, 139, 2, 235, + 10, 44, 29, 176, 111, 141, 136, 14, 25, 135, 78, 11, 169, 12, 121, 17, + 127, 34, 231, 89, 225, 218, 61, 200, 18, 4, 116, 84, 48, 126, 180, 40, + 85, 104, 80, 190, 208, 196, 49, 203, 42, 173, 15, 202, 112, 255, 50, 105, + 8, 98, 0, 36, 209, 251, 186, 237, 69, 129, 115, 109, 132, 159, 238, 74, + 195, 46, 193, 1, 230, 37, 72, 153, 185, 179, 123, 249, 206, 191, 223, 113, + 41, 205, 108, 19, 100, 155, 99, 157, 192, 75, 183, 165, 137, 95, 177, 23, + 244, 188, 211, 70, 207, 55, 94, 71, 148, 250, 252, 91, 151, 254, 90, 172, + 60, 76, 3, 53, 243, 35, 184, 93, 106, 146, 213, 33, 68, 81, 198, 125, + 57, 131, 220, 170, 124, 119, 86, 5, 27, 164, 21, 52, 30, 28, 248, 82, + 32, 20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227, 64, 79 }; -static const unsigned char FSb4[256] = -{ - 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, - 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, - 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, - 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, - 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, - 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, - 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, - 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, - 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, - 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, - 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, - 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, - 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, - 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, - 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, - 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 +static const unsigned char FSb4[256] = { + 112, 44, 179, 192, 228, 87, 234, 174, 35, 107, 69, 165, 237, 79, 29, 146, + 134, 175, 124, 31, 62, 220, 94, 11, 166, 57, 213, 93, 217, 90, 81, 108, + 139, 154, 251, 176, 116, 43, 240, 132, 223, 203, 52, 118, 109, 169, 209, 4, + 20, 58, 222, 17, 50, 156, 83, 242, 254, 207, 195, 122, 36, 232, 96, 105, + 170, 160, 161, 98, 84, 30, 224, 100, 16, 0, 163, 117, 138, 230, 9, 221, + 135, 131, 205, 144, 115, 246, 157, 191, 82, 216, 200, 198, 129, 111, 19, 99, + 233, 167, 159, 188, 41, 249, 47, 180, 120, 6, 231, 113, 212, 171, 136, 141, + 114, 185, 248, 172, 54, 42, 60, 241, 64, 211, 187, 67, 21, 173, 119, 128, + 130, 236, 39, 229, 133, 53, 12, 65, 239, 147, 25, 33, 14, 78, 101, 189, + 184, 143, 235, 206, 48, 95, 197, 26, 225, 202, 71, 61, 1, 214, 86, 77, + 13, 102, 204, 45, 18, 32, 177, 153, 76, 194, 126, 5, 183, 49, 23, 215, + 88, 97, 27, 28, 15, 22, 24, 34, 68, 178, 181, 145, 8, 168, 252, 80, + 208, 125, 137, 151, 91, 149, 255, 210, 196, 72, 247, 219, 3, 218, 63, 148, + 92, 2, 74, 51, 103, 243, 127, 226, 155, 38, 55, 59, 150, 75, 190, 46, + 121, 140, 110, 142, 245, 182, 253, 89, 152, 106, 70, 186, 37, 66, 162, 250, + 7, 85, 238, 10, 73, 104, 56, 164, 40, 123, 201, 193, 227, 244, 199, 158 }; #define SBOX1(n) FSb[(n)] @@ -198,8 +192,7 @@ static const unsigned char FSb4[256] = #endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ -static const unsigned char shifts[2][4][4] = -{ +static const unsigned char shifts[2][4][4] = { { { 1, 1, 1, 1 }, /* KL */ { 0, 0, 0, 0 }, /* KR */ @@ -214,32 +207,46 @@ static const unsigned char shifts[2][4][4] = } }; -static const signed char indexes[2][4][20] = -{ +static const signed char indexes[2][4][20] = { { - { 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, - 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */ - { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */ - { 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, - 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */ - { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 } /* KB -> RK */ + { + 0, 1, 2, 3, 8, 9, 10, 11, 38, 39, + 36, 37, 23, 20, 21, 22, 27, -1, -1, 26 + }, /* KL -> RK */ + { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 + }, /* KR -> RK */ + { + 4, 5, 6, 7, 12, 13, 14, 15, 16, 17, + 18, 19, -1, 24, 25, -1, 31, 28, 29, 30 + }, /* KA -> RK */ + { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 + } /* KB -> RK */ }, { - { 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, - -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */ - { -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, - 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */ - { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, - 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */ - { 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, - 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 } /* KB -> RK */ + { + 0, 1, 2, 3, 61, 62, 63, 60, -1, -1, + -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 + }, /* KL -> RK */ + { + -1, -1, -1, -1, 8, 9, 10, 11, 16, 17, + 18, 19, -1, -1, -1, -1, 39, 36, 37, 38 + }, /* KR -> RK */ + { + -1, -1, -1, -1, 12, 13, 14, 15, 58, 59, + 56, 57, 31, 28, 29, 30, -1, -1, -1, -1 + }, /* KA -> RK */ + { + 4, 5, 6, 7, 65, 66, 67, 64, 20, 21, + 22, 23, -1, -1, -1, -1, 43, 40, 41, 42 + } /* KB -> RK */ } }; -static const signed char transposes[2][20] = -{ +static const signed char transposes[2][20] = { { 21, 22, 23, 20, -1, -1, -1, -1, @@ -294,9 +301,8 @@ static const signed char transposes[2][20] = } \ } -static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], - uint32_t z[2]) -{ +static void camellia_feistel(const uint32_t x[2], const uint32_t k[2], + uint32_t z[2]) { uint32_t I0, I1; I0 = x[0] ^ k[0]; I1 = x[1] ^ k[1]; @@ -304,11 +310,11 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) | ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) | ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) | - ((uint32_t) SBOX4((I0 ) & 0xFF) ); + ((uint32_t) SBOX4((I0) & 0xFF)); I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) | ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) | ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) | - ((uint32_t) SBOX1((I1 ) & 0xFF) ); + ((uint32_t) SBOX1((I1) & 0xFF)); I0 ^= (I1 << 8) | (I1 >> 24); I1 ^= (I0 << 16) | (I0 >> 16); @@ -319,27 +325,24 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2], z[1] ^= I0; } -void mbedtls_camellia_init( mbedtls_camellia_context *ctx ) -{ - CAMELLIA_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_camellia_context ) ); +void mbedtls_camellia_init(mbedtls_camellia_context *ctx) { + CAMELLIA_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_camellia_context)); } -void mbedtls_camellia_free( mbedtls_camellia_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_camellia_free(mbedtls_camellia_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context)); } /* * Camellia key schedule (encryption) */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits) { int idx; size_t i; uint32_t *RK; @@ -348,68 +351,74 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, uint32_t KC[16]; uint32_t TK[20]; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( key != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(key != NULL); RK = ctx->rk; - memset( t, 0, 64 ); - memset( RK, 0, sizeof(ctx->rk) ); + memset(t, 0, 64); + memset(RK, 0, sizeof(ctx->rk)); - switch( keybits ) - { - case 128: ctx->nr = 3; idx = 0; break; + switch (keybits) { + case 128: + ctx->nr = 3; + idx = 0; + break; case 192: - case 256: ctx->nr = 4; idx = 1; break; - default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + case 256: + ctx->nr = 4; + idx = 1; + break; + default : + return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA); } - for( i = 0; i < keybits / 8; ++i ) + for (i = 0; i < keybits / 8; ++i) t[i] = key[i]; - if( keybits == 192 ) { - for( i = 0; i < 8; i++ ) + if (keybits == 192) { + for (i = 0; i < 8; i++) t[24 + i] = ~t[16 + i]; } /* * Prepare SIGMA values */ - for( i = 0; i < 6; i++ ) { - GET_UINT32_BE( SIGMA[i][0], SIGMA_CHARS[i], 0 ); - GET_UINT32_BE( SIGMA[i][1], SIGMA_CHARS[i], 4 ); + for (i = 0; i < 6; i++) { + GET_UINT32_BE(SIGMA[i][0], SIGMA_CHARS[i], 0); + GET_UINT32_BE(SIGMA[i][1], SIGMA_CHARS[i], 4); } /* * Key storage in KC * Order: KL, KR, KA, KB */ - memset( KC, 0, sizeof(KC) ); + memset(KC, 0, sizeof(KC)); /* Store KL, KR */ - for( i = 0; i < 8; i++ ) - GET_UINT32_BE( KC[i], t, i * 4 ); + for (i = 0; i < 8; i++) + GET_UINT32_BE(KC[i], t, i * 4); /* Generate KA */ - for( i = 0; i < 4; ++i ) + for (i = 0; i < 4; ++i) KC[8 + i] = KC[i] ^ KC[4 + i]; - camellia_feistel( KC + 8, SIGMA[0], KC + 10 ); - camellia_feistel( KC + 10, SIGMA[1], KC + 8 ); + camellia_feistel(KC + 8, SIGMA[0], KC + 10); + camellia_feistel(KC + 10, SIGMA[1], KC + 8); - for( i = 0; i < 4; ++i ) + for (i = 0; i < 4; ++i) KC[8 + i] ^= KC[i]; - camellia_feistel( KC + 8, SIGMA[2], KC + 10 ); - camellia_feistel( KC + 10, SIGMA[3], KC + 8 ); + camellia_feistel(KC + 8, SIGMA[2], KC + 10); + camellia_feistel(KC + 10, SIGMA[3], KC + 8); - if( keybits > 128 ) { + if (keybits > 128) { /* Generate KB */ - for( i = 0; i < 4; ++i ) + for (i = 0; i < 4; ++i) KC[12 + i] = KC[4 + i] ^ KC[8 + i]; - camellia_feistel( KC + 12, SIGMA[4], KC + 14 ); - camellia_feistel( KC + 14, SIGMA[5], KC + 12 ); + camellia_feistel(KC + 12, SIGMA[4], KC + 14); + camellia_feistel(KC + 14, SIGMA[5], KC + 12); } /* @@ -417,54 +426,53 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, */ /* Manipulating KL */ - SHIFT_AND_PLACE( idx, 0 ); + SHIFT_AND_PLACE(idx, 0); /* Manipulating KR */ - if( keybits > 128 ) { - SHIFT_AND_PLACE( idx, 1 ); + if (keybits > 128) { + SHIFT_AND_PLACE(idx, 1); } /* Manipulating KA */ - SHIFT_AND_PLACE( idx, 2 ); + SHIFT_AND_PLACE(idx, 2); /* Manipulating KB */ - if( keybits > 128 ) { - SHIFT_AND_PLACE( idx, 3 ); + if (keybits > 128) { + SHIFT_AND_PLACE(idx, 3); } /* Do transpositions */ - for( i = 0; i < 20; i++ ) { - if( transposes[idx][i] != -1 ) { + for (i = 0; i < 20; i++) { + if (transposes[idx][i] != -1) { RK[32 + 12 * idx + i] = RK[transposes[idx][i]]; } } - return( 0 ); + return (0); } /* * Camellia key schedule (decryption) */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits) { int idx, ret; size_t i; mbedtls_camellia_context cty; uint32_t *RK; uint32_t *SK; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( key != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(key != NULL); - mbedtls_camellia_init( &cty ); + mbedtls_camellia_init(&cty); /* Also checks keybits */ - if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 ) + if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) goto exit; ctx->nr = cty.nr; - idx = ( ctx->nr == 4 ); + idx = (ctx->nr == 4); RK = ctx->rk; SK = cty.rk + 24 * 2 + 8 * idx * 2; @@ -474,8 +482,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, *RK++ = *SK++; *RK++ = *SK++; - for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 ) - { + for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) { *RK++ = *SK++; *RK++ = *SK++; } @@ -488,58 +495,57 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, *RK++ = *SK++; exit: - mbedtls_camellia_free( &cty ); + mbedtls_camellia_free(&cty); - return( ret ); + return (ret); } /* * Camellia-ECB block encryption/decryption */ -int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ +int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { int NR; uint32_t *RK, X[4]; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || - mode == MBEDTLS_CAMELLIA_DECRYPT ); - CAMELLIA_VALIDATE_RET( input != NULL ); - CAMELLIA_VALIDATE_RET( output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT); + CAMELLIA_VALIDATE_RET(input != NULL); + CAMELLIA_VALIDATE_RET(output != NULL); - ( (void) mode ); + ((void) mode); NR = ctx->nr; RK = ctx->rk; - GET_UINT32_BE( X[0], input, 0 ); - GET_UINT32_BE( X[1], input, 4 ); - GET_UINT32_BE( X[2], input, 8 ); - GET_UINT32_BE( X[3], input, 12 ); + GET_UINT32_BE(X[0], input, 0); + GET_UINT32_BE(X[1], input, 4); + GET_UINT32_BE(X[2], input, 8); + GET_UINT32_BE(X[3], input, 12); X[0] ^= *RK++; X[1] ^= *RK++; X[2] ^= *RK++; X[3] ^= *RK++; - while( NR ) { + while (NR) { --NR; - camellia_feistel( X, RK, X + 2 ); + camellia_feistel(X, RK, X + 2); RK += 2; - camellia_feistel( X + 2, RK, X ); + camellia_feistel(X + 2, RK, X); RK += 2; - camellia_feistel( X, RK, X + 2 ); + camellia_feistel(X, RK, X + 2); RK += 2; - camellia_feistel( X + 2, RK, X ); + camellia_feistel(X + 2, RK, X); RK += 2; - camellia_feistel( X, RK, X + 2 ); + camellia_feistel(X, RK, X + 2); RK += 2; - camellia_feistel( X + 2, RK, X ); + camellia_feistel(X + 2, RK, X); RK += 2; - if( NR ) { + if (NR) { FL(X[0], X[1], RK[0], RK[1]); RK += 2; FLInv(X[2], X[3], RK[0], RK[1]); @@ -552,63 +558,57 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, X[0] ^= *RK++; X[1] ^= *RK++; - PUT_UINT32_BE( X[2], output, 0 ); - PUT_UINT32_BE( X[3], output, 4 ); - PUT_UINT32_BE( X[0], output, 8 ); - PUT_UINT32_BE( X[1], output, 12 ); + PUT_UINT32_BE(X[2], output, 0); + PUT_UINT32_BE(X[3], output, 4); + PUT_UINT32_BE(X[0], output, 8); + PUT_UINT32_BE(X[1], output, 12); - return( 0 ); + return (0); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * Camellia-CBC buffer encryption/decryption */ -int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[16]; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || - mode == MBEDTLS_CAMELLIA_DECRYPT ); - CAMELLIA_VALIDATE_RET( iv != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT); + CAMELLIA_VALIDATE_RET(iv != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || input != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || output != NULL); - if( length % 16 ) - return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); + if (length % 16) + return (MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH); - if( mode == MBEDTLS_CAMELLIA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 16 ); - mbedtls_camellia_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_CAMELLIA_DECRYPT) { + while (length > 0) { + memcpy(temp, input, 16); + mbedtls_camellia_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 16; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, 16 ); + memcpy(iv, temp, 16); input += 16; output += 16; length -= 16; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 16; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < 16; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_camellia_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 16 ); + mbedtls_camellia_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, 16); input += 16; output += 16; @@ -616,7 +616,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -624,58 +624,52 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, /* * Camellia-CFB128 buffer encryption/decryption */ -int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int c; size_t n; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT || - mode == MBEDTLS_CAMELLIA_DECRYPT ); - CAMELLIA_VALIDATE_RET( iv != NULL ); - CAMELLIA_VALIDATE_RET( iv_off != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(mode == MBEDTLS_CAMELLIA_ENCRYPT || + mode == MBEDTLS_CAMELLIA_DECRYPT); + CAMELLIA_VALIDATE_RET(iv != NULL); + CAMELLIA_VALIDATE_RET(iv_off != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || input != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || output != NULL); n = *iv_off; - if( n >= 16 ) - return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + if (n >= 16) + return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA); - if( mode == MBEDTLS_CAMELLIA_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); + if (mode == MBEDTLS_CAMELLIA_DECRYPT) { + while (length--) { + if (n == 0) + mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv); c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); + *output++ = (unsigned char)(c ^ iv[n]); iv[n] = (unsigned char) c; - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv ); + } else { + while (length--) { + if (n == 0) + mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv); - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); + iv[n] = *output++ = (unsigned char)(iv[n] ^ *input++); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } } *iv_off = n; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ @@ -683,46 +677,44 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, /* * Camellia-CTR buffer encryption/decryption */ -int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output) { int c, i; size_t n; - CAMELLIA_VALIDATE_RET( ctx != NULL ); - CAMELLIA_VALIDATE_RET( nonce_counter != NULL ); - CAMELLIA_VALIDATE_RET( stream_block != NULL ); - CAMELLIA_VALIDATE_RET( nc_off != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || input != NULL ); - CAMELLIA_VALIDATE_RET( length == 0 || output != NULL ); + CAMELLIA_VALIDATE_RET(ctx != NULL); + CAMELLIA_VALIDATE_RET(nonce_counter != NULL); + CAMELLIA_VALIDATE_RET(stream_block != NULL); + CAMELLIA_VALIDATE_RET(nc_off != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || input != NULL); + CAMELLIA_VALIDATE_RET(length == 0 || output != NULL); n = *nc_off; - if( n >= 16 ) - return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + if (n >= 16) + return (MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA); - while( length-- ) - { - if( n == 0 ) { - mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, - stream_block ); + while (length--) { + if (n == 0) { + mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter, + stream_block); - for( i = 16; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) + for (i = 16; i > 0; i--) + if (++nonce_counter[i - 1] != 0) break; } c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); + *output++ = (unsigned char)(c ^ stream_block[n]); - n = ( n + 1 ) & 0x0F; + n = (n + 1) & 0x0F; } *nc_off = n; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* !MBEDTLS_CAMELLIA_ALT */ @@ -739,124 +731,178 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, */ #define CAMELLIA_TESTS_ECB 2 -static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = -{ +static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] = { { - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } }, { - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } }, { - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff + }, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } }, }; -static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = -{ - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, - { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } +static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] = { + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }, + { + 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + } }; -static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = -{ +static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] = { { - { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, - 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 }, - { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, - 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 } + { + 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, + 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 + }, + { + 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE, + 0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 + } }, { - { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, - 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 }, - { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, - 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 } + { + 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, + 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 + }, + { + 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9, + 0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 + } }, { - { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, - 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 }, - { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, - 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 } + { + 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, + 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 + }, + { + 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C, + 0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 + } } }; #if defined(MBEDTLS_CIPHER_MODE_CBC) #define CAMELLIA_TESTS_CBC 3 -static const unsigned char camellia_test_cbc_key[3][32] = -{ - { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, - 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C } +static const unsigned char camellia_test_cbc_key[3][32] = { + { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C + } , - { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, - 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, - 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B } + { + 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B + } , - { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, - 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, - 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, - 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 } + { + 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 + } }; static const unsigned char camellia_test_cbc_iv[16] = - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F } +{ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F +} ; -static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = -{ - { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }, - { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, - 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 }, - { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, - 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF } +static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] = { + { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }, + { + 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, + 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 + }, + { + 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11, + 0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF + } }; -static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = -{ +static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = { { - { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, - 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB }, - { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, - 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 }, - { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, - 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 } + { + 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, + 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB + }, + { + 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78, + 0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 + }, + { + 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B, + 0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 + } }, { - { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, - 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 }, - { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, - 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 }, - { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, - 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 } + { + 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, + 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 + }, + { + 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42, + 0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 + }, + { + 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8, + 0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 + } }, { - { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, - 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA }, - { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, - 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 }, - { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, - 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 } + { + 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, + 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA + }, + { + 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40, + 0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 + }, + { + 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA, + 0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 + } } }; #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -868,67 +914,86 @@ static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] = * http://www.faqs.org/rfcs/rfc5528.html */ -static const unsigned char camellia_test_ctr_key[3][16] = -{ - { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, - 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E }, - { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, - 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 }, - { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, - 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC } +static const unsigned char camellia_test_ctr_key[3][16] = { + { + 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC, + 0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E + }, + { + 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7, + 0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 + }, + { + 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8, + 0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC + } }; -static const unsigned char camellia_test_ctr_nonce_counter[3][16] = -{ - { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, - 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 }, - { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, - 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 } +static const unsigned char camellia_test_ctr_nonce_counter[3][16] = { + { + 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + }, + { + 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59, + 0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 + }, + { + 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F, + 0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 + } }; -static const unsigned char camellia_test_ctr_pt[3][48] = -{ - { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, - 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 }, +static const unsigned char camellia_test_ctr_pt[3][48] = { + { + 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62, + 0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 + }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, - 0x20, 0x21, 0x22, 0x23 } + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x22, 0x23 + } }; -static const unsigned char camellia_test_ctr_ct[3][48] = -{ - { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, - 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F }, - { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, - 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, - 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, - 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 }, - { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, - 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, - 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, - 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, - 0xDF, 0x50, 0x86, 0x96 } +static const unsigned char camellia_test_ctr_ct[3][48] = { + { + 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A, + 0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F + }, + { + 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4, + 0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44, + 0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7, + 0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 + }, + { + 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88, + 0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73, + 0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1, + 0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD, + 0xDF, 0x50, 0x86, 0x96 + } }; static const int camellia_test_ctr_len[3] = - { 16, 32, 36 }; +{ 16, 32, 36 }; #endif /* MBEDTLS_CIPHER_MODE_CTR */ /* * Checkup routine */ -int mbedtls_camellia_self_test( int verbose ) -{ +int mbedtls_camellia_self_test(int verbose) { int i, j, u, v; unsigned char key[32]; unsigned char buf[64]; @@ -945,162 +1010,153 @@ int mbedtls_camellia_self_test( int verbose ) mbedtls_camellia_context ctx; - memset( key, 0, 32 ); + memset(key, 0, 32); - for( j = 0; j < 6; j++ ) { + for (j = 0; j < 6; j++) { u = j >> 1; - v = j & 1; + v = j & 1; - if( verbose != 0 ) - mbedtls_printf( " CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, - (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); + if (verbose != 0) + mbedtls_printf(" CAMELLIA-ECB-%3d (%s): ", 128 + u * 64, + (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); - for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) { - memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u ); + for (i = 0; i < CAMELLIA_TESTS_ECB; i++) { + memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u); - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); - memcpy( src, camellia_test_ecb_cipher[u][i], 16 ); - memcpy( dst, camellia_test_ecb_plain[i], 16 ); - } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); - memcpy( src, camellia_test_ecb_plain[i], 16 ); - memcpy( dst, camellia_test_ecb_cipher[u][i], 16 ); + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); + memcpy(src, camellia_test_ecb_cipher[u][i], 16); + memcpy(dst, camellia_test_ecb_plain[i], 16); + } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ + mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64); + memcpy(src, camellia_test_ecb_plain[i], 16); + memcpy(dst, camellia_test_ecb_cipher[u][i], 16); + } + + mbedtls_camellia_crypt_ecb(&ctx, v, src, buf); + + if (memcmp(buf, dst, 16) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); + + return (1); + } } - mbedtls_camellia_crypt_ecb( &ctx, v, src, buf ); - - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * CBC mode */ - for( j = 0; j < 6; j++ ) - { + for (j = 0; j < 6; j++) { u = j >> 1; v = j & 1; - if( verbose != 0 ) - mbedtls_printf( " CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" CAMELLIA-CBC-%3d (%s): ", 128 + u * 64, + (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); - memcpy( src, camellia_test_cbc_iv, 16 ); - memcpy( dst, camellia_test_cbc_iv, 16 ); - memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u ); + memcpy(src, camellia_test_cbc_iv, 16); + memcpy(dst, camellia_test_cbc_iv, 16); + memcpy(key, camellia_test_cbc_key[u], 16 + 8 * u); - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 ); + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + mbedtls_camellia_setkey_dec(&ctx, key, 128 + u * 64); } else { - mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 ); + mbedtls_camellia_setkey_enc(&ctx, key, 128 + u * 64); } - for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) { + for (i = 0; i < CAMELLIA_TESTS_CBC; i++) { - if( v == MBEDTLS_CAMELLIA_DECRYPT ) { - memcpy( iv , src, 16 ); - memcpy( src, camellia_test_cbc_cipher[u][i], 16 ); - memcpy( dst, camellia_test_cbc_plain[i], 16 ); + if (v == MBEDTLS_CAMELLIA_DECRYPT) { + memcpy(iv, src, 16); + memcpy(src, camellia_test_cbc_cipher[u][i], 16); + memcpy(dst, camellia_test_cbc_plain[i], 16); } else { /* MBEDTLS_CAMELLIA_ENCRYPT */ - memcpy( iv , dst, 16 ); - memcpy( src, camellia_test_cbc_plain[i], 16 ); - memcpy( dst, camellia_test_cbc_cipher[u][i], 16 ); + memcpy(iv, dst, 16); + memcpy(src, camellia_test_cbc_plain[i], 16); + memcpy(dst, camellia_test_cbc_cipher[u][i], 16); } - mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf ); + mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf); - if( memcmp( buf, dst, 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, dst, 16) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #if defined(MBEDTLS_CIPHER_MODE_CTR) /* * CTR mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; v = i & 1; - if( verbose != 0 ) - mbedtls_printf( " CAMELLIA-CTR-128 (%s): ", - ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" CAMELLIA-CTR-128 (%s): ", + (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc"); - memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 ); - memcpy( key, camellia_test_ctr_key[u], 16 ); + memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16); + memcpy(key, camellia_test_ctr_key[u], 16); offset = 0; - mbedtls_camellia_setkey_enc( &ctx, key, 128 ); + mbedtls_camellia_setkey_enc(&ctx, key, 128); - if( v == MBEDTLS_CAMELLIA_DECRYPT ) - { + if (v == MBEDTLS_CAMELLIA_DECRYPT) { len = camellia_test_ctr_len[u]; - memcpy( buf, camellia_test_ctr_ct[u], len ); + memcpy(buf, camellia_test_ctr_ct[u], len); - mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); + mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block, + buf, buf); - if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } - } - else - { + } else { len = camellia_test_ctr_len[u]; - memcpy( buf, camellia_test_ctr_pt[u], len ); + memcpy(buf, camellia_test_ctr_pt[u], len); - mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); + mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block, + buf, buf); - if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #endif /* MBEDTLS_CIPHER_MODE_CTR */ - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/camellia.h b/common/mbedtls/camellia.h index f7d2b23a4..38154f81a 100644 --- a/common/mbedtls/camellia.h +++ b/common/mbedtls/camellia.h @@ -58,8 +58,7 @@ extern "C" { /** * \brief CAMELLIA context structure */ -typedef struct mbedtls_camellia_context -{ +typedef struct mbedtls_camellia_context { int nr; /*!< number of rounds */ uint32_t rk[68]; /*!< CAMELLIA round keys */ } @@ -75,7 +74,7 @@ mbedtls_camellia_context; * \param ctx The CAMELLIA context to be initialized. * This must not be \c NULL. */ -void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); +void mbedtls_camellia_init(mbedtls_camellia_context *ctx); /** * \brief Clear a CAMELLIA context. @@ -84,7 +83,7 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx ); * in which case this function returns immediately. If it is not * \c NULL, it must be initialized. */ -void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); +void mbedtls_camellia_free(mbedtls_camellia_context *ctx); /** * \brief Perform a CAMELLIA key schedule operation for encryption. @@ -98,9 +97,9 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief Perform a CAMELLIA key schedule operation for decryption. @@ -114,9 +113,9 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx, + const unsigned char *key, + unsigned int keybits); /** * \brief Perform a CAMELLIA-ECB block encryption/decryption operation. @@ -133,10 +132,10 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -167,12 +166,12 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -213,13 +212,13 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx, + int mode, + size_t length, + size_t *iv_off, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -297,13 +296,13 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx, + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_SELF_TEST) @@ -313,7 +312,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_camellia_self_test( int verbose ); +int mbedtls_camellia_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/ccm.c b/common/mbedtls/ccm.c index 424ee77b6..789446f46 100644 --- a/common/mbedtls/ccm.c +++ b/common/mbedtls/ccm.c @@ -58,54 +58,50 @@ /* * Initialize context */ -void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) -{ - CCM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); +void mbedtls_ccm_init(mbedtls_ccm_context *ctx) { + CCM_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_ccm_context)); } -int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( key != NULL ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(key != NULL); - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, + MBEDTLS_MODE_ECB); + if (cipher_info == NULL) + return (MBEDTLS_ERR_CCM_BAD_INPUT); - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (cipher_info->block_size != 16) + return (MBEDTLS_ERR_CCM_BAD_INPUT); - mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_cipher_free(&ctx->cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) + return (ret); - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { + return (ret); } - return( 0 ); + return (0); } /* * Free context */ -void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ccm_free(mbedtls_ccm_context *ctx) { + if (ctx == NULL) return; - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); + mbedtls_cipher_free(&ctx->cipher_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context)); } /* @@ -145,12 +141,11 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) /* * Authenticated encryption or decryption */ -static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) -{ +static int ccm_auth_crypt(mbedtls_ccm_context *ctx, int mode, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; unsigned char q; @@ -168,15 +163,15 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4). */ - if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) + return (MBEDTLS_ERR_CCM_BAD_INPUT); /* Also implies q is within bounds */ - if( iv_len < 7 || iv_len > 13 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (iv_len < 7 || iv_len > 13) + return (MBEDTLS_ERR_CCM_BAD_INPUT); - if( add_len >= 0xFF00 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (add_len >= 0xFF00) + return (MBEDTLS_ERR_CCM_BAD_INPUT); q = 16 - 1 - (unsigned char) iv_len; @@ -193,50 +188,48 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * 2 .. 0 q - 1 */ b[0] = 0; - b[0] |= ( add_len > 0 ) << 6; - b[0] |= ( ( tag_len - 2 ) / 2 ) << 3; + b[0] |= (add_len > 0) << 6; + b[0] |= ((tag_len - 2) / 2) << 3; b[0] |= q - 1; - memcpy( b + 1, iv, iv_len ); + memcpy(b + 1, iv, iv_len); - for( i = 0, len_left = length; i < q; i++, len_left >>= 8 ) - b[15-i] = (unsigned char)( len_left & 0xFF ); + for (i = 0, len_left = length; i < q; i++, len_left >>= 8) + b[15 - i] = (unsigned char)(len_left & 0xFF); - if( len_left > 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (len_left > 0) + return (MBEDTLS_ERR_CCM_BAD_INPUT); /* Start CBC-MAC with first block */ - memset( y, 0, 16 ); + memset(y, 0, 16); UPDATE_CBC_MAC; /* * If there is additional data, update CBC-MAC with * add_len, add, 0 (padding to a block boundary) */ - if( add_len > 0 ) - { + if (add_len > 0) { size_t use_len; len_left = add_len; src = add; - memset( b, 0, 16 ); - b[0] = (unsigned char)( ( add_len >> 8 ) & 0xFF ); - b[1] = (unsigned char)( ( add_len ) & 0xFF ); + memset(b, 0, 16); + b[0] = (unsigned char)((add_len >> 8) & 0xFF); + b[1] = (unsigned char)((add_len) & 0xFF); use_len = len_left < 16 - 2 ? len_left : 16 - 2; - memcpy( b + 2, src, use_len ); + memcpy(b + 2, src, use_len); len_left -= use_len; src += use_len; UPDATE_CBC_MAC; - while( len_left > 0 ) - { + while (len_left > 0) { use_len = len_left > 16 ? 16 : len_left; - memset( b, 0, 16 ); - memcpy( b, src, use_len ); + memset(b, 0, 16); + memcpy(b, src, use_len); UPDATE_CBC_MAC; len_left -= use_len; @@ -255,8 +248,8 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * 2 .. 0 q - 1 */ ctr[0] = q - 1; - memcpy( ctr + 1, iv, iv_len ); - memset( ctr + 1 + iv_len, 0, q ); + memcpy(ctr + 1, iv, iv_len); + memset(ctr + 1 + iv_len, 0, q); ctr[15] = 1; /* @@ -269,23 +262,20 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, src = input; dst = output; - while( len_left > 0 ) - { + while (len_left > 0) { size_t use_len = len_left > 16 ? 16 : len_left; - if( mode == CCM_ENCRYPT ) - { - memset( b, 0, 16 ); - memcpy( b, src, use_len ); + if (mode == CCM_ENCRYPT) { + memset(b, 0, 16); + memcpy(b, src, use_len); UPDATE_CBC_MAC; } - CTR_CRYPT( dst, src, use_len ); + CTR_CRYPT(dst, src, use_len); - if( mode == CCM_DECRYPT ) - { - memset( b, 0, 16 ); - memcpy( b, dst, use_len ); + if (mode == CCM_DECRYPT) { + memset(b, 0, 16); + memcpy(b, dst, use_len); UPDATE_CBC_MAC; } @@ -297,120 +287,114 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, * Increment counter. * No need to check for overflow thanks to the length check above. */ - for( i = 0; i < q; i++ ) - if( ++ctr[15-i] != 0 ) + for (i = 0; i < q; i++) + if (++ctr[15 - i] != 0) break; } /* * Authentication: reset counter and crypt/mask internal tag */ - for( i = 0; i < q; i++ ) - ctr[15-i] = 0; + for (i = 0; i < q; i++) + ctr[15 - i] = 0; - CTR_CRYPT( y, y, 16 ); - memcpy( tag, y, tag_len ); + CTR_CRYPT(y, y, 16); + memcpy(tag, y, tag_len); - return( 0 ); + return (0); } /* * Authenticated encryption */ -int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) -{ - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, - add, add_len, input, output, tag, tag_len ) ); +int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len) { + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); + return (ccm_auth_crypt(ctx, CCM_ENCRYPT, length, iv, iv_len, + add, add_len, input, output, tag, tag_len)); } -int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ) -{ - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( tag_len == 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); +int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len) { + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); + if (tag_len == 0) + return (MBEDTLS_ERR_CCM_BAD_INPUT); - return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add, - add_len, input, output, tag, tag_len ) ); + return (mbedtls_ccm_star_encrypt_and_tag(ctx, length, iv, iv_len, add, + add_len, input, output, tag, tag_len)); } /* * Authenticated decryption */ -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) -{ +int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; unsigned char i; int diff; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); - if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, - iv, iv_len, add, add_len, - input, output, check_tag, tag_len ) ) != 0 ) - { - return( ret ); + if ((ret = ccm_auth_crypt(ctx, CCM_DECRYPT, length, + iv, iv_len, add, add_len, + input, output, check_tag, tag_len)) != 0) { + return (ret); } /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) + for (diff = 0, i = 0; i < tag_len; i++) diff |= tag[i] ^ check_tag[i]; - if( diff != 0 ) - { - mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_CCM_AUTH_FAILED ); + if (diff != 0) { + mbedtls_platform_zeroize(output, length); + return (MBEDTLS_ERR_CCM_AUTH_FAILED); } - return( 0 ); + return (0); } -int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) -{ - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); +int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len) { + CCM_VALIDATE_RET(ctx != NULL); + CCM_VALIDATE_RET(iv != NULL); + CCM_VALIDATE_RET(add_len == 0 || add != NULL); + CCM_VALIDATE_RET(length == 0 || input != NULL); + CCM_VALIDATE_RET(length == 0 || output != NULL); + CCM_VALIDATE_RET(tag_len == 0 || tag != NULL); - if( tag_len == 0 ) - return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if (tag_len == 0) + return (MBEDTLS_ERR_CCM_BAD_INPUT); - return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add, - add_len, input, output, tag, tag_len ) ); + return (mbedtls_ccm_star_auth_decrypt(ctx, length, iv, iv_len, add, + add_len, input, output, tag, tag_len)); } #endif /* !MBEDTLS_CCM_ALT */ @@ -454,17 +438,20 @@ static const size_t tag_len_test_data[NB_TESTS] = { 4, 6, 8 }; static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = { { 0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d }, - { 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62, + { + 0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62, 0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d, - 0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd }, - { 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a, + 0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd + }, + { + 0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a, 0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b, 0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5, - 0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 } + 0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 + } }; -int mbedtls_ccm_self_test( int verbose ) -{ +int mbedtls_ccm_self_test(int verbose) { mbedtls_ccm_context ctx; /* * Some hardware accelerators require the input and output buffers @@ -476,70 +463,66 @@ int mbedtls_ccm_self_test( int verbose ) size_t i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ccm_init( &ctx ); + mbedtls_ccm_init(&ctx); - if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data, - 8 * sizeof key_test_data ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " CCM: setup failed" ); + if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data, + 8 * sizeof key_test_data) != 0) { + if (verbose != 0) + mbedtls_printf(" CCM: setup failed"); - return( 1 ); + return (1); } - for( i = 0; i < NB_TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 ); + for (i = 0; i < NB_TESTS; i++) { + if (verbose != 0) + mbedtls_printf(" CCM-AES #%u: ", (unsigned int) i + 1); - memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); - memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN ); - memcpy( plaintext, msg_test_data, msg_len_test_data[i] ); + memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN); + memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN); + memcpy(plaintext, msg_test_data, msg_len_test_data[i]); - ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i], - iv_test_data, iv_len_test_data[i], - ad_test_data, add_len_test_data[i], - plaintext, ciphertext, - ciphertext + msg_len_test_data[i], - tag_len_test_data[i] ); + ret = mbedtls_ccm_encrypt_and_tag(&ctx, msg_len_test_data[i], + iv_test_data, iv_len_test_data[i], + ad_test_data, add_len_test_data[i], + plaintext, ciphertext, + ciphertext + msg_len_test_data[i], + tag_len_test_data[i]); - if( ret != 0 || - memcmp( ciphertext, res_test_data[i], - msg_len_test_data[i] + tag_len_test_data[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0 || + memcmp(ciphertext, res_test_data[i], + msg_len_test_data[i] + tag_len_test_data[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } - memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); + memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN); - ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i], - iv_test_data, iv_len_test_data[i], - ad_test_data, add_len_test_data[i], - ciphertext, plaintext, - ciphertext + msg_len_test_data[i], - tag_len_test_data[i] ); + ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len_test_data[i], + iv_test_data, iv_len_test_data[i], + ad_test_data, add_len_test_data[i], + ciphertext, plaintext, + ciphertext + msg_len_test_data[i], + tag_len_test_data[i]); - if( ret != 0 || - memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0 || + memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - mbedtls_ccm_free( &ctx ); + mbedtls_ccm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/common/mbedtls/ccm.h b/common/mbedtls/ccm.h index 7193863c3..b54ea081a 100644 --- a/common/mbedtls/ccm.h +++ b/common/mbedtls/ccm.h @@ -73,8 +73,7 @@ extern "C" { * \brief The CCM context-type definition. The CCM context is passed * to the APIs called. */ -typedef struct mbedtls_ccm_context -{ +typedef struct mbedtls_ccm_context { mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ } mbedtls_ccm_context; @@ -90,7 +89,7 @@ mbedtls_ccm_context; * * \param ctx The CCM context to initialize. This must not be \c NULL. */ -void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); +void mbedtls_ccm_init(mbedtls_ccm_context *ctx); /** * \brief This function initializes the CCM context set in the @@ -105,10 +104,10 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); * \return \c 0 on success. * \return A CCM or cipher-specific error code on failure. */ -int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits); /** * \brief This function releases and clears the specified CCM context @@ -117,7 +116,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, * \param ctx The CCM context to clear. If this is \c NULL, the function * has no effect. Otherwise, this must be initialized. */ -void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); +void mbedtls_ccm_free(mbedtls_ccm_context *ctx); /** * \brief This function encrypts a buffer using CCM. @@ -155,11 +154,11 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); * \return \c 0 on success. * \return A CCM or cipher-specific error code on failure. */ -int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len); /** * \brief This function encrypts a buffer using CCM*. @@ -203,11 +202,11 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \return \c 0 on success. * \return A CCM or cipher-specific error code on failure. */ -int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + unsigned char *tag, size_t tag_len); /** * \brief This function performs a CCM authenticated decryption of a @@ -240,11 +239,11 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. * \return A cipher-specific error code on calculation failure. */ -int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len); /** * \brief This function performs a CCM* authenticated decryption of a @@ -285,11 +284,11 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \return #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match. * \return A cipher-specific error code on calculation failure. */ -int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ); +int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length, + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** @@ -298,7 +297,7 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_ccm_self_test( int verbose ); +int mbedtls_ccm_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #ifdef __cplusplus diff --git a/common/mbedtls/certs.c b/common/mbedtls/certs.c index a5695e3c8..71f1da5ca 100644 --- a/common/mbedtls/certs.c +++ b/common/mbedtls/certs.c @@ -1306,32 +1306,32 @@ const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = TEST_CA_CRT_RSA_SHA256_DER; const size_t mbedtls_test_ca_crt_ec_pem_len = - sizeof( mbedtls_test_ca_crt_ec_pem ); + sizeof(mbedtls_test_ca_crt_ec_pem); const size_t mbedtls_test_ca_key_ec_pem_len = - sizeof( mbedtls_test_ca_key_ec_pem ); + sizeof(mbedtls_test_ca_key_ec_pem); const size_t mbedtls_test_ca_pwd_ec_pem_len = - sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_ca_pwd_ec_pem) - 1; const size_t mbedtls_test_ca_key_rsa_pem_len = - sizeof( mbedtls_test_ca_key_rsa_pem ); + sizeof(mbedtls_test_ca_key_rsa_pem); const size_t mbedtls_test_ca_pwd_rsa_pem_len = - sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_ca_pwd_rsa_pem) - 1; const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_pem ); + sizeof(mbedtls_test_ca_crt_rsa_sha1_pem); const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_pem ); + sizeof(mbedtls_test_ca_crt_rsa_sha256_pem); const size_t mbedtls_test_ca_crt_ec_der_len = - sizeof( mbedtls_test_ca_crt_ec_der ); + sizeof(mbedtls_test_ca_crt_ec_der); const size_t mbedtls_test_ca_key_ec_der_len = - sizeof( mbedtls_test_ca_key_ec_der ); + sizeof(mbedtls_test_ca_key_ec_der); const size_t mbedtls_test_ca_pwd_ec_der_len = 0; const size_t mbedtls_test_ca_key_rsa_der_len = - sizeof( mbedtls_test_ca_key_rsa_der ); + sizeof(mbedtls_test_ca_key_rsa_der); const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ); + sizeof(mbedtls_test_ca_crt_rsa_sha1_der); const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ); + sizeof(mbedtls_test_ca_crt_rsa_sha256_der); /* * Server @@ -1354,32 +1354,32 @@ const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = TEST_SRV_CRT_RSA_SHA256_DER; const size_t mbedtls_test_srv_crt_ec_pem_len = - sizeof( mbedtls_test_srv_crt_ec_pem ); + sizeof(mbedtls_test_srv_crt_ec_pem); const size_t mbedtls_test_srv_key_ec_pem_len = - sizeof( mbedtls_test_srv_key_ec_pem ); + sizeof(mbedtls_test_srv_key_ec_pem); const size_t mbedtls_test_srv_pwd_ec_pem_len = - sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_srv_pwd_ec_pem) - 1; const size_t mbedtls_test_srv_key_rsa_pem_len = - sizeof( mbedtls_test_srv_key_rsa_pem ); + sizeof(mbedtls_test_srv_key_rsa_pem); const size_t mbedtls_test_srv_pwd_rsa_pem_len = - sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_srv_pwd_rsa_pem) - 1; const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_pem ); + sizeof(mbedtls_test_srv_crt_rsa_sha1_pem); const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_pem ); + sizeof(mbedtls_test_srv_crt_rsa_sha256_pem); const size_t mbedtls_test_srv_crt_ec_der_len = - sizeof( mbedtls_test_srv_crt_ec_der ); + sizeof(mbedtls_test_srv_crt_ec_der); const size_t mbedtls_test_srv_key_ec_der_len = - sizeof( mbedtls_test_srv_key_ec_der ); + sizeof(mbedtls_test_srv_key_ec_der); const size_t mbedtls_test_srv_pwd_ec_der_len = 0; const size_t mbedtls_test_srv_key_rsa_der_len = - sizeof( mbedtls_test_srv_key_rsa_der ); + sizeof(mbedtls_test_srv_key_rsa_der); const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1_der ); + sizeof(mbedtls_test_srv_crt_rsa_sha1_der); const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256_der ); + sizeof(mbedtls_test_srv_crt_rsa_sha256_der); /* * Client @@ -1398,26 +1398,26 @@ const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; const size_t mbedtls_test_cli_crt_ec_pem_len = - sizeof( mbedtls_test_cli_crt_ec_pem ); + sizeof(mbedtls_test_cli_crt_ec_pem); const size_t mbedtls_test_cli_key_ec_pem_len = - sizeof( mbedtls_test_cli_key_ec_pem ); + sizeof(mbedtls_test_cli_key_ec_pem); const size_t mbedtls_test_cli_pwd_ec_pem_len = - sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1; + sizeof(mbedtls_test_cli_pwd_ec_pem) - 1; const size_t mbedtls_test_cli_key_rsa_pem_len = - sizeof( mbedtls_test_cli_key_rsa_pem ); + sizeof(mbedtls_test_cli_key_rsa_pem); const size_t mbedtls_test_cli_pwd_rsa_pem_len = - sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1; + sizeof(mbedtls_test_cli_pwd_rsa_pem) - 1; const size_t mbedtls_test_cli_crt_rsa_pem_len = - sizeof( mbedtls_test_cli_crt_rsa_pem ); + sizeof(mbedtls_test_cli_crt_rsa_pem); const size_t mbedtls_test_cli_crt_ec_der_len = - sizeof( mbedtls_test_cli_crt_ec_der ); + sizeof(mbedtls_test_cli_crt_ec_der); const size_t mbedtls_test_cli_key_ec_der_len = - sizeof( mbedtls_test_cli_key_ec_der ); + sizeof(mbedtls_test_cli_key_ec_der); const size_t mbedtls_test_cli_key_rsa_der_len = - sizeof( mbedtls_test_cli_key_rsa_der ); + sizeof(mbedtls_test_cli_key_rsa_der); const size_t mbedtls_test_cli_crt_rsa_der_len = - sizeof( mbedtls_test_cli_crt_rsa_der ); + sizeof(mbedtls_test_cli_crt_rsa_der); /* * @@ -1519,47 +1519,47 @@ const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; const size_t mbedtls_test_ca_key_rsa_len = - sizeof( mbedtls_test_ca_key_rsa ); + sizeof(mbedtls_test_ca_key_rsa); const size_t mbedtls_test_ca_pwd_rsa_len = - sizeof( mbedtls_test_ca_pwd_rsa ) - 1; + sizeof(mbedtls_test_ca_pwd_rsa) - 1; const size_t mbedtls_test_ca_crt_rsa_sha256_len = - sizeof( mbedtls_test_ca_crt_rsa_sha256 ); + sizeof(mbedtls_test_ca_crt_rsa_sha256); const size_t mbedtls_test_ca_crt_rsa_sha1_len = - sizeof( mbedtls_test_ca_crt_rsa_sha1 ); + sizeof(mbedtls_test_ca_crt_rsa_sha1); const size_t mbedtls_test_ca_key_ec_len = - sizeof( mbedtls_test_ca_key_ec ); + sizeof(mbedtls_test_ca_key_ec); const size_t mbedtls_test_ca_pwd_ec_len = - sizeof( mbedtls_test_ca_pwd_ec ) - 1; + sizeof(mbedtls_test_ca_pwd_ec) - 1; const size_t mbedtls_test_ca_crt_ec_len = - sizeof( mbedtls_test_ca_crt_ec ); + sizeof(mbedtls_test_ca_crt_ec); const size_t mbedtls_test_srv_key_rsa_len = - sizeof( mbedtls_test_srv_key_rsa ); + sizeof(mbedtls_test_srv_key_rsa); const size_t mbedtls_test_srv_pwd_rsa_len = - sizeof( mbedtls_test_srv_pwd_rsa ) -1; + sizeof(mbedtls_test_srv_pwd_rsa) - 1; const size_t mbedtls_test_srv_crt_rsa_sha256_len = - sizeof( mbedtls_test_srv_crt_rsa_sha256 ); + sizeof(mbedtls_test_srv_crt_rsa_sha256); const size_t mbedtls_test_srv_crt_rsa_sha1_len = - sizeof( mbedtls_test_srv_crt_rsa_sha1 ); + sizeof(mbedtls_test_srv_crt_rsa_sha1); const size_t mbedtls_test_srv_key_ec_len = - sizeof( mbedtls_test_srv_key_ec ); + sizeof(mbedtls_test_srv_key_ec); const size_t mbedtls_test_srv_pwd_ec_len = - sizeof( mbedtls_test_srv_pwd_ec ) - 1; + sizeof(mbedtls_test_srv_pwd_ec) - 1; const size_t mbedtls_test_srv_crt_ec_len = - sizeof( mbedtls_test_srv_crt_ec ); + sizeof(mbedtls_test_srv_crt_ec); const size_t mbedtls_test_cli_key_rsa_len = - sizeof( mbedtls_test_cli_key_rsa ); + sizeof(mbedtls_test_cli_key_rsa); const size_t mbedtls_test_cli_pwd_rsa_len = - sizeof( mbedtls_test_cli_pwd_rsa ) - 1; + sizeof(mbedtls_test_cli_pwd_rsa) - 1; const size_t mbedtls_test_cli_crt_rsa_len = - sizeof( mbedtls_test_cli_crt_rsa ); + sizeof(mbedtls_test_cli_crt_rsa); const size_t mbedtls_test_cli_key_ec_len = - sizeof( mbedtls_test_cli_key_ec ); + sizeof(mbedtls_test_cli_key_ec); const size_t mbedtls_test_cli_pwd_ec_len = - sizeof( mbedtls_test_cli_pwd_ec ) - 1; + sizeof(mbedtls_test_cli_pwd_ec) - 1; const size_t mbedtls_test_cli_crt_ec_len = - sizeof( mbedtls_test_cli_crt_ec ); + sizeof(mbedtls_test_cli_crt_ec); /* * Dispatch between SHA-1 and SHA-256 @@ -1577,9 +1577,9 @@ const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; const size_t mbedtls_test_ca_crt_rsa_len = - sizeof( mbedtls_test_ca_crt_rsa ); + sizeof(mbedtls_test_ca_crt_rsa); const size_t mbedtls_test_srv_crt_rsa_len = - sizeof( mbedtls_test_srv_crt_rsa ); + sizeof(mbedtls_test_srv_crt_rsa); /* * Dispatch between RSA and EC @@ -1642,25 +1642,25 @@ const char *mbedtls_test_cli_pwd = test_cli_pwd; const char *mbedtls_test_cli_crt = test_cli_crt; const size_t mbedtls_test_ca_key_len = - sizeof( test_ca_key ); + sizeof(test_ca_key); const size_t mbedtls_test_ca_pwd_len = - sizeof( test_ca_pwd ) - 1; + sizeof(test_ca_pwd) - 1; const size_t mbedtls_test_ca_crt_len = - sizeof( test_ca_crt ); + sizeof(test_ca_crt); const size_t mbedtls_test_srv_key_len = - sizeof( test_srv_key ); + sizeof(test_srv_key); const size_t mbedtls_test_srv_pwd_len = - sizeof( test_srv_pwd ) - 1; + sizeof(test_srv_pwd) - 1; const size_t mbedtls_test_srv_crt_len = - sizeof( test_srv_crt ); + sizeof(test_srv_crt); const size_t mbedtls_test_cli_key_len = - sizeof( test_cli_key ); + sizeof(test_cli_key); const size_t mbedtls_test_cli_pwd_len = - sizeof( test_cli_pwd ) - 1; + sizeof(test_cli_pwd) - 1; const size_t mbedtls_test_cli_crt_len = - sizeof( test_cli_crt ); + sizeof(test_cli_crt); /* * @@ -1669,7 +1669,7 @@ const size_t mbedtls_test_cli_crt_len = */ /* List of CAs in PEM or DER, depending on config */ -const char * mbedtls_test_cas[] = { +const char *mbedtls_test_cas[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) mbedtls_test_ca_crt_rsa_sha1, #endif @@ -1683,19 +1683,19 @@ const char * mbedtls_test_cas[] = { }; const size_t mbedtls_test_cas_len[] = { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) - sizeof( mbedtls_test_ca_crt_rsa_sha1 ), + sizeof(mbedtls_test_ca_crt_rsa_sha1), #endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) - sizeof( mbedtls_test_ca_crt_rsa_sha256 ), + sizeof(mbedtls_test_ca_crt_rsa_sha256), #endif #if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec ), + sizeof(mbedtls_test_ca_crt_ec), #endif 0 }; /* List of all available CA certificates in DER format */ -const unsigned char * mbedtls_test_cas_der[] = { +const unsigned char *mbedtls_test_cas_der[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) mbedtls_test_ca_crt_rsa_sha256_der, @@ -1713,14 +1713,14 @@ const unsigned char * mbedtls_test_cas_der[] = { const size_t mbedtls_test_cas_der_len[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SHA256_C) - sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), + sizeof(mbedtls_test_ca_crt_rsa_sha256_der), #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) - sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), + sizeof(mbedtls_test_ca_crt_rsa_sha1_der), #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECDSA_C) - sizeof( mbedtls_test_ca_crt_ec_der ), + sizeof(mbedtls_test_ca_crt_ec_der), #endif /* MBEDTLS_ECDSA_C */ 0 }; @@ -1740,7 +1740,7 @@ const char mbedtls_test_cas_pem[] = TEST_CA_CRT_EC_PEM #endif /* MBEDTLS_ECDSA_C */ ""; -const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); +const size_t mbedtls_test_cas_pem_len = sizeof(mbedtls_test_cas_pem); #endif /* MBEDTLS_PEM_PARSE_C */ #endif /* MBEDTLS_CERTS_C */ diff --git a/common/mbedtls/certs.h b/common/mbedtls/certs.h index c93c741c7..0ec6971e8 100644 --- a/common/mbedtls/certs.h +++ b/common/mbedtls/certs.h @@ -37,11 +37,11 @@ extern "C" { /* List of all PEM-encoded CA certificates, terminated by NULL; * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded * otherwise. */ -extern const char * mbedtls_test_cas[]; +extern const char *mbedtls_test_cas[]; extern const size_t mbedtls_test_cas_len[]; /* List of all DER-encoded CA certificates, terminated by NULL */ -extern const unsigned char * mbedtls_test_cas_der[]; +extern const unsigned char *mbedtls_test_cas_der[]; extern const size_t mbedtls_test_cas_der_len[]; #if defined(MBEDTLS_PEM_PARSE_C) @@ -112,9 +112,9 @@ extern const size_t mbedtls_test_ca_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_ca_crt; -extern const char * mbedtls_test_ca_key; -extern const char * mbedtls_test_ca_pwd; +extern const char *mbedtls_test_ca_crt; +extern const char *mbedtls_test_ca_key; +extern const char *mbedtls_test_ca_pwd; extern const size_t mbedtls_test_ca_crt_len; extern const size_t mbedtls_test_ca_key_len; extern const size_t mbedtls_test_ca_pwd_len; @@ -181,9 +181,9 @@ extern const size_t mbedtls_test_srv_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_srv_crt; -extern const char * mbedtls_test_srv_key; -extern const char * mbedtls_test_srv_pwd; +extern const char *mbedtls_test_srv_crt; +extern const char *mbedtls_test_srv_key; +extern const char *mbedtls_test_srv_pwd; extern const size_t mbedtls_test_srv_crt_len; extern const size_t mbedtls_test_srv_key_len; extern const size_t mbedtls_test_srv_pwd_len; @@ -236,9 +236,9 @@ extern const size_t mbedtls_test_cli_crt_rsa_len; /* Config-dependent dispatch between EC and RSA * (RSA if enabled, otherwise EC) */ -extern const char * mbedtls_test_cli_crt; -extern const char * mbedtls_test_cli_key; -extern const char * mbedtls_test_cli_pwd; +extern const char *mbedtls_test_cli_crt; +extern const char *mbedtls_test_cli_key; +extern const char *mbedtls_test_cli_pwd; extern const size_t mbedtls_test_cli_crt_len; extern const size_t mbedtls_test_cli_key_len; extern const size_t mbedtls_test_cli_pwd_len; diff --git a/common/mbedtls/chacha20.c b/common/mbedtls/chacha20.c index 78467d3fc..62928ad7b 100644 --- a/common/mbedtls/chacha20.c +++ b/common/mbedtls/chacha20.c @@ -83,31 +83,30 @@ * \param c The index of 'c' in the state. * \param d The index of 'd' in the state. */ -static inline void chacha20_quarter_round( uint32_t state[16], - size_t a, - size_t b, - size_t c, - size_t d ) -{ +static inline void chacha20_quarter_round(uint32_t state[16], + size_t a, + size_t b, + size_t c, + size_t d) { /* a += b; d ^= a; d <<<= 16; */ state[a] += state[b]; state[d] ^= state[a]; - state[d] = ROTL32( state[d], 16 ); + state[d] = ROTL32(state[d], 16); /* c += d; b ^= c; b <<<= 12 */ state[c] += state[d]; state[b] ^= state[c]; - state[b] = ROTL32( state[b], 12 ); + state[b] = ROTL32(state[b], 12); /* a += b; d ^= a; d <<<= 8; */ state[a] += state[b]; state[d] ^= state[a]; - state[d] = ROTL32( state[d], 8 ); + state[d] = ROTL32(state[d], 8); /* c += d; b ^= c; b <<<= 7; */ state[c] += state[d]; state[b] ^= state[c]; - state[b] = ROTL32( state[b], 7 ); + state[b] = ROTL32(state[b], 7); } /** @@ -118,17 +117,16 @@ static inline void chacha20_quarter_round( uint32_t state[16], * * \param state The ChaCha20 state to update. */ -static void chacha20_inner_block( uint32_t state[16] ) -{ - chacha20_quarter_round( state, 0, 4, 8, 12 ); - chacha20_quarter_round( state, 1, 5, 9, 13 ); - chacha20_quarter_round( state, 2, 6, 10, 14 ); - chacha20_quarter_round( state, 3, 7, 11, 15 ); +static void chacha20_inner_block(uint32_t state[16]) { + chacha20_quarter_round(state, 0, 4, 8, 12); + chacha20_quarter_round(state, 1, 5, 9, 13); + chacha20_quarter_round(state, 2, 6, 10, 14); + chacha20_quarter_round(state, 3, 7, 11, 15); - chacha20_quarter_round( state, 0, 5, 10, 15 ); - chacha20_quarter_round( state, 1, 6, 11, 12 ); - chacha20_quarter_round( state, 2, 7, 8, 13 ); - chacha20_quarter_round( state, 3, 4, 9, 14 ); + chacha20_quarter_round(state, 0, 5, 10, 15); + chacha20_quarter_round(state, 1, 6, 11, 12); + chacha20_quarter_round(state, 2, 7, 8, 13); + chacha20_quarter_round(state, 3, 4, 9, 14); } /** @@ -137,18 +135,17 @@ static void chacha20_inner_block( uint32_t state[16] ) * \param initial_state The initial ChaCha20 state (key, nonce, counter). * \param keystream Generated keystream bytes are written to this buffer. */ -static void chacha20_block( const uint32_t initial_state[16], - unsigned char keystream[64] ) -{ +static void chacha20_block(const uint32_t initial_state[16], + unsigned char keystream[64]) { uint32_t working_state[16]; size_t i; - memcpy( working_state, - initial_state, - CHACHA20_BLOCK_SIZE_BYTES ); + memcpy(working_state, + initial_state, + CHACHA20_BLOCK_SIZE_BYTES); - for( i = 0U; i < 10U; i++ ) - chacha20_inner_block( working_state ); + for (i = 0U; i < 10U; i++) + chacha20_inner_block(working_state); working_state[ 0] += initial_state[ 0]; working_state[ 1] += initial_state[ 1]; @@ -167,43 +164,38 @@ static void chacha20_block( const uint32_t initial_state[16], working_state[14] += initial_state[14]; working_state[15] += initial_state[15]; - for( i = 0U; i < 16; i++ ) - { + for (i = 0U; i < 16; i++) { size_t offset = i * 4U; - keystream[offset ] = (unsigned char)( working_state[i] ); - keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 ); - keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 ); - keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 ); + keystream[offset ] = (unsigned char)(working_state[i]); + keystream[offset + 1U] = (unsigned char)(working_state[i] >> 8); + keystream[offset + 2U] = (unsigned char)(working_state[i] >> 16); + keystream[offset + 3U] = (unsigned char)(working_state[i] >> 24); } - mbedtls_platform_zeroize( working_state, sizeof( working_state ) ); + mbedtls_platform_zeroize(working_state, sizeof(working_state)); } -void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ) -{ - CHACHA20_VALIDATE( ctx != NULL ); +void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx) { + CHACHA20_VALIDATE(ctx != NULL); - mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) ); - mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); + mbedtls_platform_zeroize(ctx->state, sizeof(ctx->state)); + mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8)); /* Initially, there's no keystream bytes available */ ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES; } -void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ) -{ - if( ctx != NULL ) - { - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) ); +void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx) { + if (ctx != NULL) { + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context)); } } -int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, - const unsigned char key[32] ) -{ - CHACHA20_VALIDATE_RET( ctx != NULL ); - CHACHA20_VALIDATE_RET( key != NULL ); +int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx, + const unsigned char key[32]) { + CHACHA20_VALIDATE_RET(ctx != NULL); + CHACHA20_VALIDATE_RET(key != NULL); /* ChaCha20 constants - the string "expand 32-byte k" */ ctx->state[0] = 0x61707865; @@ -212,58 +204,55 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, ctx->state[3] = 0x6b206574; /* Set key */ - ctx->state[4] = BYTES_TO_U32_LE( key, 0 ); - ctx->state[5] = BYTES_TO_U32_LE( key, 4 ); - ctx->state[6] = BYTES_TO_U32_LE( key, 8 ); - ctx->state[7] = BYTES_TO_U32_LE( key, 12 ); - ctx->state[8] = BYTES_TO_U32_LE( key, 16 ); - ctx->state[9] = BYTES_TO_U32_LE( key, 20 ); - ctx->state[10] = BYTES_TO_U32_LE( key, 24 ); - ctx->state[11] = BYTES_TO_U32_LE( key, 28 ); + ctx->state[4] = BYTES_TO_U32_LE(key, 0); + ctx->state[5] = BYTES_TO_U32_LE(key, 4); + ctx->state[6] = BYTES_TO_U32_LE(key, 8); + ctx->state[7] = BYTES_TO_U32_LE(key, 12); + ctx->state[8] = BYTES_TO_U32_LE(key, 16); + ctx->state[9] = BYTES_TO_U32_LE(key, 20); + ctx->state[10] = BYTES_TO_U32_LE(key, 24); + ctx->state[11] = BYTES_TO_U32_LE(key, 28); - return( 0 ); + return (0); } -int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, - const unsigned char nonce[12], - uint32_t counter ) -{ - CHACHA20_VALIDATE_RET( ctx != NULL ); - CHACHA20_VALIDATE_RET( nonce != NULL ); +int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx, + const unsigned char nonce[12], + uint32_t counter) { + CHACHA20_VALIDATE_RET(ctx != NULL); + CHACHA20_VALIDATE_RET(nonce != NULL); /* Counter */ ctx->state[12] = counter; /* Nonce */ - ctx->state[13] = BYTES_TO_U32_LE( nonce, 0 ); - ctx->state[14] = BYTES_TO_U32_LE( nonce, 4 ); - ctx->state[15] = BYTES_TO_U32_LE( nonce, 8 ); + ctx->state[13] = BYTES_TO_U32_LE(nonce, 0); + ctx->state[14] = BYTES_TO_U32_LE(nonce, 4); + ctx->state[15] = BYTES_TO_U32_LE(nonce, 8); - mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) ); + mbedtls_platform_zeroize(ctx->keystream8, sizeof(ctx->keystream8)); /* Initially, there's no keystream bytes available */ ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES; - return( 0 ); + return (0); } -int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, - size_t size, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx, + size_t size, + const unsigned char *input, + unsigned char *output) { size_t offset = 0U; size_t i; - CHACHA20_VALIDATE_RET( ctx != NULL ); - CHACHA20_VALIDATE_RET( size == 0 || input != NULL ); - CHACHA20_VALIDATE_RET( size == 0 || output != NULL ); + CHACHA20_VALIDATE_RET(ctx != NULL); + CHACHA20_VALIDATE_RET(size == 0 || input != NULL); + CHACHA20_VALIDATE_RET(size == 0 || output != NULL); /* Use leftover keystream bytes, if available */ - while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) - { + while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) { output[offset] = input[offset] - ^ ctx->keystream8[ctx->keystream_bytes_used]; + ^ ctx->keystream8[ctx->keystream_bytes_used]; ctx->keystream_bytes_used++; offset++; @@ -271,22 +260,20 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, } /* Process full blocks */ - while( size >= CHACHA20_BLOCK_SIZE_BYTES ) - { + while (size >= CHACHA20_BLOCK_SIZE_BYTES) { /* Generate new keystream block and increment counter */ - chacha20_block( ctx->state, ctx->keystream8 ); + chacha20_block(ctx->state, ctx->keystream8); ctx->state[CHACHA20_CTR_INDEX]++; - for( i = 0U; i < 64U; i += 8U ) - { + for (i = 0U; i < 64U; i += 8U) { output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ]; - output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1]; - output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2]; - output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3]; - output[offset + i+4] = input[offset + i+4] ^ ctx->keystream8[i+4]; - output[offset + i+5] = input[offset + i+5] ^ ctx->keystream8[i+5]; - output[offset + i+6] = input[offset + i+6] ^ ctx->keystream8[i+6]; - output[offset + i+7] = input[offset + i+7] ^ ctx->keystream8[i+7]; + output[offset + i + 1] = input[offset + i + 1] ^ ctx->keystream8[i + 1]; + output[offset + i + 2] = input[offset + i + 2] ^ ctx->keystream8[i + 2]; + output[offset + i + 3] = input[offset + i + 3] ^ ctx->keystream8[i + 3]; + output[offset + i + 4] = input[offset + i + 4] ^ ctx->keystream8[i + 4]; + output[offset + i + 5] = input[offset + i + 5] ^ ctx->keystream8[i + 5]; + output[offset + i + 6] = input[offset + i + 6] ^ ctx->keystream8[i + 6]; + output[offset + i + 7] = input[offset + i + 7] ^ ctx->keystream8[i + 7]; } offset += CHACHA20_BLOCK_SIZE_BYTES; @@ -294,14 +281,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, } /* Last (partial) block */ - if( size > 0U ) - { + if (size > 0U) { /* Generate new keystream block and increment counter */ - chacha20_block( ctx->state, ctx->keystream8 ); + chacha20_block(ctx->state, ctx->keystream8); ctx->state[CHACHA20_CTR_INDEX]++; - for( i = 0U; i < size; i++) - { + for (i = 0U; i < size; i++) { output[offset + i] = input[offset + i] ^ ctx->keystream8[i]; } @@ -309,47 +294,45 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, } - return( 0 ); + return (0); } -int mbedtls_chacha20_crypt( const unsigned char key[32], - const unsigned char nonce[12], - uint32_t counter, - size_t data_len, - const unsigned char* input, - unsigned char* output ) -{ +int mbedtls_chacha20_crypt(const unsigned char key[32], + const unsigned char nonce[12], + uint32_t counter, + size_t data_len, + const unsigned char *input, + unsigned char *output) { mbedtls_chacha20_context ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHA20_VALIDATE_RET( key != NULL ); - CHACHA20_VALIDATE_RET( nonce != NULL ); - CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL ); - CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL ); + CHACHA20_VALIDATE_RET(key != NULL); + CHACHA20_VALIDATE_RET(nonce != NULL); + CHACHA20_VALIDATE_RET(data_len == 0 || input != NULL); + CHACHA20_VALIDATE_RET(data_len == 0 || output != NULL); - mbedtls_chacha20_init( &ctx ); + mbedtls_chacha20_init(&ctx); - ret = mbedtls_chacha20_setkey( &ctx, key ); - if( ret != 0 ) + ret = mbedtls_chacha20_setkey(&ctx, key); + if (ret != 0) goto cleanup; - ret = mbedtls_chacha20_starts( &ctx, nonce, counter ); - if( ret != 0 ) + ret = mbedtls_chacha20_starts(&ctx, nonce, counter); + if (ret != 0) goto cleanup; - ret = mbedtls_chacha20_update( &ctx, data_len, input, output ); + ret = mbedtls_chacha20_update(&ctx, data_len, input, output); cleanup: - mbedtls_chacha20_free( &ctx ); - return( ret ); + mbedtls_chacha20_free(&ctx); + return (ret); } #endif /* !MBEDTLS_CHACHA20_ALT */ #if defined(MBEDTLS_SELF_TEST) -static const unsigned char test_keys[2][32] = -{ +static const unsigned char test_keys[2][32] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -364,8 +347,7 @@ static const unsigned char test_keys[2][32] = } }; -static const unsigned char test_nonces[2][12] = -{ +static const unsigned char test_nonces[2][12] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 @@ -376,14 +358,12 @@ static const unsigned char test_nonces[2][12] = } }; -static const uint32_t test_counters[2] = -{ +static const uint32_t test_counters[2] = { 0U, 1U }; -static const unsigned char test_input[2][375] = -{ +static const unsigned char test_input[2][375] = { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -445,8 +425,7 @@ static const unsigned char test_input[2][375] = } }; -static const unsigned char test_output[2][375] = -{ +static const unsigned char test_output[2][375] = { { 0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90, 0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28, @@ -508,8 +487,7 @@ static const unsigned char test_output[2][375] = } }; -static const size_t test_lengths[2] = -{ +static const size_t test_lengths[2] = { 64U, 375U }; @@ -530,37 +508,35 @@ static const size_t test_lengths[2] = } \ while( 0 ) -int mbedtls_chacha20_self_test( int verbose ) -{ +int mbedtls_chacha20_self_test(int verbose) { unsigned char output[381]; unsigned i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - for( i = 0U; i < 2U; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ChaCha20 test %u ", i ); + for (i = 0U; i < 2U; i++) { + if (verbose != 0) + mbedtls_printf(" ChaCha20 test %u ", i); - ret = mbedtls_chacha20_crypt( test_keys[i], - test_nonces[i], - test_counters[i], - test_lengths[i], - test_input[i], - output ); + ret = mbedtls_chacha20_crypt(test_keys[i], + test_nonces[i], + test_counters[i], + test_lengths[i], + test_input[i], + output); - ASSERT( 0 == ret, ( "error code: %i\n", ret ) ); + ASSERT(0 == ret, ("error code: %i\n", ret)); - ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ), - ( "failed (output)\n" ) ); + ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]), + ("failed (output)\n")); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/chacha20.h b/common/mbedtls/chacha20.h index e59dd1fa3..db8aca4ea 100644 --- a/common/mbedtls/chacha20.h +++ b/common/mbedtls/chacha20.h @@ -57,8 +57,7 @@ extern "C" { #if !defined(MBEDTLS_CHACHA20_ALT) -typedef struct mbedtls_chacha20_context -{ +typedef struct mbedtls_chacha20_context { uint32_t state[16]; /*! The state (before round operations). */ uint8_t keystream8[64]; /*! Leftover keystream bytes. */ size_t keystream_bytes_used; /*! Number of keystream bytes already used. */ @@ -84,7 +83,7 @@ mbedtls_chacha20_context; * \param ctx The ChaCha20 context to initialize. * This must not be \c NULL. */ -void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); +void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx); /** * \brief This function releases and clears the specified @@ -95,7 +94,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx ); * \c NULL, it must point to an initialized context. * */ -void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); +void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx); /** * \brief This function sets the encryption/decryption key. @@ -113,8 +112,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx ); * \return \c 0 on success. * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL. */ -int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, - const unsigned char key[32] ); +int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx, + const unsigned char key[32]); /** * \brief This function sets the nonce and initial counter value. @@ -135,9 +134,9 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx, * \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is * NULL. */ -int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, - const unsigned char nonce[12], - uint32_t counter ); +int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx, + const unsigned char nonce[12], + uint32_t counter); /** * \brief This function encrypts or decrypts data. @@ -168,10 +167,10 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, - size_t size, - const unsigned char *input, - unsigned char *output ); +int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx, + size_t size, + const unsigned char *input, + unsigned char *output); /** * \brief This function encrypts or decrypts data with ChaCha20 and @@ -201,12 +200,12 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chacha20_crypt( const unsigned char key[32], - const unsigned char nonce[12], - uint32_t counter, - size_t size, - const unsigned char* input, - unsigned char* output ); +int mbedtls_chacha20_crypt(const unsigned char key[32], + const unsigned char nonce[12], + uint32_t counter, + size_t size, + const unsigned char *input, + unsigned char *output); #if defined(MBEDTLS_SELF_TEST) /** @@ -215,7 +214,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32], * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_chacha20_self_test( int verbose ); +int mbedtls_chacha20_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/common/mbedtls/chachapoly.c b/common/mbedtls/chachapoly.c index 77d547731..90a71b489 100644 --- a/common/mbedtls/chachapoly.c +++ b/common/mbedtls/chachapoly.c @@ -55,19 +55,18 @@ * * \param ctx The ChaCha20-Poly1305 context. */ -static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx ) -{ - uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U ); +static int chachapoly_pad_aad(mbedtls_chachapoly_context *ctx) { + uint32_t partial_block_len = (uint32_t)(ctx->aad_len % 16U); unsigned char zeroes[15]; - if( partial_block_len == 0U ) - return( 0 ); + if (partial_block_len == 0U) + return (0); - memset( zeroes, 0, sizeof( zeroes ) ); + memset(zeroes, 0, sizeof(zeroes)); - return( mbedtls_poly1305_update( &ctx->poly1305_ctx, - zeroes, - 16U - partial_block_len ) ); + return (mbedtls_poly1305_update(&ctx->poly1305_ctx, + zeroes, + 16U - partial_block_len)); } /** @@ -75,69 +74,64 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx ) * * \param ctx The ChaCha20-Poly1305 context. */ -static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) -{ - uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U ); +static int chachapoly_pad_ciphertext(mbedtls_chachapoly_context *ctx) { + uint32_t partial_block_len = (uint32_t)(ctx->ciphertext_len % 16U); unsigned char zeroes[15]; - if( partial_block_len == 0U ) - return( 0 ); + if (partial_block_len == 0U) + return (0); - memset( zeroes, 0, sizeof( zeroes ) ); - return( mbedtls_poly1305_update( &ctx->poly1305_ctx, - zeroes, - 16U - partial_block_len ) ); + memset(zeroes, 0, sizeof(zeroes)); + return (mbedtls_poly1305_update(&ctx->poly1305_ctx, + zeroes, + 16U - partial_block_len)); } -void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) -{ - CHACHAPOLY_VALIDATE( ctx != NULL ); +void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx) { + CHACHAPOLY_VALIDATE(ctx != NULL); - mbedtls_chacha20_init( &ctx->chacha20_ctx ); - mbedtls_poly1305_init( &ctx->poly1305_ctx ); + mbedtls_chacha20_init(&ctx->chacha20_ctx); + mbedtls_poly1305_init(&ctx->poly1305_ctx); ctx->aad_len = 0U; ctx->ciphertext_len = 0U; ctx->state = CHACHAPOLY_STATE_INIT; ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; } -void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx) { + if (ctx == NULL) return; - mbedtls_chacha20_free( &ctx->chacha20_ctx ); - mbedtls_poly1305_free( &ctx->poly1305_ctx ); + mbedtls_chacha20_free(&ctx->chacha20_ctx); + mbedtls_poly1305_free(&ctx->poly1305_ctx); ctx->aad_len = 0U; ctx->ciphertext_len = 0U; ctx->state = CHACHAPOLY_STATE_INIT; ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT; } -int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, - const unsigned char key[32] ) -{ +int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx, + const unsigned char key[32]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( key != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(key != NULL); - ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); + ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key); - return( ret ); + return (ret); } -int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, - const unsigned char nonce[12], - mbedtls_chachapoly_mode_t mode ) -{ +int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, + const unsigned char nonce[12], + mbedtls_chachapoly_mode_t mode) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char poly1305_key[64]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(nonce != NULL); /* Set counter = 0, will be update to 1 when generating Poly1305 key */ - ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ); - if( ret != 0 ) + ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U); + if (ret != 0) goto cleanup; /* Generate the Poly1305 key by getting the ChaCha20 keystream output with @@ -145,16 +139,15 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, * Only the first 256-bits (32 bytes) of the key is used for Poly1305. * The other 256 bits are discarded. */ - memset( poly1305_key, 0, sizeof( poly1305_key ) ); - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ), - poly1305_key, poly1305_key ); - if( ret != 0 ) + memset(poly1305_key, 0, sizeof(poly1305_key)); + ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key), + poly1305_key, poly1305_key); + if (ret != 0) goto cleanup; - ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key ); + ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key); - if( ret == 0 ) - { + if (ret == 0) { ctx->aad_len = 0U; ctx->ciphertext_len = 0U; ctx->state = CHACHAPOLY_STATE_AAD; @@ -162,100 +155,88 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, } cleanup: - mbedtls_platform_zeroize( poly1305_key, 64U ); - return( ret ); + mbedtls_platform_zeroize(poly1305_key, 64U); + return (ret); } -int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, - const unsigned char *aad, - size_t aad_len ) -{ - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); +int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, + const unsigned char *aad, + size_t aad_len) { + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL); - if( ctx->state != CHACHAPOLY_STATE_AAD ) - return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); + if (ctx->state != CHACHAPOLY_STATE_AAD) + return (MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); ctx->aad_len += aad_len; - return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) ); + return (mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len)); } -int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, - size_t len, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, + size_t len, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(len == 0 || input != NULL); + CHACHAPOLY_VALIDATE_RET(len == 0 || output != NULL); - if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && - ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) - { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); + if ((ctx->state != CHACHAPOLY_STATE_AAD) && + (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) { + return (MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); } - if( ctx->state == CHACHAPOLY_STATE_AAD ) - { + if (ctx->state == CHACHAPOLY_STATE_AAD) { ctx->state = CHACHAPOLY_STATE_CIPHERTEXT; - ret = chachapoly_pad_aad( ctx ); - if( ret != 0 ) - return( ret ); + ret = chachapoly_pad_aad(ctx); + if (ret != 0) + return (ret); } ctx->ciphertext_len += len; - if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT ) - { - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); - if( ret != 0 ) - return( ret ); + if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) { + ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output); + if (ret != 0) + return (ret); - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len ); - if( ret != 0 ) - return( ret ); - } - else /* DECRYPT */ - { - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len); + if (ret != 0) + return (ret); + } else { /* DECRYPT */ + ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len); + if (ret != 0) + return (ret); - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output); + if (ret != 0) + return (ret); } - return( 0 ); + return (0); } -int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, - unsigned char mac[16] ) -{ +int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, + unsigned char mac[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char len_block[16]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( mac != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(mac != NULL); - if( ctx->state == CHACHAPOLY_STATE_INIT ) - { - return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); + if (ctx->state == CHACHAPOLY_STATE_INIT) { + return (MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); } - if( ctx->state == CHACHAPOLY_STATE_AAD ) - { - ret = chachapoly_pad_aad( ctx ); - if( ret != 0 ) - return( ret ); - } - else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT ) - { - ret = chachapoly_pad_ciphertext( ctx ); - if( ret != 0 ) - return( ret ); + if (ctx->state == CHACHAPOLY_STATE_AAD) { + ret = chachapoly_pad_aad(ctx); + if (ret != 0) + return (ret); + } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) { + ret = chachapoly_pad_ciphertext(ctx); + if (ret != 0) + return (ret); } ctx->state = CHACHAPOLY_STATE_FINISHED; @@ -263,129 +244,123 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, /* The lengths of the AAD and ciphertext are processed by * Poly1305 as the final 128-bit block, encoded as little-endian integers. */ - len_block[ 0] = (unsigned char)( ctx->aad_len ); - len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 ); - len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 ); - len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 ); - len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 ); - len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 ); - len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 ); - len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 ); - len_block[ 8] = (unsigned char)( ctx->ciphertext_len ); - len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 ); - len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 ); - len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 ); - len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 ); - len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 ); - len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 ); - len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 ); + len_block[ 0] = (unsigned char)(ctx->aad_len); + len_block[ 1] = (unsigned char)(ctx->aad_len >> 8); + len_block[ 2] = (unsigned char)(ctx->aad_len >> 16); + len_block[ 3] = (unsigned char)(ctx->aad_len >> 24); + len_block[ 4] = (unsigned char)(ctx->aad_len >> 32); + len_block[ 5] = (unsigned char)(ctx->aad_len >> 40); + len_block[ 6] = (unsigned char)(ctx->aad_len >> 48); + len_block[ 7] = (unsigned char)(ctx->aad_len >> 56); + len_block[ 8] = (unsigned char)(ctx->ciphertext_len); + len_block[ 9] = (unsigned char)(ctx->ciphertext_len >> 8); + len_block[10] = (unsigned char)(ctx->ciphertext_len >> 16); + len_block[11] = (unsigned char)(ctx->ciphertext_len >> 24); + len_block[12] = (unsigned char)(ctx->ciphertext_len >> 32); + len_block[13] = (unsigned char)(ctx->ciphertext_len >> 40); + len_block[14] = (unsigned char)(ctx->ciphertext_len >> 48); + len_block[15] = (unsigned char)(ctx->ciphertext_len >> 56); - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U); + if (ret != 0) + return (ret); - ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac ); + ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac); - return( ret ); + return (ret); } -static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, - mbedtls_chachapoly_mode_t mode, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ) -{ +static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx, + mbedtls_chachapoly_mode_t mode, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char *input, + unsigned char *output, + unsigned char tag[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_chachapoly_starts( ctx, nonce, mode ); - if( ret != 0 ) + ret = mbedtls_chachapoly_starts(ctx, nonce, mode); + if (ret != 0) goto cleanup; - ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len ); - if( ret != 0 ) + ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len); + if (ret != 0) goto cleanup; - ret = mbedtls_chachapoly_update( ctx, length, input, output ); - if( ret != 0 ) + ret = mbedtls_chachapoly_update(ctx, length, input, output); + if (ret != 0) goto cleanup; - ret = mbedtls_chachapoly_finish( ctx, tag ); + ret = mbedtls_chachapoly_finish(ctx, tag); cleanup: - return( ret ); + return (ret); } -int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ) -{ - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); +int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char *input, + unsigned char *output, + unsigned char tag[16]) { + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(nonce != NULL); + CHACHAPOLY_VALIDATE_RET(tag != NULL); + CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL); - return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, - length, nonce, aad, aad_len, - input, output, tag ) ); + return (chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, + length, nonce, aad, aad_len, + input, output, tag)); } -int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char tag[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char tag[16], + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; size_t i; int diff; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); + CHACHAPOLY_VALIDATE_RET(ctx != NULL); + CHACHAPOLY_VALIDATE_RET(nonce != NULL); + CHACHAPOLY_VALIDATE_RET(tag != NULL); + CHACHAPOLY_VALIDATE_RET(aad_len == 0 || aad != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || input != NULL); + CHACHAPOLY_VALIDATE_RET(length == 0 || output != NULL); - if( ( ret = chachapoly_crypt_and_tag( ctx, - MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, - aad, aad_len, input, output, check_tag ) ) != 0 ) - { - return( ret ); + if ((ret = chachapoly_crypt_and_tag(ctx, + MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, + aad, aad_len, input, output, check_tag)) != 0) { + return (ret); } /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < sizeof( check_tag ); i++ ) + for (diff = 0, i = 0; i < sizeof(check_tag); i++) diff |= tag[i] ^ check_tag[i]; - if( diff != 0 ) - { - mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED ); + if (diff != 0) { + mbedtls_platform_zeroize(output, length); + return (MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED); } - return( 0 ); + return (0); } #endif /* MBEDTLS_CHACHAPOLY_ALT */ #if defined(MBEDTLS_SELF_TEST) -static const unsigned char test_key[1][32] = -{ +static const unsigned char test_key[1][32] = { { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, @@ -394,29 +369,25 @@ static const unsigned char test_key[1][32] = } }; -static const unsigned char test_nonce[1][12] = -{ +static const unsigned char test_nonce[1][12] = { { 0x07, 0x00, 0x00, 0x00, /* 32-bit common part */ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 /* 64-bit IV */ } }; -static const unsigned char test_aad[1][12] = -{ +static const unsigned char test_aad[1][12] = { { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 } }; -static const size_t test_aad_len[1] = -{ +static const size_t test_aad_len[1] = { 12U }; -static const unsigned char test_input[1][114] = -{ +static const unsigned char test_input[1][114] = { { 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, @@ -436,8 +407,7 @@ static const unsigned char test_input[1][114] = } }; -static const unsigned char test_output[1][114] = -{ +static const unsigned char test_output[1][114] = { { 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, @@ -457,13 +427,11 @@ static const unsigned char test_output[1][114] = } }; -static const size_t test_input_len[1] = -{ +static const size_t test_input_len[1] = { 114U }; -static const unsigned char test_mac[1][16] = -{ +static const unsigned char test_mac[1][16] = { { 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 @@ -486,51 +454,49 @@ static const unsigned char test_mac[1][16] = } \ while( 0 ) -int mbedtls_chachapoly_self_test( int verbose ) -{ +int mbedtls_chachapoly_self_test(int verbose) { mbedtls_chachapoly_context ctx; unsigned i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output[200]; unsigned char mac[16]; - for( i = 0U; i < 1U; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ChaCha20-Poly1305 test %u ", i ); + for (i = 0U; i < 1U; i++) { + if (verbose != 0) + mbedtls_printf(" ChaCha20-Poly1305 test %u ", i); - mbedtls_chachapoly_init( &ctx ); + mbedtls_chachapoly_init(&ctx); - ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] ); - ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) ); + ret = mbedtls_chachapoly_setkey(&ctx, test_key[i]); + ASSERT(0 == ret, ("setkey() error code: %i\n", ret)); - ret = mbedtls_chachapoly_encrypt_and_tag( &ctx, - test_input_len[i], - test_nonce[i], - test_aad[i], - test_aad_len[i], - test_input[i], - output, - mac ); + ret = mbedtls_chachapoly_encrypt_and_tag(&ctx, + test_input_len[i], + test_nonce[i], + test_aad[i], + test_aad_len[i], + test_input[i], + output, + mac); - ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) ); + ASSERT(0 == ret, ("crypt_and_tag() error code: %i\n", ret)); - ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ), - ( "failure (wrong output)\n" ) ); + ASSERT(0 == memcmp(output, test_output[i], test_input_len[i]), + ("failure (wrong output)\n")); - ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), - ( "failure (wrong MAC)\n" ) ); + ASSERT(0 == memcmp(mac, test_mac[i], 16U), + ("failure (wrong MAC)\n")); - mbedtls_chachapoly_free( &ctx ); + mbedtls_chachapoly_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/chachapoly.h b/common/mbedtls/chachapoly.h index 1007f95bb..66af854e4 100644 --- a/common/mbedtls/chachapoly.h +++ b/common/mbedtls/chachapoly.h @@ -48,8 +48,7 @@ extern "C" { #endif -typedef enum -{ +typedef enum { MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption. */ MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */ } @@ -59,8 +58,7 @@ mbedtls_chachapoly_mode_t; #include "mbedtls/chacha20.h" -typedef struct mbedtls_chachapoly_context -{ +typedef struct mbedtls_chachapoly_context { mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */ mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */ uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */ @@ -116,7 +114,7 @@ mbedtls_chachapoly_context; * * \param ctx The ChachaPoly context to initialize. Must not be \c NULL. */ -void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); +void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx); /** * \brief This function releases and clears the specified @@ -125,7 +123,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ); * \param ctx The ChachaPoly context to clear. This may be \c NULL, in which * case this function is a no-op. */ -void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); +void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx); /** * \brief This function sets the ChaCha20-Poly1305 @@ -138,8 +136,8 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, - const unsigned char key[32] ); +int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx, + const unsigned char key[32]); /** * \brief This function starts a ChaCha20-Poly1305 encryption or @@ -166,9 +164,9 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, - const unsigned char nonce[12], - mbedtls_chachapoly_mode_t mode ); +int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx, + const unsigned char nonce[12], + mbedtls_chachapoly_mode_t mode); /** * \brief This function feeds additional data to be authenticated @@ -209,9 +207,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, * if the operations has not been started or has been * finished, or if the AAD has been finished. */ -int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, - const unsigned char *aad, - size_t aad_len ); +int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx, + const unsigned char *aad, + size_t aad_len); /** * \brief Thus function feeds data to be encrypted or decrypted @@ -244,10 +242,10 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, * finished. * \return Another negative error code on other kinds of failure. */ -int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, - size_t len, - const unsigned char *input, - unsigned char *output ); +int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx, + size_t len, + const unsigned char *input, + unsigned char *output); /** * \brief This function finished the ChaCha20-Poly1305 operation and @@ -265,8 +263,8 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, * finished. * \return Another negative error code on other kinds of failure. */ -int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, - unsigned char mac[16] ); +int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx, + unsigned char mac[16]); /** * \brief This function performs a complete ChaCha20-Poly1305 @@ -297,14 +295,14 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char *input, - unsigned char *output, - unsigned char tag[16] ); +int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char *input, + unsigned char *output, + unsigned char tag[16]); /** * \brief This function performs a complete ChaCha20-Poly1305 @@ -331,14 +329,14 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, * if the data was not authentic. * \return Another negative error code on other kinds of failure. */ -int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, - size_t length, - const unsigned char nonce[12], - const unsigned char *aad, - size_t aad_len, - const unsigned char tag[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx, + size_t length, + const unsigned char nonce[12], + const unsigned char *aad, + size_t aad_len, + const unsigned char tag[16], + const unsigned char *input, + unsigned char *output); #if defined(MBEDTLS_SELF_TEST) /** @@ -347,7 +345,7 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_chachapoly_self_test( int verbose ); +int mbedtls_chachapoly_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/common/mbedtls/check_config.h b/common/mbedtls/check_config.h index a6545ab5b..25df298c5 100644 --- a/common/mbedtls/check_config.h +++ b/common/mbedtls/check_config.h @@ -682,7 +682,7 @@ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ) #error "One or more versions of the TLS protocol are enabled " \ - "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" +"but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx" #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ diff --git a/common/mbedtls/cipher.c b/common/mbedtls/cipher.c index 457f8f660..61941f56c 100644 --- a/common/mbedtls/cipher.c +++ b/common/mbedtls/cipher.c @@ -80,34 +80,31 @@ * a non-zero value. * This is currently only used by GCM and ChaCha20+Poly1305. */ -static int mbedtls_constant_time_memcmp( const void *v1, const void *v2, - size_t len ) -{ - const unsigned char *p1 = (const unsigned char*) v1; - const unsigned char *p2 = (const unsigned char*) v2; +static int mbedtls_constant_time_memcmp(const void *v1, const void *v2, + size_t len) { + const unsigned char *p1 = (const unsigned char *) v1; + const unsigned char *p2 = (const unsigned char *) v2; size_t i; unsigned char diff; - for( diff = 0, i = 0; i < len; i++ ) + for (diff = 0, i = 0; i < len; i++) diff |= p1[i] ^ p2[i]; - return( (int)diff ); + return ((int)diff); } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ static int supported_init = 0; -const int *mbedtls_cipher_list( void ) -{ +const int *mbedtls_cipher_list(void) { const mbedtls_cipher_definition_t *def; int *type; - if( ! supported_init ) - { + if (! supported_init) { def = mbedtls_cipher_definitions; type = mbedtls_cipher_supported; - while( def->type != 0 ) + while (def->type != 0) *type++ = (*def++).type; *type = 0; @@ -115,112 +112,102 @@ const int *mbedtls_cipher_list( void ) supported_init = 1; } - return( mbedtls_cipher_supported ); + return (mbedtls_cipher_supported); } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( - const mbedtls_cipher_type_t cipher_type ) -{ + const mbedtls_cipher_type_t cipher_type) { const mbedtls_cipher_definition_t *def; - for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) - if( def->type == cipher_type ) - return( def->info ); + for (def = mbedtls_cipher_definitions; def->info != NULL; def++) + if (def->type == cipher_type) + return (def->info); - return( NULL ); + return (NULL); } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( - const char *cipher_name ) -{ + const char *cipher_name) { const mbedtls_cipher_definition_t *def; - if( NULL == cipher_name ) - return( NULL ); + if (NULL == cipher_name) + return (NULL); - for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) - if( ! strcmp( def->info->name, cipher_name ) ) - return( def->info ); + for (def = mbedtls_cipher_definitions; def->info != NULL; def++) + if (! strcmp(def->info->name, cipher_name)) + return (def->info); - return( NULL ); + return (NULL); } const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, int key_bitlen, - const mbedtls_cipher_mode_t mode ) -{ + const mbedtls_cipher_mode_t mode) { const mbedtls_cipher_definition_t *def; - for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) - if( def->info->base->cipher == cipher_id && - def->info->key_bitlen == (unsigned) key_bitlen && - def->info->mode == mode ) - return( def->info ); + for (def = mbedtls_cipher_definitions; def->info != NULL; def++) + if (def->info->base->cipher == cipher_id && + def->info->key_bitlen == (unsigned) key_bitlen && + def->info->mode == mode) + return (def->info); - return( NULL ); + return (NULL); } -void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ) -{ - CIPHER_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); +void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx) { + CIPHER_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); } -void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) -{ - if( ctx == NULL ) +void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx) { + if (ctx == NULL) return; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { - if( ctx->cipher_ctx != NULL ) - { - mbedtls_cipher_context_psa * const cipher_psa = + if (ctx->psa_enabled == 1) { + if (ctx->cipher_ctx != NULL) { + mbedtls_cipher_context_psa *const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; - if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED ) - { + if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) { /* xxx_free() doesn't allow to return failures. */ - (void) psa_destroy_key( cipher_psa->slot ); + (void) psa_destroy_key(cipher_psa->slot); } - mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) ); - mbedtls_free( cipher_psa ); + mbedtls_platform_zeroize(cipher_psa, sizeof(*cipher_psa)); + mbedtls_free(cipher_psa); } - mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); return; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_CMAC_C) - if( ctx->cmac_ctx ) - { - mbedtls_platform_zeroize( ctx->cmac_ctx, - sizeof( mbedtls_cmac_context_t ) ); - mbedtls_free( ctx->cmac_ctx ); + if (ctx->cmac_ctx) { + mbedtls_platform_zeroize(ctx->cmac_ctx, + sizeof(mbedtls_cmac_context_t)); + mbedtls_free(ctx->cmac_ctx); } #endif - if( ctx->cipher_ctx ) - ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx ); + if (ctx->cipher_ctx) + ctx->cipher_info->base->ctx_free_func(ctx->cipher_ctx); - mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); } -int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info) { + CIPHER_VALIDATE_RET(ctx != NULL); + if (cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); - if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + if (NULL == (ctx->cipher_ctx = cipher_info->base->ctx_alloc_func())) + return (MBEDTLS_ERR_CIPHER_ALLOC_FAILED); ctx->cipher_info = cipher_info; @@ -229,106 +216,102 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, * Ignore possible errors caused by a cipher mode that doesn't use padding */ #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 ); + (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7); #else - (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE ); + (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE); #endif #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ - return( 0 ); + return (0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info, - size_t taglen ) -{ +int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info, + size_t taglen) { psa_algorithm_t alg; mbedtls_cipher_context_psa *cipher_psa; - if( NULL == cipher_info || NULL == ctx ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == cipher_info || NULL == ctx) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); /* Check that the underlying cipher mode and cipher type are * supported by the underlying PSA Crypto implementation. */ - alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen ); - if( alg == 0 ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + alg = mbedtls_psa_translate_cipher_mode(cipher_info->mode, taglen); + if (alg == 0) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); + if (mbedtls_psa_translate_cipher_type(cipher_info->type) == 0) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); - cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) ); - if( cipher_psa == NULL ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + cipher_psa = mbedtls_calloc(1, sizeof(mbedtls_cipher_context_psa)); + if (cipher_psa == NULL) + return (MBEDTLS_ERR_CIPHER_ALLOC_FAILED); cipher_psa->alg = alg; ctx->cipher_ctx = cipher_psa; ctx->cipher_info = cipher_info; ctx->psa_enabled = 1; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, - const unsigned char *key, - int key_bitlen, - const mbedtls_operation_t operation ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( key != NULL ); - CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || - operation == MBEDTLS_DECRYPT ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, + const unsigned char *key, + int key_bitlen, + const mbedtls_operation_t operation) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(key != NULL); + CIPHER_VALIDATE_RET(operation == MBEDTLS_ENCRYPT || + operation == MBEDTLS_DECRYPT); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { - mbedtls_cipher_context_psa * const cipher_psa = + if (ctx->psa_enabled == 1) { + mbedtls_cipher_context_psa *const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; - size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8; + size_t const key_bytelen = ((size_t) key_bitlen + 7) / 8; psa_status_t status; psa_key_type_t key_type; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; /* PSA Crypto API only accepts byte-aligned keys. */ - if( key_bitlen % 8 != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key_bitlen % 8 != 0) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); /* Don't allow keys to be set multiple times. */ - if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); key_type = mbedtls_psa_translate_cipher_type( - ctx->cipher_info->type ); - if( key_type == 0 ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - psa_set_key_type( &attributes, key_type ); + ctx->cipher_info->type); + if (key_type == 0) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); + psa_set_key_type(&attributes, key_type); /* Mbed TLS' cipher layer doesn't enforce the mode of operation * (encrypt vs. decrypt): it is possible to setup a key for encryption * and use it for AEAD decryption. Until tests relying on this * are changed, allow any usage in PSA. */ - psa_set_key_usage_flags( &attributes, - /* mbedtls_psa_translate_cipher_operation( operation ); */ - PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT ); - psa_set_key_algorithm( &attributes, cipher_psa->alg ); + psa_set_key_usage_flags(&attributes, + /* mbedtls_psa_translate_cipher_operation( operation ); */ + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attributes, cipher_psa->alg); - status = psa_import_key( &attributes, key, key_bytelen, - &cipher_psa->slot ); - switch( status ) - { + status = psa_import_key(&attributes, key, key_bytelen, + &cipher_psa->slot); + switch (status) { case PSA_SUCCESS: break; case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + return (MBEDTLS_ERR_CIPHER_ALLOC_FAILED); case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); default: - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); } /* Indicate that we own the key slot and need to * destroy it in mbedtls_cipher_free(). */ @@ -336,14 +319,13 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, ctx->key_bitlen = key_bitlen; ctx->operation = operation; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && - (int) ctx->cipher_info->key_bitlen != key_bitlen ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 && + (int) ctx->cipher_info->key_bitlen != key_bitlen) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } ctx->key_bitlen = key_bitlen; @@ -352,257 +334,232 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, /* * For OFB, CFB and CTR mode always use the encryption key schedule */ - if( MBEDTLS_ENCRYPT == operation || - MBEDTLS_MODE_CFB == ctx->cipher_info->mode || - MBEDTLS_MODE_OFB == ctx->cipher_info->mode || - MBEDTLS_MODE_CTR == ctx->cipher_info->mode ) - { - return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, - ctx->key_bitlen ) ); + if (MBEDTLS_ENCRYPT == operation || + MBEDTLS_MODE_CFB == ctx->cipher_info->mode || + MBEDTLS_MODE_OFB == ctx->cipher_info->mode || + MBEDTLS_MODE_CTR == ctx->cipher_info->mode) { + return (ctx->cipher_info->base->setkey_enc_func(ctx->cipher_ctx, key, + ctx->key_bitlen)); } - if( MBEDTLS_DECRYPT == operation ) - return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, - ctx->key_bitlen ) ); + if (MBEDTLS_DECRYPT == operation) + return (ctx->cipher_info->base->setkey_dec_func(ctx->cipher_ctx, key, + ctx->key_bitlen)); - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } -int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, - size_t iv_len ) -{ +int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, + size_t iv_len) { size_t actual_iv_size; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* avoid buffer overflow in ctx->iv */ - if( iv_len > MBEDTLS_MAX_IV_LENGTH ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (iv_len > MBEDTLS_MAX_IV_LENGTH) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); - if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 ) + if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN) != 0) actual_iv_size = iv_len; - else - { + else { actual_iv_size = ctx->cipher_info->iv_size; /* avoid reading past the end of input buffer */ - if( actual_iv_size > iv_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (actual_iv_size > iv_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } #if defined(MBEDTLS_CHACHA20_C) - if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ) - { - if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx, - iv, - 0U ) ) /* Initial counter value */ - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20) { + if (0 != mbedtls_chacha20_starts((mbedtls_chacha20_context *)ctx->cipher_ctx, + iv, + 0U)) { /* Initial counter value */ + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } } #endif - if ( actual_iv_size != 0 ) - { - memcpy( ctx->iv, iv, actual_iv_size ); + if (actual_iv_size != 0) { + memcpy(ctx->iv, iv, actual_iv_size); ctx->iv_size = actual_iv_size; } - return( 0 ); + return (0); } -int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx) { + CIPHER_VALIDATE_RET(ctx != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* We don't support resetting PSA-based * cipher contexts, yet. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ ctx->unprocessed_len = 0; - return( 0 ); + return (0); } #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, - const unsigned char *ad, size_t ad_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, + const unsigned char *ad, size_t ad_len) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { - return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, - ctx->iv, ctx->iv_size, ad, ad_len ) ); + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { + return (mbedtls_gcm_starts((mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation, + ctx->iv, ctx->iv_size, ad, ad_len)); } #endif #if defined(MBEDTLS_CHACHAPOLY_C) - if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { int result; mbedtls_chachapoly_mode_t mode; - mode = ( ctx->operation == MBEDTLS_ENCRYPT ) - ? MBEDTLS_CHACHAPOLY_ENCRYPT - : MBEDTLS_CHACHAPOLY_DECRYPT; + mode = (ctx->operation == MBEDTLS_ENCRYPT) + ? MBEDTLS_CHACHAPOLY_ENCRYPT + : MBEDTLS_CHACHAPOLY_DECRYPT; - result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ctx->iv, - mode ); - if ( result != 0 ) - return( result ); + result = mbedtls_chachapoly_starts((mbedtls_chachapoly_context *) ctx->cipher_ctx, + ctx->iv, + mode); + if (result != 0) + return (result); - return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ad, ad_len ) ); + return (mbedtls_chachapoly_update_aad((mbedtls_chachapoly_context *) ctx->cipher_ctx, + ad, ad_len)); } #endif - return( 0 ); + return (0); } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ -int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, - size_t ilen, unsigned char *output, size_t *olen ) -{ +int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, + size_t ilen, unsigned char *output, size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t block_size; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ *olen = 0; - block_size = mbedtls_cipher_get_block_size( ctx ); - if ( 0 == block_size ) - { - return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT ); + block_size = mbedtls_cipher_get_block_size(ctx); + if (0 == block_size) { + return (MBEDTLS_ERR_CIPHER_INVALID_CONTEXT); } - if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) - { - if( ilen != block_size ) - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_ECB) { + if (ilen != block_size) + return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); *olen = ilen; - if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, - ctx->operation, input, output ) ) ) - { - return( ret ); + if (0 != (ret = ctx->cipher_info->base->ecb_func(ctx->cipher_ctx, + ctx->operation, input, output))) { + return (ret); } - return( 0 ); + return (0); } #if defined(MBEDTLS_GCM_C) - if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) - { + if (ctx->cipher_info->mode == MBEDTLS_MODE_GCM) { *olen = ilen; - return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, - output ) ); + return (mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input, + output)); } #endif #if defined(MBEDTLS_CHACHAPOLY_C) - if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) - { + if (ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { *olen = ilen; - return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx, - ilen, input, output ) ); + return (mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx, + ilen, input, output)); } #endif - if( input == output && - ( ctx->unprocessed_len != 0 || ilen % block_size ) ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (input == output && + (ctx->unprocessed_len != 0 || ilen % block_size)) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC ) - { + if (ctx->cipher_info->mode == MBEDTLS_MODE_CBC) { size_t copy_len = 0; /* * If there is not enough data for a full block, cache it. */ - if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && - ilen <= block_size - ctx->unprocessed_len ) || - ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && - ilen < block_size - ctx->unprocessed_len ) || - ( ctx->operation == MBEDTLS_ENCRYPT && - ilen < block_size - ctx->unprocessed_len ) ) - { - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, - ilen ); + if ((ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && + ilen <= block_size - ctx->unprocessed_len) || + (ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && + ilen < block_size - ctx->unprocessed_len) || + (ctx->operation == MBEDTLS_ENCRYPT && + ilen < block_size - ctx->unprocessed_len)) { + memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input, + ilen); ctx->unprocessed_len += ilen; - return( 0 ); + return (0); } /* * Process cached data first */ - if( 0 != ctx->unprocessed_len ) - { + if (0 != ctx->unprocessed_len) { copy_len = block_size - ctx->unprocessed_len; - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, - copy_len ); + memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input, + copy_len); - if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, block_size, ctx->iv, - ctx->unprocessed_data, output ) ) ) - { - return( ret ); + if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx, + ctx->operation, block_size, ctx->iv, + ctx->unprocessed_data, output))) { + return (ret); } *olen += block_size; @@ -616,22 +573,20 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Cache final, incomplete block */ - if( 0 != ilen ) - { + if (0 != ilen) { /* Encryption: only cache partial blocks * Decryption w/ padding: always keep at least one whole block * Decryption w/o padding: only cache partial blocks */ copy_len = ilen % block_size; - if( copy_len == 0 && - ctx->operation == MBEDTLS_DECRYPT && - NULL != ctx->add_padding) - { + if (copy_len == 0 && + ctx->operation == MBEDTLS_DECRYPT && + NULL != ctx->add_padding) { copy_len = block_size; } - memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), - copy_len ); + memcpy(ctx->unprocessed_data, &(input[ilen - copy_len]), + copy_len); ctx->unprocessed_len += copy_len; ilen -= copy_len; @@ -640,105 +595,93 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * Process remaining full blocks */ - if( ilen ) - { - if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, ilen, ctx->iv, input, output ) ) ) - { - return( ret ); + if (ilen) { + if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx, + ctx->operation, ilen, ctx->iv, input, output))) { + return (ret); } *olen += ilen; } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB ) - { - if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx, - ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, - input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_CFB) { + if (0 != (ret = ctx->cipher_info->base->cfb_func(ctx->cipher_ctx, + ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv, + input, output))) { + return (ret); } *olen = ilen; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) - if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB ) - { - if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx, - ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_OFB) { + if (0 != (ret = ctx->cipher_info->base->ofb_func(ctx->cipher_ctx, + ilen, &ctx->unprocessed_len, ctx->iv, input, output))) { + return (ret); } *olen = ilen; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) - if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR ) - { - if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx, - ilen, &ctx->unprocessed_len, ctx->iv, - ctx->unprocessed_data, input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_CTR) { + if (0 != (ret = ctx->cipher_info->base->ctr_func(ctx->cipher_ctx, + ilen, &ctx->unprocessed_len, ctx->iv, + ctx->unprocessed_data, input, output))) { + return (ret); } *olen = ilen; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) - if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS ) - { - if( ctx->unprocessed_len > 0 ) { + if (ctx->cipher_info->mode == MBEDTLS_MODE_XTS) { + if (ctx->unprocessed_len > 0) { /* We can only process an entire data unit at a time. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } - ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx, - ctx->operation, ilen, ctx->iv, input, output ); - if( ret != 0 ) - { - return( ret ); + ret = ctx->cipher_info->base->xts_func(ctx->cipher_ctx, + ctx->operation, ilen, ctx->iv, input, output); + if (ret != 0) { + return (ret); } *olen = ilen; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_STREAM) - if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM ) - { - if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx, - ilen, input, output ) ) ) - { - return( ret ); + if (ctx->cipher_info->mode == MBEDTLS_MODE_STREAM) { + if (0 != (ret = ctx->cipher_info->base->stream_func(ctx->cipher_ctx, + ilen, input, output))) { + return (ret); } *olen = ilen; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_STREAM */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) @@ -746,24 +689,22 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len */ -static void add_pkcs_padding( unsigned char *output, size_t output_len, - size_t data_len ) -{ +static void add_pkcs_padding(unsigned char *output, size_t output_len, + size_t data_len) { size_t padding_len = output_len - data_len; unsigned char i; - for( i = 0; i < padding_len; i++ ) + for (i = 0; i < padding_len; i++) output[data_len + i] = (unsigned char) padding_len; } -static int get_pkcs_padding( unsigned char *input, size_t input_len, - size_t *data_len ) -{ +static int get_pkcs_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i, pad_idx; unsigned char padding_len, bad = 0; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); padding_len = input[input_len - 1]; *data_len = input_len - padding_len; @@ -775,10 +716,10 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len, /* The number of bytes checked must be independent of padding_len, * so pick input_len, which is usually 8 or 16 (one block) */ pad_idx = input_len - padding_len; - for( i = 0; i < input_len; i++ ) - bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx ); + for (i = 0; i < input_len; i++) + bad |= (input[i] ^ padding_len) * (i >= pad_idx); - return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); + return (MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0)); } #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ @@ -786,37 +727,34 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len, /* * One and zeros padding: fill with 80 00 ... 00 */ -static void add_one_and_zeros_padding( unsigned char *output, - size_t output_len, size_t data_len ) -{ +static void add_one_and_zeros_padding(unsigned char *output, + size_t output_len, size_t data_len) { size_t padding_len = output_len - data_len; unsigned char i = 0; output[data_len] = 0x80; - for( i = 1; i < padding_len; i++ ) + for (i = 1; i < padding_len; i++) output[data_len + i] = 0x00; } -static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, - size_t *data_len ) -{ +static int get_one_and_zeros_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i; unsigned char done = 0, prev_done, bad; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); bad = 0x80; *data_len = 0; - for( i = input_len; i > 0; i-- ) - { + for (i = input_len; i > 0; i--) { prev_done = done; - done |= ( input[i - 1] != 0 ); - *data_len |= ( i - 1 ) * ( done != prev_done ); - bad ^= input[i - 1] * ( done != prev_done ); + done |= (input[i - 1] != 0); + *data_len |= (i - 1) * (done != prev_done); + bad ^= input[i - 1] * (done != prev_done); } - return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); + return (MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0)); } #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ @@ -825,25 +763,23 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, /* * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length */ -static void add_zeros_and_len_padding( unsigned char *output, - size_t output_len, size_t data_len ) -{ +static void add_zeros_and_len_padding(unsigned char *output, + size_t output_len, size_t data_len) { size_t padding_len = output_len - data_len; unsigned char i = 0; - for( i = 1; i < padding_len; i++ ) + for (i = 1; i < padding_len; i++) output[data_len + i - 1] = 0x00; output[output_len - 1] = (unsigned char) padding_len; } -static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, - size_t *data_len ) -{ +static int get_zeros_and_len_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i, pad_idx; unsigned char padding_len, bad = 0; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); padding_len = input[input_len - 1]; *data_len = input_len - padding_len; @@ -854,10 +790,10 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, /* The number of bytes checked must be independent of padding_len */ pad_idx = input_len - padding_len; - for( i = 0; i < input_len - 1; i++ ) - bad |= input[i] * ( i >= pad_idx ); + for (i = 0; i < input_len - 1; i++) + bad |= input[i] * (i >= pad_idx); - return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); + return (MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0)); } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ @@ -865,33 +801,30 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len, /* * Zero padding: fill with 00 ... 00 */ -static void add_zeros_padding( unsigned char *output, - size_t output_len, size_t data_len ) -{ +static void add_zeros_padding(unsigned char *output, + size_t output_len, size_t data_len) { size_t i; - for( i = data_len; i < output_len; i++ ) + for (i = data_len; i < output_len; i++) output[i] = 0x00; } -static int get_zeros_padding( unsigned char *input, size_t input_len, - size_t *data_len ) -{ +static int get_zeros_padding(unsigned char *input, size_t input_len, + size_t *data_len) { size_t i; unsigned char done = 0, prev_done; - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == input || NULL == data_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); *data_len = 0; - for( i = input_len; i > 0; i-- ) - { + for (i = input_len; i > 0; i--) { prev_done = done; - done |= ( input[i-1] != 0 ); - *data_len |= i * ( done != prev_done ); + done |= (input[i - 1] != 0); + *data_len |= i * (done != prev_done); } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_PADDING_ZEROS */ @@ -901,389 +834,357 @@ static int get_zeros_padding( unsigned char *input, size_t input_len, * There is no add_padding function (check for NULL in mbedtls_cipher_finish) * but a trivial get_padding function */ -static int get_no_padding( unsigned char *input, size_t input_len, - size_t *data_len ) -{ - if( NULL == input || NULL == data_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +static int get_no_padding(unsigned char *input, size_t input_len, + size_t *data_len) { + if (NULL == input || NULL == data_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); *data_len = input_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ -int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output, size_t *olen ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output, size_t *olen) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ *olen = 0; - if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || - MBEDTLS_MODE_OFB == ctx->cipher_info->mode || - MBEDTLS_MODE_CTR == ctx->cipher_info->mode || - MBEDTLS_MODE_GCM == ctx->cipher_info->mode || - MBEDTLS_MODE_XTS == ctx->cipher_info->mode || - MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) - { - return( 0 ); + if (MBEDTLS_MODE_CFB == ctx->cipher_info->mode || + MBEDTLS_MODE_OFB == ctx->cipher_info->mode || + MBEDTLS_MODE_CTR == ctx->cipher_info->mode || + MBEDTLS_MODE_GCM == ctx->cipher_info->mode || + MBEDTLS_MODE_XTS == ctx->cipher_info->mode || + MBEDTLS_MODE_STREAM == ctx->cipher_info->mode) { + return (0); } - if ( ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type ) || - ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) ) - { - return( 0 ); + if ((MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type) || + (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type)) { + return (0); } - if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode ) - { - if( ctx->unprocessed_len != 0 ) - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + if (MBEDTLS_MODE_ECB == ctx->cipher_info->mode) { + if (ctx->unprocessed_len != 0) + return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); - return( 0 ); + return (0); } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_CBC == ctx->cipher_info->mode) { int ret = 0; - if( MBEDTLS_ENCRYPT == ctx->operation ) - { + if (MBEDTLS_ENCRYPT == ctx->operation) { /* check for 'no padding' mode */ - if( NULL == ctx->add_padding ) - { - if( 0 != ctx->unprocessed_len ) - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + if (NULL == ctx->add_padding) { + if (0 != ctx->unprocessed_len) + return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); - return( 0 ); + return (0); } - ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ), - ctx->unprocessed_len ); - } - else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len ) - { + ctx->add_padding(ctx->unprocessed_data, mbedtls_cipher_get_iv_size(ctx), + ctx->unprocessed_len); + } else if (mbedtls_cipher_get_block_size(ctx) != ctx->unprocessed_len) { /* * For decrypt operations, expect a full block, * or an empty block if no padding */ - if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len ) - return( 0 ); + if (NULL == ctx->add_padding && 0 == ctx->unprocessed_len) + return (0); - return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); + return (MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); } /* cipher block */ - if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, - ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, - ctx->unprocessed_data, output ) ) ) - { - return( ret ); + if (0 != (ret = ctx->cipher_info->base->cbc_func(ctx->cipher_ctx, + ctx->operation, mbedtls_cipher_get_block_size(ctx), ctx->iv, + ctx->unprocessed_data, output))) { + return (ret); } /* Set output size for decryption */ - if( MBEDTLS_DECRYPT == ctx->operation ) - return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), - olen ) ); + if (MBEDTLS_DECRYPT == ctx->operation) + return (ctx->get_padding(output, mbedtls_cipher_get_block_size(ctx), + olen)); /* Set output size for encryption */ - *olen = mbedtls_cipher_get_block_size( ctx ); - return( 0 ); + *olen = mbedtls_cipher_get_block_size(ctx); + return (0); } #else ((void) output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, - mbedtls_cipher_padding_t mode ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); +int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, + mbedtls_cipher_padding_t mode) { + CIPHER_VALIDATE_RET(ctx != NULL); - if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto knows about CBC padding * schemes, we currently don't make them * accessible through the cipher layer. */ - if( mode != MBEDTLS_PADDING_NONE ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (mode != MBEDTLS_PADDING_NONE) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - switch( mode ) - { + switch (mode) { #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - case MBEDTLS_PADDING_PKCS7: - ctx->add_padding = add_pkcs_padding; - ctx->get_padding = get_pkcs_padding; - break; + case MBEDTLS_PADDING_PKCS7: + ctx->add_padding = add_pkcs_padding; + ctx->get_padding = get_pkcs_padding; + break; #endif #if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) - case MBEDTLS_PADDING_ONE_AND_ZEROS: - ctx->add_padding = add_one_and_zeros_padding; - ctx->get_padding = get_one_and_zeros_padding; - break; + case MBEDTLS_PADDING_ONE_AND_ZEROS: + ctx->add_padding = add_one_and_zeros_padding; + ctx->get_padding = get_one_and_zeros_padding; + break; #endif #if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) - case MBEDTLS_PADDING_ZEROS_AND_LEN: - ctx->add_padding = add_zeros_and_len_padding; - ctx->get_padding = get_zeros_and_len_padding; - break; + case MBEDTLS_PADDING_ZEROS_AND_LEN: + ctx->add_padding = add_zeros_and_len_padding; + ctx->get_padding = get_zeros_and_len_padding; + break; #endif #if defined(MBEDTLS_CIPHER_PADDING_ZEROS) - case MBEDTLS_PADDING_ZEROS: - ctx->add_padding = add_zeros_padding; - ctx->get_padding = get_zeros_padding; - break; + case MBEDTLS_PADDING_ZEROS: + ctx->add_padding = add_zeros_padding; + ctx->get_padding = get_zeros_padding; + break; #endif - case MBEDTLS_PADDING_NONE: - ctx->add_padding = NULL; - ctx->get_padding = get_no_padding; - break; + case MBEDTLS_PADDING_NONE: + ctx->add_padding = NULL; + ctx->get_padding = get_no_padding; + break; - default: - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + default: + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, - unsigned char *tag, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, + unsigned char *tag, size_t tag_len) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if( MBEDTLS_ENCRYPT != ctx->operation ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (MBEDTLS_ENCRYPT != ctx->operation) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx, - tag, tag_len ) ); + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) + return (mbedtls_gcm_finish((mbedtls_gcm_context *) ctx->cipher_ctx, + tag, tag_len)); #endif #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { /* Don't allow truncated MAC for Poly1305 */ - if ( tag_len != 16U ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (tag_len != 16U) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - return( mbedtls_chachapoly_finish( - (mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) ); + return (mbedtls_chachapoly_finish( + (mbedtls_chachapoly_context *) ctx->cipher_ctx, tag)); } #endif - return( 0 ); + return (0); } -int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, - const unsigned char *tag, size_t tag_len ) -{ +int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, + const unsigned char *tag, size_t tag_len) { unsigned char check_tag[16]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - if( ctx->cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); + if (ctx->cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if( MBEDTLS_DECRYPT != ctx->operation ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (MBEDTLS_DECRYPT != ctx->operation) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* While PSA Crypto has an API for multipart * operations, we currently don't make it * accessible through the cipher layer. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { - if( tag_len > sizeof( check_tag ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { + if (tag_len > sizeof(check_tag)) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if( 0 != ( ret = mbedtls_gcm_finish( - (mbedtls_gcm_context *) ctx->cipher_ctx, - check_tag, tag_len ) ) ) - { - return( ret ); + if (0 != (ret = mbedtls_gcm_finish( + (mbedtls_gcm_context *) ctx->cipher_ctx, + check_tag, tag_len))) { + return (ret); } /* Check the tag in "constant-time" */ - if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 ) - return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); + if (mbedtls_constant_time_memcmp(tag, check_tag, tag_len) != 0) + return (MBEDTLS_ERR_CIPHER_AUTH_FAILED); - return( 0 ); + return (0); } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { /* Don't allow truncated MAC for Poly1305 */ - if ( tag_len != sizeof( check_tag ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (tag_len != sizeof(check_tag)) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); ret = mbedtls_chachapoly_finish( - (mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag ); - if ( ret != 0 ) - { - return( ret ); + (mbedtls_chachapoly_context *) ctx->cipher_ctx, check_tag); + if (ret != 0) { + return (ret); } /* Check the tag in "constant-time" */ - if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 ) - return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); + if (mbedtls_constant_time_memcmp(tag, check_tag, tag_len) != 0) + return (MBEDTLS_ERR_CIPHER_AUTH_FAILED); - return( 0 ); + return (0); } #endif /* MBEDTLS_CHACHAPOLY_C */ - return( 0 ); + return (0); } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /* * Packet-oriented wrapper for non-AEAD modes */ -int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen ) -{ +int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t finish_olen; - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* As in the non-PSA case, we don't check that * a key has been set. If not, the key slot will * still be in its default state of 0, which is * guaranteed to be invalid, hence the PSA-call * below will gracefully fail. */ - mbedtls_cipher_context_psa * const cipher_psa = + mbedtls_cipher_context_psa *const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; psa_status_t status; psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT; size_t part_len; - if( ctx->operation == MBEDTLS_DECRYPT ) - { - status = psa_cipher_decrypt_setup( &cipher_op, - cipher_psa->slot, - cipher_psa->alg ); - } - else if( ctx->operation == MBEDTLS_ENCRYPT ) - { - status = psa_cipher_encrypt_setup( &cipher_op, - cipher_psa->slot, - cipher_psa->alg ); - } - else - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx->operation == MBEDTLS_DECRYPT) { + status = psa_cipher_decrypt_setup(&cipher_op, + cipher_psa->slot, + cipher_psa->alg); + } else if (ctx->operation == MBEDTLS_ENCRYPT) { + status = psa_cipher_encrypt_setup(&cipher_op, + cipher_psa->slot, + cipher_psa->alg); + } else + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); /* In the following, we can immediately return on an error, * because the PSA Crypto API guarantees that cipher operations * are terminated by unsuccessful calls to psa_cipher_update(), * and by any call to psa_cipher_finish(). */ - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); - status = psa_cipher_set_iv( &cipher_op, iv, iv_len ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_cipher_set_iv(&cipher_op, iv, iv_len); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); - status = psa_cipher_update( &cipher_op, - input, ilen, - output, ilen, olen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_cipher_update(&cipher_op, + input, ilen, + output, ilen, olen); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); - status = psa_cipher_finish( &cipher_op, - output + *olen, ilen - *olen, - &part_len ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_cipher_finish(&cipher_op, + output + *olen, ilen - *olen, + &part_len); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); *olen += part_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_set_iv(ctx, iv, iv_len)) != 0) + return (ret); - if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_reset(ctx)) != 0) + return (ret); - if( ( ret = mbedtls_cipher_update( ctx, input, ilen, - output, olen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_update(ctx, input, ilen, + output, olen)) != 0) + return (ret); - if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, - &finish_olen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_finish(ctx, output + *olen, + &finish_olen)) != 0) + return (ret); *olen += finish_olen; - return( 0 ); + return (0); } #if defined(MBEDTLS_CIPHER_MODE_AEAD) @@ -1291,229 +1192,215 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * Packet-oriented encryption for AEAD modes: internal function shared by * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). */ -static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) -{ +static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* As in the non-PSA case, we don't check that * a key has been set. If not, the key slot will * still be in its default state of 0, which is * guaranteed to be invalid, hence the PSA-call * below will gracefully fail. */ - mbedtls_cipher_context_psa * const cipher_psa = + mbedtls_cipher_context_psa *const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; psa_status_t status; /* PSA Crypto API always writes the authentication tag * at the end of the encrypted message. */ - if( output == NULL || tag != output + ilen ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (output == NULL || tag != output + ilen) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); - status = psa_aead_encrypt( cipher_psa->slot, - cipher_psa->alg, - iv, iv_len, - ad, ad_len, - input, ilen, - output, ilen + tag_len, olen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_aead_encrypt(cipher_psa->slot, + cipher_psa->alg, + iv, iv_len, + ad, ad_len, + input, ilen, + output, ilen + tag_len, olen); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); *olen -= tag_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { *olen = ilen; - return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, - ilen, iv, iv_len, ad, ad_len, - input, output, tag_len, tag ) ); + return (mbedtls_gcm_crypt_and_tag(ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT, + ilen, iv, iv_len, ad, ad_len, + input, output, tag_len, tag)); } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) - if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) { *olen = ilen; - return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen, - iv, iv_len, ad, ad_len, input, output, - tag, tag_len ) ); + return (mbedtls_ccm_encrypt_and_tag(ctx->cipher_ctx, ilen, + iv, iv_len, ad, ad_len, input, output, + tag, tag_len)); } #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { /* ChachaPoly has fixed length nonce and MAC (tag) */ - if ( ( iv_len != ctx->cipher_info->iv_size ) || - ( tag_len != 16U ) ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ((iv_len != ctx->cipher_info->iv_size) || + (tag_len != 16U)) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } *olen = ilen; - return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx, - ilen, iv, ad, ad_len, input, output, tag ) ); + return (mbedtls_chachapoly_encrypt_and_tag(ctx->cipher_ctx, + ilen, iv, ad, ad_len, input, output, tag)); } #endif /* MBEDTLS_CHACHAPOLY_C */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } /* * Packet-oriented encryption for AEAD modes: internal function shared by * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). */ -static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) -{ +static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + const unsigned char *tag, size_t tag_len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ctx->psa_enabled == 1 ) - { + if (ctx->psa_enabled == 1) { /* As in the non-PSA case, we don't check that * a key has been set. If not, the key slot will * still be in its default state of 0, which is * guaranteed to be invalid, hence the PSA-call * below will gracefully fail. */ - mbedtls_cipher_context_psa * const cipher_psa = + mbedtls_cipher_context_psa *const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; psa_status_t status; /* PSA Crypto API always writes the authentication tag * at the end of the encrypted message. */ - if( input == NULL || tag != input + ilen ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (input == NULL || tag != input + ilen) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); - status = psa_aead_decrypt( cipher_psa->slot, - cipher_psa->alg, - iv, iv_len, - ad, ad_len, - input, ilen + tag_len, - output, ilen, olen ); - if( status == PSA_ERROR_INVALID_SIGNATURE ) - return( MBEDTLS_ERR_CIPHER_AUTH_FAILED ); - else if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); + status = psa_aead_decrypt(cipher_psa->slot, + cipher_psa->alg, + iv, iv_len, + ad, ad_len, + input, ilen + tag_len, + output, ilen, olen); + if (status == PSA_ERROR_INVALID_SIGNATURE) + return (MBEDTLS_ERR_CIPHER_AUTH_FAILED); + else if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED); - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_GCM_C) - if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_GCM == ctx->cipher_info->mode) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *olen = ilen; - ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen, - iv, iv_len, ad, ad_len, - tag, tag_len, input, output ); + ret = mbedtls_gcm_auth_decrypt(ctx->cipher_ctx, ilen, + iv, iv_len, ad, ad_len, + tag, tag_len, input, output); - if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED ) + if (ret == MBEDTLS_ERR_GCM_AUTH_FAILED) ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; - return( ret ); + return (ret); } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) - if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) - { + if (MBEDTLS_MODE_CCM == ctx->cipher_info->mode) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; *olen = ilen; - ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen, - iv, iv_len, ad, ad_len, - input, output, tag, tag_len ); + ret = mbedtls_ccm_auth_decrypt(ctx->cipher_ctx, ilen, + iv, iv_len, ad, ad_len, + input, output, tag, tag_len); - if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED ) + if (ret == MBEDTLS_ERR_CCM_AUTH_FAILED) ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; - return( ret ); + return (ret); } #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) - { + if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* ChachaPoly has fixed length nonce and MAC (tag) */ - if ( ( iv_len != ctx->cipher_info->iv_size ) || - ( tag_len != 16U ) ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if ((iv_len != ctx->cipher_info->iv_size) || + (tag_len != 16U)) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } *olen = ilen; - ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen, - iv, ad, ad_len, tag, input, output ); + ret = mbedtls_chachapoly_auth_decrypt(ctx->cipher_ctx, ilen, + iv, ad, ad_len, tag, input, output); - if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED ) + if (ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED) ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; - return( ret ); + return (ret); } #endif /* MBEDTLS_CHACHAPOLY_C */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) /* * Packet-oriented encryption for AEAD modes: public legacy function. */ -int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); +int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); - return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - tag, tag_len ) ); + return (mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen, output, olen, + tag, tag_len)); } /* * Packet-oriented decryption for AEAD modes: public legacy function. */ -int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); +int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + const unsigned char *tag, size_t tag_len) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); + CIPHER_VALIDATE_RET(tag_len == 0 || tag != NULL); - return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - tag, tag_len ) ); + return (mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen, output, olen, + tag, tag_len)); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_CIPHER_MODE_AEAD */ @@ -1522,110 +1409,106 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ -int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); +int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); #if defined(MBEDTLS_NIST_KW_C) - if( + if ( #if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->psa_enabled == 0 && #endif - ( MBEDTLS_MODE_KW == ctx->cipher_info->mode || - MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) ) - { - mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? - MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; + (MBEDTLS_MODE_KW == ctx->cipher_info->mode || + MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) { + mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ? + MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; /* There is no iv, tag or ad associated with KW and KWP, * so these length should be 0 as documented. */ - if( iv_len != 0 || tag_len != 0 || ad_len != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (iv_len != 0 || tag_len != 0 || ad_len != 0) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); (void) iv; (void) ad; - return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, - output, olen, output_len ) ); + return (mbedtls_nist_kw_wrap(ctx->cipher_ctx, mode, input, ilen, + output, olen, output_len)); } #endif /* MBEDTLS_NIST_KW_C */ #if defined(MBEDTLS_CIPHER_MODE_AEAD) /* AEAD case: check length before passing on to shared function */ - if( output_len < ilen + tag_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (output_len < ilen + tag_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - output + ilen, tag_len ); + int ret = mbedtls_cipher_aead_encrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen, output, olen, + output + ilen, tag_len); *olen += tag_len; - return( ret ); + return (ret); #else - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_CIPHER_MODE_AEAD */ } /* * Packet-oriented decryption for AEAD/NIST_KW: public function. */ -int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( output_len == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); +int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len) { + CIPHER_VALIDATE_RET(ctx != NULL); + CIPHER_VALIDATE_RET(iv_len == 0 || iv != NULL); + CIPHER_VALIDATE_RET(ad_len == 0 || ad != NULL); + CIPHER_VALIDATE_RET(ilen == 0 || input != NULL); + CIPHER_VALIDATE_RET(output_len == 0 || output != NULL); + CIPHER_VALIDATE_RET(olen != NULL); #if defined(MBEDTLS_NIST_KW_C) - if( + if ( #if defined(MBEDTLS_USE_PSA_CRYPTO) ctx->psa_enabled == 0 && #endif - ( MBEDTLS_MODE_KW == ctx->cipher_info->mode || - MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) ) - { - mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ? - MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; + (MBEDTLS_MODE_KW == ctx->cipher_info->mode || + MBEDTLS_MODE_KWP == ctx->cipher_info->mode)) { + mbedtls_nist_kw_mode_t mode = (MBEDTLS_MODE_KW == ctx->cipher_info->mode) ? + MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP; /* There is no iv, tag or ad associated with KW and KWP, * so these length should be 0 as documented. */ - if( iv_len != 0 || tag_len != 0 || ad_len != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (iv_len != 0 || tag_len != 0 || ad_len != 0) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); (void) iv; (void) ad; - return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, - output, olen, output_len ) ); + return (mbedtls_nist_kw_unwrap(ctx->cipher_ctx, mode, input, ilen, + output, olen, output_len)); } #endif /* MBEDTLS_NIST_KW_C */ #if defined(MBEDTLS_CIPHER_MODE_AEAD) /* AEAD case: check length before passing on to shared function */ - if( ilen < tag_len || output_len < ilen - tag_len ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ilen < tag_len || output_len < ilen - tag_len) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen - tag_len, output, olen, - input + ilen - tag_len, tag_len ) ); + return (mbedtls_cipher_aead_decrypt(ctx, iv, iv_len, ad, ad_len, + input, ilen - tag_len, output, olen, + input + ilen - tag_len, tag_len)); #else - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_CIPHER_MODE_AEAD */ } #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ diff --git a/common/mbedtls/cipher.h b/common/mbedtls/cipher.h index 1cafa6ec2..63533924d 100644 --- a/common/mbedtls/cipher.h +++ b/common/mbedtls/cipher.h @@ -265,8 +265,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t; * Cipher information. Allows calling cipher functions * in a generic way. */ -typedef struct mbedtls_cipher_info_t -{ +typedef struct mbedtls_cipher_info_t { /** Full cipher identifier. For example, * MBEDTLS_CIPHER_AES_256_CBC. */ @@ -282,7 +281,7 @@ typedef struct mbedtls_cipher_info_t unsigned int key_bitlen; /** Name of the cipher. */ - const char * name; + const char *name; /** IV or nonce size, in Bytes. * For ciphers that accept variable IV sizes, @@ -307,8 +306,7 @@ typedef struct mbedtls_cipher_info_t /** * Generic cipher context. */ -typedef struct mbedtls_cipher_context_t -{ +typedef struct mbedtls_cipher_context_t { /** Information about the associated cipher. */ const mbedtls_cipher_info_t *cipher_info; @@ -324,8 +322,8 @@ typedef struct mbedtls_cipher_context_t /** Padding functions to use, if relevant for * the specific cipher mode. */ - void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); - int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); + void (*add_padding)(unsigned char *output, size_t olen, size_t data_len); + int (*get_padding)(unsigned char *input, size_t ilen, size_t *data_len); #endif /** Buffer for input that has not been processed yet. */ @@ -375,7 +373,7 @@ typedef struct mbedtls_cipher_context_t * \return A statically-allocated array of cipher identifiers * of type cipher_type_t. The last entry is zero. */ -const int *mbedtls_cipher_list( void ); +const int *mbedtls_cipher_list(void); /** * \brief This function retrieves the cipher-information @@ -388,7 +386,7 @@ const int *mbedtls_cipher_list( void ); * given \p cipher_name. * \return \c NULL if the associated cipher information is not found. */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name ); +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(const char *cipher_name); /** * \brief This function retrieves the cipher-information @@ -400,7 +398,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher * given \p cipher_type. * \return \c NULL if the associated cipher information is not found. */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type ); +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type); /** * \brief This function retrieves the cipher-information @@ -416,16 +414,16 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher * given \p cipher_id. * \return \c NULL if the associated cipher information is not found. */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id, - int key_bitlen, - const mbedtls_cipher_mode_t mode ); +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id, + int key_bitlen, + const mbedtls_cipher_mode_t mode); /** * \brief This function initializes a \p cipher_context as NONE. * * \param ctx The context to be initialized. This must not be \c NULL. */ -void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); +void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx); /** * \brief This function frees and clears the cipher-specific @@ -436,7 +434,7 @@ void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ); * function has no effect, otherwise this must point to an * initialized context. */ -void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); +void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx); /** @@ -456,8 +454,8 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ); * In future versions, the caller will be required to call * mbedtls_cipher_init() on the structure first. */ -int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info ); +int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -481,9 +479,9 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the * cipher-specific context fails. */ -int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, - const mbedtls_cipher_info_t *cipher_info, - size_t taglen ); +int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, + const mbedtls_cipher_info_t *cipher_info, + size_t taglen); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -495,10 +493,9 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, * \return \c 0 if \p ctx has not been initialized. */ static inline unsigned int mbedtls_cipher_get_block_size( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + const mbedtls_cipher_context_t *ctx) { + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); + if (ctx->cipher_info == NULL) return 0; return ctx->cipher_info->block_size; @@ -514,10 +511,9 @@ static inline unsigned int mbedtls_cipher_get_block_size( * \return #MBEDTLS_MODE_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); - if( ctx->cipher_info == NULL ) + const mbedtls_cipher_context_t *ctx) { + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE); + if (ctx->cipher_info == NULL) return MBEDTLS_MODE_NONE; return ctx->cipher_info->mode; @@ -534,13 +530,12 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( * \return The actual size if an IV has been set. */ static inline int mbedtls_cipher_get_iv_size( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + const mbedtls_cipher_context_t *ctx) { + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); + if (ctx->cipher_info == NULL) return 0; - if( ctx->iv_size != 0 ) + if (ctx->iv_size != 0) return (int) ctx->iv_size; return (int) ctx->cipher_info->iv_size; @@ -555,11 +550,10 @@ static inline int mbedtls_cipher_get_iv_size( * \return #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized. */ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( - const mbedtls_cipher_context_t *ctx ) -{ + const mbedtls_cipher_context_t *ctx) { MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_CIPHER_NONE ); - if( ctx->cipher_info == NULL ) + ctx != NULL, MBEDTLS_CIPHER_NONE); + if (ctx->cipher_info == NULL) return MBEDTLS_CIPHER_NONE; return ctx->cipher_info->type; @@ -575,10 +569,9 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( * \return NULL if \p ctx has not been not initialized. */ static inline const char *mbedtls_cipher_get_name( - const mbedtls_cipher_context_t *ctx ) -{ - MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + const mbedtls_cipher_context_t *ctx) { + MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); + if (ctx->cipher_info == NULL) return 0; return ctx->cipher_info->name; @@ -594,11 +587,10 @@ static inline const char *mbedtls_cipher_get_name( * initialized. */ static inline int mbedtls_cipher_get_key_bitlen( - const mbedtls_cipher_context_t *ctx ) -{ + const mbedtls_cipher_context_t *ctx) { MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); - if( ctx->cipher_info == NULL ) + ctx != NULL, MBEDTLS_KEY_LENGTH_NONE); + if (ctx->cipher_info == NULL) return MBEDTLS_KEY_LENGTH_NONE; return (int) ctx->cipher_info->key_bitlen; @@ -613,11 +605,10 @@ static inline int mbedtls_cipher_get_key_bitlen( * \return #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized. */ static inline mbedtls_operation_t mbedtls_cipher_get_operation( - const mbedtls_cipher_context_t *ctx ) -{ + const mbedtls_cipher_context_t *ctx) { MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_OPERATION_NONE ); - if( ctx->cipher_info == NULL ) + ctx != NULL, MBEDTLS_OPERATION_NONE); + if (ctx->cipher_info == NULL) return MBEDTLS_OPERATION_NONE; return ctx->operation; @@ -639,10 +630,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, - const unsigned char *key, - int key_bitlen, - const mbedtls_operation_t operation ); +int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, + const unsigned char *key, + int key_bitlen, + const mbedtls_operation_t operation); #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** @@ -661,8 +652,8 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode * does not support padding. */ -int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, - mbedtls_cipher_padding_t mode ); +int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx, + mbedtls_cipher_padding_t mode); #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ /** @@ -683,9 +674,9 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on * parameter-verification failure. */ -int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, - size_t iv_len ); +int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, + size_t iv_len); /** * \brief This function resets the cipher state. @@ -696,7 +687,7 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on * parameter-verification failure. */ -int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); +int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /** @@ -713,8 +704,8 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx ); * \return \c 0 on success. * \return A specific error code on failure. */ -int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, - const unsigned char *ad, size_t ad_len ); +int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx, + const unsigned char *ad, size_t ad_len); #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /** @@ -751,10 +742,10 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, * unsupported mode for a cipher. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, - size_t ilen, unsigned char *output, - size_t *olen ); +int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, + const unsigned char *input, + size_t ilen, unsigned char *output, + size_t *olen); /** * \brief The generic cipher finalization function. If data still @@ -778,8 +769,8 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, * while decrypting. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output, size_t *olen ); +int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output, size_t *olen); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) /** @@ -798,8 +789,8 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx, * \return \c 0 on success. * \return A specific error code on failure. */ -int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, - unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx, + unsigned char *tag, size_t tag_len); /** * \brief This function checks the tag for AEAD ciphers. @@ -814,8 +805,8 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, * \return \c 0 on success. * \return A specific error code on failure. */ -int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, - const unsigned char *tag, size_t tag_len ); +int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx, + const unsigned char *tag, size_t tag_len); #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ /** @@ -851,10 +842,10 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, * while decrypting. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen ); +int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen); #if defined(MBEDTLS_CIPHER_MODE_AEAD) #if ! defined(MBEDTLS_DEPRECATED_REMOVED) @@ -909,13 +900,13 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) - MBEDTLS_DEPRECATED; +int mbedtls_cipher_auth_encrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len) +MBEDTLS_DEPRECATED; /** * \brief The generic authenticated decryption (AEAD) function. @@ -968,13 +959,13 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) - MBEDTLS_DEPRECATED; +int mbedtls_cipher_auth_decrypt(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + const unsigned char *tag, size_t tag_len) +MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_CIPHER_MODE_AEAD */ @@ -1024,12 +1015,12 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, * parameter-verification failure. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ); +int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len); /** * \brief The authenticated encryption (AEAD/NIST_KW) function. @@ -1080,12 +1071,12 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t output_len, - size_t *olen, size_t tag_len ); +int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t output_len, + size_t *olen, size_t tag_len); #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } diff --git a/common/mbedtls/cipher_internal.h b/common/mbedtls/cipher_internal.h index 2484c01c7..dc8f4f244 100644 --- a/common/mbedtls/cipher_internal.h +++ b/common/mbedtls/cipher_internal.h @@ -43,96 +43,92 @@ extern "C" { /** * Base cipher information. The non-mode specific functions and values. */ -struct mbedtls_cipher_base_t -{ +struct mbedtls_cipher_base_t { /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */ mbedtls_cipher_id_t cipher; /** Encrypt using ECB */ - int (*ecb_func)( void *ctx, mbedtls_operation_t mode, - const unsigned char *input, unsigned char *output ); + int (*ecb_func)(void *ctx, mbedtls_operation_t mode, + const unsigned char *input, unsigned char *output); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** Encrypt using CBC */ - int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length, - unsigned char *iv, const unsigned char *input, - unsigned char *output ); + int (*cbc_func)(void *ctx, mbedtls_operation_t mode, size_t length, + unsigned char *iv, const unsigned char *input, + unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_CFB) /** Encrypt using CFB (Full length) */ - int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, - unsigned char *iv, const unsigned char *input, - unsigned char *output ); + int (*cfb_func)(void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off, + unsigned char *iv, const unsigned char *input, + unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_OFB) /** Encrypt using OFB (Full length) */ - int (*ofb_func)( void *ctx, size_t length, size_t *iv_off, - unsigned char *iv, - const unsigned char *input, - unsigned char *output ); + int (*ofb_func)(void *ctx, size_t length, size_t *iv_off, + unsigned char *iv, + const unsigned char *input, + unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_CTR) /** Encrypt using CTR */ - int (*ctr_func)( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ); + int (*ctr_func)(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_XTS) /** Encrypt or decrypt using XTS. */ - int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length, - const unsigned char data_unit[16], - const unsigned char *input, unsigned char *output ); + int (*xts_func)(void *ctx, mbedtls_operation_t mode, size_t length, + const unsigned char data_unit[16], + const unsigned char *input, unsigned char *output); #endif #if defined(MBEDTLS_CIPHER_MODE_STREAM) /** Encrypt using STREAM */ - int (*stream_func)( void *ctx, size_t length, - const unsigned char *input, unsigned char *output ); + int (*stream_func)(void *ctx, size_t length, + const unsigned char *input, unsigned char *output); #endif /** Set key for encryption purposes */ - int (*setkey_enc_func)( void *ctx, const unsigned char *key, - unsigned int key_bitlen ); + int (*setkey_enc_func)(void *ctx, const unsigned char *key, + unsigned int key_bitlen); /** Set key for decryption purposes */ - int (*setkey_dec_func)( void *ctx, const unsigned char *key, - unsigned int key_bitlen); + int (*setkey_dec_func)(void *ctx, const unsigned char *key, + unsigned int key_bitlen); /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); + void *(*ctx_alloc_func)(void); /** Free the given context */ - void (*ctx_free_func)( void *ctx ); + void (*ctx_free_func)(void *ctx); }; -typedef struct -{ +typedef struct { mbedtls_cipher_type_t type; const mbedtls_cipher_info_t *info; } mbedtls_cipher_definition_t; #if defined(MBEDTLS_USE_PSA_CRYPTO) -typedef enum -{ +typedef enum { MBEDTLS_CIPHER_PSA_KEY_UNSET = 0, MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */ - /* use raw key material internally imported */ - /* as a volatile key, and which hence need */ - /* to destroy that key when the context is */ - /* freed. */ + /* use raw key material internally imported */ + /* as a volatile key, and which hence need */ + /* to destroy that key when the context is */ + /* freed. */ MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts */ - /* which use a key provided by the */ - /* user, and which hence will not be */ - /* destroyed when the context is freed. */ + /* which use a key provided by the */ + /* user, and which hence will not be */ + /* destroyed when the context is freed. */ } mbedtls_cipher_psa_key_ownership; -typedef struct -{ +typedef struct { psa_algorithm_t alg; psa_key_id_t slot; mbedtls_cipher_psa_key_ownership slot_state; diff --git a/common/mbedtls/cipher_wrap.c b/common/mbedtls/cipher_wrap.c index 57eb3cb67..d8261e4ef 100644 --- a/common/mbedtls/cipher_wrap.c +++ b/common/mbedtls/cipher_wrap.c @@ -86,100 +86,89 @@ #if defined(MBEDTLS_GCM_C) /* shared by all GCM ciphers */ -static void *gcm_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) ); +static void *gcm_ctx_alloc(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context)); - if( ctx != NULL ) - mbedtls_gcm_init( (mbedtls_gcm_context *) ctx ); + if (ctx != NULL) + mbedtls_gcm_init((mbedtls_gcm_context *) ctx); - return( ctx ); + return (ctx); } -static void gcm_ctx_free( void *ctx ) -{ - mbedtls_gcm_free( ctx ); - mbedtls_free( ctx ); +static void gcm_ctx_free(void *ctx) { + mbedtls_gcm_free(ctx); + mbedtls_free(ctx); } #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) /* shared by all CCM ciphers */ -static void *ccm_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) ); +static void *ccm_ctx_alloc(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context)); - if( ctx != NULL ) - mbedtls_ccm_init( (mbedtls_ccm_context *) ctx ); + if (ctx != NULL) + mbedtls_ccm_init((mbedtls_ccm_context *) ctx); - return( ctx ); + return (ctx); } -static void ccm_ctx_free( void *ctx ) -{ - mbedtls_ccm_free( ctx ); - mbedtls_free( ctx ); +static void ccm_ctx_free(void *ctx) { + mbedtls_ccm_free(ctx); + mbedtls_free(ctx); } #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_AES_C) -static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output ); +static int aes_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { + return mbedtls_aes_crypt_ecb((mbedtls_aes_context *) ctx, operation, input, output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input, - output ); +static int aes_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length, + unsigned char *iv, const unsigned char *input, unsigned char *output) { + return mbedtls_aes_crypt_cbc((mbedtls_aes_context *) ctx, operation, length, iv, input, + output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv, - input, output ); +static int aes_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { + return mbedtls_aes_crypt_cfb128((mbedtls_aes_context *) ctx, operation, length, iv_off, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) -static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off, - unsigned char *iv, const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off, - iv, input, output ); +static int aes_crypt_ofb_wrap(void *ctx, size_t length, size_t *iv_off, + unsigned char *iv, const unsigned char *input, unsigned char *output) { + return mbedtls_aes_crypt_ofb((mbedtls_aes_context *) ctx, length, iv_off, + iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter, - stream_block, input, output ); +static int aes_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { + return mbedtls_aes_crypt_ctr((mbedtls_aes_context *) ctx, length, nc_off, nonce_counter, + stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, - const unsigned char data_unit[16], - const unsigned char *input, - unsigned char *output ) -{ +static int aes_crypt_xts_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, + const unsigned char data_unit[16], + const unsigned char *input, + unsigned char *output) { mbedtls_aes_xts_context *xts_ctx = ctx; int mode; - switch( operation ) - { + switch (operation) { case MBEDTLS_ENCRYPT: mode = MBEDTLS_AES_ENCRYPT; break; @@ -190,39 +179,35 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation, return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; } - return mbedtls_aes_crypt_xts( xts_ctx, mode, length, - data_unit, input, output ); + return mbedtls_aes_crypt_xts(xts_ctx, mode, length, + data_unit, input, output); } #endif /* MBEDTLS_CIPHER_MODE_XTS */ -static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen ); +static int aes_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_aes_setkey_dec((mbedtls_aes_context *) ctx, key, key_bitlen); } -static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen ); +static int aes_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_aes_setkey_enc((mbedtls_aes_context *) ctx, key, key_bitlen); } -static void * aes_ctx_alloc( void ) -{ - mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) ); +static void *aes_ctx_alloc(void) { + mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context)); - if( aes == NULL ) - return( NULL ); + if (aes == NULL) + return (NULL); - mbedtls_aes_init( aes ); + mbedtls_aes_init(aes); - return( aes ); + return (aes); } -static void aes_ctx_free( void *ctx ) -{ - mbedtls_aes_free( (mbedtls_aes_context *) ctx ); - mbedtls_free( ctx ); +static void aes_ctx_free(void *ctx) { + mbedtls_aes_free((mbedtls_aes_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t aes_info = { @@ -426,39 +411,35 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = { #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) -static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int xts_aes_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { mbedtls_aes_xts_context *xts_ctx = ctx; - return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) ); + return (mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen)); } -static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { mbedtls_aes_xts_context *xts_ctx = ctx; - return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) ); + return (mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen)); } -static void *xts_aes_ctx_alloc( void ) -{ - mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) ); +static void *xts_aes_ctx_alloc(void) { + mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx)); - if( xts_ctx != NULL ) - mbedtls_aes_xts_init( xts_ctx ); + if (xts_ctx != NULL) + mbedtls_aes_xts_init(xts_ctx); - return( xts_ctx ); + return (xts_ctx); } -static void xts_aes_ctx_free( void *ctx ) -{ +static void xts_aes_ctx_free(void *ctx) { mbedtls_aes_xts_context *xts_ctx = ctx; - if( xts_ctx == NULL ) + if (xts_ctx == NULL) return; - mbedtls_aes_xts_free( xts_ctx ); - mbedtls_free( xts_ctx ); + mbedtls_aes_xts_free(xts_ctx); + mbedtls_free(xts_ctx); } static const mbedtls_cipher_base_t xts_aes_info = { @@ -512,11 +493,10 @@ static const mbedtls_cipher_info_t aes_256_xts_info = { #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_GCM_C) -static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, - key, key_bitlen ); +static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, + key, key_bitlen); } static const mbedtls_cipher_base_t gcm_aes_info = { @@ -581,11 +561,10 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) -static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, - key, key_bitlen ); +static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, + key, key_bitlen); } static const mbedtls_cipher_base_t ccm_aes_info = { @@ -653,72 +632,64 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { #if defined(MBEDTLS_CAMELLIA_C) -static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input, - output ); +static int camellia_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { + return mbedtls_camellia_crypt_ecb((mbedtls_camellia_context *) ctx, operation, input, + output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv, - input, output ); +static int camellia_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, + const unsigned char *input, unsigned char *output) { + return mbedtls_camellia_crypt_cbc((mbedtls_camellia_context *) ctx, operation, length, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length, - iv_off, iv, input, output ); +static int camellia_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { + return mbedtls_camellia_crypt_cfb128((mbedtls_camellia_context *) ctx, operation, length, + iv_off, iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); +static int camellia_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { + return mbedtls_camellia_crypt_ctr((mbedtls_camellia_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen ); +static int camellia_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_camellia_setkey_dec((mbedtls_camellia_context *) ctx, key, key_bitlen); } -static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen ); +static int camellia_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_camellia_setkey_enc((mbedtls_camellia_context *) ctx, key, key_bitlen); } -static void * camellia_ctx_alloc( void ) -{ +static void *camellia_ctx_alloc(void) { mbedtls_camellia_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) + return (NULL); - mbedtls_camellia_init( ctx ); + mbedtls_camellia_init(ctx); - return( ctx ); + return (ctx); } -static void camellia_ctx_free( void *ctx ) -{ - mbedtls_camellia_free( (mbedtls_camellia_context *) ctx ); - mbedtls_free( ctx ); +static void camellia_ctx_free(void *ctx) { + mbedtls_camellia_free((mbedtls_camellia_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t camellia_info = { @@ -887,11 +858,10 @@ static const mbedtls_cipher_info_t camellia_256_ctr_info = { #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_GCM_C) -static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, - key, key_bitlen ); +static int gcm_camellia_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, + key, key_bitlen); } static const mbedtls_cipher_base_t gcm_camellia_info = { @@ -956,11 +926,10 @@ static const mbedtls_cipher_info_t camellia_256_gcm_info = { #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) -static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, - key, key_bitlen ); +static int ccm_camellia_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA, + key, key_bitlen); } static const mbedtls_cipher_base_t ccm_camellia_info = { @@ -1028,73 +997,65 @@ static const mbedtls_cipher_info_t camellia_256_ccm_info = { #if defined(MBEDTLS_ARIA_C) -static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ +static int aria_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { (void) operation; - return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input, - output ); + return mbedtls_aria_crypt_ecb((mbedtls_aria_context *) ctx, input, + output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv, - input, output ); +static int aria_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, + const unsigned char *input, unsigned char *output) { + return mbedtls_aria_crypt_cbc((mbedtls_aria_context *) ctx, operation, length, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length, - iv_off, iv, input, output ); +static int aria_crypt_cfb128_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { + return mbedtls_aria_crypt_cfb128((mbedtls_aria_context *) ctx, operation, length, + iv_off, iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); +static int aria_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { + return mbedtls_aria_crypt_ctr((mbedtls_aria_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen ); +static int aria_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_aria_setkey_dec((mbedtls_aria_context *) ctx, key, key_bitlen); } -static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen ); +static int aria_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_aria_setkey_enc((mbedtls_aria_context *) ctx, key, key_bitlen); } -static void * aria_ctx_alloc( void ) -{ +static void *aria_ctx_alloc(void) { mbedtls_aria_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) + return (NULL); - mbedtls_aria_init( ctx ); + mbedtls_aria_init(ctx); - return( ctx ); + return (ctx); } -static void aria_ctx_free( void *ctx ) -{ - mbedtls_aria_free( (mbedtls_aria_context *) ctx ); - mbedtls_free( ctx ); +static void aria_ctx_free(void *ctx) { + mbedtls_aria_free((mbedtls_aria_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t aria_info = { @@ -1263,11 +1224,10 @@ static const mbedtls_cipher_info_t aria_256_ctr_info = { #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_GCM_C) -static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, - key, key_bitlen ); +static int gcm_aria_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, + key, key_bitlen); } static const mbedtls_cipher_base_t gcm_aria_info = { @@ -1332,11 +1292,10 @@ static const mbedtls_cipher_info_t aria_256_gcm_info = { #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) -static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, - key, key_bitlen ); +static int ccm_aria_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA, + key, key_bitlen); } static const mbedtls_cipher_base_t ccm_aria_info = { @@ -1404,121 +1363,107 @@ static const mbedtls_cipher_info_t aria_256_ccm_info = { #if defined(MBEDTLS_DES_C) -static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ +static int des_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { ((void) operation); - return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output ); + return mbedtls_des_crypt_ecb((mbedtls_des_context *) ctx, input, output); } -static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ +static int des3_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { ((void) operation); - return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output ); + return mbedtls_des3_crypt_ecb((mbedtls_des3_context *) ctx, input, output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) -{ - return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input, - output ); +static int des_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length, + unsigned char *iv, const unsigned char *input, unsigned char *output) { + return mbedtls_des_crypt_cbc((mbedtls_des_context *) ctx, operation, length, iv, input, + output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) -{ - return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input, - output ); +static int des3_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, size_t length, + unsigned char *iv, const unsigned char *input, unsigned char *output) { + return mbedtls_des3_crypt_cbc((mbedtls_des3_context *) ctx, operation, length, iv, input, + output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ -static int des_setkey_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int des_setkey_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key ); + return mbedtls_des_setkey_dec((mbedtls_des_context *) ctx, key); } -static int des_setkey_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int des_setkey_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key ); + return mbedtls_des_setkey_enc((mbedtls_des_context *) ctx, key); } -static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int des3_set2key_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set2key_dec((mbedtls_des3_context *) ctx, key); } -static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int des3_set2key_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set2key_enc((mbedtls_des3_context *) ctx, key); } -static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int des3_set3key_dec_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set3key_dec((mbedtls_des3_context *) ctx, key); } -static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int des3_set3key_enc_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) key_bitlen); - return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key ); + return mbedtls_des3_set3key_enc((mbedtls_des3_context *) ctx, key); } -static void * des_ctx_alloc( void ) -{ - mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) ); +static void *des_ctx_alloc(void) { + mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context)); - if( des == NULL ) - return( NULL ); + if (des == NULL) + return (NULL); - mbedtls_des_init( des ); + mbedtls_des_init(des); - return( des ); + return (des); } -static void des_ctx_free( void *ctx ) -{ - mbedtls_des_free( (mbedtls_des_context *) ctx ); - mbedtls_free( ctx ); +static void des_ctx_free(void *ctx) { + mbedtls_des_free((mbedtls_des_context *) ctx); + mbedtls_free(ctx); } -static void * des3_ctx_alloc( void ) -{ +static void *des3_ctx_alloc(void) { mbedtls_des3_context *des3; - des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) ); + des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context)); - if( des3 == NULL ) - return( NULL ); + if (des3 == NULL) + return (NULL); - mbedtls_des3_init( des3 ); + mbedtls_des3_init(des3); - return( des3 ); + return (des3); } -static void des3_ctx_free( void *ctx ) -{ - mbedtls_des3_free( (mbedtls_des3_context *) ctx ); - mbedtls_free( ctx ); +static void des3_ctx_free(void *ctx) { + mbedtls_des3_free((mbedtls_des3_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t des_info = { @@ -1676,66 +1621,59 @@ static const mbedtls_cipher_info_t des_ede3_cbc_info = { #if defined(MBEDTLS_BLOWFISH_C) -static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input, - output ); +static int blowfish_crypt_ecb_wrap(void *ctx, mbedtls_operation_t operation, + const unsigned char *input, unsigned char *output) { + return mbedtls_blowfish_crypt_ecb((mbedtls_blowfish_context *) ctx, operation, input, + output); } #if defined(MBEDTLS_CIPHER_MODE_CBC) -static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, const unsigned char *input, - unsigned char *output ) -{ - return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv, - input, output ); +static int blowfish_crypt_cbc_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, unsigned char *iv, const unsigned char *input, + unsigned char *output) { + return mbedtls_blowfish_crypt_cbc((mbedtls_blowfish_context *) ctx, operation, length, iv, + input, output); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) -static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length, - iv_off, iv, input, output ); +static int blowfish_crypt_cfb64_wrap(void *ctx, mbedtls_operation_t operation, + size_t length, size_t *iv_off, unsigned char *iv, + const unsigned char *input, unsigned char *output) { + return mbedtls_blowfish_crypt_cfb64((mbedtls_blowfish_context *) ctx, operation, length, + iv_off, iv, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) -static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); +static int blowfish_crypt_ctr_wrap(void *ctx, size_t length, size_t *nc_off, + unsigned char *nonce_counter, unsigned char *stream_block, + const unsigned char *input, unsigned char *output) { + return mbedtls_blowfish_crypt_ctr((mbedtls_blowfish_context *) ctx, length, nc_off, + nonce_counter, stream_block, input, output); } #endif /* MBEDTLS_CIPHER_MODE_CTR */ -static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen ); +static int blowfish_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_blowfish_setkey((mbedtls_blowfish_context *) ctx, key, key_bitlen); } -static void * blowfish_ctx_alloc( void ) -{ +static void *blowfish_ctx_alloc(void) { mbedtls_blowfish_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_blowfish_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) + return (NULL); - mbedtls_blowfish_init( ctx ); + mbedtls_blowfish_init(ctx); - return( ctx ); + return (ctx); } -static void blowfish_ctx_free( void *ctx ) -{ - mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx ); - mbedtls_free( ctx ); +static void blowfish_ctx_free(void *ctx) { + mbedtls_blowfish_free((mbedtls_blowfish_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t blowfish_info = { @@ -1817,41 +1755,37 @@ static const mbedtls_cipher_info_t blowfish_ctr_info = { #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_ARC4_C) -static int arc4_crypt_stream_wrap( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) -{ - return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) ); +static int arc4_crypt_stream_wrap(void *ctx, size_t length, + const unsigned char *input, + unsigned char *output) { + return (mbedtls_arc4_crypt((mbedtls_arc4_context *) ctx, length, input, output)); } -static int arc4_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int arc4_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { /* we get key_bitlen in bits, arc4 expects it in bytes */ - if( key_bitlen % 8 != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key_bitlen % 8 != 0) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 ); - return( 0 ); + mbedtls_arc4_setup((mbedtls_arc4_context *) ctx, key, key_bitlen / 8); + return (0); } -static void * arc4_ctx_alloc( void ) -{ +static void *arc4_ctx_alloc(void) { mbedtls_arc4_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_arc4_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) + return (NULL); - mbedtls_arc4_init( ctx ); + mbedtls_arc4_init(ctx); - return( ctx ); + return (ctx); } -static void arc4_ctx_free( void *ctx ) -{ - mbedtls_arc4_free( (mbedtls_arc4_context *) ctx ); - mbedtls_free( ctx ); +static void arc4_ctx_free(void *ctx) { + mbedtls_arc4_free((mbedtls_arc4_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t arc4_base_info = { @@ -1895,48 +1829,44 @@ static const mbedtls_cipher_info_t arc4_128_info = { #if defined(MBEDTLS_CHACHA20_C) -static int chacha20_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - if( key_bitlen != 256U ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +static int chacha20_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + if (key_bitlen != 256U) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *)ctx, key)) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - return( 0 ); + return (0); } -static int chacha20_stream_wrap( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) -{ +static int chacha20_stream_wrap(void *ctx, size_t length, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_chacha20_update( ctx, length, input, output ); - if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + ret = mbedtls_chacha20_update(ctx, length, input, output); + if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - return( ret ); + return (ret); } -static void * chacha20_ctx_alloc( void ) -{ +static void *chacha20_ctx_alloc(void) { mbedtls_chacha20_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) + return (NULL); - mbedtls_chacha20_init( ctx ); + mbedtls_chacha20_init(ctx); - return( ctx ); + return (ctx); } -static void chacha20_ctx_free( void *ctx ) -{ - mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx ); - mbedtls_free( ctx ); +static void chacha20_ctx_free(void *ctx) { + mbedtls_chacha20_free((mbedtls_chacha20_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t chacha20_base_info = { @@ -1979,36 +1909,33 @@ static const mbedtls_cipher_info_t chacha20_info = { #if defined(MBEDTLS_CHACHAPOLY_C) -static int chachapoly_setkey_wrap( void *ctx, - const unsigned char *key, - unsigned int key_bitlen ) -{ - if( key_bitlen != 256U ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); +static int chachapoly_setkey_wrap(void *ctx, + const unsigned char *key, + unsigned int key_bitlen) { + if (key_bitlen != 256U) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *)ctx, key)) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - return( 0 ); + return (0); } -static void * chachapoly_ctx_alloc( void ) -{ +static void *chachapoly_ctx_alloc(void) { mbedtls_chachapoly_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) ); + ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context)); - if( ctx == NULL ) - return( NULL ); + if (ctx == NULL) + return (NULL); - mbedtls_chachapoly_init( ctx ); + mbedtls_chachapoly_init(ctx); - return( ctx ); + return (ctx); } -static void chachapoly_ctx_free( void *ctx ) -{ - mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx ); - mbedtls_free( ctx ); +static void chachapoly_ctx_free(void *ctx) { + mbedtls_chachapoly_free((mbedtls_chachapoly_context *) ctx); + mbedtls_free(ctx); } static const mbedtls_cipher_base_t chachapoly_base_info = { @@ -2050,32 +1977,28 @@ static const mbedtls_cipher_info_t chachapoly_info = { #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) -static int null_crypt_stream( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) -{ +static int null_crypt_stream(void *ctx, size_t length, + const unsigned char *input, + unsigned char *output) { ((void) ctx); - memmove( output, input, length ); - return( 0 ); + memmove(output, input, length); + return (0); } -static int null_setkey( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ +static int null_setkey(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { ((void) ctx); ((void) key); ((void) key_bitlen); - return( 0 ); + return (0); } -static void * null_ctx_alloc( void ) -{ - return( (void *) 1 ); +static void *null_ctx_alloc(void) { + return ((void *) 1); } -static void null_ctx_free( void *ctx ) -{ +static void null_ctx_free(void *ctx) { ((void) ctx); } @@ -2119,34 +2042,30 @@ static const mbedtls_cipher_info_t null_cipher_info = { #endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */ #if defined(MBEDTLS_NIST_KW_C) -static void *kw_ctx_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) ); +static void *kw_ctx_alloc(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context)); - if( ctx != NULL ) - mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx ); + if (ctx != NULL) + mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx); - return( ctx ); + return (ctx); } -static void kw_ctx_free( void *ctx ) -{ - mbedtls_nist_kw_free( ctx ); - mbedtls_free( ctx ); +static void kw_ctx_free(void *ctx) { + mbedtls_nist_kw_free(ctx); + mbedtls_free(ctx); } -static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, - MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 ); +static int kw_aes_setkey_wrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx, + MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1); } -static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx, - MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 ); +static int kw_aes_setkey_unwrap(void *ctx, const unsigned char *key, + unsigned int key_bitlen) { + return mbedtls_nist_kw_setkey((mbedtls_nist_kw_context *) ctx, + MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0); } static const mbedtls_cipher_base_t kw_aes_info = { @@ -2243,8 +2162,7 @@ static const mbedtls_cipher_info_t aes_256_nist_kwp_info = { }; #endif /* MBEDTLS_NIST_KW_C */ -const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = -{ +const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { #if defined(MBEDTLS_AES_C) { MBEDTLS_CIPHER_AES_128_ECB, &aes_128_ecb_info }, { MBEDTLS_CIPHER_AES_192_ECB, &aes_192_ecb_info }, diff --git a/common/mbedtls/cmac.c b/common/mbedtls/cmac.c index 06f8eec0d..32a5937b0 100644 --- a/common/mbedtls/cmac.c +++ b/common/mbedtls/cmac.c @@ -63,31 +63,24 @@ * Input and output MUST NOT point to the same buffer * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES. */ -static int cmac_multiply_by_u( unsigned char *output, - const unsigned char *input, - size_t blocksize ) -{ +static int cmac_multiply_by_u(unsigned char *output, + const unsigned char *input, + size_t blocksize) { const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; unsigned char R_n, mask; unsigned char overflow = 0x00; int i; - if( blocksize == MBEDTLS_AES_BLOCK_SIZE ) - { + if (blocksize == MBEDTLS_AES_BLOCK_SIZE) { R_n = R_128; - } - else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE ) - { + } else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) { R_n = R_64; - } - else - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + } else { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - for( i = (int)blocksize - 1; i >= 0; i-- ) - { + for (i = (int)blocksize - 1; i >= 0; i--) { output[i] = input[i] << 1 | overflow; overflow = input[i] >> 7; } @@ -101,14 +94,14 @@ static int cmac_multiply_by_u( unsigned char *output, #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - mask = - ( input[0] >> 7 ); + mask = - (input[0] >> 7); #if defined(_MSC_VER) #pragma warning( pop ) #endif output[ blocksize - 1 ] ^= R_n & mask; - return( 0 ); + return (0); } /* @@ -116,45 +109,43 @@ static int cmac_multiply_by_u( unsigned char *output, * * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm */ -static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx, - unsigned char* K1, unsigned char* K2 ) -{ +static int cmac_generate_subkeys(mbedtls_cipher_context_t *ctx, + unsigned char *K1, unsigned char *K2) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX]; size_t olen, block_size; - mbedtls_platform_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize(L, sizeof(L)); block_size = ctx->cipher_info->block_size; /* Calculate Ek(0) */ - if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 ) + if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) goto exit; /* * Generate K1 and K2 */ - if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 ) + if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) goto exit; - if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 ) + if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) goto exit; exit: - mbedtls_platform_zeroize( L, sizeof( L ) ); + mbedtls_platform_zeroize(L, sizeof(L)); - return( ret ); + return (ret); } #endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */ #if !defined(MBEDTLS_CMAC_ALT) -static void cmac_xor_block( unsigned char *output, const unsigned char *input1, - const unsigned char *input2, - const size_t block_size ) -{ +static void cmac_xor_block(unsigned char *output, const unsigned char *input1, + const unsigned char *input2, + const size_t block_size) { size_t idx; - for( idx = 0; idx < block_size; idx++ ) + for (idx = 0; idx < block_size; idx++) output[ idx ] = input1[ idx ] ^ input2[ idx ]; } @@ -164,75 +155,70 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1, * We can't use the padding option from the cipher layer, as it only works for * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ -static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], - size_t padded_block_len, - const unsigned char *last_block, - size_t last_block_len ) -{ +static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX], + size_t padded_block_len, + const unsigned char *last_block, + size_t last_block_len) { size_t j; - for( j = 0; j < padded_block_len; j++ ) - { - if( j < last_block_len ) + for (j = 0; j < padded_block_len; j++) { + if (j < last_block_len) padded_block[j] = last_block[j]; - else if( j == last_block_len ) + else if (j == last_block_len) padded_block[j] = 0x80; else padded_block[j] = 0x00; } } -int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keybits ) -{ +int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keybits) { mbedtls_cipher_type_t type; mbedtls_cmac_context_t *cmac_ctx; int retval; - if( ctx == NULL || ctx->cipher_info == NULL || key == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - return( retval ); + if ((retval = mbedtls_cipher_setkey(ctx, key, (int)keybits, + MBEDTLS_ENCRYPT)) != 0) + return (retval); type = ctx->cipher_info->type; - switch( type ) - { + switch (type) { case MBEDTLS_CIPHER_AES_128_ECB: case MBEDTLS_CIPHER_AES_192_ECB: case MBEDTLS_CIPHER_AES_256_ECB: case MBEDTLS_CIPHER_DES_EDE3_ECB: break; default: - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } /* Allocated and initialise in the cipher context memory for the CMAC * context */ - cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) ); - if( cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); + cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t)); + if (cmac_ctx == NULL) + return (MBEDTLS_ERR_CIPHER_ALLOC_FAILED); ctx->cmac_ctx = cmac_ctx; - mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state)); return 0; } -int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, size_t ilen ) -{ - mbedtls_cmac_context_t* cmac_ctx; +int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen) { + mbedtls_cmac_context_t *cmac_ctx; unsigned char *state; int ret = 0; size_t n, j, olen, block_size; - if( ctx == NULL || ctx->cipher_info == NULL || input == NULL || - ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || input == NULL || + ctx->cmac_ctx == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); cmac_ctx = ctx->cmac_ctx; block_size = ctx->cipher_info->block_size; @@ -240,19 +226,17 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, /* Is there data still to process from the last call, that's greater in * size than a block? */ - if( cmac_ctx->unprocessed_len > 0 && - ilen > block_size - cmac_ctx->unprocessed_len ) - { - memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], - input, - block_size - cmac_ctx->unprocessed_len ); + if (cmac_ctx->unprocessed_len > 0 && + ilen > block_size - cmac_ctx->unprocessed_len) { + memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + block_size - cmac_ctx->unprocessed_len); - cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size ); + cmac_xor_block(state, cmac_ctx->unprocessed_block, state, block_size); - if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, - &olen ) ) != 0 ) - { - goto exit; + if ((ret = mbedtls_cipher_update(ctx, state, block_size, state, + &olen)) != 0) { + goto exit; } input += block_size - cmac_ctx->unprocessed_len; @@ -261,39 +245,36 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, } /* n is the number of blocks including any final partial block */ - n = ( ilen + block_size - 1 ) / block_size; + n = (ilen + block_size - 1) / block_size; /* Iterate across the input data in block sized chunks, excluding any * final partial or complete block */ - for( j = 1; j < n; j++ ) - { - cmac_xor_block( state, input, state, block_size ); + for (j = 1; j < n; j++) { + cmac_xor_block(state, input, state, block_size); - if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, - &olen ) ) != 0 ) - goto exit; + if ((ret = mbedtls_cipher_update(ctx, state, block_size, state, + &olen)) != 0) + goto exit; ilen -= block_size; input += block_size; } /* If there is data left over that wasn't aligned to a block */ - if( ilen > 0 ) - { - memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], - input, - ilen ); + if (ilen > 0) { + memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], + input, + ilen); cmac_ctx->unprocessed_len += ilen; } exit: - return( ret ); + return (ret); } -int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output ) -{ - mbedtls_cmac_context_t* cmac_ctx; +int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output) { + mbedtls_cmac_context_t *cmac_ctx; unsigned char *state, *last_block; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -301,153 +282,142 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen, block_size; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || - output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || + output == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); cmac_ctx = ctx->cmac_ctx; block_size = ctx->cipher_info->block_size; state = cmac_ctx->state; - mbedtls_platform_zeroize( K1, sizeof( K1 ) ); - mbedtls_platform_zeroize( K2, sizeof( K2 ) ); - cmac_generate_subkeys( ctx, K1, K2 ); + mbedtls_platform_zeroize(K1, sizeof(K1)); + mbedtls_platform_zeroize(K2, sizeof(K2)); + cmac_generate_subkeys(ctx, K1, K2); last_block = cmac_ctx->unprocessed_block; /* Calculate last block */ - if( cmac_ctx->unprocessed_len < block_size ) - { - cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len ); - cmac_xor_block( M_last, M_last, K2, block_size ); - } - else - { + if (cmac_ctx->unprocessed_len < block_size) { + cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len); + cmac_xor_block(M_last, M_last, K2, block_size); + } else { /* Last block is complete block */ - cmac_xor_block( M_last, last_block, K1, block_size ); + cmac_xor_block(M_last, last_block, K1, block_size); } - cmac_xor_block( state, M_last, state, block_size ); - if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state, - &olen ) ) != 0 ) - { + cmac_xor_block(state, M_last, state, block_size); + if ((ret = mbedtls_cipher_update(ctx, state, block_size, state, + &olen)) != 0) { goto exit; } - memcpy( output, state, block_size ); + memcpy(output, state, block_size); exit: /* Wipe the generated keys on the stack, and any other transients to avoid * side channel leakage */ - mbedtls_platform_zeroize( K1, sizeof( K1 ) ); - mbedtls_platform_zeroize( K2, sizeof( K2 ) ); + mbedtls_platform_zeroize(K1, sizeof(K1)); + mbedtls_platform_zeroize(K2, sizeof(K2)); cmac_ctx->unprocessed_len = 0; - mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); + mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, + sizeof(cmac_ctx->unprocessed_block)); - mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX ); - return( ret ); + mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX); + return (ret); } -int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ) -{ - mbedtls_cmac_context_t* cmac_ctx; +int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx) { + mbedtls_cmac_context_t *cmac_ctx; - if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); cmac_ctx = ctx->cmac_ctx; /* Reset the internal state */ cmac_ctx->unprocessed_len = 0; - mbedtls_platform_zeroize( cmac_ctx->unprocessed_block, - sizeof( cmac_ctx->unprocessed_block ) ); - mbedtls_platform_zeroize( cmac_ctx->state, - sizeof( cmac_ctx->state ) ); + mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, + sizeof(cmac_ctx->unprocessed_block)); + mbedtls_platform_zeroize(cmac_ctx->state, + sizeof(cmac_ctx->state)); - return( 0 ); + return (0); } -int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) -{ +int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output) { mbedtls_cipher_context_t ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( cipher_info == NULL || key == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - mbedtls_cipher_init( &ctx ); + mbedtls_cipher_init(&ctx); - if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) + if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) goto exit; - ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen ); - if( ret != 0 ) + ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen); + if (ret != 0) goto exit; - ret = mbedtls_cipher_cmac_update( &ctx, input, ilen ); - if( ret != 0 ) + ret = mbedtls_cipher_cmac_update(&ctx, input, ilen); + if (ret != 0) goto exit; - ret = mbedtls_cipher_cmac_finish( &ctx, output ); + ret = mbedtls_cipher_cmac_finish(&ctx, output); exit: - mbedtls_cipher_free( &ctx ); + mbedtls_cipher_free(&ctx); - return( ret ); + return (ret); } #if defined(MBEDTLS_AES_C) /* * Implementation of AES-CMAC-PRF-128 defined in RFC 4615 */ -int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, - const unsigned char *input, size_t in_len, - unsigned char output[16] ) -{ +int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_length, + const unsigned char *input, size_t in_len, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE]; unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE]; - if( key == NULL || input == NULL || output == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (key == NULL || input == NULL || output == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); - if( cipher_info == NULL ) - { + cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); + if (cipher_info == NULL) { /* Failing at this point must be due to a build issue */ ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto exit; } - if( key_length == MBEDTLS_AES_BLOCK_SIZE ) - { + if (key_length == MBEDTLS_AES_BLOCK_SIZE) { /* Use key as is */ - memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE ); - } - else - { - memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE ); + memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE); + } else { + memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE); - ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key, - key_length, int_key ); - if( ret != 0 ) + ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key, + key_length, int_key); + if (ret != 0) goto exit; } - ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len, - output ); + ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len, + output); exit: - mbedtls_platform_zeroize( int_key, sizeof( int_key ) ); + mbedtls_platform_zeroize(int_key, sizeof(int_key)); - return( ret ); + return (ret); } #endif /* MBEDTLS_AES_C */ @@ -741,344 +711,316 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = { }; #endif /* MBEDTLS_AES_C */ -static int cmac_test_subkeys( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* subkeys, - mbedtls_cipher_type_t cipher_type, - int block_size, - int num_tests ) -{ +static int cmac_test_subkeys(int verbose, + const char *testname, + const unsigned char *key, + int keybits, + const unsigned char *subkeys, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests) { int i, ret = 0; mbedtls_cipher_context_t ctx; const mbedtls_cipher_info_t *cipher_info; unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX]; unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX]; - cipher_info = mbedtls_cipher_info_from_type( cipher_type ); - if( cipher_info == NULL ) - { + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + if (cipher_info == NULL) { /* Failing at this point must be due to a build issue */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); } - for( i = 0; i < num_tests; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " %s CMAC subkey #%d: ", testname, i + 1 ); + for (i = 0; i < num_tests; i++) { + if (verbose != 0) + mbedtls_printf(" %s CMAC subkey #%d: ", testname, i + 1); - mbedtls_cipher_init( &ctx ); + mbedtls_cipher_init(&ctx); - if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "test execution failed\n" ); + if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) { + if (verbose != 0) + mbedtls_printf("test execution failed\n"); goto cleanup; } - if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { + if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { /* When CMAC is implemented by an alternative implementation, or * the underlying primitive itself is implemented alternatively, * AES-192 may be unavailable. This should not cause the selftest * function to fail. */ - if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || - ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && - cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { - if( verbose != 0 ) - mbedtls_printf( "skipped\n" ); + if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) && + cipher_type == MBEDTLS_CIPHER_AES_192_ECB) { + if (verbose != 0) + mbedtls_printf("skipped\n"); goto next_test; } - if( verbose != 0 ) - mbedtls_printf( "test execution failed\n" ); + if (verbose != 0) + mbedtls_printf("test execution failed\n"); goto cleanup; } - ret = cmac_generate_subkeys( &ctx, K1, K2 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = cmac_generate_subkeys(&ctx, K1, K2); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); goto cleanup; } - if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 || - ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((ret = memcmp(K1, subkeys, block_size)) != 0 || + (ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); next_test: - mbedtls_cipher_free( &ctx ); + mbedtls_cipher_free(&ctx); } ret = 0; goto exit; cleanup: - mbedtls_cipher_free( &ctx ); + mbedtls_cipher_free(&ctx); exit: - return( ret ); + return (ret); } -static int cmac_test_wth_cipher( int verbose, - const char* testname, - const unsigned char* key, - int keybits, - const unsigned char* messages, - const unsigned int message_lengths[4], - const unsigned char* expected_result, - mbedtls_cipher_type_t cipher_type, - int block_size, - int num_tests ) -{ +static int cmac_test_wth_cipher(int verbose, + const char *testname, + const unsigned char *key, + int keybits, + const unsigned char *messages, + const unsigned int message_lengths[4], + const unsigned char *expected_result, + mbedtls_cipher_type_t cipher_type, + int block_size, + int num_tests) { const mbedtls_cipher_info_t *cipher_info; int i, ret = 0; unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX]; - cipher_info = mbedtls_cipher_info_from_type( cipher_type ); - if( cipher_info == NULL ) - { + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + if (cipher_info == NULL) { /* Failing at this point must be due to a build issue */ ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto exit; } - for( i = 0; i < num_tests; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " %s CMAC #%d: ", testname, i + 1 ); + for (i = 0; i < num_tests; i++) { + if (verbose != 0) + mbedtls_printf(" %s CMAC #%d: ", testname, i + 1); - if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages, - message_lengths[i], output ) ) != 0 ) - { + if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages, + message_lengths[i], output)) != 0) { /* When CMAC is implemented by an alternative implementation, or * the underlying primitive itself is implemented alternatively, * AES-192 may be unavailable. This should not cause the selftest * function to fail. */ - if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || - ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) && - cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) { - if( verbose != 0 ) - mbedtls_printf( "skipped\n" ); + if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED || + ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) && + cipher_type == MBEDTLS_CIPHER_AES_192_ECB) { + if (verbose != 0) + mbedtls_printf("skipped\n"); continue; } - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); goto exit; } - if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } ret = 0; exit: - return( ret ); + return (ret); } #if defined(MBEDTLS_AES_C) -static int test_aes128_cmac_prf( int verbose ) -{ +static int test_aes128_cmac_prf(int verbose) { int i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output[MBEDTLS_AES_BLOCK_SIZE]; - for( i = 0; i < NB_PRF_TESTS; i++ ) - { - mbedtls_printf( " AES CMAC 128 PRF #%d: ", i ); - ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output ); - if( ret != 0 || - memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 ) - { + for (i = 0; i < NB_PRF_TESTS; i++) { + mbedtls_printf(" AES CMAC 128 PRF #%d: ", i); + ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output); + if (ret != 0 || + memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); - return( ret ); - } - else if( verbose != 0 ) - { - mbedtls_printf( "passed\n" ); + return (ret); + } else if (verbose != 0) { + mbedtls_printf("passed\n"); } } - return( ret ); + return (ret); } #endif /* MBEDTLS_AES_C */ -int mbedtls_cmac_self_test( int verbose ) -{ +int mbedtls_cmac_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_AES_C) /* AES-128 */ - if( ( ret = cmac_test_subkeys( verbose, - "AES 128", - aes_128_key, - 128, - (const unsigned char*)aes_128_subkeys, - MBEDTLS_CIPHER_AES_128_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "AES 128", + aes_128_key, + 128, + (const unsigned char *)aes_128_subkeys, + MBEDTLS_CIPHER_AES_128_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } - if( ( ret = cmac_test_wth_cipher( verbose, - "AES 128", - aes_128_key, - 128, - test_message, - aes_message_lengths, - (const unsigned char*)aes_128_expected_result, - MBEDTLS_CIPHER_AES_128_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "AES 128", + aes_128_key, + 128, + test_message, + aes_message_lengths, + (const unsigned char *)aes_128_expected_result, + MBEDTLS_CIPHER_AES_128_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } /* AES-192 */ - if( ( ret = cmac_test_subkeys( verbose, - "AES 192", - aes_192_key, - 192, - (const unsigned char*)aes_192_subkeys, - MBEDTLS_CIPHER_AES_192_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "AES 192", + aes_192_key, + 192, + (const unsigned char *)aes_192_subkeys, + MBEDTLS_CIPHER_AES_192_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } - if( ( ret = cmac_test_wth_cipher( verbose, - "AES 192", - aes_192_key, - 192, - test_message, - aes_message_lengths, - (const unsigned char*)aes_192_expected_result, - MBEDTLS_CIPHER_AES_192_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "AES 192", + aes_192_key, + 192, + test_message, + aes_message_lengths, + (const unsigned char *)aes_192_expected_result, + MBEDTLS_CIPHER_AES_192_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } /* AES-256 */ - if( ( ret = cmac_test_subkeys( verbose, - "AES 256", - aes_256_key, - 256, - (const unsigned char*)aes_256_subkeys, - MBEDTLS_CIPHER_AES_256_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "AES 256", + aes_256_key, + 256, + (const unsigned char *)aes_256_subkeys, + MBEDTLS_CIPHER_AES_256_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } - if( ( ret = cmac_test_wth_cipher ( verbose, - "AES 256", - aes_256_key, - 256, - test_message, - aes_message_lengths, - (const unsigned char*)aes_256_expected_result, - MBEDTLS_CIPHER_AES_256_ECB, - MBEDTLS_AES_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "AES 256", + aes_256_key, + 256, + test_message, + aes_message_lengths, + (const unsigned char *)aes_256_expected_result, + MBEDTLS_CIPHER_AES_256_ECB, + MBEDTLS_AES_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_DES_C) /* 3DES 2 key */ - if( ( ret = cmac_test_subkeys( verbose, - "3DES 2 key", - des3_2key_key, - 192, - (const unsigned char*)des3_2key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "3DES 2 key", + des3_2key_key, + 192, + (const unsigned char *)des3_2key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } - if( ( ret = cmac_test_wth_cipher( verbose, - "3DES 2 key", - des3_2key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*)des3_2key_expected_result, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "3DES 2 key", + des3_2key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char *)des3_2key_expected_result, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } /* 3DES 3 key */ - if( ( ret = cmac_test_subkeys( verbose, - "3DES 3 key", - des3_3key_key, - 192, - (const unsigned char*)des3_3key_subkeys, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_subkeys(verbose, + "3DES 3 key", + des3_3key_key, + 192, + (const unsigned char *)des3_3key_subkeys, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } - if( ( ret = cmac_test_wth_cipher( verbose, - "3DES 3 key", - des3_3key_key, - 192, - test_message, - des3_message_lengths, - (const unsigned char*)des3_3key_expected_result, - MBEDTLS_CIPHER_DES_EDE3_ECB, - MBEDTLS_DES3_BLOCK_SIZE, - NB_CMAC_TESTS_PER_KEY ) ) != 0 ) - { - return( ret ); + if ((ret = cmac_test_wth_cipher(verbose, + "3DES 3 key", + des3_3key_key, + 192, + test_message, + des3_message_lengths, + (const unsigned char *)des3_3key_expected_result, + MBEDTLS_CIPHER_DES_EDE3_ECB, + MBEDTLS_DES3_BLOCK_SIZE, + NB_CMAC_TESTS_PER_KEY)) != 0) { + return (ret); } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 ) - return( ret ); + if ((ret = test_aes128_cmac_prf(verbose)) != 0) + return (ret); #endif /* MBEDTLS_AES_C */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/cmac.h b/common/mbedtls/cmac.h index cb538d092..dc6b832d5 100644 --- a/common/mbedtls/cmac.h +++ b/common/mbedtls/cmac.h @@ -55,8 +55,7 @@ extern "C" { /** * The CMAC context structure. */ -struct mbedtls_cmac_context_t -{ +struct mbedtls_cmac_context_t { /** The internal state of the CMAC algorithm. */ unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; @@ -88,8 +87,8 @@ struct mbedtls_cmac_context_t * \return \c 0 on success. * \return A cipher-specific error code on failure. */ -int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, - const unsigned char *key, size_t keybits ); +int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx, + const unsigned char *key, size_t keybits); /** * \brief This function feeds an input buffer into an ongoing CMAC @@ -107,8 +106,8 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, - const unsigned char *input, size_t ilen ); +int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx, + const unsigned char *input, size_t ilen); /** * \brief This function finishes the CMAC operation, and writes @@ -125,8 +124,8 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, - unsigned char *output ); +int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx, + unsigned char *output); /** * \brief This function prepares the authentication of another @@ -142,7 +141,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); +int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx); /** * \brief This function calculates the full generic CMAC @@ -166,10 +165,10 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA * if parameter verification fails. */ -int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ); +int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output); #if defined(MBEDTLS_AES_C) /** @@ -189,9 +188,9 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info, * * \return \c 0 on success. */ -int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, - const unsigned char *input, size_t in_len, - unsigned char output[16] ); +int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len, + const unsigned char *input, size_t in_len, + unsigned char output[16]); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) @@ -201,7 +200,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_cmac_self_test( int verbose ); +int mbedtls_cmac_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ #ifdef __cplusplus diff --git a/common/mbedtls/ctr_drbg.c b/common/mbedtls/ctr_drbg.c index ab52861d5..f5d39d38d 100644 --- a/common/mbedtls/ctr_drbg.c +++ b/common/mbedtls/ctr_drbg.c @@ -48,9 +48,8 @@ /* * CTR_DRBG context initialization */ -void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) ); +void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); /* Indicate that the entropy nonce length is not set explicitly. * See mbedtls_ctr_drbg_set_nonce_len(). */ ctx->reseed_counter = -1; @@ -62,50 +61,46 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) * This function resets CTR_DRBG context to the state immediately * after initial call of mbedtls_ctr_drbg_init(). */ -void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) { + if (ctx == NULL) return; #if defined(MBEDTLS_THREADING_C) /* The mutex is initialized iff f_entropy is set. */ - if( ctx->f_entropy != NULL ) - mbedtls_mutex_free( &ctx->mutex ); + if (ctx->f_entropy != NULL) + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_aes_free( &ctx->aes_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); + mbedtls_aes_free(&ctx->aes_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context)); ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL; ctx->reseed_counter = -1; } -void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, - int resistance ) -{ +void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, + int resistance) { ctx->prediction_resistance = resistance; } -void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, - size_t len ) -{ +void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, + size_t len) { ctx->entropy_len = len; } -int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, - size_t len ) -{ +int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, + size_t len) { /* If mbedtls_ctr_drbg_seed() has already been called, it's * too late. Return the error code that's closest to making sense. */ - if( ctx->f_entropy != NULL ) - return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); + if (ctx->f_entropy != NULL) + return (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED); - if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); #if SIZE_MAX > INT_MAX /* This shouldn't be an issue because * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible * configuration, but make sure anyway. */ - if( len > INT_MAX ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (len > INT_MAX) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); #endif /* For backward compatibility with Mbed TLS <= 2.19, store the @@ -113,20 +108,18 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, * used until after the initial seeding. */ /* Due to the capping of len above, the value fits in an int. */ ctx->reseed_counter = (int) len; - return( 0 ); + return (0); } -void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, - int interval ) -{ +void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, + int interval) { ctx->reseed_interval = interval; } -static int block_cipher_df( unsigned char *output, - const unsigned char *data, size_t data_len ) -{ +static int block_cipher_df(unsigned char *output, + const unsigned char *data, size_t data_len) { unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + - MBEDTLS_CTR_DRBG_BLOCKSIZE + 16]; + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16]; unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; @@ -137,12 +130,12 @@ static int block_cipher_df( unsigned char *output, int i, j; size_t buf_len, use_len; - if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); - memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + - MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 ); - mbedtls_aes_init( &aes_ctx ); + memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16); + mbedtls_aes_init(&aes_ctx); /* * Construct IV (16 bytes) and S in buffer @@ -152,51 +145,47 @@ static int block_cipher_df( unsigned char *output, * (Total is padded to a multiple of 16-bytes with zeroes) */ p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE; - *p++ = ( data_len >> 24 ) & 0xff; - *p++ = ( data_len >> 16 ) & 0xff; - *p++ = ( data_len >> 8 ) & 0xff; - *p++ = ( data_len ) & 0xff; + *p++ = (data_len >> 24) & 0xff; + *p++ = (data_len >> 16) & 0xff; + *p++ = (data_len >> 8) & 0xff; + *p++ = (data_len) & 0xff; p += 3; *p++ = MBEDTLS_CTR_DRBG_SEEDLEN; - memcpy( p, data, data_len ); + memcpy(p, data, data_len); p[data_len] = 0x80; buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1; - for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ ) + for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) key[i] = i; - if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } /* * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data */ - for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) - { + for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { p = buf; - memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE); use_len = buf_len; - while( use_len > 0 ) - { - for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ ) + while (use_len > 0) { + for (i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++) chain[i] ^= p[i]; p += MBEDTLS_CTR_DRBG_BLOCKSIZE; - use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ? + use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; - if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, - chain, chain ) ) != 0 ) - { + if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, + chain, chain)) != 0) { goto exit; } } - memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy(tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE); /* * Update IV @@ -207,42 +196,38 @@ static int block_cipher_df( unsigned char *output, /* * Do final encryption with reduced data */ - if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { + if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE; p = output; - for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) - { - if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT, - iv, iv ) ) != 0 ) - { + for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { + if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, + iv, iv)) != 0) { goto exit; } - memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE); p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } exit: - mbedtls_aes_free( &aes_ctx ); + mbedtls_aes_free(&aes_ctx); /* * tidy up the stack */ - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_platform_zeroize( chain, sizeof( chain ) ); - if( 0 != ret ) - { + mbedtls_platform_zeroize(buf, sizeof(buf)); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + mbedtls_platform_zeroize(key, sizeof(key)); + mbedtls_platform_zeroize(chain, sizeof(chain)); + if (0 != ret) { /* * wipe partial seed from memory */ - mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN ); + mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN); } - return( ret ); + return (ret); } /* CTR_DRBG_Update (SP 800-90A §10.2.1.2) @@ -253,54 +238,50 @@ exit: * ctx->aes_ctx = Key * ctx->counter = V */ -static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, - const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) -{ +static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, + const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN]) { unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; int i, j; int ret = 0; - memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); + memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN); - for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) - { + for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { /* * Increase counter */ - for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- ) - if( ++ctx->counter[i - 1] != 0 ) + for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) + if (++ctx->counter[i - 1] != 0) break; /* * Crypt counter block */ - if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, p ) ) != 0 ) - { + if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, p)) != 0) { goto exit; } p += MBEDTLS_CTR_DRBG_BLOCKSIZE; } - for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ ) + for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) tmp[i] ^= data[i]; /* * Update key and counter */ - if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { + if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { goto exit; } - memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, - MBEDTLS_CTR_DRBG_BLOCKSIZE ); + memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, + MBEDTLS_CTR_DRBG_BLOCKSIZE); exit: - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - return( ret ); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return (ret); } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) @@ -315,36 +296,34 @@ exit: * and with outputs * ctx = initial_working_state */ -int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) -{ +int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( add_len == 0 ) - return( 0 ); + if (add_len == 0) + return (0); - if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) + if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) goto exit; - if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) goto exit; exit: - mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); - return( ret ); + mbedtls_platform_zeroize(add_input, sizeof(add_input)); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) -{ +void mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { /* MAX_INPUT would be more logical here, but we have to match * block_cipher_df()'s limits since we can't propagate errors */ - if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) + if (add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT; - (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len ); + (void) mbedtls_ctr_drbg_update_ret(ctx, additional, add_len); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -361,66 +340,60 @@ void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, * and with output * ctx contains new_working_state */ -static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t len, - size_t nonce_len ) -{ +static int mbedtls_ctr_drbg_reseed_internal(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t len, + size_t nonce_len) { unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); + if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); + if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); - memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); + memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT); /* Gather entropy_len bytes of entropy to seed state. */ - if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) ) - { - return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); + if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) { + return (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED); } seedlen += ctx->entropy_len; /* Gather entropy for a nonce if requested. */ - if( nonce_len != 0 ) - { - if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) ) - { - return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); + if (nonce_len != 0) { + if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) { + return (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED); } seedlen += nonce_len; } /* Add additional data if provided. */ - if( additional != NULL && len != 0 ) - { - memcpy( seed + seedlen, additional, len ); + if (additional != NULL && len != 0) { + memcpy(seed + seedlen, additional, len); seedlen += len; } /* Reduce to 384 bits. */ - if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 ) + if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) goto exit; /* Update state. */ - if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 ) + if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) goto exit; ctx->reseed_counter = 1; exit: - mbedtls_platform_zeroize( seed, sizeof( seed ) ); - return( ret ); + mbedtls_platform_zeroize(seed, sizeof(seed)); + return (ret); } -int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ) -{ - return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) ); +int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, size_t len) { + return (mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0)); } /* Return a "good" nonce length for CTR_DRBG. The chosen nonce length @@ -428,12 +401,11 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * size and entropy length. If there is enough entropy in the initial * call to the entropy function to serve as both the entropy input and * the nonce, don't make a second call to get a nonce. */ -static size_t good_nonce_len( size_t entropy_len ) -{ - if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 ) - return( 0 ); +static size_t good_nonce_len(size_t entropy_len) { + if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) + return (0); else - return( ( entropy_len + 1 ) / 2 ); + return ((entropy_len + 1) / 2); } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) @@ -447,52 +419,49 @@ static size_t good_nonce_len( size_t entropy_len ) * and with outputs * ctx = initial_working_state */ -int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ) -{ +int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; size_t nonce_len; - memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE ); + memset(key, 0, MBEDTLS_CTR_DRBG_KEYSIZE); /* The mutex is initialized iff f_entropy is set. */ #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif - mbedtls_aes_init( &ctx->aes_ctx ); + mbedtls_aes_init(&ctx->aes_ctx); ctx->f_entropy = f_entropy; ctx->p_entropy = p_entropy; - if( ctx->entropy_len == 0 ) + if (ctx->entropy_len == 0) ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN; /* ctx->reseed_counter contains the desired amount of entropy to * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()). * If it's -1, indicating that the entropy nonce length was not set * explicitly, use a sufficiently large nonce for security. */ - nonce_len = ( ctx->reseed_counter >= 0 ? - (size_t) ctx->reseed_counter : - good_nonce_len( ctx->entropy_len ) ); + nonce_len = (ctx->reseed_counter >= 0 ? + (size_t) ctx->reseed_counter : + good_nonce_len(ctx->entropy_len)); /* Initialize with an empty key. */ - if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key, - MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, + MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { + return (ret); } /* Do the initial seeding. */ - if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len, - nonce_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len, + nonce_len)) != 0) { + return (ret); } - return( 0 ); + return (0); } /* CTR_DRBG_Generate with derivation function (SP 800-90A §10.2.1.5.2) @@ -514,10 +483,9 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, * returned_bits = output[:output_len] * ctx contains new_working_state */ -int mbedtls_ctr_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, size_t add_len ) -{ +int mbedtls_ctr_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t output_len, + const unsigned char *additional, size_t add_len) { int ret = 0; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; @@ -526,159 +494,146 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, int i; size_t use_len; - if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST ) - return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG ); + if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) + return (MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG); - if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT ) - return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); + if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) + return (MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG); - memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); + memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN); - if( ctx->reseed_counter > ctx->reseed_interval || - ctx->prediction_resistance ) - { - if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 ) - { - return( ret ); + if (ctx->reseed_counter > ctx->reseed_interval || + ctx->prediction_resistance) { + if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) { + return (ret); } add_len = 0; } - if( add_len > 0 ) - { - if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 ) + if (add_len > 0) { + if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) goto exit; - if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) goto exit; } - while( output_len > 0 ) - { + while (output_len > 0) { /* * Increase counter */ - for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- ) - if( ++ctx->counter[i - 1] != 0 ) + for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) + if (++ctx->counter[i - 1] != 0) break; /* * Crypt counter block */ - if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, - ctx->counter, tmp ) ) != 0 ) - { + if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, + ctx->counter, tmp)) != 0) { goto exit; } - use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE ) - ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; + use_len = (output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE) + ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len; /* * Copy random block to destination */ - memcpy( p, tmp, use_len ); + memcpy(p, tmp, use_len); p += use_len; output_len -= use_len; } - if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 ) + if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) goto exit; ctx->reseed_counter++; exit: - mbedtls_platform_zeroize( add_input, sizeof( add_input ) ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - return( ret ); + mbedtls_platform_zeroize(add_input, sizeof(add_input)); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return (ret); } -int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, - size_t output_len ) -{ +int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output, + size_t output_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 ); + ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } #if defined(MBEDTLS_FS_IO) -int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, - const char *path ) -{ +int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, + const char *path) { int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; FILE *f; unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ]; - if( ( f = fopen( path, "wb" ) ) == NULL ) - return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "wb")) == NULL) + return (MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR); - if( ( ret = mbedtls_ctr_drbg_random( ctx, buf, - MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 ) + if ((ret = mbedtls_ctr_drbg_random(ctx, buf, + MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) goto exit; - if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) != - MBEDTLS_CTR_DRBG_MAX_INPUT ) - { + if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) != + MBEDTLS_CTR_DRBG_MAX_INPUT) { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; - } - else - { + } else { ret = 0; } exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - fclose( f ); - return( ret ); + fclose(f); + return (ret); } -int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, - const char *path ) -{ +int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, + const char *path) { int ret = 0; FILE *f = NULL; size_t n; unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ]; unsigned char c; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) + return (MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR); - n = fread( buf, 1, sizeof( buf ), f ); - if( fread( &c, 1, 1, f ) != 0 ) - { + n = fread(buf, 1, sizeof(buf), f); + if (fread(&c, 1, 1, f) != 0) { ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG; goto exit; } - if( n == 0 || ferror( f ) ) - { + if (n == 0 || ferror(f)) { ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR; goto exit; } - fclose( f ); + fclose(f); f = NULL; - ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n ); + ret = mbedtls_ctr_drbg_update_ret(ctx, buf, n); exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - if( f != NULL ) - fclose( f ); - if( ret != 0 ) - return( ret ); - return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + if (f != NULL) + fclose(f); + if (ret != 0) + return (ret); + return (mbedtls_ctr_drbg_write_seed_file(ctx, path)); } #endif /* MBEDTLS_FS_IO */ @@ -708,120 +663,131 @@ exit: */ #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) -static const unsigned char entropy_source_pr[] = - { 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb, - 0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92, - 0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8, - 0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20, - 0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0, - 0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad, - 0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 }; +static const unsigned char entropy_source_pr[] = { + 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb, + 0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92, + 0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8, + 0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20, + 0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0, + 0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad, + 0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 +}; -static const unsigned char entropy_source_nopr[] = - { 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45, - 0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9, - 0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20, - 0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f, - 0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c }; +static const unsigned char entropy_source_nopr[] = { + 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45, + 0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9, + 0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20, + 0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f, + 0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c +}; -static const unsigned char pers_pr[] = - { 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a, - 0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad }; +static const unsigned char pers_pr[] = { + 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a, + 0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad +}; -static const unsigned char pers_nopr[] = - { 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c, - 0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f }; +static const unsigned char pers_nopr[] = { + 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c, + 0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f +}; -static const unsigned char result_pr[] = - { 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66, - 0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff, - 0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10, - 0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30, - 0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4, - 0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc, - 0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06, - 0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf }; +static const unsigned char result_pr[] = { + 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66, + 0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff, + 0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10, + 0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30, + 0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4, + 0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc, + 0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06, + 0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf +}; -static const unsigned char result_nopr[] = - { 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13, - 0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0, - 0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf, - 0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2, - 0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7, - 0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2, - 0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02, - 0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 }; +static const unsigned char result_nopr[] = { + 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13, + 0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0, + 0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf, + 0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2, + 0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7, + 0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2, + 0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02, + 0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 +}; #else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ -static const unsigned char entropy_source_pr[] = - { 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49, - 0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a, - 0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85, - 0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e, - 0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15, - 0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45, - 0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8, - 0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c, - 0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3, - 0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce, - 0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e, - 0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76, - 0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77, - 0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe }; +static const unsigned char entropy_source_pr[] = { + 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49, + 0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a, + 0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85, + 0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e, + 0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15, + 0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45, + 0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8, + 0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c, + 0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3, + 0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce, + 0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e, + 0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76, + 0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77, + 0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe +}; -static const unsigned char entropy_source_nopr[] = - { 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d, - 0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0, - 0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73, - 0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c, - 0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2, - 0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1, - 0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a, - 0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb, - 0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a, - 0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 }; +static const unsigned char entropy_source_nopr[] = { + 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d, + 0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0, + 0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73, + 0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c, + 0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2, + 0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1, + 0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a, + 0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb, + 0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a, + 0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 +}; -static const unsigned char pers_pr[] = - { 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33, - 0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e, - 0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0, - 0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 }; +static const unsigned char pers_pr[] = { + 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33, + 0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e, + 0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0, + 0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 +}; -static const unsigned char pers_nopr[] = - { 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29, - 0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf, - 0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb, - 0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b }; +static const unsigned char pers_nopr[] = { + 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29, + 0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf, + 0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb, + 0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b +}; -static const unsigned char result_pr[] = - { 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85, - 0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d, - 0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62, - 0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d, - 0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb, - 0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39, - 0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40, - 0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 }; +static const unsigned char result_pr[] = { + 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85, + 0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d, + 0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62, + 0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d, + 0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb, + 0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39, + 0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40, + 0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 +}; -static const unsigned char result_nopr[] = - { 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad, - 0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3, - 0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b, - 0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14, - 0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54, - 0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30, - 0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a, - 0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 }; +static const unsigned char result_nopr[] = { + 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad, + 0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3, + 0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b, + 0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14, + 0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54, + 0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30, + 0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a, + 0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 +}; #endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ static size_t test_offset; -static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, - size_t len ) -{ +static int ctr_drbg_self_test_entropy(void *data, unsigned char *buf, + size_t len) { const unsigned char *p = data; - memcpy( buf, p + test_offset, len ); + memcpy(buf, p + test_offset, len); test_offset += len; - return( 0 ); + return (0); } #define CHK( c ) if( (c) != 0 ) \ @@ -836,65 +802,64 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf, /* * Checkup routine */ -int mbedtls_ctr_drbg_self_test( int verbose ) -{ +int mbedtls_ctr_drbg_self_test(int verbose) { mbedtls_ctr_drbg_context ctx; - unsigned char buf[ sizeof( result_pr ) ]; + unsigned char buf[ sizeof(result_pr) ]; - mbedtls_ctr_drbg_init( &ctx ); + mbedtls_ctr_drbg_init(&ctx); /* * Based on a NIST CTR_DRBG test vector (PR = True) */ - if( verbose != 0 ) - mbedtls_printf( " CTR_DRBG (PR = TRUE) : " ); + if (verbose != 0) + mbedtls_printf(" CTR_DRBG (PR = TRUE) : "); test_offset = 0; - mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE ); - mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 ); - CHK( mbedtls_ctr_drbg_seed( &ctx, - ctr_drbg_self_test_entropy, - (void *) entropy_source_pr, - pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) ); - mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) ); - CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) ); + mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE); + mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2); + CHK(mbedtls_ctr_drbg_seed(&ctx, + ctr_drbg_self_test_entropy, + (void *) entropy_source_pr, + pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE)); + mbedtls_ctr_drbg_set_prediction_resistance(&ctx, MBEDTLS_CTR_DRBG_PR_ON); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH)); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_pr))); + CHK(memcmp(buf, result_pr, sizeof(result_pr))); - mbedtls_ctr_drbg_free( &ctx ); + mbedtls_ctr_drbg_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); /* * Based on a NIST CTR_DRBG test vector (PR = FALSE) */ - if( verbose != 0 ) - mbedtls_printf( " CTR_DRBG (PR = FALSE): " ); + if (verbose != 0) + mbedtls_printf(" CTR_DRBG (PR = FALSE): "); - mbedtls_ctr_drbg_init( &ctx ); + mbedtls_ctr_drbg_init(&ctx); test_offset = 0; - mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE); - mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 ); - CHK( mbedtls_ctr_drbg_seed( &ctx, - ctr_drbg_self_test_entropy, - (void *) entropy_source_nopr, - pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) ); - CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH ) ); - CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) ); - CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) ); + mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE); + mbedtls_ctr_drbg_set_nonce_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2); + CHK(mbedtls_ctr_drbg_seed(&ctx, + ctr_drbg_self_test_entropy, + (void *) entropy_source_nopr, + pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE)); + CHK(mbedtls_ctr_drbg_reseed(&ctx, NULL, 0)); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, SELF_TEST_OUPUT_DISCARD_LENGTH)); + CHK(mbedtls_ctr_drbg_random(&ctx, buf, sizeof(result_nopr))); + CHK(memcmp(buf, result_nopr, sizeof(result_nopr))); - mbedtls_ctr_drbg_free( &ctx ); + mbedtls_ctr_drbg_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/ctr_drbg.h b/common/mbedtls/ctr_drbg.h index 653fd83d5..1c54fd894 100644 --- a/common/mbedtls/ctr_drbg.h +++ b/common/mbedtls/ctr_drbg.h @@ -166,8 +166,7 @@ extern "C" { /** * \brief The CTR_DRBG context structure. */ -typedef struct mbedtls_ctr_drbg_context -{ +typedef struct mbedtls_ctr_drbg_context { unsigned char counter[16]; /*!< The counter (V). */ int reseed_counter; /*!< The reseed counter. * This is the number of requests that have @@ -195,7 +194,7 @@ typedef struct mbedtls_ctr_drbg_context * Callbacks (Entropy) */ int (*f_entropy)(void *, unsigned char *, size_t); - /*!< The entropy callback function. */ + /*!< The entropy callback function. */ void *p_entropy; /*!< The context for the entropy function. */ @@ -224,7 +223,7 @@ mbedtls_ctr_drbg_context; * * \param ctx The CTR_DRBG context to initialize. */ -void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); +void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx); /** * \brief This function seeds and sets up the CTR_DRBG @@ -325,11 +324,11 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ); * \return \c 0 on success. * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ -int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ); +int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len); /** * \brief This function resets CTR_DRBG context to the state immediately @@ -337,7 +336,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, * * \param ctx The CTR_DRBG context to clear. */ -void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ); +void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx); /** * \brief This function turns prediction resistance on or off. @@ -352,8 +351,8 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx ); * \param ctx The CTR_DRBG context. * \param resistance #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF. */ -void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, - int resistance ); +void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx, + int resistance); /** * \brief This function sets the amount of entropy grabbed on each @@ -379,8 +378,8 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx, * and at most the maximum length accepted by the * entropy function that is set in the context. */ -void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, - size_t len ); +void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx, + size_t len); /** * \brief This function sets the amount of entropy grabbed @@ -401,8 +400,8 @@ void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED * if the initial seeding has already taken place. */ -int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, - size_t len ); +int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, + size_t len); /** * \brief This function sets the reseed interval. @@ -416,8 +415,8 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx, * \param ctx The CTR_DRBG context. * \param interval The reseed interval. */ -void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, - int interval ); +void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx, + int interval); /** * \brief This function reseeds the CTR_DRBG context, that is @@ -439,8 +438,8 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ -int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ); +int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, size_t len); /** * \brief This function updates the state of the CTR_DRBG context. @@ -462,9 +461,9 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. * \return An error from the underlying AES cipher on failure. */ -int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ); +int mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len); /** * \brief This function updates a CTR_DRBG instance with additional @@ -497,9 +496,9 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ -int mbedtls_ctr_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, size_t add_len ); +int mbedtls_ctr_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t output_len, + const unsigned char *additional, size_t add_len); /** * \brief This function uses CTR_DRBG to generate random data. @@ -525,8 +524,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or * #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure. */ -int mbedtls_ctr_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ); +int mbedtls_ctr_drbg_random(void *p_rng, + unsigned char *output, size_t output_len); #if ! defined(MBEDTLS_DEPRECATED_REMOVED) @@ -553,7 +552,7 @@ int mbedtls_ctr_drbg_random( void *p_rng, MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, - size_t add_len ); + size_t add_len); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -569,7 +568,7 @@ MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update( * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed * failure. */ -int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); +int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); /** * \brief This function reads and updates a seed file. The seed @@ -585,7 +584,7 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char * \return #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing * seed file is too large. */ -int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path ); +int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) @@ -596,7 +595,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_ctr_drbg_self_test( int verbose ); +int mbedtls_ctr_drbg_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/debug.c b/common/mbedtls/debug.c index e91d1ad1d..0af8c085c 100644 --- a/common/mbedtls/debug.c +++ b/common/mbedtls/debug.c @@ -48,18 +48,16 @@ static int debug_threshold = 0; -void mbedtls_debug_set_threshold( int threshold ) -{ +void mbedtls_debug_set_threshold(int threshold) { debug_threshold = threshold; } /* * All calls to f_dbg must be made via this function */ -static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *str ) -{ +static inline void debug_send_line(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *str) { /* * If in a threaded environment, we need a thread identifier. * Since there is no portable way to get one, use the address of the ssl @@ -67,54 +65,49 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level, */ #if defined(MBEDTLS_THREADING_C) char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */ - mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str ); - ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr ); + mbedtls_snprintf(idstr, sizeof(idstr), "%p: %s", (void *)ssl, str); + ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, idstr); #else - ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str ); + ssl->conf->f_dbg(ssl->conf->p_dbg, level, file, line, str); #endif } MBEDTLS_PRINTF_ATTRIBUTE(5, 6) -void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ... ) -{ +void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *format, ...) { va_list argp; char str[DEBUG_BUF_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { return; } - va_start( argp, format ); - ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp ); - va_end( argp ); + va_start(argp, format); + ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp); + va_end(argp); - if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 ) - { + if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) { str[ret] = '\n'; str[ret + 1] = '\0'; } - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); } -void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret ) -{ +void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, int ret) { char str[DEBUG_BUF_SIZE]; - if( NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { return; } @@ -123,258 +116,235 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, * the logs would be quickly flooded with WANT_READ, so ignore that. * Don't ignore WANT_WRITE however, since is is usually rare. */ - if( ret == MBEDTLS_ERR_SSL_WANT_READ ) + if (ret == MBEDTLS_ERR_SSL_WANT_READ) return; - mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n", - text, ret, (unsigned int) -ret ); + mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n", + text, ret, (unsigned int) - ret); - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); } -void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len ) -{ +void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len) { char str[DEBUG_BUF_SIZE]; char txt[17]; size_t i, idx = 0; - if( NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { return; } - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n", - text, (unsigned int) len ); + mbedtls_snprintf(str + idx, sizeof(str) - idx, "dumping '%s' (%u bytes)\n", + text, (unsigned int) len); - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); idx = 0; - memset( txt, 0, sizeof( txt ) ); - for( i = 0; i < len; i++ ) - { - if( i >= 4096 ) + memset(txt, 0, sizeof(txt)); + for (i = 0; i < len; i++) { + if (i >= 4096) break; - if( i % 16 == 0 ) - { - if( i > 0 ) - { - mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt ); - debug_send_line( ssl, level, file, line, str ); + if (i % 16 == 0) { + if (i > 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); + debug_send_line(ssl, level, file, line, str); idx = 0; - memset( txt, 0, sizeof( txt ) ); + memset(txt, 0, sizeof(txt)); } - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ", - (unsigned int) i ); + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "%04x: ", + (unsigned int) i); } - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", - (unsigned int) buf[i] ); - txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ; + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", + (unsigned int) buf[i]); + txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.' ; } - if( len > 0 ) - { - for( /* i = i */; i % 16 != 0; i++ ) - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " " ); + if (len > 0) { + for (/* i = i */; i % 16 != 0; i++) + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " "); - mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %s\n", txt ); - debug_send_line( ssl, level, file, line, str ); + mbedtls_snprintf(str + idx, sizeof(str) - idx, " %s\n", txt); + debug_send_line(ssl, level, file, line, str); } } #if defined(MBEDTLS_ECP_C) -void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X ) -{ +void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X) { char str[DEBUG_BUF_SIZE]; - if( NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - level > debug_threshold ) - { + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + level > debug_threshold) { return; } - mbedtls_snprintf( str, sizeof( str ), "%s(X)", text ); - mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X ); + mbedtls_snprintf(str, sizeof(str), "%s(X)", text); + mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->X); - mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text ); - mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y ); + mbedtls_snprintf(str, sizeof(str), "%s(Y)", text); + mbedtls_debug_print_mpi(ssl, level, file, line, str, &X->Y); } #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_BIGNUM_C) -void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X ) -{ +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X) { char str[DEBUG_BUF_SIZE]; int j, k, zeros = 1; size_t i, n, idx = 0; - if( NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == X || - level > debug_threshold ) - { + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + NULL == X || + level > debug_threshold) { return; } - for( n = X->n - 1; n > 0; n-- ) - if( X->p[n] != 0 ) + for (n = X->n - 1; n > 0; n--) + if (X->p[n] != 0) break; - for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- ) - if( ( ( X->p[n] >> j ) & 1 ) != 0 ) + for (j = (sizeof(mbedtls_mpi_uint) << 3) - 1; j >= 0; j--) + if (((X->p[n] >> j) & 1) != 0) break; - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n", - text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) ); + mbedtls_snprintf(str + idx, sizeof(str) - idx, "value of '%s' (%d bits) is:\n", + text, (int)((n * (sizeof(mbedtls_mpi_uint) << 3)) + j + 1)); - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); idx = 0; - for( i = n + 1, j = 0; i > 0; i-- ) - { - if( zeros && X->p[i - 1] == 0 ) + for (i = n + 1, j = 0; i > 0; i--) { + if (zeros && X->p[i - 1] == 0) continue; - for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- ) - { - if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 ) + for (k = sizeof(mbedtls_mpi_uint) - 1; k >= 0; k--) { + if (zeros && ((X->p[i - 1] >> (k << 3)) & 0xFF) == 0) continue; else zeros = 0; - if( j % 16 == 0 ) - { - if( j > 0 ) - { - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); - debug_send_line( ssl, level, file, line, str ); + if (j % 16 == 0) { + if (j > 0) { + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); idx = 0; } } - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int) - ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ); + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", (unsigned int) + (X->p[i - 1] >> (k << 3)) & 0xFF); j++; } } - if( zeros == 1 ) - idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" ); + if (zeros == 1) + idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, " 00"); - mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" ); - debug_send_line( ssl, level, file, line, str ); + mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n"); + debug_send_line(ssl, level, file, line, str); } #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -static void debug_print_pk( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_pk_context *pk ) -{ +static void debug_print_pk(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_pk_context *pk) { size_t i; mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS]; char name[16]; - memset( items, 0, sizeof( items ) ); + memset(items, 0, sizeof(items)); - if( mbedtls_pk_debug( pk, items ) != 0 ) - { - debug_send_line( ssl, level, file, line, - "invalid PK context\n" ); + if (mbedtls_pk_debug(pk, items) != 0) { + debug_send_line(ssl, level, file, line, + "invalid PK context\n"); return; } - for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ ) - { - if( items[i].type == MBEDTLS_PK_DEBUG_NONE ) + for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) { + if (items[i].type == MBEDTLS_PK_DEBUG_NONE) return; - mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name ); - name[sizeof( name ) - 1] = '\0'; + mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name); + name[sizeof(name) - 1] = '\0'; - if( items[i].type == MBEDTLS_PK_DEBUG_MPI ) - mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value ); + if (items[i].type == MBEDTLS_PK_DEBUG_MPI) + mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value); else #if defined(MBEDTLS_ECP_C) - if( items[i].type == MBEDTLS_PK_DEBUG_ECP ) - mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value ); - else + if (items[i].type == MBEDTLS_PK_DEBUG_ECP) + mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value); + else #endif - debug_send_line( ssl, level, file, line, - "should not happen\n" ); + debug_send_line(ssl, level, file, line, + "should not happen\n"); } } -static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text ) -{ +static void debug_print_line_by_line(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text) { char str[DEBUG_BUF_SIZE]; const char *start, *cur; start = text; - for( cur = text; *cur != '\0'; cur++ ) - { - if( *cur == '\n' ) - { + for (cur = text; *cur != '\0'; cur++) { + if (*cur == '\n') { size_t len = cur - start + 1; - if( len > DEBUG_BUF_SIZE - 1 ) + if (len > DEBUG_BUF_SIZE - 1) len = DEBUG_BUF_SIZE - 1; - memcpy( str, start, len ); + memcpy(str, start, len); str[len] = '\0'; - debug_send_line( ssl, level, file, line, str ); + debug_send_line(ssl, level, file, line, str); start = cur + 1; } } } -void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt ) -{ +void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_x509_crt *crt) { char str[DEBUG_BUF_SIZE]; int i = 0; - if( NULL == ssl || - NULL == ssl->conf || - NULL == ssl->conf->f_dbg || - NULL == crt || - level > debug_threshold ) - { + if (NULL == ssl || + NULL == ssl->conf || + NULL == ssl->conf->f_dbg || + NULL == crt || + level > debug_threshold) { return; } - while( crt != NULL ) - { + while (crt != NULL) { char buf[1024]; - mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i ); - debug_send_line( ssl, level, file, line, str ); + mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i); + debug_send_line(ssl, level, file, line, str); - mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt ); - debug_print_line_by_line( ssl, level, file, line, buf ); + mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); + debug_print_line_by_line(ssl, level, file, line, buf); - debug_print_pk( ssl, level, file, line, "crt->", &crt->pk ); + debug_print_pk(ssl, level, file, line, "crt->", &crt->pk); crt = crt->next; } @@ -382,50 +352,46 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_ECDH_C) -static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl, - int level, const char *file, - int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ) -{ +static void mbedtls_debug_printf_ecdh_internal(const mbedtls_ssl_context *ssl, + int level, const char *file, + int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr) { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - const mbedtls_ecdh_context* ctx = ecdh; + const mbedtls_ecdh_context *ctx = ecdh; #else - const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh; + const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh; #endif - switch( attr ) - { + switch (attr) { case MBEDTLS_DEBUG_ECDH_Q: - mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q", - &ctx->Q ); + mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q", + &ctx->Q); break; case MBEDTLS_DEBUG_ECDH_QP: - mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp", - &ctx->Qp ); + mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Qp", + &ctx->Qp); break; case MBEDTLS_DEBUG_ECDH_Z: - mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z", - &ctx->z ); + mbedtls_debug_print_mpi(ssl, level, file, line, "ECDH: z", + &ctx->z); break; default: break; } } -void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ) -{ +void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr) { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr ); + mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr); #else - switch( ecdh->var ) - { + switch (ecdh->var) { default: - mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, - attr ); + mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, + attr); } #endif } diff --git a/common/mbedtls/debug.h b/common/mbedtls/debug.h index dd20ba087..d48057fef 100644 --- a/common/mbedtls/debug.h +++ b/common/mbedtls/debug.h @@ -116,12 +116,12 @@ * This module provides debugging functions. */ #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) - #include - #define MBEDTLS_PRINTF_SIZET PRIuPTR - #define MBEDTLS_PRINTF_LONGLONG "I64d" +#include +#define MBEDTLS_PRINTF_SIZET PRIuPTR +#define MBEDTLS_PRINTF_LONGLONG "I64d" #else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */ - #define MBEDTLS_PRINTF_SIZET "zu" - #define MBEDTLS_PRINTF_LONGLONG "lld" +#define MBEDTLS_PRINTF_SIZET "zu" +#define MBEDTLS_PRINTF_LONGLONG "lld" #endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */ #ifdef __cplusplus @@ -143,7 +143,7 @@ extern "C" { * - 3 Informational * - 4 Verbose */ -void mbedtls_debug_set_threshold( int threshold ); +void mbedtls_debug_set_threshold(int threshold); /** * \brief Print a message to the debug output. This function is always used @@ -160,9 +160,9 @@ void mbedtls_debug_set_threshold( int threshold ); * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); +void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); /** * \brief Print the return value of a function to the debug output. This @@ -179,9 +179,9 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret ); +void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, int ret); /** * \brief Output a buffer of size len bytes to the debug output. This function @@ -200,9 +200,9 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len ); +void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len); #if defined(MBEDTLS_BIGNUM_C) /** @@ -221,9 +221,9 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X ); +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X); #endif #if defined(MBEDTLS_ECP_C) @@ -243,9 +243,9 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X ); +void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X); #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -264,14 +264,13 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt ); +void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_x509_crt *crt); #endif #if defined(MBEDTLS_ECDH_C) -typedef enum -{ +typedef enum { MBEDTLS_DEBUG_ECDH_Q, MBEDTLS_DEBUG_ECDH_QP, MBEDTLS_DEBUG_ECDH_Z, @@ -293,10 +292,10 @@ typedef enum * \attention This function is intended for INTERNAL usage within the * library only. */ -void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr ); +void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr); #endif #ifdef __cplusplus diff --git a/common/mbedtls/des.c b/common/mbedtls/des.c index eddf55e78..4b0e395e5 100644 --- a/common/mbedtls/des.c +++ b/common/mbedtls/des.c @@ -69,8 +69,7 @@ /* * Expanded DES S-boxes */ -static const uint32_t SB1[64] = -{ +static const uint32_t SB1[64] = { 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, @@ -89,8 +88,7 @@ static const uint32_t SB1[64] = 0x00010004, 0x00010400, 0x00000000, 0x01010004 }; -static const uint32_t SB2[64] = -{ +static const uint32_t SB2[64] = { 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, @@ -109,8 +107,7 @@ static const uint32_t SB2[64] = 0x80000000, 0x80100020, 0x80108020, 0x00108000 }; -static const uint32_t SB3[64] = -{ +static const uint32_t SB3[64] = { 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, @@ -129,8 +126,7 @@ static const uint32_t SB3[64] = 0x00020208, 0x00000008, 0x08020008, 0x00020200 }; -static const uint32_t SB4[64] = -{ +static const uint32_t SB4[64] = { 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, @@ -149,8 +145,7 @@ static const uint32_t SB4[64] = 0x00000080, 0x00800000, 0x00002000, 0x00802080 }; -static const uint32_t SB5[64] = -{ +static const uint32_t SB5[64] = { 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, @@ -169,8 +164,7 @@ static const uint32_t SB5[64] = 0x00000000, 0x40080000, 0x02080100, 0x40000100 }; -static const uint32_t SB6[64] = -{ +static const uint32_t SB6[64] = { 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, @@ -189,8 +183,7 @@ static const uint32_t SB6[64] = 0x20404000, 0x20000000, 0x00400010, 0x20004010 }; -static const uint32_t SB7[64] = -{ +static const uint32_t SB7[64] = { 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, @@ -209,8 +202,7 @@ static const uint32_t SB7[64] = 0x04000002, 0x04000800, 0x00000800, 0x00200002 }; -static const uint32_t SB8[64] = -{ +static const uint32_t SB8[64] = { 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, @@ -232,16 +224,14 @@ static const uint32_t SB8[64] = /* * PC1: left and right halves bit-swap */ -static const uint32_t LHs[16] = -{ +static const uint32_t LHs[16] = { 0x00000000, 0x00000001, 0x00000100, 0x00000101, 0x00010000, 0x00010001, 0x00010100, 0x00010101, 0x01000000, 0x01000001, 0x01000100, 0x01000101, 0x01010000, 0x01010001, 0x01010100, 0x01010101 }; -static const uint32_t RHs[16] = -{ +static const uint32_t RHs[16] = { 0x00000000, 0x01000000, 0x00010000, 0x01010000, 0x00000100, 0x01000100, 0x00010100, 0x01010100, 0x00000001, 0x01000001, 0x00010001, 0x01010001, @@ -303,63 +293,58 @@ static const uint32_t RHs[16] = uint32_t t = (a); (a) = (b); (b) = t; t = 0; \ } while( 0 ) -void mbedtls_des_init( mbedtls_des_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_des_context ) ); +void mbedtls_des_init(mbedtls_des_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_des_context)); } -void mbedtls_des_free( mbedtls_des_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_des_free(mbedtls_des_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context)); } -void mbedtls_des3_init( mbedtls_des3_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_des3_context ) ); +void mbedtls_des3_init(mbedtls_des3_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_des3_context)); } -void mbedtls_des3_free( mbedtls_des3_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_des3_free(mbedtls_des3_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context)); } static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8, - 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, - 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, - 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, - 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, - 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, - 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, - 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, - 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, - 254 }; + 11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44, + 47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81, + 82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112, + 115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140, + 143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168, + 171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196, + 199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224, + 227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253, + 254 + }; -void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ) -{ +void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) + for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) key[i] = odd_parity_table[key[i] / 2]; } /* * Check the given key's parity, returns 1 on failure, 0 on SUCCESS */ -int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) -{ +int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ ) - if( key[i] != odd_parity_table[key[i] / 2] ) - return( 1 ); + for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) + if (key[i] != odd_parity_table[key[i] / 2]) + return (1); - return( 0 ); + return (0); } /* @@ -385,8 +370,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI #define WEAK_KEY_COUNT 16 -static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = -{ +static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] = { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }, @@ -406,41 +390,43 @@ static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } }; -int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) -{ +int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - for( i = 0; i < WEAK_KEY_COUNT; i++ ) - if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 ) - return( 1 ); + for (i = 0; i < WEAK_KEY_COUNT; i++) + if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) + return (1); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DES_SETKEY_ALT) -void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) -{ +void mbedtls_des_setkey(uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; uint32_t X, Y, T; - GET_UINT32_BE( X, key, 0 ); - GET_UINT32_BE( Y, key, 4 ); + GET_UINT32_BE(X, key, 0); + GET_UINT32_BE(Y, key, 4); /* * Permuted Choice 1 */ - T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4); - T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T ); + T = ((Y >> 4) ^ X) & 0x0F0F0F0F; + X ^= T; + Y ^= (T << 4); + T = ((Y) ^ X) & 0x10101010; + X ^= T; + Y ^= (T); - X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2) - | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] ) - | (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6) - | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4); + X = (LHs[(X) & 0xF] << 3) | (LHs[(X >> 8) & 0xF ] << 2) + | (LHs[(X >> 16) & 0xF] << 1) | (LHs[(X >> 24) & 0xF ]) + | (LHs[(X >> 5) & 0xF] << 7) | (LHs[(X >> 13) & 0xF ] << 6) + | (LHs[(X >> 21) & 0xF] << 5) | (LHs[(X >> 29) & 0xF ] << 4); - Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2) - | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] ) - | (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6) - | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4); + Y = (RHs[(Y >> 1) & 0xF] << 3) | (RHs[(Y >> 9) & 0xF ] << 2) + | (RHs[(Y >> 17) & 0xF] << 1) | (RHs[(Y >> 25) & 0xF ]) + | (RHs[(Y >> 4) & 0xF] << 7) | (RHs[(Y >> 12) & 0xF ] << 6) + | (RHs[(Y >> 20) & 0xF] << 5) | (RHs[(Y >> 28) & 0xF ] << 4); X &= 0x0FFFFFFF; Y &= 0x0FFFFFFF; @@ -448,32 +434,28 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE /* * calculate subkeys */ - for( i = 0; i < 16; i++ ) - { - if( i < 2 || i == 8 || i == 15 ) - { + for (i = 0; i < 16; i++) { + if (i < 2 || i == 8 || i == 15) { X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF; Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF; - } - else - { + } else { X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF; Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF; } - *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) + *SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000) | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000) | ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000) | ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000) | ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000) | ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000) | ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400) - | ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100) + | ((Y >> 14) & 0x00000200) | ((Y) & 0x00000100) | ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010) | ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004) | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001); - *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) + *SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000) | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000) | ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000) | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000) @@ -481,7 +463,7 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE | ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000) | ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000) | ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400) - | ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100) + | ((Y) & 0x00000200) | ((Y << 7) & 0x00000100) | ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011) | ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002); } @@ -491,42 +473,37 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE /* * DES key schedule (56-bit, encryption) */ -int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) -{ - mbedtls_des_setkey( ctx->sk, key ); +int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { + mbedtls_des_setkey(ctx->sk, key); - return( 0 ); + return (0); } /* * DES key schedule (56-bit, decryption) */ -int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ) -{ +int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]) { int i; - mbedtls_des_setkey( ctx->sk, key ); + mbedtls_des_setkey(ctx->sk, key); - for( i = 0; i < 16; i += 2 ) - { - SWAP( ctx->sk[i ], ctx->sk[30 - i] ); - SWAP( ctx->sk[i + 1], ctx->sk[31 - i] ); + for (i = 0; i < 16; i += 2) { + SWAP(ctx->sk[i ], ctx->sk[30 - i]); + SWAP(ctx->sk[i + 1], ctx->sk[31 - i]); } - return( 0 ); + return (0); } -static void des3_set2key( uint32_t esk[96], - uint32_t dsk[96], - const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] ) -{ +static void des3_set2key(uint32_t esk[96], + uint32_t dsk[96], + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { int i; - mbedtls_des_setkey( esk, key ); - mbedtls_des_setkey( dsk + 32, key + 8 ); + mbedtls_des_setkey(esk, key); + mbedtls_des_setkey(dsk + 32, key + 8); - for( i = 0; i < 32; i += 2 ) - { + for (i = 0; i < 32; i += 2) { dsk[i ] = esk[30 - i]; dsk[i + 1] = esk[31 - i]; @@ -544,43 +521,39 @@ static void des3_set2key( uint32_t esk[96], /* * Triple-DES key schedule (112-bit, encryption) */ -int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) -{ +int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { uint32_t sk[96]; - des3_set2key( ctx->sk, sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set2key(ctx->sk, sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return (0); } /* * Triple-DES key schedule (112-bit, decryption) */ -int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ) -{ +int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]) { uint32_t sk[96]; - des3_set2key( sk, ctx->sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set2key(sk, ctx->sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return (0); } -static void des3_set3key( uint32_t esk[96], - uint32_t dsk[96], - const unsigned char key[24] ) -{ +static void des3_set3key(uint32_t esk[96], + uint32_t dsk[96], + const unsigned char key[24]) { int i; - mbedtls_des_setkey( esk, key ); - mbedtls_des_setkey( dsk + 32, key + 8 ); - mbedtls_des_setkey( esk + 64, key + 16 ); + mbedtls_des_setkey(esk, key); + mbedtls_des_setkey(dsk + 32, key + 8); + mbedtls_des_setkey(esk + 64, key + 16); - for( i = 0; i < 32; i += 2 ) - { + for (i = 0; i < 32; i += 2) { dsk[i ] = esk[94 - i]; dsk[i + 1] = esk[95 - i]; @@ -595,61 +568,57 @@ static void des3_set3key( uint32_t esk[96], /* * Triple-DES key schedule (168-bit, encryption) */ -int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) -{ +int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { uint32_t sk[96]; - des3_set3key( ctx->sk, sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set3key(ctx->sk, sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return (0); } /* * Triple-DES key schedule (168-bit, decryption) */ -int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ) -{ +int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]) { uint32_t sk[96]; - des3_set3key( sk, ctx->sk, key ); - mbedtls_platform_zeroize( sk, sizeof( sk ) ); + des3_set3key(sk, ctx->sk, key); + mbedtls_platform_zeroize(sk, sizeof(sk)); - return( 0 ); + return (0); } /* * DES-ECB block encryption/decryption */ #if !defined(MBEDTLS_DES_CRYPT_ECB_ALT) -int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, - const unsigned char input[8], - unsigned char output[8] ) -{ +int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, + const unsigned char input[8], + unsigned char output[8]) { int i; uint32_t X, Y, T, *SK; SK = ctx->sk; - GET_UINT32_BE( X, input, 0 ); - GET_UINT32_BE( Y, input, 4 ); + GET_UINT32_BE(X, input, 0); + GET_UINT32_BE(Y, input, 4); - DES_IP( X, Y ); + DES_IP(X, Y); - for( i = 0; i < 8; i++ ) - { - DES_ROUND( Y, X ); - DES_ROUND( X, Y ); + for (i = 0; i < 8; i++) { + DES_ROUND(Y, X); + DES_ROUND(X, Y); } - DES_FP( Y, X ); + DES_FP(Y, X); - PUT_UINT32_BE( Y, output, 0 ); - PUT_UINT32_BE( X, output, 4 ); + PUT_UINT32_BE(Y, output, 0); + PUT_UINT32_BE(X, output, 4); - return( 0 ); + return (0); } #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */ @@ -657,45 +626,39 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, /* * DES-CBC buffer encryption/decryption */ -int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[8]; - if( length % 8 ) - return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); + if (length % 8) + return (MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH); - if( mode == MBEDTLS_DES_ENCRYPT ) - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + if (mode == MBEDTLS_DES_ENCRYPT) { + while (length > 0) { + for (i = 0; i < 8; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_des_crypt_ecb( ctx, output, output ); - memcpy( iv, output, 8 ); + mbedtls_des_crypt_ecb(ctx, output, output); + memcpy(iv, output, 8); input += 8; output += 8; length -= 8; } - } - else /* MBEDTLS_DES_DECRYPT */ - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - mbedtls_des_crypt_ecb( ctx, input, output ); + } else { /* MBEDTLS_DES_DECRYPT */ + while (length > 0) { + memcpy(temp, input, 8); + mbedtls_des_crypt_ecb(ctx, input, output); - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 8; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, 8 ); + memcpy(iv, temp, 8); input += 8; output += 8; @@ -703,7 +666,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -711,44 +674,40 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, * 3DES-ECB block encryption/decryption */ #if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT) -int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, - const unsigned char input[8], - unsigned char output[8] ) -{ +int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, + const unsigned char input[8], + unsigned char output[8]) { int i; uint32_t X, Y, T, *SK; SK = ctx->sk; - GET_UINT32_BE( X, input, 0 ); - GET_UINT32_BE( Y, input, 4 ); + GET_UINT32_BE(X, input, 0); + GET_UINT32_BE(Y, input, 4); - DES_IP( X, Y ); + DES_IP(X, Y); - for( i = 0; i < 8; i++ ) - { - DES_ROUND( Y, X ); - DES_ROUND( X, Y ); + for (i = 0; i < 8; i++) { + DES_ROUND(Y, X); + DES_ROUND(X, Y); } - for( i = 0; i < 8; i++ ) - { - DES_ROUND( X, Y ); - DES_ROUND( Y, X ); + for (i = 0; i < 8; i++) { + DES_ROUND(X, Y); + DES_ROUND(Y, X); } - for( i = 0; i < 8; i++ ) - { - DES_ROUND( Y, X ); - DES_ROUND( X, Y ); + for (i = 0; i < 8; i++) { + DES_ROUND(Y, X); + DES_ROUND(X, Y); } - DES_FP( Y, X ); + DES_FP(Y, X); - PUT_UINT32_BE( Y, output, 0 ); - PUT_UINT32_BE( X, output, 4 ); + PUT_UINT32_BE(Y, output, 0); + PUT_UINT32_BE(X, output, 4); - return( 0 ); + return (0); } #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */ @@ -756,45 +715,39 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, /* * 3DES-CBC buffer encryption/decryption */ -int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[8]; - if( length % 8 ) - return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH ); + if (length % 8) + return (MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH); - if( mode == MBEDTLS_DES_ENCRYPT ) - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + if (mode == MBEDTLS_DES_ENCRYPT) { + while (length > 0) { + for (i = 0; i < 8; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_des3_crypt_ecb( ctx, output, output ); - memcpy( iv, output, 8 ); + mbedtls_des3_crypt_ecb(ctx, output, output); + memcpy(iv, output, 8); input += 8; output += 8; length -= 8; } - } - else /* MBEDTLS_DES_DECRYPT */ - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - mbedtls_des3_crypt_ecb( ctx, input, output ); + } else { /* MBEDTLS_DES_DECRYPT */ + while (length > 0) { + memcpy(temp, input, 8); + mbedtls_des3_crypt_ecb(ctx, input, output); - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 8; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, 8 ); + memcpy(iv, temp, 8); input += 8; output += 8; @@ -802,7 +755,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -814,47 +767,40 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, * * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip */ -static const unsigned char des3_test_keys[24] = -{ +static const unsigned char des3_test_keys[24] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 }; -static const unsigned char des3_test_buf[8] = -{ +static const unsigned char des3_test_buf[8] = { 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74 }; -static const unsigned char des3_test_ecb_dec[3][8] = -{ +static const unsigned char des3_test_ecb_dec[3][8] = { { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 }, { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 }, { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D } }; -static const unsigned char des3_test_ecb_enc[3][8] = -{ +static const unsigned char des3_test_ecb_enc[3][8] = { { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB }, { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 }, { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F } }; #if defined(MBEDTLS_CIPHER_MODE_CBC) -static const unsigned char des3_test_iv[8] = -{ +static const unsigned char des3_test_iv[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF, }; -static const unsigned char des3_test_cbc_dec[3][8] = -{ +static const unsigned char des3_test_cbc_dec[3][8] = { { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A }, { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 }, { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF } }; -static const unsigned char des3_test_cbc_enc[3][8] = -{ +static const unsigned char des3_test_cbc_enc[3][8] = { { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D }, { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 }, { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 } @@ -864,8 +810,7 @@ static const unsigned char des3_test_cbc_enc[3][8] = /* * Checkup routine */ -int mbedtls_des_self_test( int verbose ) -{ +int mbedtls_des_self_test(int verbose) { int i, j, u, v, ret = 0; mbedtls_des_context ctx; mbedtls_des3_context ctx3; @@ -875,182 +820,170 @@ int mbedtls_des_self_test( int verbose ) unsigned char iv[8]; #endif - mbedtls_des_init( &ctx ); - mbedtls_des3_init( &ctx3 ); + mbedtls_des_init(&ctx); + mbedtls_des3_init(&ctx3); /* * ECB mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; v = i & 1; - if( verbose != 0 ) - mbedtls_printf( " DES%c-ECB-%3d (%s): ", - ( u == 0 ) ? ' ' : '3', 56 + u * 56, - ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" DES%c-ECB-%3d (%s): ", + (u == 0) ? ' ' : '3', 56 + u * 56, + (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); - memcpy( buf, des3_test_buf, 8 ); + memcpy(buf, des3_test_buf, 8); - switch( i ) - { - case 0: - mbedtls_des_setkey_dec( &ctx, des3_test_keys ); - break; + switch (i) { + case 0: + mbedtls_des_setkey_dec(&ctx, des3_test_keys); + break; - case 1: - mbedtls_des_setkey_enc( &ctx, des3_test_keys ); - break; + case 1: + mbedtls_des_setkey_enc(&ctx, des3_test_keys); + break; - case 2: - mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); - break; + case 2: + mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); + break; - case 3: - mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); - break; + case 3: + mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); + break; - case 4: - mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); - break; + case 4: + mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); + break; - case 5: - mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); - break; + case 5: + mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); + break; - default: - return( 1 ); + default: + return (1); } - for( j = 0; j < 100; j++ ) - { - if( u == 0 ) - mbedtls_des_crypt_ecb( &ctx, buf, buf ); + for (j = 0; j < 100; j++) { + if (u == 0) + mbedtls_des_crypt_ecb(&ctx, buf, buf); else - mbedtls_des3_crypt_ecb( &ctx3, buf, buf ); + mbedtls_des3_crypt_ecb(&ctx3, buf, buf); } - if( ( v == MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) || - ( v != MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((v == MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_ecb_dec[u], 8) != 0) || + (v != MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * CBC mode */ - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { u = i >> 1; v = i & 1; - if( verbose != 0 ) - mbedtls_printf( " DES%c-CBC-%3d (%s): ", - ( u == 0 ) ? ' ' : '3', 56 + u * 56, - ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" ); + if (verbose != 0) + mbedtls_printf(" DES%c-CBC-%3d (%s): ", + (u == 0) ? ' ' : '3', 56 + u * 56, + (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc"); - memcpy( iv, des3_test_iv, 8 ); - memcpy( prv, des3_test_iv, 8 ); - memcpy( buf, des3_test_buf, 8 ); + memcpy(iv, des3_test_iv, 8); + memcpy(prv, des3_test_iv, 8); + memcpy(buf, des3_test_buf, 8); - switch( i ) - { - case 0: - mbedtls_des_setkey_dec( &ctx, des3_test_keys ); - break; + switch (i) { + case 0: + mbedtls_des_setkey_dec(&ctx, des3_test_keys); + break; - case 1: - mbedtls_des_setkey_enc( &ctx, des3_test_keys ); - break; + case 1: + mbedtls_des_setkey_enc(&ctx, des3_test_keys); + break; - case 2: - mbedtls_des3_set2key_dec( &ctx3, des3_test_keys ); - break; + case 2: + mbedtls_des3_set2key_dec(&ctx3, des3_test_keys); + break; - case 3: - mbedtls_des3_set2key_enc( &ctx3, des3_test_keys ); - break; + case 3: + mbedtls_des3_set2key_enc(&ctx3, des3_test_keys); + break; - case 4: - mbedtls_des3_set3key_dec( &ctx3, des3_test_keys ); - break; + case 4: + mbedtls_des3_set3key_dec(&ctx3, des3_test_keys); + break; - case 5: - mbedtls_des3_set3key_enc( &ctx3, des3_test_keys ); - break; + case 5: + mbedtls_des3_set3key_enc(&ctx3, des3_test_keys); + break; - default: - return( 1 ); + default: + return (1); } - if( v == MBEDTLS_DES_DECRYPT ) - { - for( j = 0; j < 100; j++ ) - { - if( u == 0 ) - mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); + if (v == MBEDTLS_DES_DECRYPT) { + for (j = 0; j < 100; j++) { + if (u == 0) + mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf); else - mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf); } - } - else - { - for( j = 0; j < 100; j++ ) - { + } else { + for (j = 0; j < 100; j++) { unsigned char tmp[8]; - if( u == 0 ) - mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf ); + if (u == 0) + mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf); else - mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf ); + mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf); - memcpy( tmp, prv, 8 ); - memcpy( prv, buf, 8 ); - memcpy( buf, tmp, 8 ); + memcpy(tmp, prv, 8); + memcpy(prv, buf, 8); + memcpy(buf, tmp, 8); } - memcpy( buf, prv, 8 ); + memcpy(buf, prv, 8); } - if( ( v == MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) || - ( v != MBEDTLS_DES_DECRYPT && - memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((v == MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_cbc_dec[u], 8) != 0) || + (v != MBEDTLS_DES_DECRYPT && + memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); exit: - mbedtls_des_free( &ctx ); - mbedtls_des3_free( &ctx3 ); + mbedtls_des_free(&ctx); + mbedtls_des3_free(&ctx3); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/des.h b/common/mbedtls/des.h index 549d19b4e..21876ba8c 100644 --- a/common/mbedtls/des.h +++ b/common/mbedtls/des.h @@ -61,8 +61,7 @@ extern "C" { * security risk. We recommend considering stronger ciphers * instead. */ -typedef struct mbedtls_des_context -{ +typedef struct mbedtls_des_context { uint32_t sk[32]; /*!< DES subkeys */ } mbedtls_des_context; @@ -70,8 +69,7 @@ mbedtls_des_context; /** * \brief Triple-DES context structure */ -typedef struct mbedtls_des3_context -{ +typedef struct mbedtls_des3_context { uint32_t sk[96]; /*!< 3DES subkeys */ } mbedtls_des3_context; @@ -89,7 +87,7 @@ mbedtls_des3_context; * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_init( mbedtls_des_context *ctx ); +void mbedtls_des_init(mbedtls_des_context *ctx); /** * \brief Clear DES context @@ -100,21 +98,21 @@ void mbedtls_des_init( mbedtls_des_context *ctx ); * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_free( mbedtls_des_context *ctx ); +void mbedtls_des_free(mbedtls_des_context *ctx); /** * \brief Initialize Triple-DES context * * \param ctx DES3 context to be initialized */ -void mbedtls_des3_init( mbedtls_des3_context *ctx ); +void mbedtls_des3_init(mbedtls_des3_context *ctx); /** * \brief Clear Triple-DES context * * \param ctx DES3 context to be cleared */ -void mbedtls_des3_free( mbedtls_des3_context *ctx ); +void mbedtls_des3_free(mbedtls_des3_context *ctx); /** * \brief Set key parity on the given key to odd. @@ -128,7 +126,7 @@ void mbedtls_des3_free( mbedtls_des3_context *ctx ); * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief Check that key parity on the given key is odd. @@ -144,7 +142,7 @@ void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * security risk. We recommend considering stronger ciphers * instead. */ -int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_key_check_key_parity(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief Check that key is not a weak or semi-weak DES key @@ -157,7 +155,7 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI * security risk. We recommend considering stronger ciphers * instead. */ -int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief DES key schedule (56-bit, encryption) @@ -171,7 +169,7 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); * security risk. We recommend considering stronger ciphers * instead. */ -int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_setkey_enc(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief DES key schedule (56-bit, decryption) @@ -185,7 +183,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB * security risk. We recommend considering stronger ciphers * instead. */ -int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +int mbedtls_des_setkey_dec(mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE]); /** * \brief Triple-DES key schedule (112-bit, encryption) @@ -195,8 +193,8 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB * * \return 0 */ -int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); +int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); /** * \brief Triple-DES key schedule (112-bit, decryption) @@ -206,8 +204,8 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx, * * \return 0 */ -int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] ); +int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]); /** * \brief Triple-DES key schedule (168-bit, encryption) @@ -217,8 +215,8 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx, * * \return 0 */ -int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); +int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); /** * \brief Triple-DES key schedule (168-bit, decryption) @@ -228,8 +226,8 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx, * * \return 0 */ -int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, - const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] ); +int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx, + const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]); /** * \brief DES-ECB block encryption/decryption @@ -244,9 +242,9 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx, * security risk. We recommend considering stronger ciphers * instead. */ -int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); +int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx, + const unsigned char input[8], + unsigned char output[8]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -271,12 +269,12 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx, * security risk. We recommend considering stronger ciphers * instead. */ -int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ); +int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ /** @@ -288,9 +286,9 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, * * \return 0 if successful */ -int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); +int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx, + const unsigned char input[8], + unsigned char output[8]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -313,12 +311,12 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, * * \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH */ -int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output ); +int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ /** @@ -333,8 +331,8 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, * security risk. We recommend considering stronger ciphers * instead. */ -void mbedtls_des_setkey( uint32_t SK[32], - const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); +void mbedtls_des_setkey(uint32_t SK[32], + const unsigned char key[MBEDTLS_DES_KEY_SIZE]); #if defined(MBEDTLS_SELF_TEST) @@ -343,7 +341,7 @@ void mbedtls_des_setkey( uint32_t SK[32], * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_des_self_test( int verbose ); +int mbedtls_des_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/dhm.c b/common/mbedtls/dhm.c index f79681231..f823f455b 100644 --- a/common/mbedtls/dhm.c +++ b/common/mbedtls/dhm.c @@ -63,27 +63,26 @@ /* * helper to validate the mbedtls_mpi size and import it */ -static int dhm_read_bignum( mbedtls_mpi *X, - unsigned char **p, - const unsigned char *end ) -{ +static int dhm_read_bignum(mbedtls_mpi *X, + unsigned char **p, + const unsigned char *end) { int ret, n; - if( end - *p < 2 ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (end - *p < 2) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = ((*p)[0] << 8) | (*p)[1]; (*p) += 2; - if( (int)( end - *p ) < n ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if ((int)(end - *p) < n) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); - if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 ) - return( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret ); + if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) + return (MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret); (*p) += n; - return( 0 ); + return (0); } /* @@ -98,100 +97,95 @@ static int dhm_read_bignum( mbedtls_mpi *X, * http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643 */ -static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P ) -{ +static int dhm_check_range(const mbedtls_mpi *param, const mbedtls_mpi *P) { mbedtls_mpi L, U; int ret = 0; - mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U ); + mbedtls_mpi_init(&L); + mbedtls_mpi_init(&U); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&L, 2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2)); - if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 || - mbedtls_mpi_cmp_mpi( param, &U ) > 0 ) - { + if (mbedtls_mpi_cmp_mpi(param, &L) < 0 || + mbedtls_mpi_cmp_mpi(param, &U) > 0) { ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA; } cleanup: - mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U ); - return( ret ); + mbedtls_mpi_free(&L); + mbedtls_mpi_free(&U); + return (ret); } -void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) -{ - DHM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); +void mbedtls_dhm_init(mbedtls_dhm_context *ctx) { + DHM_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_dhm_context)); } /* * Parse the ServerKeyExchange parameters */ -int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end ) -{ +int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx, + unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( p != NULL && *p != NULL ); - DHM_VALIDATE_RET( end != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(p != NULL && *p != NULL); + DHM_VALIDATE_RET(end != NULL); - if( ( ret = dhm_read_bignum( &ctx->P, p, end ) ) != 0 || - ( ret = dhm_read_bignum( &ctx->G, p, end ) ) != 0 || - ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 ) - return( ret ); + if ((ret = dhm_read_bignum(&ctx->P, p, end)) != 0 || + (ret = dhm_read_bignum(&ctx->G, p, end)) != 0 || + (ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) + return (ret); - if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) + return (ret); - ctx->len = mbedtls_mpi_size( &ctx->P ); + ctx->len = mbedtls_mpi_size(&ctx->P); - return( 0 ); + return (0); } /* * Setup and write the ServerKeyExchange parameters */ -int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret, count = 0; size_t n1, n2, n3; unsigned char *p; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( olen != NULL ); - DHM_VALIDATE_RET( f_rng != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(output != NULL); + DHM_VALIDATE_RET(olen != NULL); + DHM_VALIDATE_RET(f_rng != NULL); - if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); /* * Generate X as large as possible ( < P ) */ - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng)); - while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); + while (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->P) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&ctx->X, 1)); - if( count++ > 10 ) - return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED ); - } - while( dhm_check_range( &ctx->X, &ctx->P ) != 0 ); + if (count++ > 10) + return (MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED); + } while (dhm_check_range(&ctx->X, &ctx->P) != 0); /* * Calculate GX = G^X mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X, - &ctx->P , &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X, + &ctx->P, &ctx->RP)); - if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) + return (ret); /* * export P, G, GX @@ -206,14 +200,14 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, p += ( n ); \ } while( 0 ) - n1 = mbedtls_mpi_size( &ctx->P ); - n2 = mbedtls_mpi_size( &ctx->G ); - n3 = mbedtls_mpi_size( &ctx->GX ); + n1 = mbedtls_mpi_size(&ctx->P); + n2 = mbedtls_mpi_size(&ctx->G); + n3 = mbedtls_mpi_size(&ctx->GX); p = output; - DHM_MPI_EXPORT( &ctx->P , n1 ); - DHM_MPI_EXPORT( &ctx->G , n2 ); - DHM_MPI_EXPORT( &ctx->GX, n3 ); + DHM_MPI_EXPORT(&ctx->P, n1); + DHM_MPI_EXPORT(&ctx->G, n2); + DHM_MPI_EXPORT(&ctx->GX, n3); *olen = p - output; @@ -221,126 +215,117 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, cleanup: - if( ret != 0 ) - return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret ); + if (ret != 0) + return (MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret); - return( 0 ); + return (0); } /* * Set prime modulus and generator */ -int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, - const mbedtls_mpi *P, - const mbedtls_mpi *G ) -{ +int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx, + const mbedtls_mpi *P, + const mbedtls_mpi *G) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( P != NULL ); - DHM_VALIDATE_RET( G != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(P != NULL); + DHM_VALIDATE_RET(G != NULL); - if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) - { - return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret ); + if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 || + (ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) { + return (MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret); } - ctx->len = mbedtls_mpi_size( &ctx->P ); - return( 0 ); + ctx->len = mbedtls_mpi_size(&ctx->P); + return (0); } /* * Import the peer's public value G^Y */ -int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, - const unsigned char *input, size_t ilen ) -{ +int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx, + const unsigned char *input, size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( input != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(input != NULL); - if( ilen < 1 || ilen > ctx->len ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (ilen < 1 || ilen > ctx->len) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); - if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) - return( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret ); + if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) + return (MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret); - return( 0 ); + return (0); } /* * Create own private value X and export G^X */ -int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret, count = 0; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( f_rng != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(output != NULL); + DHM_VALIDATE_RET(f_rng != NULL); - if( olen < 1 || olen > ctx->len ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (olen < 1 || olen > ctx->len) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); - if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); /* * generate X and calculate GX = G^X mod P */ - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng)); - while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); + while (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->P) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&ctx->X, 1)); - if( count++ > 10 ) - return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED ); - } - while( dhm_check_range( &ctx->X, &ctx->P ) != 0 ); + if (count++ > 10) + return (MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED); + } while (dhm_check_range(&ctx->X, &ctx->P) != 0); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X, - &ctx->P , &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X, + &ctx->P, &ctx->RP)); - if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) + return (ret); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen)); cleanup: - if( ret != 0 ) - return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret ); + if (ret != 0) + return (MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret); - return( 0 ); + return (0); } /* * Pick a random R in the range [2, M) for blinding purposes */ -static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int dhm_random_below(mbedtls_mpi *R, const mbedtls_mpi *M, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret, count; count = 0; - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(R, mbedtls_mpi_size(M), f_rng, p_rng)); - while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) ); + while (mbedtls_mpi_cmp_mpi(R, M) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(R, 1)); - if( count++ > 10 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); - } - while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 ); + if (count++ > 10) + return (MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); + } while (mbedtls_mpi_cmp_int(R, 1) <= 0); cleanup: - return( ret ); + return (ret); } @@ -350,40 +335,37 @@ cleanup: * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer * Berlin Heidelberg, 1996. p. 104-113. */ -static int dhm_update_blinding( mbedtls_dhm_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int dhm_update_blinding(mbedtls_dhm_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret; mbedtls_mpi R; - mbedtls_mpi_init( &R ); + mbedtls_mpi_init(&R); /* * Don't use any blinding the first time a particular X is used, * but remember it to use blinding next time. */ - if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) ); + if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1)); - return( 0 ); + return (0); } /* * Ok, we need blinding. Can we re-use existing values? * If yes, just update them by squaring them. */ - if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) ); + if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P)); - return( 0 ); + return (0); } /* @@ -391,111 +373,105 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, */ /* Vi = random( 2, P-1 ) */ - MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(dhm_random_below(&ctx->Vi, &ctx->P, f_rng, p_rng)); /* Vf = Vi^-X mod P * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod), * then elevate to the Xth power. */ - MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) ); + MBEDTLS_MPI_CHK(dhm_random_below(&R, &ctx->P, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vi, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->Vf, &ctx->Vf, &ctx->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P)); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP)); cleanup: - mbedtls_mpi_free( &R ); + mbedtls_mpi_free(&R); - return( ret ); + return (ret); } /* * Derive and export the shared secret (G^Y)^X mod P */ -int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, - unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, + unsigned char *output, size_t output_size, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GYb; - DHM_VALIDATE_RET( ctx != NULL ); - DHM_VALIDATE_RET( output != NULL ); - DHM_VALIDATE_RET( olen != NULL ); + DHM_VALIDATE_RET(ctx != NULL); + DHM_VALIDATE_RET(output != NULL); + DHM_VALIDATE_RET(olen != NULL); - if( output_size < ctx->len ) - return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if (output_size < ctx->len) + return (MBEDTLS_ERR_DHM_BAD_INPUT_DATA); - if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) - return( ret ); + if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) + return (ret); - mbedtls_mpi_init( &GYb ); + mbedtls_mpi_init(&GYb); /* Blind peer's value */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) ); - } - else - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) ); + if (f_rng != NULL) { + MBEDTLS_MPI_CHK(dhm_update_blinding(ctx, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&GYb, &ctx->GY, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&GYb, &GYb, &ctx->P)); + } else + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&GYb, &ctx->GY)); /* Do modular exponentiation */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X, - &ctx->P, &ctx->RP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->K, &GYb, &ctx->X, + &ctx->P, &ctx->RP)); /* Unblind secret value */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) ); + if (f_rng != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->K, &ctx->K, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->K, &ctx->K, &ctx->P)); } - *olen = mbedtls_mpi_size( &ctx->K ); + *olen = mbedtls_mpi_size(&ctx->K); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->K, output, *olen)); cleanup: - mbedtls_mpi_free( &GYb ); + mbedtls_mpi_free(&GYb); - if( ret != 0 ) - return( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret ); + if (ret != 0) + return (MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret); - return( 0 ); + return (0); } /* * Free the components of a DHM key */ -void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_dhm_free(mbedtls_dhm_context *ctx) { + if (ctx == NULL) return; - mbedtls_mpi_free( &ctx->pX ); - mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->Vi ); - mbedtls_mpi_free( &ctx->RP ); - mbedtls_mpi_free( &ctx->K ); - mbedtls_mpi_free( &ctx->GY ); - mbedtls_mpi_free( &ctx->GX ); - mbedtls_mpi_free( &ctx->X ); - mbedtls_mpi_free( &ctx->G ); - mbedtls_mpi_free( &ctx->P ); + mbedtls_mpi_free(&ctx->pX); + mbedtls_mpi_free(&ctx->Vf); + mbedtls_mpi_free(&ctx->Vi); + mbedtls_mpi_free(&ctx->RP); + mbedtls_mpi_free(&ctx->K); + mbedtls_mpi_free(&ctx->GY); + mbedtls_mpi_free(&ctx->GX); + mbedtls_mpi_free(&ctx->X); + mbedtls_mpi_free(&ctx->G); + mbedtls_mpi_free(&ctx->P); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_dhm_context)); } #if defined(MBEDTLS_ASN1_PARSE_C) /* * Parse DHM parameters */ -int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, - size_t dhminlen ) -{ +int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin, + size_t dhminlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end; @@ -503,32 +479,30 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, mbedtls_pem_context pem; #endif /* MBEDTLS_PEM_PARSE_C */ - DHM_VALIDATE_RET( dhm != NULL ); - DHM_VALIDATE_RET( dhmin != NULL ); + DHM_VALIDATE_RET(dhm != NULL); + DHM_VALIDATE_RET(dhmin != NULL); #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' ) + if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN DH PARAMETERS-----", - "-----END DH PARAMETERS-----", - dhmin, NULL, 0, &dhminlen ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN DH PARAMETERS-----", + "-----END DH PARAMETERS-----", + dhmin, NULL, 0, &dhminlen); - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded */ dhminlen = pem.buflen; - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) goto exit; - p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin; + p = (ret == 0) ? pem.buf : (unsigned char *) dhmin; #else p = (unsigned char *) dhmin; #endif /* MBEDTLS_PEM_PARSE_C */ @@ -541,55 +515,50 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * privateValueLength INTEGER OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; goto exit; } end = p + len; - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 ) - { + if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 || + (ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) { ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; goto exit; } - if( p != end ) - { + if (p != end) { /* This might be the optional privateValueLength. * If so, we can cleanly discard it */ mbedtls_mpi rec; - mbedtls_mpi_init( &rec ); - ret = mbedtls_asn1_get_mpi( &p, end, &rec ); - mbedtls_mpi_free( &rec ); - if ( ret != 0 ) - { + mbedtls_mpi_init(&rec); + ret = mbedtls_asn1_get_mpi(&p, end, &rec); + mbedtls_mpi_free(&rec); + if (ret != 0) { ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; goto exit; } - if ( p != end ) - { + if (p != end) { ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; goto exit; } } ret = 0; - dhm->len = mbedtls_mpi_size( &dhm->P ); + dhm->len = mbedtls_mpi_size(&dhm->P); exit: #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); #endif - if( ret != 0 ) - mbedtls_dhm_free( dhm ); + if (ret != 0) + mbedtls_dhm_free(dhm); - return( ret ); + return (ret); } #if defined(MBEDTLS_FS_IO) @@ -600,71 +569,66 @@ exit: * A terminating null byte is always appended. It is included in the announced * length only if the data looks like it is PEM encoded. */ -static int load_file( const char *path, unsigned char **buf, size_t *n ) -{ +static int load_file(const char *path, unsigned char **buf, size_t *n) { FILE *f; long size; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) + return (MBEDTLS_ERR_DHM_FILE_IO_ERROR); - fseek( f, 0, SEEK_END ); - if( ( size = ftell( f ) ) == -1 ) - { - fclose( f ); - return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return (MBEDTLS_ERR_DHM_FILE_IO_ERROR); } - fseek( f, 0, SEEK_SET ); + fseek(f, 0, SEEK_SET); *n = (size_t) size; - if( *n + 1 == 0 || - ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) - { - fclose( f ); - return( MBEDTLS_ERR_DHM_ALLOC_FAILED ); + if (*n + 1 == 0 || + (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { + fclose(f); + return (MBEDTLS_ERR_DHM_ALLOC_FAILED); } - if( fread( *buf, 1, *n, f ) != *n ) - { - fclose( f ); + if (fread(*buf, 1, *n, f) != *n) { + fclose(f); - mbedtls_platform_zeroize( *buf, *n + 1 ); - mbedtls_free( *buf ); + mbedtls_platform_zeroize(*buf, *n + 1); + mbedtls_free(*buf); - return( MBEDTLS_ERR_DHM_FILE_IO_ERROR ); + return (MBEDTLS_ERR_DHM_FILE_IO_ERROR); } - fclose( f ); + fclose(f); (*buf)[*n] = '\0'; - if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) + if (strstr((const char *) *buf, "-----BEGIN ") != NULL) ++*n; - return( 0 ); + return (0); } /* * Load and parse DHM parameters */ -int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) -{ +int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - DHM_VALIDATE_RET( dhm != NULL ); - DHM_VALIDATE_RET( path != NULL ); + DHM_VALIDATE_RET(dhm != NULL); + DHM_VALIDATE_RET(path != NULL); - if( ( ret = load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = load_file(path, &buf, &n)) != 0) + return (ret); - ret = mbedtls_dhm_parse_dhm( dhm, buf, n ); + ret = mbedtls_dhm_parse_dhm(dhm, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -674,60 +638,59 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) #if defined(MBEDTLS_PEM_PARSE_C) static const char mbedtls_test_dhm_params[] = -"-----BEGIN DH PARAMETERS-----\r\n" -"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n" -"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n" -"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n" -"-----END DH PARAMETERS-----\r\n"; + "-----BEGIN DH PARAMETERS-----\r\n" + "MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n" + "1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n" + "9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n" + "-----END DH PARAMETERS-----\r\n"; #else /* MBEDTLS_PEM_PARSE_C */ static const char mbedtls_test_dhm_params[] = { - 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44, - 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d, - 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3, - 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1, - 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18, - 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a, - 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1, - 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6, - 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64, - 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8, - 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f, - 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 }; + 0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44, + 0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d, + 0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3, + 0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1, + 0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18, + 0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a, + 0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1, + 0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6, + 0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64, + 0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8, + 0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f, + 0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 +}; #endif /* MBEDTLS_PEM_PARSE_C */ -static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params ); +static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params); /* * Checkup routine */ -int mbedtls_dhm_self_test( int verbose ) -{ +int mbedtls_dhm_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_dhm_context dhm; - mbedtls_dhm_init( &dhm ); + mbedtls_dhm_init(&dhm); - if( verbose != 0 ) - mbedtls_printf( " DHM parameter load: " ); + if (verbose != 0) + mbedtls_printf(" DHM parameter load: "); - if( ( ret = mbedtls_dhm_parse_dhm( &dhm, - (const unsigned char *) mbedtls_test_dhm_params, - mbedtls_test_dhm_params_len ) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if ((ret = mbedtls_dhm_parse_dhm(&dhm, + (const unsigned char *) mbedtls_test_dhm_params, + mbedtls_test_dhm_params_len)) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n\n" ); + if (verbose != 0) + mbedtls_printf("passed\n\n"); exit: - mbedtls_dhm_free( &dhm ); + mbedtls_dhm_free(&dhm); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/dhm.h b/common/mbedtls/dhm.h index c7830b9ee..327176859 100644 --- a/common/mbedtls/dhm.h +++ b/common/mbedtls/dhm.h @@ -97,8 +97,7 @@ extern "C" { /** * \brief The DHM context structure. */ -typedef struct mbedtls_dhm_context -{ +typedef struct mbedtls_dhm_context { size_t len; /*!< The size of \p P in Bytes. */ mbedtls_mpi P; /*!< The prime modulus. */ mbedtls_mpi G; /*!< The generator. */ @@ -122,7 +121,7 @@ mbedtls_dhm_context; * * \param ctx The DHM context to initialize. */ -void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); +void mbedtls_dhm_init(mbedtls_dhm_context *ctx); /** * \brief This function parses the DHM parameters in a @@ -146,9 +145,9 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, - unsigned char **p, - const unsigned char *end ); +int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx, + unsigned char **p, + const unsigned char *end); /** * \brief This function generates a DHM key pair and exports its @@ -182,10 +181,10 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function sets the prime modulus and generator. @@ -202,9 +201,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, - const mbedtls_mpi *P, - const mbedtls_mpi *G ); +int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx, + const mbedtls_mpi *P, + const mbedtls_mpi *G); /** * \brief This function imports the raw public value of the peer. @@ -222,8 +221,8 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, - const unsigned char *input, size_t ilen ); +int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx, + const unsigned char *input, size_t ilen); /** * \brief This function creates a DHM key pair and exports @@ -249,10 +248,10 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, - unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, + unsigned char *output, size_t olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function derives and exports the shared secret @@ -280,10 +279,10 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. */ -int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, - unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, + unsigned char *output, size_t output_size, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function frees and clears the components @@ -293,7 +292,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, * in which case this function is a no-op. If it is not \c NULL, * it must point to an initialized DHM context. */ -void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); +void mbedtls_dhm_free(mbedtls_dhm_context *ctx); #if defined(MBEDTLS_ASN1_PARSE_C) /** @@ -310,8 +309,8 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ); * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error * code on failure. */ -int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, - size_t dhminlen ); +int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm, const unsigned char *dhmin, + size_t dhminlen); #if defined(MBEDTLS_FS_IO) /** @@ -326,7 +325,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, * \return An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX * error code on failure. */ -int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); +int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -338,7 +337,7 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_dhm_self_test( int verbose ); +int mbedtls_dhm_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/common/mbedtls/ecdh.c b/common/mbedtls/ecdh.c index 9dfa86806..71c8f1aa2 100644 --- a/common/mbedtls/ecdh.c +++ b/common/mbedtls/ecdh.c @@ -45,20 +45,18 @@ typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; #endif static mbedtls_ecp_group_id mbedtls_ecdh_grp_id( - const mbedtls_ecdh_context *ctx ) -{ + const mbedtls_ecdh_context *ctx) { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ctx->grp.id ); + return (ctx->grp.id); #else - return( ctx->grp_id ); + return (ctx->grp_id); #endif } -int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) -{ +int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid) { /* At this time, all groups support ECDH. */ (void) gid; - return( 1 ); + return (1); } #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) @@ -69,39 +67,37 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) * the output parameter 'd' across continuation calls. This would not be * acceptable for a public function but is OK here as we control call sites. */ -static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int ecdh_gen_public_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* If multiplication is in progress, we already generated a privkey */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + if (rs_ctx == NULL || rs_ctx->rsm == NULL) #endif - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G, - f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G, + f_rng, p_rng, rs_ctx)); cleanup: - return( ret ); + return (ret); } /* * Generate public key */ -int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - ECDH_VALIDATE_RET( grp != NULL ); - ECDH_VALIDATE_RET( d != NULL ); - ECDH_VALIDATE_RET( Q != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); - return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) ); +int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { + ECDH_VALIDATE_RET(grp != NULL); + ECDH_VALIDATE_RET(d != NULL); + ECDH_VALIDATE_RET(Q != NULL); + ECDH_VALIDATE_RET(f_rng != NULL); + return (ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL)); } #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */ @@ -109,79 +105,74 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp /* * Compute shared secret (SEC1 3.3.1) */ -static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int ecdh_compute_shared_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point P; - mbedtls_ecp_point_init( &P ); + mbedtls_ecp_point_init(&P); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q, - f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q, + f_rng, p_rng, rs_ctx)); - if( mbedtls_ecp_is_zero( &P ) ) - { + if (mbedtls_ecp_is_zero(&P)) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(z, &P.X)); cleanup: - mbedtls_ecp_point_free( &P ); + mbedtls_ecp_point_free(&P); - return( ret ); + return (ret); } /* * Compute shared secret (SEC1 3.3.1) */ -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - ECDH_VALIDATE_RET( grp != NULL ); - ECDH_VALIDATE_RET( Q != NULL ); - ECDH_VALIDATE_RET( d != NULL ); - ECDH_VALIDATE_RET( z != NULL ); - return( ecdh_compute_shared_restartable( grp, z, Q, d, - f_rng, p_rng, NULL ) ); +int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { + ECDH_VALIDATE_RET(grp != NULL); + ECDH_VALIDATE_RET(Q != NULL); + ECDH_VALIDATE_RET(d != NULL); + ECDH_VALIDATE_RET(z != NULL); + return (ecdh_compute_shared_restartable(grp, z, Q, d, + f_rng, p_rng, NULL)); } #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ -static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx ) -{ - mbedtls_ecp_group_init( &ctx->grp ); - mbedtls_mpi_init( &ctx->d ); - mbedtls_ecp_point_init( &ctx->Q ); - mbedtls_ecp_point_init( &ctx->Qp ); - mbedtls_mpi_init( &ctx->z ); +static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx) { + mbedtls_ecp_group_init(&ctx->grp); + mbedtls_mpi_init(&ctx->d); + mbedtls_ecp_point_init(&ctx->Q); + mbedtls_ecp_point_init(&ctx->Qp); + mbedtls_mpi_init(&ctx->z); #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_init( &ctx->rs ); + mbedtls_ecp_restart_init(&ctx->rs); #endif } /* * Initialize context */ -void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) -{ - ECDH_VALIDATE( ctx != NULL ); +void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx) { + ECDH_VALIDATE(ctx != NULL); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - ecdh_init_internal( ctx ); - mbedtls_ecp_point_init( &ctx->Vi ); - mbedtls_ecp_point_init( &ctx->Vf ); - mbedtls_mpi_init( &ctx->_d ); + ecdh_init_internal(ctx); + mbedtls_ecp_point_init(&ctx->Vi); + mbedtls_ecp_point_init(&ctx->Vf); + mbedtls_mpi_init(&ctx->_d); #else - memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + memset(ctx, 0, sizeof(mbedtls_ecdh_context)); ctx->var = MBEDTLS_ECDH_VARIANT_NONE; #endif @@ -191,59 +182,54 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) #endif } -static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, - mbedtls_ecp_group_id grp_id ) -{ +static int ecdh_setup_internal(mbedtls_ecdh_context_mbed *ctx, + mbedtls_ecp_group_id grp_id) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); - if( ret != 0 ) - { - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + ret = mbedtls_ecp_group_load(&ctx->grp, grp_id); + if (ret != 0) { + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); } - return( 0 ); + return (0); } /* * Setup context */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id ) -{ - ECDH_VALIDATE_RET( ctx != NULL ); +int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id) { + ECDH_VALIDATE_RET(ctx != NULL); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_setup_internal( ctx, grp_id ) ); + return (ecdh_setup_internal(ctx, grp_id)); #else - switch( grp_id ) - { + switch (grp_id) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; ctx->grp_id = grp_id; - return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) ); + return (mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id)); #endif default: ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; ctx->grp_id = grp_id; - ecdh_init_internal( &ctx->ctx.mbed_ecdh ); - return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) ); + ecdh_init_internal(&ctx->ctx.mbed_ecdh); + return (ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id)); } #endif } -static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) -{ - mbedtls_ecp_group_free( &ctx->grp ); - mbedtls_mpi_free( &ctx->d ); - mbedtls_ecp_point_free( &ctx->Q ); - mbedtls_ecp_point_free( &ctx->Qp ); - mbedtls_mpi_free( &ctx->z ); +static void ecdh_free_internal(mbedtls_ecdh_context_mbed *ctx) { + mbedtls_ecp_group_free(&ctx->grp); + mbedtls_mpi_free(&ctx->d); + mbedtls_ecp_point_free(&ctx->Q); + mbedtls_ecp_point_free(&ctx->Qp); + mbedtls_mpi_free(&ctx->z); #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_free( &ctx->rs ); + mbedtls_ecp_restart_free(&ctx->rs); #endif } @@ -251,9 +237,8 @@ static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx ) /* * Enable restartable operations for context */ -void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) -{ - ECDH_VALIDATE( ctx != NULL ); +void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx) { + ECDH_VALIDATE(ctx != NULL); ctx->restart_enabled = 1; } @@ -262,26 +247,24 @@ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ) /* * Free context */ -void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx) { + if (ctx == NULL) return; #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_ecp_point_free( &ctx->Vi ); - mbedtls_ecp_point_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->_d ); - ecdh_free_internal( ctx ); + mbedtls_ecp_point_free(&ctx->Vi); + mbedtls_ecp_point_free(&ctx->Vf); + mbedtls_mpi_free(&ctx->_d); + ecdh_free_internal(ctx); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - mbedtls_everest_free( &ctx->ctx.everest_ecdh ); + mbedtls_everest_free(&ctx->ctx.everest_ecdh); break; #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - ecdh_free_internal( &ctx->ctx.mbed_ecdh ); + ecdh_free_internal(&ctx->ctx.mbed_ecdh); break; default: break; @@ -293,26 +276,25 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ) #endif } -static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng, - int restart_enabled ) -{ +static int ecdh_make_params_internal(mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t grp_len, pt_len; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx->grp.pbits == 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx->grp.pbits == 0) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) + if (restart_enabled) rs_ctx = &ctx->rs; #else (void) restart_enabled; @@ -320,28 +302,28 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) - return( ret ); + if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx)) != 0) + return (ret); #else - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng)) != 0) + return (ret); #endif /* MBEDTLS_ECP_RESTARTABLE */ - if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf, - blen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf, + blen)) != 0) + return (ret); buf += grp_len; blen -= grp_len; - if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, - &pt_len, buf, blen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, + &pt_len, buf, blen)) != 0) + return (ret); *olen = grp_len + pt_len; - return( 0 ); + return (0); } /* @@ -351,16 +333,15 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, * ECPoint public; * } ServerECDHParams; */ -int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int restart_enabled = 0; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(olen != NULL); + ECDH_VALIDATE_RET(buf != NULL); + ECDH_VALIDATE_RET(f_rng != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; @@ -369,33 +350,31 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen, - f_rng, p_rng, restart_enabled ) ); + return (ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled)); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return (mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng)); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen, - ctx->point_format, buf, blen, - f_rng, p_rng, - restart_enabled ) ); + return (ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled)); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, - const unsigned char **buf, - const unsigned char *end ) -{ - return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf, - end - *buf ) ); +static int ecdh_read_params_internal(mbedtls_ecdh_context_mbed *ctx, + const unsigned char **buf, + const unsigned char *end) { + return (mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf, + end - *buf)); } /* @@ -405,323 +384,303 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx, * ECPoint public; * } ServerECDHParams; */ -int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, - const unsigned char *end ) -{ +int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, + const unsigned char **buf, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); - ECDH_VALIDATE_RET( *buf != NULL ); - ECDH_VALIDATE_RET( end != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(buf != NULL); + ECDH_VALIDATE_RET(*buf != NULL); + ECDH_VALIDATE_RET(end != NULL); - if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) ) - != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf)) + != 0) + return (ret); - if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) + return (ret); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_read_params_internal( ctx, buf, end ) ); + return (ecdh_read_params_internal(ctx, buf, end)); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh, - buf, end) ); + return (mbedtls_everest_read_params(&ctx->ctx.everest_ecdh, + buf, end)); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh, - buf, end ) ); + return (ecdh_read_params_internal(&ctx->ctx.mbed_ecdh, + buf, end)); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ) -{ +static int ecdh_get_params_internal(mbedtls_ecdh_context_mbed *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* If it's not our key, just import the public part as Qp */ - if( side == MBEDTLS_ECDH_THEIRS ) - return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) ); + if (side == MBEDTLS_ECDH_THEIRS) + return (mbedtls_ecp_copy(&ctx->Qp, &key->Q)); /* Our key: import public (as Q) and private parts */ - if( side != MBEDTLS_ECDH_OURS ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (side != MBEDTLS_ECDH_OURS) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 || + (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) + return (ret); - return( 0 ); + return (0); } /* * Get parameters from a keypair */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ) -{ +int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( key != NULL ); - ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || - side == MBEDTLS_ECDH_THEIRS ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(key != NULL); + ECDH_VALIDATE_RET(side == MBEDTLS_ECDH_OURS || + side == MBEDTLS_ECDH_THEIRS); - if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE ) - { + if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) { /* This is the first call to get_params(). Set up the context * for use with the group. */ - if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 ) - return( ret ); - } - else - { + if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) + return (ret); + } else { /* This is not the first call to get_params(). Check that the * current key's group is the same as the context's, which was set * from the first key's group. */ - if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_get_params_internal( ctx, key, side ) ); + return (ecdh_get_params_internal(ctx, key, side)); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - case MBEDTLS_ECDH_VARIANT_EVEREST: - { + case MBEDTLS_ECDH_VARIANT_EVEREST: { mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ? - MBEDTLS_EVEREST_ECDH_OURS : - MBEDTLS_EVEREST_ECDH_THEIRS; - return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh, - key, s) ); + MBEDTLS_EVEREST_ECDH_OURS : + MBEDTLS_EVEREST_ECDH_THEIRS; + return (mbedtls_everest_get_params(&ctx->ctx.everest_ecdh, + key, s)); } #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh, - key, side ) ); + return (ecdh_get_params_internal(&ctx->ctx.mbed_ecdh, + key, side)); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, int point_format, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng, - int restart_enabled ) -{ +static int ecdh_make_public_internal(mbedtls_ecdh_context_mbed *ctx, + size_t *olen, int point_format, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx->grp.pbits == 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx->grp.pbits == 0) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) + if (restart_enabled) rs_ctx = &ctx->rs; #else (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng, rs_ctx ) ) != 0 ) - return( ret ); + if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng, rs_ctx)) != 0) + return (ret); #else - if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q, - f_rng, p_rng ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q, + f_rng, p_rng)) != 0) + return (ret); #endif /* MBEDTLS_ECP_RESTARTABLE */ - return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen, - buf, blen ); + return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen, + buf, blen); } /* * Setup and export the client public value */ -int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int restart_enabled = 0; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); - ECDH_VALIDATE_RET( f_rng != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(olen != NULL); + ECDH_VALIDATE_RET(buf != NULL); + ECDH_VALIDATE_RET(f_rng != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen, - f_rng, p_rng, restart_enabled ) ); + return (ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen, + f_rng, p_rng, restart_enabled)); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return (mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng)); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen, - ctx->point_format, buf, blen, - f_rng, p_rng, - restart_enabled ) ); + return (ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen, + ctx->point_format, buf, blen, + f_rng, p_rng, + restart_enabled)); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, - const unsigned char *buf, size_t blen ) -{ +static int ecdh_read_public_internal(mbedtls_ecdh_context_mbed *ctx, + const unsigned char *buf, size_t blen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; - if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, - blen ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p, + blen)) != 0) + return (ret); - if( (size_t)( p - buf ) != blen ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((size_t)(p - buf) != blen) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - return( 0 ); + return (0); } /* * Parse and import the client's public value */ -int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ) -{ - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); +int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen) { + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(buf != NULL); #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_read_public_internal( ctx, buf, blen ) ); + return (ecdh_read_public_internal(ctx, buf, blen)); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh, - buf, blen ) ); + return (mbedtls_everest_read_public(&ctx->ctx.everest_ecdh, + buf, blen)); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh, - buf, blen ) ); + return (ecdh_read_public_internal(&ctx->ctx.mbed_ecdh, + buf, blen)); default: return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } #endif } -static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx, - size_t *olen, unsigned char *buf, - size_t blen, - int (*f_rng)(void *, - unsigned char *, - size_t), - void *p_rng, - int restart_enabled ) -{ +static int ecdh_calc_secret_internal(mbedtls_ecdh_context_mbed *ctx, + size_t *olen, unsigned char *buf, + size_t blen, + int (*f_rng)(void *, + unsigned char *, + size_t), + void *p_rng, + int restart_enabled) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif - if( ctx == NULL || ctx->grp.pbits == 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->grp.pbits == 0) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( restart_enabled ) + if (restart_enabled) rs_ctx = &ctx->rs; #else (void) restart_enabled; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp, - &ctx->d, f_rng, p_rng, - rs_ctx ) ) != 0 ) - { - return( ret ); + if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng, + rs_ctx)) != 0) { + return (ret); } #else - if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp, - &ctx->d, f_rng, p_rng ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp, + &ctx->d, f_rng, p_rng)) != 0) { + return (ret); } #endif /* MBEDTLS_ECP_RESTARTABLE */ - if( mbedtls_mpi_size( &ctx->z ) > blen ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_mpi_size(&ctx->z) > blen) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 ); + *olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0); - if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen ); + if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) + return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen); - return mbedtls_mpi_write_binary( &ctx->z, buf, *olen ); + return mbedtls_mpi_write_binary(&ctx->z, buf, *olen); } /* * Derive and export the shared secret */ -int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int restart_enabled = 0; - ECDH_VALIDATE_RET( ctx != NULL ); - ECDH_VALIDATE_RET( olen != NULL ); - ECDH_VALIDATE_RET( buf != NULL ); + ECDH_VALIDATE_RET(ctx != NULL); + ECDH_VALIDATE_RET(olen != NULL); + ECDH_VALIDATE_RET(buf != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) restart_enabled = ctx->restart_enabled; #endif #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng, - restart_enabled ) ); + return (ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng, + restart_enabled)); #else - switch( ctx->var ) - { + switch (ctx->var) { #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) case MBEDTLS_ECDH_VARIANT_EVEREST: - return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen, - buf, blen, f_rng, p_rng ) ); + return (mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen, + buf, blen, f_rng, p_rng)); #endif case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: - return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf, - blen, f_rng, p_rng, - restart_enabled ) ); + return (ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf, + blen, f_rng, p_rng, + restart_enabled)); default: - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } #endif } diff --git a/common/mbedtls/ecdh.h b/common/mbedtls/ecdh.h index 05855cdf1..5475595d6 100644 --- a/common/mbedtls/ecdh.h +++ b/common/mbedtls/ecdh.h @@ -52,8 +52,7 @@ extern "C" { /** * Defines the source of the imported EC key. */ -typedef enum -{ +typedef enum { MBEDTLS_ECDH_OURS, /**< Our key. */ MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */ } mbedtls_ecdh_side; @@ -65,8 +64,7 @@ typedef enum * Later versions of the library may add new variants, therefore users should * not make any assumptions about them. */ -typedef enum -{ +typedef enum { MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */ MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */ #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) @@ -81,8 +79,7 @@ typedef enum * should not make any assumptions about the structure of * mbedtls_ecdh_context_mbed. */ -typedef struct mbedtls_ecdh_context_mbed -{ +typedef struct mbedtls_ecdh_context_mbed { mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_mpi d; /*!< The private key. */ mbedtls_ecp_point Q; /*!< The public key. */ @@ -101,8 +98,7 @@ typedef struct mbedtls_ecdh_context_mbed * should not be shared between multiple threads. * \brief The ECDH context structure. */ -typedef struct mbedtls_ecdh_context -{ +typedef struct mbedtls_ecdh_context { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) mbedtls_ecp_group grp; /*!< The elliptic curve used. */ mbedtls_mpi d; /*!< The private key. */ @@ -122,8 +118,7 @@ typedef struct mbedtls_ecdh_context as defined in RFC 4492. */ mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */ mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */ - union - { + union { mbedtls_ecdh_context_mbed mbed_ecdh; #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) mbedtls_ecdh_context_everest everest_ecdh; @@ -149,7 +144,7 @@ mbedtls_ecdh_context; * * \return \c 1 if the group can be used, \c 0 otherwise */ -int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ); +int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid); /** * \brief This function generates an ECDH keypair on an elliptic @@ -176,9 +171,9 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ); * \return Another \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. */ -int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function computes the shared secret. @@ -214,17 +209,17 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * \return Another \c MBEDTLS_ERR_ECP_XXX or * \c MBEDTLS_MPI_XXX error code on failure. */ -int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function initializes an ECDH context. * * \param ctx The ECDH context to initialize. This must not be \c NULL. */ -void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); +void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx); /** * \brief This function sets up the ECDH context with the information @@ -242,8 +237,8 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ); * * \return \c 0 on success. */ -int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, - mbedtls_ecp_group_id grp_id ); +int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, + mbedtls_ecp_group_id grp_id); /** * \brief This function frees a context. @@ -252,7 +247,7 @@ int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, * case this function does nothing. If it is not \c NULL, * it must point to an initialized ECDH context. */ -void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); +void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx); /** * \brief This function generates an EC key pair and exports its @@ -279,10 +274,10 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx ); * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function parses the ECDHE parameters in a @@ -308,9 +303,9 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen, * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, - const unsigned char **buf, - const unsigned char *end ); +int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx, + const unsigned char **buf, + const unsigned char *end); /** * \brief This function sets up an ECDH context from an EC key. @@ -331,9 +326,9 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. * */ -int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, - const mbedtls_ecp_keypair *key, - mbedtls_ecdh_side side ); +int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, + const mbedtls_ecp_keypair *key, + mbedtls_ecdh_side side); /** * \brief This function generates a public key and exports it @@ -361,10 +356,10 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function parses and processes the ECDHE payload of a @@ -385,8 +380,8 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, - const unsigned char *buf, size_t blen ); +int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx, + const unsigned char *buf, size_t blen); /** * \brief This function derives and exports the shared secret. @@ -418,10 +413,10 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another \c MBEDTLS_ERR_ECP_XXX error code on failure. */ -int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -436,7 +431,7 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen, * * \param ctx The ECDH context to use. This must be initialized. */ -void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx ); +void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx); #endif /* MBEDTLS_ECP_RESTARTABLE */ #ifdef __cplusplus diff --git a/common/mbedtls/ecdsa.c b/common/mbedtls/ecdsa.c index 7dc8708a3..7b76a9727 100644 --- a/common/mbedtls/ecdsa.c +++ b/common/mbedtls/ecdsa.c @@ -58,8 +58,7 @@ /* * Sub-context for ecdsa_verify() */ -struct mbedtls_ecdsa_restart_ver -{ +struct mbedtls_ecdsa_restart_ver { mbedtls_mpi u1, u2; /* intermediate values */ enum { /* what to do next? */ ecdsa_ver_init = 0, /* getting started */ @@ -70,32 +69,29 @@ struct mbedtls_ecdsa_restart_ver /* * Init verify restart sub-context */ -static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx ) -{ - mbedtls_mpi_init( &ctx->u1 ); - mbedtls_mpi_init( &ctx->u2 ); +static void ecdsa_restart_ver_init(mbedtls_ecdsa_restart_ver_ctx *ctx) { + mbedtls_mpi_init(&ctx->u1); + mbedtls_mpi_init(&ctx->u2); ctx->state = ecdsa_ver_init; } /* * Free the components of a verify restart sub-context */ -static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx ) -{ - if( ctx == NULL ) +static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx) { + if (ctx == NULL) return; - mbedtls_mpi_free( &ctx->u1 ); - mbedtls_mpi_free( &ctx->u2 ); + mbedtls_mpi_free(&ctx->u1); + mbedtls_mpi_free(&ctx->u2); - ecdsa_restart_ver_init( ctx ); + ecdsa_restart_ver_init(ctx); } /* * Sub-context for ecdsa_sign() */ -struct mbedtls_ecdsa_restart_sig -{ +struct mbedtls_ecdsa_restart_sig { int sign_tries; int key_tries; mbedtls_mpi k; /* per-signature random */ @@ -110,33 +106,30 @@ struct mbedtls_ecdsa_restart_sig /* * Init verify sign sub-context */ -static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx ) -{ +static void ecdsa_restart_sig_init(mbedtls_ecdsa_restart_sig_ctx *ctx) { ctx->sign_tries = 0; ctx->key_tries = 0; - mbedtls_mpi_init( &ctx->k ); - mbedtls_mpi_init( &ctx->r ); + mbedtls_mpi_init(&ctx->k); + mbedtls_mpi_init(&ctx->r); ctx->state = ecdsa_sig_init; } /* * Free the components of a sign restart sub-context */ -static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx ) -{ - if( ctx == NULL ) +static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx) { + if (ctx == NULL) return; - mbedtls_mpi_free( &ctx->k ); - mbedtls_mpi_free( &ctx->r ); + mbedtls_mpi_free(&ctx->k); + mbedtls_mpi_free(&ctx->r); } #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* * Sub-context for ecdsa_sign_det() */ -struct mbedtls_ecdsa_restart_det -{ +struct mbedtls_ecdsa_restart_det { mbedtls_hmac_drbg_context rng_ctx; /* DRBG state */ enum { /* what to do next? */ ecdsa_det_init = 0, /* getting started */ @@ -147,23 +140,21 @@ struct mbedtls_ecdsa_restart_det /* * Init verify sign_det sub-context */ -static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx ) -{ - mbedtls_hmac_drbg_init( &ctx->rng_ctx ); +static void ecdsa_restart_det_init(mbedtls_ecdsa_restart_det_ctx *ctx) { + mbedtls_hmac_drbg_init(&ctx->rng_ctx); ctx->state = ecdsa_det_init; } /* * Free the components of a sign_det restart sub-context */ -static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) -{ - if( ctx == NULL ) +static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx) { + if (ctx == NULL) return; - mbedtls_hmac_drbg_free( &ctx->rng_ctx ); + mbedtls_hmac_drbg_free(&ctx->rng_ctx); - ecdsa_restart_det_init( ctx ); + ecdsa_restart_det_init(ctx); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -224,23 +215,22 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 */ -static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x, - const unsigned char *buf, size_t blen ) -{ +static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x, + const unsigned char *buf, size_t blen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n_size = ( grp->nbits + 7 ) / 8; + size_t n_size = (grp->nbits + 7) / 8; size_t use_size = blen > n_size ? n_size : blen; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) ); - if( use_size * 8 > grp->nbits ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size)); + if (use_size * 8 > grp->nbits) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits)); /* While at it, reduce modulo N */ - if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) ); + if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N)); cleanup: - return( ret ); + return (ret); } #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */ @@ -249,14 +239,13 @@ cleanup: * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) */ -static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind, - mbedtls_ecdsa_restart_ctx *rs_ctx ) -{ +static int ecdsa_sign_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret, key_tries, sign_tries; int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries; mbedtls_ecp_point R; @@ -264,21 +253,22 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *pk = &k, *pr = r; /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (! mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* Make sure d is in range 1..n-1 */ - if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) + return (MBEDTLS_ERR_ECP_INVALID_KEY); - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t ); + mbedtls_ecp_point_init(&R); + mbedtls_mpi_init(&k); + mbedtls_mpi_init(&e); + mbedtls_mpi_init(&t); - ECDSA_RS_ENTER( sig ); + ECDSA_RS_ENTER(sig); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) - { + if (rs_ctx != NULL && rs_ctx->sig != NULL) { /* redirect to our context */ p_sign_tries = &rs_ctx->sig->sign_tries; p_key_tries = &rs_ctx->sig->key_tries; @@ -286,18 +276,16 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, pr = &rs_ctx->sig->r; /* jump to current step */ - if( rs_ctx->sig->state == ecdsa_sig_mul ) + if (rs_ctx->sig->state == ecdsa_sig_mul) goto mul; - if( rs_ctx->sig->state == ecdsa_sig_modn ) + if (rs_ctx->sig->state == ecdsa_sig_modn) goto modn; } #endif /* MBEDTLS_ECP_RESTARTABLE */ *p_sign_tries = 0; - do - { - if( (*p_sign_tries)++ > 10 ) - { + do { + if ((*p_sign_tries)++ > 10) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } @@ -307,32 +295,29 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp, * and set r = xR mod n */ *p_key_tries = 0; - do - { - if( (*p_key_tries)++ > 10 ) - { + do { + if ((*p_key_tries)++ > 10) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) + if (rs_ctx != NULL && rs_ctx->sig != NULL) rs_ctx->sig->state = ecdsa_sig_mul; mul: #endif - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G, - f_rng_blind, - p_rng_blind, - ECDSA_RS_ECP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) ); - } - while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &R, pk, &grp->G, + f_rng_blind, + p_rng_blind, + ECDSA_RS_ECP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N)); + } while (mbedtls_mpi_cmp_int(pr, 0) == 0); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) + if (rs_ctx != NULL && rs_ctx->sig != NULL) rs_ctx->sig->state = ecdsa_sig_modn; modn: @@ -341,79 +326,80 @@ modn: * Accounting for everything up to the end of the loop * (step 6, but checking now avoids saving e and t) */ - ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 ); + ECDSA_BUDGET(MBEDTLS_ECP_OPS_INV + 4); /* * Step 5: derive MPI from hashed message */ - MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) ); + MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen)); /* * Generate a random value to blind inv_mod in next step, * avoiding a potential timing leak. */ - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng_blind, - p_rng_blind ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, &t, f_rng_blind, + p_rng_blind)); /* * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) ); - } - while( mbedtls_mpi_cmp_int( s, 0 ) == 0 ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, pr, d)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&e, &e, s)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&e, &e, &t)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pk, pk, &t)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pk, pk, &grp->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N)); + } while (mbedtls_mpi_cmp_int(s, 0) == 0); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->sig != NULL ) - mbedtls_mpi_copy( r, pr ); + if (rs_ctx != NULL && rs_ctx->sig != NULL) + mbedtls_mpi_copy(r, pr); #endif cleanup: - mbedtls_ecp_point_free( &R ); - mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t ); + mbedtls_ecp_point_free(&R); + mbedtls_mpi_free(&k); + mbedtls_mpi_free(&e); + mbedtls_mpi_free(&t); - ECDSA_RS_LEAVE( sig ); + ECDSA_RS_LEAVE(sig); - return( ret ); + return (ret); } -int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ) -{ - switch( gid ) - { +int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid) { + switch (gid) { #ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED - case MBEDTLS_ECP_DP_CURVE25519: return 0; + case MBEDTLS_ECP_DP_CURVE25519: + return 0; #endif #ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED - case MBEDTLS_ECP_DP_CURVE448: return 0; + case MBEDTLS_ECP_DP_CURVE448: + return 0; #endif - default: return 1; + default: + return 1; } } /* * Compute ECDSA signature of a hashed message */ -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( f_rng != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); +int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(d != NULL); + ECDSA_VALIDATE_RET(f_rng != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); /* Use the same RNG for both blinding and ephemeral key generation */ - return( ecdsa_sign_restartable( grp, r, s, d, buf, blen, - f_rng, p_rng, f_rng, p_rng, NULL ) ); + return (ecdsa_sign_restartable(grp, r, s, d, buf, blen, + f_rng, p_rng, f_rng, p_rng, NULL)); } #endif /* !MBEDTLS_ECDSA_SIGN_ALT */ @@ -421,50 +407,48 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, /* * Deterministic signature wrapper */ -static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind, - mbedtls_ecdsa_restart_ctx *rs_ctx ) -{ +static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context rng_ctx; mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; - size_t grp_len = ( grp->nbits + 7 ) / 8; + size_t grp_len = (grp->nbits + 7) / 8; const mbedtls_md_info_t *md_info; mbedtls_mpi h; - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - mbedtls_mpi_init( &h ); - mbedtls_hmac_drbg_init( &rng_ctx ); + mbedtls_mpi_init(&h); + mbedtls_hmac_drbg_init(&rng_ctx); - ECDSA_RS_ENTER( det ); + ECDSA_RS_ENTER(det); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->det != NULL ) - { + if (rs_ctx != NULL && rs_ctx->det != NULL) { /* redirect to our context */ p_rng = &rs_ctx->det->rng_ctx; /* jump to current step */ - if( rs_ctx->det->state == ecdsa_det_sign ) + if (rs_ctx->det->state == ecdsa_det_sign) goto sign; } #endif /* MBEDTLS_ECP_RESTARTABLE */ /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); - MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len)); + MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len)); + mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->det != NULL ) + if (rs_ctx != NULL && rs_ctx->det != NULL) rs_ctx->det->state = ecdsa_det_sign; sign: @@ -472,15 +456,14 @@ sign: #if defined(MBEDTLS_ECDSA_SIGN_ALT) (void) f_rng_blind; (void) p_rng_blind; - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng ); + ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng); #else - if( f_rng_blind != NULL ) - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - f_rng_blind, p_rng_blind, rs_ctx ); - else - { + if (f_rng_blind != NULL) + ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + f_rng_blind, p_rng_blind, rs_ctx); + else { mbedtls_hmac_drbg_context *p_rng_blind_det; #if !defined(MBEDTLS_ECP_RESTARTABLE) @@ -490,19 +473,18 @@ sign: * reusing the bits of the ephemeral key for blinding and eliminate the * risk that they leak this way. */ - const char* blind_label = "BLINDING CONTEXT"; + const char *blind_label = "BLINDING CONTEXT"; mbedtls_hmac_drbg_context rng_ctx_blind; - mbedtls_hmac_drbg_init( &rng_ctx_blind ); + mbedtls_hmac_drbg_init(&rng_ctx_blind); p_rng_blind_det = &rng_ctx_blind; - mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info, - data, 2 * grp_len ); - ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det, - (const unsigned char*) blind_label, - strlen( blind_label ) ); - if( ret != 0 ) - { - mbedtls_hmac_drbg_free( &rng_ctx_blind ); + mbedtls_hmac_drbg_seed_buf(p_rng_blind_det, md_info, + data, 2 * grp_len); + ret = mbedtls_hmac_drbg_update_ret(p_rng_blind_det, + (const unsigned char *) blind_label, + strlen(blind_label)); + if (ret != 0) { + mbedtls_hmac_drbg_free(&rng_ctx_blind); goto cleanup; } #else @@ -529,24 +511,24 @@ sign: * won't be a valid value for f_rng_blind anymore. Therefore it should * be checked by the caller and this branch and check can be removed. */ - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - mbedtls_hmac_drbg_random, p_rng_blind_det, - rs_ctx ); + ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + mbedtls_hmac_drbg_random, p_rng_blind_det, + rs_ctx); #if !defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_hmac_drbg_free( &rng_ctx_blind ); + mbedtls_hmac_drbg_free(&rng_ctx_blind); #endif } #endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: - mbedtls_hmac_drbg_free( &rng_ctx ); - mbedtls_mpi_free( &h ); + mbedtls_hmac_drbg_free(&rng_ctx); + mbedtls_mpi_free(&h); - ECDSA_RS_LEAVE( det ); + ECDSA_RS_LEAVE(det); - return( ret ); + return (ret); } /* @@ -554,39 +536,37 @@ cleanup: */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) -{ - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); +int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg) { + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(d != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); - return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, - NULL, NULL, NULL ) ); + return (ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, + NULL, NULL, NULL)); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, - size_t), - void *p_rng_blind ) -{ - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); - ECDSA_VALIDATE_RET( f_rng_blind != NULL ); +int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, + size_t), + void *p_rng_blind) { + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(d != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); + ECDSA_VALIDATE_RET(f_rng_blind != NULL); - return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, - f_rng_blind, p_rng_blind, NULL ) ); + return (ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, + f_rng_blind, p_rng_blind, NULL)); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -595,36 +575,36 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) */ -static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, - const mbedtls_mpi *r, const mbedtls_mpi *s, - mbedtls_ecdsa_restart_ctx *rs_ctx ) -{ +static int ecdsa_verify_restartable(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, const mbedtls_mpi *s, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; mbedtls_mpi *pu1 = &u1, *pu2 = &u2; - mbedtls_ecp_point_init( &R ); - mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv ); - mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 ); + mbedtls_ecp_point_init(&R); + mbedtls_mpi_init(&e); + mbedtls_mpi_init(&s_inv); + mbedtls_mpi_init(&u1); + mbedtls_mpi_init(&u2); /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ - if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (! mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - ECDSA_RS_ENTER( ver ); + ECDSA_RS_ENTER(ver); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ver != NULL ) - { + if (rs_ctx != NULL && rs_ctx->ver != NULL) { /* redirect to our context */ pu1 = &rs_ctx->ver->u1; pu2 = &rs_ctx->ver->u2; /* jump to current step */ - if( rs_ctx->ver->state == ecdsa_ver_muladd ) + if (rs_ctx->ver->state == ecdsa_ver_muladd) goto muladd; } #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -632,9 +612,8 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, /* * Step 1: make sure r and s are in range 1..n-1 */ - if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 || - mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 ) - { + if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 || + mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } @@ -642,23 +621,23 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, /* * Step 3: derive MPI from hashed message */ - MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) ); + MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen)); /* * Step 4: u1 = e / s mod n, u2 = r / s mod n */ - ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 ); + ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ver != NULL ) + if (rs_ctx != NULL && rs_ctx->ver != NULL) rs_ctx->ver->state = ecdsa_ver_muladd; muladd: @@ -666,11 +645,10 @@ muladd: /* * Step 5: R = u1 G + u2 Q */ - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp, - &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp, + &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP)); - if( mbedtls_ecp_is_zero( &R ) ) - { + if (mbedtls_ecp_is_zero(&R)) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } @@ -679,302 +657,287 @@ muladd: * Step 6: convert xR to an integer (no-op) * Step 7: reduce xR mod n (gives v) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N)); /* * Step 8: check if v (that is, R.X) is equal to r */ - if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 ) - { + if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } cleanup: - mbedtls_ecp_point_free( &R ); - mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv ); - mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 ); + mbedtls_ecp_point_free(&R); + mbedtls_mpi_free(&e); + mbedtls_mpi_free(&s_inv); + mbedtls_mpi_free(&u1); + mbedtls_mpi_free(&u2); - ECDSA_RS_LEAVE( ver ); + ECDSA_RS_LEAVE(ver); - return( ret ); + return (ret); } /* * Verify ECDSA signature of hashed message */ -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, - const mbedtls_mpi *r, - const mbedtls_mpi *s) -{ - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( Q != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); +int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s) { + ECDSA_VALIDATE_RET(grp != NULL); + ECDSA_VALIDATE_RET(Q != NULL); + ECDSA_VALIDATE_RET(r != NULL); + ECDSA_VALIDATE_RET(s != NULL); + ECDSA_VALIDATE_RET(buf != NULL || blen == 0); - return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) ); + return (ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL)); } #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 */ -static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, - unsigned char *sig, size_t *slen ) -{ +static int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, + unsigned char *sig, size_t *slen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_ECDSA_MAX_LEN]; - unsigned char *p = buf + sizeof( buf ); + unsigned char *p = buf + sizeof(buf); size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, s)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&p, buf, r)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - memcpy( sig, p, len ); + memcpy(sig, p, len); *slen = len; - return( 0 ); + return (0); } /* * Compute and write signature */ -int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecdsa_restart_ctx *rs_ctx ) -{ +int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + ECDSA_VALIDATE_RET(slen != NULL); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, md_alg, f_rng, - p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, md_alg, f_rng, + p_rng, rs_ctx)); #else (void) md_alg; #if defined(MBEDTLS_ECDSA_SIGN_ALT) (void) rs_ctx; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng)); #else /* Use the same RNG for both blinding and ephemeral key generation */ - MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng, f_rng, - p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng, f_rng, + p_rng, rs_ctx)); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) ); + MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, slen)); cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); - return( ret ); + return (ret); } /* * Compute and write signature */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); - return( mbedtls_ecdsa_write_signature_restartable( - ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) ); +int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + ECDSA_VALIDATE_RET(slen != NULL); + return (mbedtls_ecdsa_write_signature_restartable( + ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL)); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) && \ defined(MBEDTLS_ECDSA_DETERMINISTIC) -int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - mbedtls_md_type_t md_alg ) -{ - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); - return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen, - NULL, NULL ) ); +int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + mbedtls_md_type_t md_alg) { + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + ECDSA_VALIDATE_RET(slen != NULL); + return (mbedtls_ecdsa_write_signature(ctx, md_alg, hash, hlen, sig, slen, + NULL, NULL)); } #endif /* * Read and check signature */ -int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen ) -{ - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - return( mbedtls_ecdsa_read_signature_restartable( - ctx, hash, hlen, sig, slen, NULL ) ); +int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen) { + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); + return (mbedtls_ecdsa_read_signature_restartable( + ctx, hash, hlen, sig, slen, NULL)); } /* * Restartable read and check signature */ -int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen, - mbedtls_ecdsa_restart_ctx *rs_ctx ) -{ +int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = (unsigned char *) sig; const unsigned char *end = sig + slen; size_t len; mbedtls_mpi r, s; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(hash != NULL); + ECDSA_VALIDATE_RET(sig != NULL); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - if( p + len != end ) - { + if (p + len != end) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; goto cleanup; } - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 ) - { + if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 || + (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) { ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } #if defined(MBEDTLS_ECDSA_VERIFY_ALT) (void) rs_ctx; - if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen, - &ctx->Q, &r, &s ) ) != 0 ) + if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen, + &ctx->Q, &r, &s)) != 0) goto cleanup; #else - if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen, - &ctx->Q, &r, &s, rs_ctx ) ) != 0 ) + if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen, + &ctx->Q, &r, &s, rs_ctx)) != 0) goto cleanup; #endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* At this point we know that the buffer starts with a valid signature. * Return 0 if the buffer just contains the signature, and a specific * error code if the valid signature is followed by more data. */ - if( p != end ) + if (p != end) ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); - return( ret ); + return (ret); } #if !defined(MBEDTLS_ECDSA_GENKEY_ALT) /* * Generate key pair */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = 0; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( f_rng != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(f_rng != NULL); - ret = mbedtls_ecp_group_load( &ctx->grp, gid ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ecp_group_load(&ctx->grp, gid); + if (ret != 0) + return (ret); - return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, - &ctx->Q, f_rng, p_rng ) ); + return (mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d, + &ctx->Q, f_rng, p_rng)); } #endif /* !MBEDTLS_ECDSA_GENKEY_ALT */ /* * Set context from an mbedtls_ecp_keypair */ -int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ) -{ +int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( key != NULL ); + ECDSA_VALIDATE_RET(ctx != NULL); + ECDSA_VALIDATE_RET(key != NULL); - if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 || - ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 || - ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ) - { - mbedtls_ecdsa_free( ctx ); + if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 || + (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 || + (ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) { + mbedtls_ecdsa_free(ctx); } - return( ret ); + return (ret); } /* * Initialize context */ -void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ) -{ - ECDSA_VALIDATE( ctx != NULL ); +void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx) { + ECDSA_VALIDATE(ctx != NULL); - mbedtls_ecp_keypair_init( ctx ); + mbedtls_ecp_keypair_init(ctx); } /* * Free context */ -void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx) { + if (ctx == NULL) return; - mbedtls_ecp_keypair_free( ctx ); + mbedtls_ecp_keypair_free(ctx); } #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ -void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) -{ - ECDSA_VALIDATE( ctx != NULL ); +void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx) { + ECDSA_VALIDATE(ctx != NULL); - mbedtls_ecp_restart_init( &ctx->ecp ); + mbedtls_ecp_restart_init(&ctx->ecp); ctx->ver = NULL; ctx->sig = NULL; @@ -986,24 +949,23 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ) /* * Free the components of a restart context */ -void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx) { + if (ctx == NULL) return; - mbedtls_ecp_restart_free( &ctx->ecp ); + mbedtls_ecp_restart_free(&ctx->ecp); - ecdsa_restart_ver_free( ctx->ver ); - mbedtls_free( ctx->ver ); + ecdsa_restart_ver_free(ctx->ver); + mbedtls_free(ctx->ver); ctx->ver = NULL; - ecdsa_restart_sig_free( ctx->sig ); - mbedtls_free( ctx->sig ); + ecdsa_restart_sig_free(ctx->sig); + mbedtls_free(ctx->sig); ctx->sig = NULL; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - ecdsa_restart_det_free( ctx->det ); - mbedtls_free( ctx->det ); + ecdsa_restart_det_free(ctx->det); + mbedtls_free(ctx->det); ctx->det = NULL; #endif } diff --git a/common/mbedtls/ecdsa.h b/common/mbedtls/ecdsa.h index 264a638bb..e2d268b5a 100644 --- a/common/mbedtls/ecdsa.h +++ b/common/mbedtls/ecdsa.h @@ -105,8 +105,7 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx; /** * \brief General context for resuming ECDSA operations */ -typedef struct -{ +typedef struct { mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and shared administrative info */ mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ @@ -131,7 +130,7 @@ typedef void mbedtls_ecdsa_restart_ctx; * * \return \c 1 if the group can be used, \c 0 otherwise */ -int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); +int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid); /** * \brief This function computes the ECDSA signature of a @@ -169,9 +168,9 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); * \return An \c MBEDTLS_ERR_ECP_XXX * or \c MBEDTLS_MPI_XXX error code on failure. */ -int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #if ! defined(MBEDTLS_DEPRECATED_REMOVED) @@ -228,10 +227,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; +int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -274,12 +273,12 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ -int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind ); +int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, + mbedtls_mpi *s, const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /** @@ -314,10 +313,10 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure for any other reason. */ -int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, const mbedtls_mpi *r, - const mbedtls_mpi *s); +int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, const mbedtls_mpi *r, + const mbedtls_mpi *s); /** * \brief This function computes the ECDSA signature and writes it @@ -367,12 +366,12 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function computes the ECDSA signature and writes it @@ -413,13 +412,13 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecdsa_restart_ctx *rs_ctx ); +int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecdsa_restart_ctx *rs_ctx); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #if ! defined(MBEDTLS_DEPRECATED_REMOVED) @@ -471,10 +470,10 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ -int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; +int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + unsigned char *sig, size_t *slen, + mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -506,9 +505,9 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. */ -int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen ); +int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen); /** * \brief This function reads and verifies an ECDSA signature, @@ -541,10 +540,10 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX * error code on failure for any other reason. */ -int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - const unsigned char *sig, size_t slen, - mbedtls_ecdsa_restart_ctx *rs_ctx ); +int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, + const unsigned char *hash, size_t hlen, + const unsigned char *sig, size_t slen, + mbedtls_ecdsa_restart_ctx *rs_ctx); /** * \brief This function generates an ECDSA keypair on the given curve. @@ -562,8 +561,8 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief This function sets up an ECDSA context from an EC key pair. @@ -580,8 +579,8 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ -int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, - const mbedtls_ecp_keypair *key ); +int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, + const mbedtls_ecp_keypair *key); /** * \brief This function initializes an ECDSA context. @@ -589,7 +588,7 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, * \param ctx The ECDSA context to initialize. * This must not be \c NULL. */ -void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); +void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx); /** * \brief This function frees an ECDSA context. @@ -598,7 +597,7 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); * in which case this function does nothing. If it * is not \c NULL, it must be initialized. */ -void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); +void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx); #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -607,7 +606,7 @@ void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); * \param ctx The restart context to initialize. * This must not be \c NULL. */ -void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); +void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx); /** * \brief Free the components of a restart context. @@ -616,7 +615,7 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx ); * in which case this function does nothing. If it * is not \c NULL, it must be initialized. */ -void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx ); +void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx); #endif /* MBEDTLS_ECP_RESTARTABLE */ #ifdef __cplusplus diff --git a/common/mbedtls/ecjpake.c b/common/mbedtls/ecjpake.c index bd4716903..5082d626f 100644 --- a/common/mbedtls/ecjpake.c +++ b/common/mbedtls/ecjpake.c @@ -43,7 +43,7 @@ /* * Convert a mbedtls_ecjpake_role to identifier string */ -static const char * const ecjpake_id[] = { +static const char *const ecjpake_id[] = { "client", "server" }; @@ -54,126 +54,120 @@ static const char * const ecjpake_id[] = { /* * Initialize context */ -void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ) -{ - ECJPAKE_VALIDATE( ctx != NULL ); +void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx) { + ECJPAKE_VALIDATE(ctx != NULL); ctx->md_info = NULL; - mbedtls_ecp_group_init( &ctx->grp ); + mbedtls_ecp_group_init(&ctx->grp); ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; - mbedtls_ecp_point_init( &ctx->Xm1 ); - mbedtls_ecp_point_init( &ctx->Xm2 ); - mbedtls_ecp_point_init( &ctx->Xp1 ); - mbedtls_ecp_point_init( &ctx->Xp2 ); - mbedtls_ecp_point_init( &ctx->Xp ); + mbedtls_ecp_point_init(&ctx->Xm1); + mbedtls_ecp_point_init(&ctx->Xm2); + mbedtls_ecp_point_init(&ctx->Xp1); + mbedtls_ecp_point_init(&ctx->Xp2); + mbedtls_ecp_point_init(&ctx->Xp); - mbedtls_mpi_init( &ctx->xm1 ); - mbedtls_mpi_init( &ctx->xm2 ); - mbedtls_mpi_init( &ctx->s ); + mbedtls_mpi_init(&ctx->xm1); + mbedtls_mpi_init(&ctx->xm2); + mbedtls_mpi_init(&ctx->s); } /* * Free context */ -void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx) { + if (ctx == NULL) return; ctx->md_info = NULL; - mbedtls_ecp_group_free( &ctx->grp ); + mbedtls_ecp_group_free(&ctx->grp); - mbedtls_ecp_point_free( &ctx->Xm1 ); - mbedtls_ecp_point_free( &ctx->Xm2 ); - mbedtls_ecp_point_free( &ctx->Xp1 ); - mbedtls_ecp_point_free( &ctx->Xp2 ); - mbedtls_ecp_point_free( &ctx->Xp ); + mbedtls_ecp_point_free(&ctx->Xm1); + mbedtls_ecp_point_free(&ctx->Xm2); + mbedtls_ecp_point_free(&ctx->Xp1); + mbedtls_ecp_point_free(&ctx->Xp2); + mbedtls_ecp_point_free(&ctx->Xp); - mbedtls_mpi_free( &ctx->xm1 ); - mbedtls_mpi_free( &ctx->xm2 ); - mbedtls_mpi_free( &ctx->s ); + mbedtls_mpi_free(&ctx->xm1); + mbedtls_mpi_free(&ctx->xm2); + mbedtls_mpi_free(&ctx->s); } /* * Setup context */ -int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, - mbedtls_ecjpake_role role, - mbedtls_md_type_t hash, - mbedtls_ecp_group_id curve, - const unsigned char *secret, - size_t len ) -{ +int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, + mbedtls_ecjpake_role role, + mbedtls_md_type_t hash, + mbedtls_ecp_group_id curve, + const unsigned char *secret, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || - role == MBEDTLS_ECJPAKE_SERVER ); - ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(role == MBEDTLS_ECJPAKE_CLIENT || + role == MBEDTLS_ECJPAKE_SERVER); + ECJPAKE_VALIDATE_RET(secret != NULL || len == 0); ctx->role = role; - if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL ) - return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + if ((ctx->md_info = mbedtls_md_info_from_type(hash)) == NULL) + return (MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE); - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ctx->grp, curve)); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len)); cleanup: - if( ret != 0 ) - mbedtls_ecjpake_free( ctx ); + if (ret != 0) + mbedtls_ecjpake_free(ctx); - return( ret ); + return (ret); } /* * Check if context is ready for use */ -int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ) -{ - ECJPAKE_VALIDATE_RET( ctx != NULL ); +int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx) { + ECJPAKE_VALIDATE_RET(ctx != NULL); - if( ctx->md_info == NULL || - ctx->grp.id == MBEDTLS_ECP_DP_NONE || - ctx->s.p == NULL ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ctx->md_info == NULL || + ctx->grp.id == MBEDTLS_ECP_DP_NONE || + ctx->s.p == NULL) { + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } - return( 0 ); + return (0); } /* * Write a point plus its length to a buffer */ -static int ecjpake_write_len_point( unsigned char **p, - const unsigned char *end, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *P ) -{ +static int ecjpake_write_len_point(unsigned char **p, + const unsigned char *end, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *P) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Need at least 4 for length plus 1 for point */ - if( end < *p || end - *p < 5 ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < *p || end - *p < 5) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - ret = mbedtls_ecp_point_write_binary( grp, P, pf, - &len, *p + 4, end - ( *p + 4 ) ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ecp_point_write_binary(grp, P, pf, + &len, *p + 4, end - (*p + 4)); + if (ret != 0) + return (ret); - (*p)[0] = (unsigned char)( ( len >> 24 ) & 0xFF ); - (*p)[1] = (unsigned char)( ( len >> 16 ) & 0xFF ); - (*p)[2] = (unsigned char)( ( len >> 8 ) & 0xFF ); - (*p)[3] = (unsigned char)( ( len ) & 0xFF ); + (*p)[0] = (unsigned char)((len >> 24) & 0xFF); + (*p)[1] = (unsigned char)((len >> 16) & 0xFF); + (*p)[2] = (unsigned char)((len >> 8) & 0xFF); + (*p)[3] = (unsigned char)((len) & 0xFF); *p += 4 + len; - return( 0 ); + return (0); } /* @@ -185,74 +179,72 @@ static int ecjpake_write_len_point( unsigned char **p, /* * Compute hash for ZKP (7.4.2.2.2.1) */ -static int ecjpake_hash( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - const mbedtls_ecp_point *V, - const mbedtls_ecp_point *X, - const char *id, - mbedtls_mpi *h ) -{ +static int ecjpake_hash(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + const mbedtls_ecp_point *V, + const mbedtls_ecp_point *X, + const char *id, + mbedtls_mpi *h) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[ECJPAKE_HASH_BUF_LEN]; unsigned char *p = buf; - const unsigned char *end = buf + sizeof( buf ); - const size_t id_len = strlen( id ); + const unsigned char *end = buf + sizeof(buf); + const size_t id_len = strlen(id); unsigned char hash[MBEDTLS_MD_MAX_SIZE]; /* Write things to temporary buffer */ - MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) ); - MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) ); - MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) ); + MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G)); + MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V)); + MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X)); - if( end - p < 4 ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end - p < 4) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - *p++ = (unsigned char)( ( id_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( id_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( id_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( id_len ) & 0xFF ); + *p++ = (unsigned char)((id_len >> 24) & 0xFF); + *p++ = (unsigned char)((id_len >> 16) & 0xFF); + *p++ = (unsigned char)((id_len >> 8) & 0xFF); + *p++ = (unsigned char)((id_len) & 0xFF); - if( end < p || (size_t)( end - p ) < id_len ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < p || (size_t)(end - p) < id_len) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - memcpy( p, id, id_len ); + memcpy(p, id, id_len); p += id_len; /* Compute hash */ - MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) ); + MBEDTLS_MPI_CHK(mbedtls_md(md_info, buf, p - buf, hash)); /* Turn it into an integer mod n */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash, - mbedtls_md_get_size( md_info ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, + mbedtls_md_get_size(md_info))); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N)); cleanup: - return( ret ); + return (ret); } /* * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3) */ -static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - const mbedtls_ecp_point *X, - const char *id, - const unsigned char **p, - const unsigned char *end ) -{ +static int ecjpake_zkp_read(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + const mbedtls_ecp_point *X, + const char *id, + const unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point V, VV; mbedtls_mpi r, h; size_t r_len; - mbedtls_ecp_point_init( &V ); - mbedtls_ecp_point_init( &VV ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &h ); + mbedtls_ecp_point_init(&V); + mbedtls_ecp_point_init(&VV); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&h); /* * struct { @@ -260,127 +252,121 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info, * opaque r<1..2^8-1>; * } ECSchnorrZKP; */ - if( end < *p ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (end < *p) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p)); - if( end < *p || (size_t)( end - *p ) < 1 ) - { + if (end < *p || (size_t)(end - *p) < 1) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } r_len = *(*p)++; - if( end < *p || (size_t)( end - *p ) < r_len ) - { + if (end < *p || (size_t)(end - *p) < r_len) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r, *p, r_len)); *p += r_len; /* * Verification */ - MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp, - &VV, &h, X, &r, G ) ); + MBEDTLS_MPI_CHK(ecjpake_hash(md_info, grp, pf, G, &V, X, id, &h)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp, + &VV, &h, X, &r, G)); - if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 ) - { + if (mbedtls_ecp_point_cmp(&VV, &V) != 0) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } cleanup: - mbedtls_ecp_point_free( &V ); - mbedtls_ecp_point_free( &VV ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &h ); + mbedtls_ecp_point_free(&V); + mbedtls_ecp_point_free(&VV); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&h); - return( ret ); + return (ret); } /* * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2) */ -static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - const mbedtls_mpi *x, - const mbedtls_ecp_point *X, - const char *id, - unsigned char **p, - const unsigned char *end, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int ecjpake_zkp_write(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + const mbedtls_mpi *x, + const mbedtls_ecp_point *X, + const char *id, + unsigned char **p, + const unsigned char *end, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point V; mbedtls_mpi v; mbedtls_mpi h; /* later recycled to hold r */ size_t len; - if( end < *p ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < *p) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - mbedtls_ecp_point_init( &V ); - mbedtls_mpi_init( &v ); - mbedtls_mpi_init( &h ); + mbedtls_ecp_point_init(&V); + mbedtls_mpi_init(&v); + mbedtls_mpi_init(&h); /* Compute signature */ - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, - G, &v, &V, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */ + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, + G, &v, &V, f_rng, p_rng)); + MBEDTLS_MPI_CHK(ecjpake_hash(md_info, grp, pf, G, &V, X, id, &h)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&h, &h, x)); /* x*h */ + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&h, &v, &h)); /* v - x*h */ + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&h, &h, &grp->N)); /* r */ /* Write it out */ - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V, - pf, &len, *p, end - *p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, &V, + pf, &len, *p, end - *p)); *p += len; - len = mbedtls_mpi_size( &h ); /* actually r */ - if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 ) - { + len = mbedtls_mpi_size(&h); /* actually r */ + if (end < *p || (size_t)(end - *p) < 1 + len || len > 255) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - *(*p)++ = (unsigned char)( len & 0xFF ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */ + *(*p)++ = (unsigned char)(len & 0xFF); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, *p, len)); /* r */ *p += len; cleanup: - mbedtls_ecp_point_free( &V ); - mbedtls_mpi_free( &v ); - mbedtls_mpi_free( &h ); + mbedtls_ecp_point_free(&V); + mbedtls_mpi_free(&v); + mbedtls_mpi_free(&h); - return( ret ); + return (ret); } /* * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof * Output: verified public key X */ -static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_ecp_point *X, - const char *id, - const unsigned char **p, - const unsigned char *end ) -{ +static int ecjpake_kkp_read(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_ecp_point *X, + const char *id, + const unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( end < *p ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (end < *p) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* * struct { @@ -388,70 +374,67 @@ static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info, * ECSchnorrZKP zkp; * } ECJPAKEKeyKP; */ - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) ); - if( mbedtls_ecp_is_zero( X ) ) - { + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p)); + if (mbedtls_ecp_is_zero(X)) { ret = MBEDTLS_ERR_ECP_INVALID_KEY; goto cleanup; } - MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, pf, G, X, id, p, end ) ); + MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_info, grp, pf, G, X, id, p, end)); cleanup: - return( ret ); + return (ret); } /* * Generate an ECJPAKEKeyKP * Output: the serialized structure, plus private/public key pair */ -static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_mpi *x, - mbedtls_ecp_point *X, - const char *id, - unsigned char **p, - const unsigned char *end, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int ecjpake_kkp_write(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_mpi *x, + mbedtls_ecp_point *X, + const char *id, + unsigned char **p, + const unsigned char *end, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( end < *p ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (end < *p) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); /* Generate key (7.4.2.3.1) and write it out */ - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X, - pf, &len, *p, end - *p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(grp, X, + pf, &len, *p, end - *p)); *p += len; /* Generate and write proof */ - MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, pf, G, x, X, id, - p, end, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_zkp_write(md_info, grp, pf, G, x, X, id, + p, end, f_rng, p_rng)); cleanup: - return( ret ); + return (ret); } /* * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs * Ouputs: verified peer public keys Xa, Xb */ -static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_ecp_point *Xa, - mbedtls_ecp_point *Xb, - const char *id, - const unsigned char *buf, - size_t len ) -{ +static int ecjpake_kkpp_read(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_ecp_point *Xa, + mbedtls_ecp_point *Xb, + const char *id, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; const unsigned char *end = buf + len; @@ -461,126 +444,121 @@ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, * ECJPAKEKeyKP ecjpake_key_kp_pair_list[2]; * } ECJPAKEKeyKPPairList; */ - MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xa, id, &p, end ) ); - MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xb, id, &p, end ) ); + MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xa, id, &p, end)); + MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_info, grp, pf, G, Xb, id, &p, end)); - if( p != end ) + if (p != end) ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; cleanup: - return( ret ); + return (ret); } /* * Generate a ECJPAKEKeyKPPairList * Outputs: the serialized structure, plus two private/public key pairs */ -static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info, - const mbedtls_ecp_group *grp, - const int pf, - const mbedtls_ecp_point *G, - mbedtls_mpi *xm1, - mbedtls_ecp_point *Xa, - mbedtls_mpi *xm2, - mbedtls_ecp_point *Xb, - const char *id, - unsigned char *buf, - size_t len, - size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int ecjpake_kkpp_write(const mbedtls_md_info_t *md_info, + const mbedtls_ecp_group *grp, + const int pf, + const mbedtls_ecp_point *G, + mbedtls_mpi *xm1, + mbedtls_ecp_point *Xa, + mbedtls_mpi *xm2, + mbedtls_ecp_point *Xb, + const char *id, + unsigned char *buf, + size_t len, + size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; const unsigned char *end = buf + len; - MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm1, Xa, id, - &p, end, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm2, Xb, id, - &p, end, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_info, grp, pf, G, xm1, Xa, id, + &p, end, f_rng, p_rng)); + MBEDTLS_MPI_CHK(ecjpake_kkp_write(md_info, grp, pf, G, xm2, Xb, id, + &p, end, f_rng, p_rng)); *olen = p - buf; cleanup: - return( ret ); + return (ret); } /* * Read and process the first round message */ -int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ) -{ - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); +int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len) { + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); - return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format, - &ctx->grp.G, - &ctx->Xp1, &ctx->Xp2, ID_PEER, - buf, len ) ); + return (ecjpake_kkpp_read(ctx->md_info, &ctx->grp, ctx->point_format, + &ctx->grp.G, + &ctx->Xp1, &ctx->Xp2, ID_PEER, + buf, len)); } /* * Generate and write the first round message */ -int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); - ECJPAKE_VALIDATE_RET( olen != NULL ); - ECJPAKE_VALIDATE_RET( f_rng != NULL ); +int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); + ECJPAKE_VALIDATE_RET(olen != NULL); + ECJPAKE_VALIDATE_RET(f_rng != NULL); - return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format, - &ctx->grp.G, - &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2, - ID_MINE, buf, len, olen, f_rng, p_rng ) ); + return (ecjpake_kkpp_write(ctx->md_info, &ctx->grp, ctx->point_format, + &ctx->grp.G, + &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2, + ID_MINE, buf, len, olen, f_rng, p_rng)); } /* * Compute the sum of three points R = A + B + C */ -static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *A, - const mbedtls_ecp_point *B, - const mbedtls_ecp_point *C ) -{ +static int ecjpake_ecp_add3(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point *A, + const mbedtls_ecp_point *B, + const mbedtls_ecp_point *C) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi one; - mbedtls_mpi_init( &one ); + mbedtls_mpi_init(&one); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, A, &one, B)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(grp, R, &one, R, &one, C)); cleanup: - mbedtls_mpi_free( &one ); + mbedtls_mpi_free(&one); - return( ret ); + return (ret); } /* * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6) */ -int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ) -{ +int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *p = buf; const unsigned char *end = buf + len; mbedtls_ecp_group grp; mbedtls_ecp_point G; /* C: GB, S: GA */ - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); - mbedtls_ecp_group_init( &grp ); - mbedtls_ecp_point_init( &G ); + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point_init(&G); /* * Server: GA = X3 + X4 + X1 (7.4.2.6.1) @@ -588,8 +566,8 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, * Unified: G = Xm1 + Xm2 + Xp1 * We need that before parsing in order to check Xp as we read it */ - MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G, - &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) ); + MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G, + &ctx->Xm1, &ctx->Xm2, &ctx->Xp1)); /* * struct { @@ -597,72 +575,67 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, * ECJPAKEKeyKP ecjpake_key_kp; * } Client/ServerECJPAKEParams; */ - if( ctx->role == MBEDTLS_ECJPAKE_CLIENT ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) ); - if( grp.id != ctx->grp.id ) - { + if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) { + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len)); + if (grp.id != ctx->grp.id) { ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; goto cleanup; } } - MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp, - ctx->point_format, - &G, &ctx->Xp, ID_PEER, &p, end ) ); + MBEDTLS_MPI_CHK(ecjpake_kkp_read(ctx->md_info, &ctx->grp, + ctx->point_format, + &G, &ctx->Xp, ID_PEER, &p, end)); - if( p != end ) - { + if (p != end) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } cleanup: - mbedtls_ecp_group_free( &grp ); - mbedtls_ecp_point_free( &G ); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&G); - return( ret ); + return (ret); } /* * Compute R = +/- X * S mod N, taking care not to leak S */ -static int ecjpake_mul_secret( mbedtls_mpi *R, int sign, - const mbedtls_mpi *X, - const mbedtls_mpi *S, - const mbedtls_mpi *N, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int ecjpake_mul_secret(mbedtls_mpi *R, int sign, + const mbedtls_mpi *X, + const mbedtls_mpi *S, + const mbedtls_mpi *N, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi b; /* Blinding value, then s + N * blinding */ - mbedtls_mpi_init( &b ); + mbedtls_mpi_init(&b); /* b = s + rnd-128-bit * N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&b, 16, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&b, &b, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&b, &b, S)); /* R = sign * X * b mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(R, X, &b)); R->s *= sign; - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(R, R, N)); cleanup: - mbedtls_mpi_free( &b ); + mbedtls_mpi_free(&b); - return( ret ); + return (ret); } /* * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6) */ -int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point G; /* C: GA, S: GB */ mbedtls_ecp_point Xm; /* C: Xc, S: Xs */ @@ -671,14 +644,14 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *end = buf + len; size_t ec_len; - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); - ECJPAKE_VALIDATE_RET( olen != NULL ); - ECJPAKE_VALIDATE_RET( f_rng != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); + ECJPAKE_VALIDATE_RET(olen != NULL); + ECJPAKE_VALIDATE_RET(f_rng != NULL); - mbedtls_ecp_point_init( &G ); - mbedtls_ecp_point_init( &Xm ); - mbedtls_mpi_init( &xm ); + mbedtls_ecp_point_init(&G); + mbedtls_ecp_point_init(&Xm); + mbedtls_mpi_init(&xm); /* * First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1) @@ -687,11 +660,11 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * Server: GB = X3 + X1 + X2 | xs = x4 * s | Xs = xs * GB * Unified: G = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G */ - MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G, - &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) ); - MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s, - &ctx->grp.N, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_ecp_add3(&ctx->grp, &G, + &ctx->Xp1, &ctx->Xp2, &ctx->Xm1)); + MBEDTLS_MPI_CHK(ecjpake_mul_secret(&xm, 1, &ctx->xm2, &ctx->s, + &ctx->grp.N, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &Xm, &xm, &G, f_rng, p_rng)); /* * Now write things out @@ -701,95 +674,91 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * ECJPAKEKeyKP ecjpake_key_kp; * } Client/ServerECJPAKEParams; */ - if( ctx->role == MBEDTLS_ECJPAKE_SERVER ) - { - if( end < p ) - { + if (ctx->role == MBEDTLS_ECJPAKE_SERVER) { + if (end < p) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len, - p, end - p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_group(&ctx->grp, &ec_len, + p, end - p)); p += ec_len; } - if( end < p ) - { + if (end < p) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm, - ctx->point_format, &ec_len, p, end - p ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_tls_write_point(&ctx->grp, &Xm, + ctx->point_format, &ec_len, p, end - p)); p += ec_len; - MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp, - ctx->point_format, - &G, &xm, &Xm, ID_MINE, - &p, end, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_zkp_write(ctx->md_info, &ctx->grp, + ctx->point_format, + &G, &xm, &Xm, ID_MINE, + &p, end, f_rng, p_rng)); *olen = p - buf; cleanup: - mbedtls_ecp_point_free( &G ); - mbedtls_ecp_point_free( &Xm ); - mbedtls_mpi_free( &xm ); + mbedtls_ecp_point_free(&G); + mbedtls_ecp_point_free(&Xm); + mbedtls_mpi_free(&xm); - return( ret ); + return (ret); } /* * Derive PMS (7.4.2.7 / 7.4.2.8) */ -int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point K; mbedtls_mpi m_xm2_s, one; unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; - ECJPAKE_VALIDATE_RET( ctx != NULL ); - ECJPAKE_VALIDATE_RET( buf != NULL ); - ECJPAKE_VALIDATE_RET( olen != NULL ); - ECJPAKE_VALIDATE_RET( f_rng != NULL ); + ECJPAKE_VALIDATE_RET(ctx != NULL); + ECJPAKE_VALIDATE_RET(buf != NULL); + ECJPAKE_VALIDATE_RET(olen != NULL); + ECJPAKE_VALIDATE_RET(f_rng != NULL); - *olen = mbedtls_md_get_size( ctx->md_info ); - if( len < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + *olen = mbedtls_md_get_size(ctx->md_info); + if (len < *olen) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - mbedtls_ecp_point_init( &K ); - mbedtls_mpi_init( &m_xm2_s ); - mbedtls_mpi_init( &one ); + mbedtls_ecp_point_init(&K); + mbedtls_mpi_init(&m_xm2_s); + mbedtls_mpi_init(&one); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&one, 1)); /* * Client: K = ( Xs - X4 * x2 * s ) * x2 * Server: K = ( Xc - X2 * x4 * s ) * x4 * Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2 */ - MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s, - &ctx->grp.N, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K, - &one, &ctx->Xp, - &m_xm2_s, &ctx->Xp2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K, - f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecjpake_mul_secret(&m_xm2_s, -1, &ctx->xm2, &ctx->s, + &ctx->grp.N, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_muladd(&ctx->grp, &K, + &one, &ctx->Xp, + &m_xm2_s, &ctx->Xp2)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &K, &ctx->xm2, &K, + f_rng, p_rng)); /* PMS = SHA-256( K.X ) */ - x_bytes = ( ctx->grp.pbits + 7 ) / 8; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) ); + x_bytes = (ctx->grp.pbits + 7) / 8; + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K.X, kx, x_bytes)); + MBEDTLS_MPI_CHK(mbedtls_md(ctx->md_info, kx, x_bytes, buf)); cleanup: - mbedtls_ecp_point_free( &K ); - mbedtls_mpi_free( &m_xm2_s ); - mbedtls_mpi_free( &one ); + mbedtls_ecp_point_free(&K); + mbedtls_mpi_free(&m_xm2_s); + mbedtls_mpi_free(&one); - return( ret ); + return (ret); } #undef ID_MINE @@ -808,10 +777,9 @@ cleanup: #if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ !defined(MBEDTLS_SHA256_C) -int mbedtls_ecjpake_self_test( int verbose ) -{ +int mbedtls_ecjpake_self_test(int verbose) { (void) verbose; - return( 0 ); + return (0); } #else @@ -949,42 +917,39 @@ static const unsigned char ecjpake_test_pms[] = { }; /* Load my private keys and generate the corresponding public keys */ -static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, - const unsigned char *xm1, size_t len1, - const unsigned char *xm2, size_t len2 ) -{ +static int ecjpake_test_load(mbedtls_ecjpake_context *ctx, + const unsigned char *xm1, size_t len1, + const unsigned char *xm2, size_t len2) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1, - &ctx->grp.G, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2, - &ctx->grp.G, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm1, xm1, len1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->xm2, xm2, len2)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm1, &ctx->xm1, + &ctx->grp.G, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&ctx->grp, &ctx->Xm2, &ctx->xm2, + &ctx->grp.G, NULL, NULL)); cleanup: - return( ret ); + return (ret); } #endif /* ! MBEDTLS_ECJPAKE_ALT */ /* For tests we don't need a secure RNG; * use the LGC from Numerical Recipes for simplicity */ -static int ecjpake_lgc( void *p, unsigned char *out, size_t len ) -{ +static int ecjpake_lgc(void *p, unsigned char *out, size_t len) { static uint32_t x = 42; (void) p; - while( len > 0 ) - { + while (len > 0) { size_t use_len = len > 4 ? 4 : len; x = 1664525 * x + 1013904223; - memcpy( out, &x, use_len ); + memcpy(out, &x, use_len); out += use_len; len -= use_len; } - return( 0 ); + return (0); } #define TEST_ASSERT( x ) \ @@ -1001,67 +966,66 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len ) /* * Checkup routine */ -int mbedtls_ecjpake_self_test( int verbose ) -{ +int mbedtls_ecjpake_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecjpake_context cli; mbedtls_ecjpake_context srv; unsigned char buf[512], pms[32]; size_t len, pmslen; - mbedtls_ecjpake_init( &cli ); - mbedtls_ecjpake_init( &srv ); + mbedtls_ecjpake_init(&cli); + mbedtls_ecjpake_init(&srv); - if( verbose != 0 ) - mbedtls_printf( " ECJPAKE test #0 (setup): " ); + if (verbose != 0) + mbedtls_printf(" ECJPAKE test #0 (setup): "); - TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT, - MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, - ecjpake_test_password, - sizeof( ecjpake_test_password ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT, + MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, + ecjpake_test_password, + sizeof(ecjpake_test_password)) == 0); - TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER, - MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, - ecjpake_test_password, - sizeof( ecjpake_test_password ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_setup(&srv, MBEDTLS_ECJPAKE_SERVER, + MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, + ecjpake_test_password, + sizeof(ecjpake_test_password)) == 0); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( " ECJPAKE test #1 (random handshake): " ); + if (verbose != 0) + mbedtls_printf(" ECJPAKE test #1 (random handshake): "); - TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_one(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_two(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli, - pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli, + pms, sizeof(pms), &pmslen, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_write_round_two(&cli, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv, buf, len) == 0); - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( len == pmslen ); - TEST_ASSERT( memcmp( buf, pms, len ) == 0 ); + TEST_ASSERT(len == pmslen); + TEST_ASSERT(memcmp(buf, pms, len) == 0); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); #if !defined(MBEDTLS_ECJPAKE_ALT) /* 'reference handshake' tests can only be run against implementations @@ -1069,72 +1033,71 @@ int mbedtls_ecjpake_self_test( int verbose ) * are generated. This is only the case for the internal mbed TLS * implementation, so these tests are skipped in case the internal * implementation is swapped out for an alternative one. */ - if( verbose != 0 ) - mbedtls_printf( " ECJPAKE test #2 (reference handshake): " ); + if (verbose != 0) + mbedtls_printf(" ECJPAKE test #2 (reference handshake): "); /* Simulate generation of round one */ - MBEDTLS_MPI_CHK( ecjpake_test_load( &cli, - ecjpake_test_x1, sizeof( ecjpake_test_x1 ), - ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) ); + MBEDTLS_MPI_CHK(ecjpake_test_load(&cli, + ecjpake_test_x1, sizeof(ecjpake_test_x1), + ecjpake_test_x2, sizeof(ecjpake_test_x2))); - MBEDTLS_MPI_CHK( ecjpake_test_load( &srv, - ecjpake_test_x3, sizeof( ecjpake_test_x3 ), - ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) ); + MBEDTLS_MPI_CHK(ecjpake_test_load(&srv, + ecjpake_test_x3, sizeof(ecjpake_test_x3), + ecjpake_test_x4, sizeof(ecjpake_test_x4))); /* Read round one */ - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, - ecjpake_test_cli_one, - sizeof( ecjpake_test_cli_one ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&srv, + ecjpake_test_cli_one, + sizeof(ecjpake_test_cli_one)) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, - ecjpake_test_srv_one, - sizeof( ecjpake_test_srv_one ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_one(&cli, + ecjpake_test_srv_one, + sizeof(ecjpake_test_srv_one)) == 0); /* Skip generation of round two, read round two */ - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, - ecjpake_test_srv_two, - sizeof( ecjpake_test_srv_two ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&cli, + ecjpake_test_srv_two, + sizeof(ecjpake_test_srv_two)) == 0); - TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, - ecjpake_test_cli_two, - sizeof( ecjpake_test_cli_two ) ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_read_round_two(&srv, + ecjpake_test_cli_two, + sizeof(ecjpake_test_cli_two)) == 0); /* Server derives PMS */ - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&srv, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( len == sizeof( ecjpake_test_pms ) ); - TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 ); + TEST_ASSERT(len == sizeof(ecjpake_test_pms)); + TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0); - memset( buf, 0, len ); /* Avoid interferences with next step */ + memset(buf, 0, len); /* Avoid interferences with next step */ /* Client derives PMS */ - TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli, - buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 ); + TEST_ASSERT(mbedtls_ecjpake_derive_secret(&cli, + buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0); - TEST_ASSERT( len == sizeof( ecjpake_test_pms ) ); - TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 ); + TEST_ASSERT(len == sizeof(ecjpake_test_pms)); + TEST_ASSERT(memcmp(buf, ecjpake_test_pms, len) == 0); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); #endif /* ! MBEDTLS_ECJPAKE_ALT */ cleanup: - mbedtls_ecjpake_free( &cli ); - mbedtls_ecjpake_free( &srv ); + mbedtls_ecjpake_free(&cli); + mbedtls_ecjpake_free(&srv); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( ret ); + return (ret); } #undef TEST_ASSERT diff --git a/common/mbedtls/ecjpake.h b/common/mbedtls/ecjpake.h index 891705d8c..0619c51b1 100644 --- a/common/mbedtls/ecjpake.h +++ b/common/mbedtls/ecjpake.h @@ -71,8 +71,7 @@ typedef enum { * convetion from the Thread v1.0 spec. Correspondance is indicated in the * description as a pair C: client name, S: server name */ -typedef struct mbedtls_ecjpake_context -{ +typedef struct mbedtls_ecjpake_context { const mbedtls_md_info_t *md_info; /**< Hash to use */ mbedtls_ecp_group grp; /**< Elliptic curve */ mbedtls_ecjpake_role role; /**< Are we client or server? */ @@ -100,7 +99,7 @@ typedef struct mbedtls_ecjpake_context * \param ctx The ECJPAKE context to initialize. * This must not be \c NULL. */ -void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); +void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx); /** * \brief Set up an ECJPAKE context for use. @@ -123,12 +122,12 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, - mbedtls_ecjpake_role role, - mbedtls_md_type_t hash, - mbedtls_ecp_group_id curve, - const unsigned char *secret, - size_t len ); +int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx, + mbedtls_ecjpake_role role, + mbedtls_md_type_t hash, + mbedtls_ecp_group_id curve, + const unsigned char *secret, + size_t len); /** * \brief Check if an ECJPAKE context is ready for use. @@ -139,7 +138,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, * \return \c 0 if the context is ready for use. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise. */ -int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); +int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx); /** * \brief Generate and write the first round message @@ -160,10 +159,10 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx ); * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Read and process the first round message @@ -179,9 +178,9 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ); +int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len); /** * \brief Generate and write the second round message @@ -201,10 +200,10 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Read and process the second round message @@ -219,9 +218,9 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, - const unsigned char *buf, - size_t len ); +int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, + const unsigned char *buf, + size_t len); /** * \brief Derive the shared secret @@ -241,10 +240,10 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, - unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, + unsigned char *buf, size_t len, size_t *olen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This clears an ECJPAKE context and frees any @@ -254,7 +253,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, * in which case this function does nothing. If it is not * \c NULL, it must point to an initialized ECJPAKE context. */ -void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); +void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx); #if defined(MBEDTLS_SELF_TEST) @@ -263,7 +262,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_ecjpake_self_test( int verbose ); +int mbedtls_ecjpake_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/ecp.c b/common/mbedtls/ecp.c index 6a005d510..d73ba3785 100644 --- a/common/mbedtls/ecp.c +++ b/common/mbedtls/ecp.c @@ -147,49 +147,44 @@ static unsigned long add_count, dbl_count, mul_count; typedef mbedtls_hmac_drbg_context ecp_drbg_context; /* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) -{ - mbedtls_hmac_drbg_init( ctx ); +static inline void ecp_drbg_init(ecp_drbg_context *ctx) { + mbedtls_hmac_drbg_init(ctx); } /* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) -{ - mbedtls_hmac_drbg_free( ctx ); +static inline void ecp_drbg_free(ecp_drbg_context *ctx) { + mbedtls_hmac_drbg_free(ctx); } /* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) -{ - return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); +static inline int ecp_drbg_random(void *p_rng, + unsigned char *output, size_t output_len) { + return (mbedtls_hmac_drbg_random(p_rng, output, output_len)); } /* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) -{ +static int ecp_drbg_seed(ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len) { int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; /* The list starts with strong hashes */ const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) - { + if (secret_len > MBEDTLS_ECP_MAX_BYTES) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, - secret_bytes, secret_len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(secret, + secret_bytes, secret_len)); - ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len ); + ret = mbedtls_hmac_drbg_seed_buf(ctx, md_info, secret_bytes, secret_len); cleanup: - mbedtls_platform_zeroize( secret_bytes, secret_len ); + mbedtls_platform_zeroize(secret_bytes, secret_len); - return( ret ); + return (ret); } #elif defined(MBEDTLS_CTR_DRBG_C) @@ -198,22 +193,19 @@ cleanup: typedef mbedtls_ctr_drbg_context ecp_drbg_context; /* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) -{ - mbedtls_ctr_drbg_init( ctx ); +static inline void ecp_drbg_init(ecp_drbg_context *ctx) { + mbedtls_ctr_drbg_init(ctx); } /* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) -{ - mbedtls_ctr_drbg_free( ctx ); +static inline void ecp_drbg_free(ecp_drbg_context *ctx) { + mbedtls_ctr_drbg_free(ctx); } /* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) -{ - return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) ); +static inline int ecp_drbg_random(void *p_rng, + unsigned char *output, size_t output_len) { + return (mbedtls_ctr_drbg_random(p_rng, output, output_len)); } /* @@ -223,36 +215,33 @@ static inline int ecp_drbg_random( void *p_rng, * (During seeding of CTR_DRBG the entropy input and customisation string are * concatenated before being used to update the secret state.) */ -static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) -{ +static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) { (void) ctx; - memset( out, 0, len ); - return( 0 ); + memset(out, 0, len); + return (0); } /* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) -{ +static int ecp_drbg_seed(ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len) { int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) - { + if (secret_len > MBEDTLS_ECP_MAX_BYTES) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, - secret_bytes, secret_len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(secret, + secret_bytes, secret_len)); - ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, - secret_bytes, secret_len ); + ret = mbedtls_ctr_drbg_seed(ctx, ecp_ctr_drbg_null_entropy, NULL, + secret_bytes, secret_len); cleanup: - mbedtls_platform_zeroize( secret_bytes, secret_len ); + mbedtls_platform_zeroize(secret_bytes, secret_len); - return( ret ); + return (ret); } #else @@ -276,24 +265,21 @@ static unsigned ecp_max_ops = 0; /* * Set ecp_max_ops */ -void mbedtls_ecp_set_max_ops( unsigned max_ops ) -{ +void mbedtls_ecp_set_max_ops(unsigned max_ops) { ecp_max_ops = max_ops; } /* * Check if restart is enabled */ -int mbedtls_ecp_restart_is_enabled( void ) -{ - return( ecp_max_ops != 0 ); +int mbedtls_ecp_restart_is_enabled(void) { + return (ecp_max_ops != 0); } /* * Restart sub-context for ecp_mul_comb() */ -struct mbedtls_ecp_restart_mul -{ +struct mbedtls_ecp_restart_mul { mbedtls_ecp_point R; /* current intermediate result */ size_t i; /* current index in various loops, 0 outside */ mbedtls_ecp_point *T; /* table for precomputed points */ @@ -316,15 +302,14 @@ struct mbedtls_ecp_restart_mul /* * Init restart_mul sub-context */ -static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) -{ - mbedtls_ecp_point_init( &ctx->R ); +static void ecp_restart_rsm_init(mbedtls_ecp_restart_mul_ctx *ctx) { + mbedtls_ecp_point_init(&ctx->R); ctx->i = 0; ctx->T = NULL; ctx->T_size = 0; ctx->state = ecp_rsm_init; #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_init( &ctx->drbg_ctx ); + ecp_drbg_init(&ctx->drbg_ctx); ctx->drbg_seeded = 0; #endif } @@ -332,34 +317,31 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) /* * Free the components of a restart_mul sub-context */ -static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) -{ +static void ecp_restart_rsm_free(mbedtls_ecp_restart_mul_ctx *ctx) { unsigned char i; - if( ctx == NULL ) + if (ctx == NULL) return; - mbedtls_ecp_point_free( &ctx->R ); + mbedtls_ecp_point_free(&ctx->R); - if( ctx->T != NULL ) - { - for( i = 0; i < ctx->T_size; i++ ) - mbedtls_ecp_point_free( ctx->T + i ); - mbedtls_free( ctx->T ); + if (ctx->T != NULL) { + for (i = 0; i < ctx->T_size; i++) + mbedtls_ecp_point_free(ctx->T + i); + mbedtls_free(ctx->T); } #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &ctx->drbg_ctx ); + ecp_drbg_free(&ctx->drbg_ctx); #endif - ecp_restart_rsm_init( ctx ); + ecp_restart_rsm_init(ctx); } /* * Restart context for ecp_muladd() */ -struct mbedtls_ecp_restart_muladd -{ +struct mbedtls_ecp_restart_muladd { mbedtls_ecp_point mP; /* mP value */ mbedtls_ecp_point R; /* R intermediate result */ enum { /* what should we do next? */ @@ -373,33 +355,30 @@ struct mbedtls_ecp_restart_muladd /* * Init restart_muladd sub-context */ -static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx ) -{ - mbedtls_ecp_point_init( &ctx->mP ); - mbedtls_ecp_point_init( &ctx->R ); +static void ecp_restart_ma_init(mbedtls_ecp_restart_muladd_ctx *ctx) { + mbedtls_ecp_point_init(&ctx->mP); + mbedtls_ecp_point_init(&ctx->R); ctx->state = ecp_rsma_mul1; } /* * Free the components of a restart_muladd sub-context */ -static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) -{ - if( ctx == NULL ) +static void ecp_restart_ma_free(mbedtls_ecp_restart_muladd_ctx *ctx) { + if (ctx == NULL) return; - mbedtls_ecp_point_free( &ctx->mP ); - mbedtls_ecp_point_free( &ctx->R ); + mbedtls_ecp_point_free(&ctx->mP); + mbedtls_ecp_point_free(&ctx->R); - ecp_restart_ma_init( ctx ); + ecp_restart_ma_init(ctx); } /* * Initialize a restart context */ -void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) -{ - ECP_VALIDATE( ctx != NULL ); +void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx) { + ECP_VALIDATE(ctx != NULL); ctx->ops_done = 0; ctx->depth = 0; ctx->rsm = NULL; @@ -409,54 +388,50 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) /* * Free the components of a restart context */ -void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx) { + if (ctx == NULL) return; - ecp_restart_rsm_free( ctx->rsm ); - mbedtls_free( ctx->rsm ); + ecp_restart_rsm_free(ctx->rsm); + mbedtls_free(ctx->rsm); - ecp_restart_ma_free( ctx->ma ); - mbedtls_free( ctx->ma ); + ecp_restart_ma_free(ctx->ma); + mbedtls_free(ctx->ma); - mbedtls_ecp_restart_init( ctx ); + mbedtls_ecp_restart_init(ctx); } /* * Check if we can do the next step */ -int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops ) -{ - ECP_VALIDATE_RET( grp != NULL ); +int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops) { + ECP_VALIDATE_RET(grp != NULL); - if( rs_ctx != NULL && ecp_max_ops != 0 ) - { + if (rs_ctx != NULL && ecp_max_ops != 0) { /* scale depending on curve size: the chosen reference is 256-bit, * and multiplication is quadratic. Round to the closest integer. */ - if( grp->pbits >= 512 ) + if (grp->pbits >= 512) ops *= 4; - else if( grp->pbits >= 384 ) + else if (grp->pbits >= 384) ops *= 2; /* Avoid infinite loops: always allow first step. * Because of that, however, it's not generally true * that ops_done <= ecp_max_ops, so the check * ops_done > ecp_max_ops below is mandatory. */ - if( ( rs_ctx->ops_done != 0 ) && - ( rs_ctx->ops_done > ecp_max_ops || - ops > ecp_max_ops - rs_ctx->ops_done ) ) - { - return( MBEDTLS_ERR_ECP_IN_PROGRESS ); + if ((rs_ctx->ops_done != 0) && + (rs_ctx->ops_done > ecp_max_ops || + ops > ecp_max_ops - rs_ctx->ops_done)) { + return (MBEDTLS_ERR_ECP_IN_PROGRESS); } /* update running count */ rs_ctx->ops_done += ops; } - return( 0 ); + return (0); } /* Call this when entering a function that needs its own sub-context */ @@ -511,8 +486,7 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, * * Reminder: update profiles in x509_crt.c when adding a new curves! */ -static const mbedtls_ecp_curve_info ecp_supported_curves[] = -{ +static const mbedtls_ecp_curve_info ecp_supported_curves[] = { #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) { MBEDTLS_ECP_DP_SECP521R1, 25, 521, "secp521r1" }, #endif @@ -563,27 +537,23 @@ static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES]; /* * List of supported curves and associated info */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ) -{ - return( ecp_supported_curves ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void) { + return (ecp_supported_curves); } /* * List of supported curves, group ID only */ -const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) -{ +const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void) { static int init_done = 0; - if( ! init_done ) - { + if (! init_done) { size_t i = 0; const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { + for (curve_info = mbedtls_ecp_curve_list(); + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { ecp_supported_grp_id[i++] = curve_info->grp_id; } ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; @@ -591,105 +561,96 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) init_done = 1; } - return( ecp_supported_grp_id ); + return (ecp_supported_grp_id); } /* * Get the curve info for the internal identifier */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ) -{ +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id) { const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - if( curve_info->grp_id == grp_id ) - return( curve_info ); + for (curve_info = mbedtls_ecp_curve_list(); + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { + if (curve_info->grp_id == grp_id) + return (curve_info); } - return( NULL ); + return (NULL); } /* * Get the curve info from the TLS identifier */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ) -{ +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id) { const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - if( curve_info->tls_id == tls_id ) - return( curve_info ); + for (curve_info = mbedtls_ecp_curve_list(); + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { + if (curve_info->tls_id == tls_id) + return (curve_info); } - return( NULL ); + return (NULL); } /* * Get the curve info from the name */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ) -{ +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name) { const mbedtls_ecp_curve_info *curve_info; - if( name == NULL ) - return( NULL ); + if (name == NULL) + return (NULL); - for( curve_info = mbedtls_ecp_curve_list(); - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++ ) - { - if( strcmp( curve_info->name, name ) == 0 ) - return( curve_info ); + for (curve_info = mbedtls_ecp_curve_list(); + curve_info->grp_id != MBEDTLS_ECP_DP_NONE; + curve_info++) { + if (strcmp(curve_info->name, name) == 0) + return (curve_info); } - return( NULL ); + return (NULL); } /* * Get the type of a curve */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ) -{ - if( grp->G.X.p == NULL ) - return( MBEDTLS_ECP_TYPE_NONE ); +mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp) { + if (grp->G.X.p == NULL) + return (MBEDTLS_ECP_TYPE_NONE); - if( grp->G.Y.p == NULL ) - return( MBEDTLS_ECP_TYPE_MONTGOMERY ); + if (grp->G.Y.p == NULL) + return (MBEDTLS_ECP_TYPE_MONTGOMERY); else - return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ); + return (MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS); } /* * Initialize (the components of) a point */ -void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) -{ - ECP_VALIDATE( pt != NULL ); +void mbedtls_ecp_point_init(mbedtls_ecp_point *pt) { + ECP_VALIDATE(pt != NULL); - mbedtls_mpi_init( &pt->X ); - mbedtls_mpi_init( &pt->Y ); - mbedtls_mpi_init( &pt->Z ); + mbedtls_mpi_init(&pt->X); + mbedtls_mpi_init(&pt->Y); + mbedtls_mpi_init(&pt->Z); } /* * Initialize (the components of) a group */ -void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) -{ - ECP_VALIDATE( grp != NULL ); +void mbedtls_ecp_group_init(mbedtls_ecp_group *grp) { + ECP_VALIDATE(grp != NULL); grp->id = MBEDTLS_ECP_DP_NONE; - mbedtls_mpi_init( &grp->P ); - mbedtls_mpi_init( &grp->A ); - mbedtls_mpi_init( &grp->B ); - mbedtls_ecp_point_init( &grp->G ); - mbedtls_mpi_init( &grp->N ); + mbedtls_mpi_init(&grp->P); + mbedtls_mpi_init(&grp->A); + mbedtls_mpi_init(&grp->B); + mbedtls_ecp_point_init(&grp->G); + mbedtls_mpi_init(&grp->N); grp->pbits = 0; grp->nbits = 0; grp->h = 0; @@ -704,297 +665,273 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) /* * Initialize (the components of) a key pair */ -void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ) -{ - ECP_VALIDATE( key != NULL ); +void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key) { + ECP_VALIDATE(key != NULL); - mbedtls_ecp_group_init( &key->grp ); - mbedtls_mpi_init( &key->d ); - mbedtls_ecp_point_init( &key->Q ); + mbedtls_ecp_group_init(&key->grp); + mbedtls_mpi_init(&key->d); + mbedtls_ecp_point_init(&key->Q); } /* * Unallocate (the components of) a point */ -void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ) -{ - if( pt == NULL ) +void mbedtls_ecp_point_free(mbedtls_ecp_point *pt) { + if (pt == NULL) return; - mbedtls_mpi_free( &( pt->X ) ); - mbedtls_mpi_free( &( pt->Y ) ); - mbedtls_mpi_free( &( pt->Z ) ); + mbedtls_mpi_free(&(pt->X)); + mbedtls_mpi_free(&(pt->Y)); + mbedtls_mpi_free(&(pt->Z)); } /* * Unallocate (the components of) a group */ -void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) -{ +void mbedtls_ecp_group_free(mbedtls_ecp_group *grp) { size_t i; - if( grp == NULL ) + if (grp == NULL) return; - if( grp->h != 1 ) - { - mbedtls_mpi_free( &grp->P ); - mbedtls_mpi_free( &grp->A ); - mbedtls_mpi_free( &grp->B ); - mbedtls_ecp_point_free( &grp->G ); - mbedtls_mpi_free( &grp->N ); + if (grp->h != 1) { + mbedtls_mpi_free(&grp->P); + mbedtls_mpi_free(&grp->A); + mbedtls_mpi_free(&grp->B); + mbedtls_ecp_point_free(&grp->G); + mbedtls_mpi_free(&grp->N); } - if( grp->T != NULL ) - { - for( i = 0; i < grp->T_size; i++ ) - mbedtls_ecp_point_free( &grp->T[i] ); - mbedtls_free( grp->T ); + if (grp->T != NULL) { + for (i = 0; i < grp->T_size; i++) + mbedtls_ecp_point_free(&grp->T[i]); + mbedtls_free(grp->T); } - mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); + mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); } /* * Unallocate (the components of) a key pair */ -void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) -{ - if( key == NULL ) +void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key) { + if (key == NULL) return; - mbedtls_ecp_group_free( &key->grp ); - mbedtls_mpi_free( &key->d ); - mbedtls_ecp_point_free( &key->Q ); + mbedtls_ecp_group_free(&key->grp); + mbedtls_mpi_free(&key->d); + mbedtls_ecp_point_free(&key->Q); } /* * Copy the contents of a point */ -int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) -{ +int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(Q != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z)); cleanup: - return( ret ); + return (ret); } /* * Copy the contents of a group object */ -int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ) -{ - ECP_VALIDATE_RET( dst != NULL ); - ECP_VALIDATE_RET( src != NULL ); +int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, const mbedtls_ecp_group *src) { + ECP_VALIDATE_RET(dst != NULL); + ECP_VALIDATE_RET(src != NULL); - return( mbedtls_ecp_group_load( dst, src->id ) ); + return (mbedtls_ecp_group_load(dst, src->id)); } /* * Set point to zero */ -int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) -{ +int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( pt != NULL ); + ECP_VALIDATE_RET(pt != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->X, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Y, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 0)); cleanup: - return( ret ); + return (ret); } /* * Tell if a point is zero */ -int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) -{ - ECP_VALIDATE_RET( pt != NULL ); +int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt) { + ECP_VALIDATE_RET(pt != NULL); - return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ); + return (mbedtls_mpi_cmp_int(&pt->Z, 0) == 0); } /* * Compare two points lazily */ -int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ) -{ - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( Q != NULL ); +int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q) { + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(Q != NULL); - if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 && - mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 && - mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 ) - { - return( 0 ); + if (mbedtls_mpi_cmp_mpi(&P->X, &Q->X) == 0 && + mbedtls_mpi_cmp_mpi(&P->Y, &Q->Y) == 0 && + mbedtls_mpi_cmp_mpi(&P->Z, &Q->Z) == 0) { + return (0); } - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } /* * Import a non-zero point from ASCII strings */ -int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, - const char *x, const char *y ) -{ +int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, + const char *x, const char *y) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( x != NULL ); - ECP_VALIDATE_RET( y != NULL ); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(x != NULL); + ECP_VALIDATE_RET(y != NULL); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->X, radix, x)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P->Y, radix, y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); cleanup: - return( ret ); + return (ret); } /* * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748) */ -int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen ) -{ +int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *P, + int format, size_t *olen, + unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; size_t plen; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || - format == MBEDTLS_ECP_PF_COMPRESSED ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(olen != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED || + format == MBEDTLS_ECP_PF_COMPRESSED); - plen = mbedtls_mpi_size( &grp->P ); + plen = mbedtls_mpi_size(&grp->P); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) (void) format; /* Montgomery curves always use the same point format */ - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { *olen = plen; - if( buflen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (buflen < *olen) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&P->X, buf, plen)); } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { /* * Common case: P == 0 */ - if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) - { - if( buflen < 1 ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) { + if (buflen < 1) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); buf[0] = 0x00; *olen = 1; - return( 0 ); + return (0); } - if( format == MBEDTLS_ECP_PF_UNCOMPRESSED ) - { + if (format == MBEDTLS_ECP_PF_UNCOMPRESSED) { *olen = 2 * plen + 1; - if( buflen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (buflen < *olen) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); buf[0] = 0x04; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) ); - } - else if( format == MBEDTLS_ECP_PF_COMPRESSED ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->Y, buf + 1 + plen, plen)); + } else if (format == MBEDTLS_ECP_PF_COMPRESSED) { *olen = plen + 1; - if( buflen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (buflen < *olen) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); + buf[0] = 0x02 + mbedtls_mpi_get_bit(&P->Y, 0); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&P->X, buf + 1, plen)); } } #endif cleanup: - return( ret ); + return (ret); } /* * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748) */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char *buf, size_t ilen ) -{ +int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char *buf, size_t ilen) { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; size_t plen; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); + ECP_VALIDATE_RET(buf != NULL); - if( ilen < 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ilen < 1) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - plen = mbedtls_mpi_size( &grp->P ); + plen = mbedtls_mpi_size(&grp->P); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { - if( plen != ilen ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + if (plen != ilen) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) ); - mbedtls_mpi_free( &pt->Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); + mbedtls_mpi_free(&pt->Y); - if( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) + if (grp->id == MBEDTLS_ECP_DP_CURVE25519) /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { - if( buf[0] == 0x00 ) - { - if( ilen == 1 ) - return( mbedtls_ecp_set_zero( pt ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + if (buf[0] == 0x00) { + if (ilen == 1) + return (mbedtls_ecp_set_zero(pt)); else - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } - if( buf[0] != 0x04 ) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + if (buf[0] != 0x04) + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - if( ilen != 2 * plen + 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (ilen != 2 * plen + 1) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, - buf + 1 + plen, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, + buf + 1 + plen, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); } #endif cleanup: - return( ret ); + return (ret); } /* @@ -1003,26 +940,25 @@ cleanup: * opaque point <1..2^8-1>; * } ECPoint; */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char **buf, size_t buf_len ) -{ +int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char **buf, size_t buf_len) { unsigned char data_len; const unsigned char *buf_start; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(*buf != NULL); /* * We must have at least two bytes (1 for length, at least one for data) */ - if( buf_len < 2 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (buf_len < 2) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); data_len = *(*buf)++; - if( data_len < 1 || data_len > buf_len - 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (data_len < 1 || data_len > buf_len - 1) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* * Save buffer start for read_binary and update buf @@ -1030,7 +966,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, buf_start = *buf; *buf += data_len; - return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) ); + return (mbedtls_ecp_point_read_binary(grp, pt, buf_start, data_len)); } /* @@ -1039,79 +975,76 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, * opaque point <1..2^8-1>; * } ECPoint; */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen ) -{ +int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, + int format, size_t *olen, + unsigned char *buf, size_t blen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || - format == MBEDTLS_ECP_PF_COMPRESSED ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); + ECP_VALIDATE_RET(olen != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(format == MBEDTLS_ECP_PF_UNCOMPRESSED || + format == MBEDTLS_ECP_PF_COMPRESSED); /* * buffer length must be at least one, for our length byte */ - if( blen < 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (blen < 1) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format, - olen, buf + 1, blen - 1) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_point_write_binary(grp, pt, format, + olen, buf + 1, blen - 1)) != 0) + return (ret); /* * write length to the first byte and update total length */ - buf[0] = (unsigned char) *olen; + buf[0] = (unsigned char) * olen; ++*olen; - return( 0 ); + return (0); } /* * Set a group from an ECParameters record (RFC 4492) */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, - const unsigned char **buf, size_t len ) -{ +int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, + const unsigned char **buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(*buf != NULL); - if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) + return (ret); - return( mbedtls_ecp_group_load( grp, grp_id ) ); + return (mbedtls_ecp_group_load(grp, grp_id)); } /* * Read a group id from an ECParameters record (RFC 4492) and convert it to * mbedtls_ecp_group_id. */ -int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, - const unsigned char **buf, size_t len ) -{ +int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, + const unsigned char **buf, size_t len) { uint16_t tls_id; const mbedtls_ecp_curve_info *curve_info; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(*buf != NULL); /* * We expect at least three bytes (see below) */ - if( len < 3 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (len < 3) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* * First byte is curve_type; only named_curve is handled */ - if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (*(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* * Next two bytes are the namedcurve value @@ -1120,34 +1053,33 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, tls_id <<= 8; tls_id |= *(*buf)++; - if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL ) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); *grp = curve_info->grp_id; - return( 0 ); + return (0); } /* * Write the ECParameters record corresponding to a group (RFC 4492) */ -int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, - unsigned char *buf, size_t blen ) -{ +int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, size_t *olen, + unsigned char *buf, size_t blen) { const mbedtls_ecp_curve_info *curve_info; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( olen != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(buf != NULL); + ECP_VALIDATE_RET(olen != NULL); - if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((curve_info = mbedtls_ecp_curve_info_from_grp_id(grp->id)) == NULL) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* * We are going to write 3 bytes (see below) */ *olen = 3; - if( blen < *olen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + if (blen < *olen) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); /* * First byte is curve_type, always named_curve @@ -1160,7 +1092,7 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, buf[0] = curve_info->tls_id >> 8; buf[1] = curve_info->tls_id & 0xFF; - return( 0 ); + return (0); } /* @@ -1169,32 +1101,30 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, * * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf. */ -static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) -{ +static int ecp_modp(mbedtls_mpi *N, const mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( grp->modp == NULL ) - return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); + if (grp->modp == NULL) + return (mbedtls_mpi_mod_mpi(N, N, &grp->P)); /* N->s < 0 is a much faster test, which fails only if N is 0 */ - if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) || - mbedtls_mpi_bitlen( N ) > 2 * grp->pbits ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || + mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } - MBEDTLS_MPI_CHK( grp->modp( N ) ); + MBEDTLS_MPI_CHK(grp->modp(N)); /* N->s < 0 is a much faster test, which fails only if N is 0 */ - while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) ); + while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); - while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 ) + while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) /* we known P, N and the result are positive */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); cleanup: - return( ret ); + return (ret); } /* @@ -1223,16 +1153,15 @@ cleanup: INC_MUL_COUNT \ } while( 0 ) -static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) -{ +static inline int mbedtls_mpi_mul_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) ); - MOD_MUL( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); + MOD_MUL(*X); cleanup: - return( ret ); + return (ret); } /* @@ -1250,16 +1179,15 @@ cleanup: ( defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \ !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) ) ) -static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) -{ +static inline int mbedtls_mpi_sub_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) ); - MOD_SUB( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B)); + MOD_SUB(*X); cleanup: - return( ret ); + return (ret); } #endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */ @@ -1272,31 +1200,29 @@ cleanup: while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 ) \ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) ) -static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) -{ +static inline int mbedtls_mpi_add_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) ); - MOD_ADD( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); + MOD_ADD(*X); cleanup: - return( ret ); + return (ret); } #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) -static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - size_t count ) -{ +static inline int mbedtls_mpi_shift_l_mod(const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + size_t count) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) ); - MOD_ADD( *X ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count)); + MOD_ADD(*X); cleanup: - return( ret ); + return (ret); } #endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ @@ -1313,46 +1239,47 @@ cleanup: * Normalize jacobian coordinates so that Z == 0 || Z == 1 (GECC 3.2.1) * Cost: 1N := 1I + 3M + 1S */ -static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) -{ - if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ) - return( 0 ); +static int ecp_normalize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt) { + if (mbedtls_mpi_cmp_int(&pt->Z, 0) == 0) + return (0); #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_jac( grp, pt ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_normalize_jac(grp, pt)); #endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi Zi, ZZi; - mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); + mbedtls_mpi_init(&Zi); + mbedtls_mpi_init(&ZZi); /* * X = X / Z^2 mod p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&Zi, &pt->Z, &grp->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ZZi)); /* * Y = Y / Z^3 mod p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ZZi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &Zi)); /* * Z = 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); cleanup: - mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); + mbedtls_mpi_free(&Zi); + mbedtls_mpi_free(&ZZi); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ } @@ -1367,68 +1294,65 @@ cleanup: * * Cost: 1N(t) := 1I + (6t - 3)M + 1S */ -static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t T_size ) -{ - if( T_size < 2 ) - return( ecp_normalize_jac( grp, *T ) ); +static int ecp_normalize_jac_many(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *T[], size_t T_size) { + if (T_size < 2) + return (ecp_normalize_jac(grp, *T)); #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size)); #endif #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi *c, u, Zi, ZZi; - if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) - return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) + return (MBEDTLS_ERR_ECP_ALLOC_FAILED); - for( i = 0; i < T_size; i++ ) - mbedtls_mpi_init( &c[i] ); + for (i = 0; i < T_size; i++) + mbedtls_mpi_init(&c[i]); - mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); + mbedtls_mpi_init(&u); + mbedtls_mpi_init(&Zi); + mbedtls_mpi_init(&ZZi); /* * c[i] = Z_0 * ... * Z_i */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) ); - for( i = 1; i < T_size; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&c[0], &T[0]->Z)); + for (i = 1; i < T_size; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &c[i], &c[i - 1], &T[i]->Z)); } /* * u = 1 / (Z_0 * ... * Z_n) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&u, &c[T_size - 1], &grp->P)); - for( i = T_size - 1; ; i-- ) - { + for (i = T_size - 1; ; i--) { /* * Zi = 1 / Z_i mod p * u = 1 / (Z_0 * ... * Z_i) mod P */ - if( i == 0 ) { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) ); + if (i == 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Zi, &u)); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Zi, &u, &c[i - 1])); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &u, &u, &T[i]->Z)); } /* * proceed as in normalize() */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ZZi, &Zi, &Zi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->X, &T[i]->X, &ZZi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &ZZi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T[i]->Y, &T[i]->Y, &Zi)); /* * Post-precessing: reclaim some memory by shrinking coordinates @@ -1436,22 +1360,24 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, * - shrinking other coordinates, but still keeping the same number of * limbs as P, as otherwise it will too likely be regrown too fast. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) ); - mbedtls_mpi_free( &T[i]->Z ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); + mbedtls_mpi_free(&T[i]->Z); - if( i == 0 ) + if (i == 0) break; } cleanup: - mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); - for( i = 0; i < T_size; i++ ) - mbedtls_mpi_free( &c[i] ); - mbedtls_free( c ); + mbedtls_mpi_free(&u); + mbedtls_mpi_free(&Zi); + mbedtls_mpi_free(&ZZi); + for (i = 0; i < T_size; i++) + mbedtls_mpi_free(&c[i]); + mbedtls_free(c); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ } @@ -1459,25 +1385,24 @@ cleanup: * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak. * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid */ -static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *Q, - unsigned char inv ) -{ +static int ecp_safe_invert_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *Q, + unsigned char inv) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char nonzero; mbedtls_mpi mQY; - mbedtls_mpi_init( &mQY ); + mbedtls_mpi_init(&mQY); /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) ); - nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mQY, &grp->P, &Q->Y)); + nonzero = mbedtls_mpi_cmp_int(&Q->Y, 0) != 0; + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&Q->Y, &mQY, inv & nonzero)); cleanup: - mbedtls_mpi_free( &mQY ); + mbedtls_mpi_free(&mQY); - return( ret ); + return (ret); } /* @@ -1494,85 +1419,88 @@ cleanup: * 4M + 4S (A == -3) * 3M + 6S + 1a otherwise */ -static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *P ) -{ +static int ecp_double_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point *P) { #if defined(MBEDTLS_SELF_TEST) dbl_count++; #endif #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_double_jac( grp, R, P ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_double_jac(grp, R, P)); #endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi M, S, T, U; - mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U ); + mbedtls_mpi_init(&M); + mbedtls_mpi_init(&S); + mbedtls_mpi_init(&T); + mbedtls_mpi_init(&U); /* Special case for A = -3 */ - if( grp->A.p == NULL ) - { + if (grp->A.p == NULL) { /* M = 3(X + Z^2)(X - Z^2) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); - } - else - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &T, &P->X, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &U, &P->X, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &U)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); + MOD_ADD(M); + } else { /* M = 3.X^2 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &S, 3)); + MOD_ADD(M); /* Optimize away for "koblitz" curves with A = 0 */ - if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&grp->A, 0) != 0) { /* M += A.Z^4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &S, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &grp->A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->Z, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &S, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &T, &grp->A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &M, &M, &S)); } } /* S = 4.X.Y^2 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &P->Y, &P->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &P->X, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &S, 1)); /* U = 8.Y^4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &T, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1)); /* T = M^2 - 2.S */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T, &M, &M)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T, &T, &S)); /* S = M(S - T) - U */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S, &S, &M)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S, &S, &U)); /* U = 2.Y.Z */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &U, &P->Y, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &U, 1)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &T)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &S)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &U)); cleanup: - mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U ); + mbedtls_mpi_free(&M); + mbedtls_mpi_free(&S); + mbedtls_mpi_free(&T); + mbedtls_mpi_free(&U); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ } @@ -1594,20 +1522,19 @@ cleanup: * * Cost: 1A := 8M + 3S */ -static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) -{ +static int ecp_add_mixed(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q) { #if defined(MBEDTLS_SELF_TEST) add_count++; #endif #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_add_mixed(grp, R, P, Q)); #endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi T1, T2, T3, T4, X, Y, Z; @@ -1615,67 +1542,73 @@ static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* * Trivial cases: P == 0 or Q == 0 (case 1) */ - if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) - return( mbedtls_ecp_copy( R, Q ) ); + if (mbedtls_mpi_cmp_int(&P->Z, 0) == 0) + return (mbedtls_ecp_copy(R, Q)); - if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 ) - return( mbedtls_ecp_copy( R, P ) ); + if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 0) == 0) + return (mbedtls_ecp_copy(R, P)); /* * Make sure Q coordinates are normalized */ - if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (Q->Z.p != NULL && mbedtls_mpi_cmp_int(&Q->Z, 1) != 0) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); - mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 ); - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); + mbedtls_mpi_init(&T1); + mbedtls_mpi_init(&T2); + mbedtls_mpi_init(&T3); + mbedtls_mpi_init(&T4); + mbedtls_mpi_init(&X); + mbedtls_mpi_init(&Y); + mbedtls_mpi_init(&Z); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &P->Z, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T1, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T1, &T1, &Q->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T2, &T2, &Q->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T1, &T1, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T2, &T2, &P->Y)); /* Special cases (2) and (3) */ - if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 ) - { - if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 ) - { - ret = ecp_double_jac( grp, R, P ); + if (mbedtls_mpi_cmp_int(&T1, 0) == 0) { + if (mbedtls_mpi_cmp_int(&T2, 0) == 0) { + ret = ecp_double_jac(grp, R, P); goto cleanup; - } - else - { - ret = mbedtls_ecp_set_zero( R ); + } else { + ret = mbedtls_ecp_set_zero(R); goto cleanup; } } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &Z, &P->Z, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T1, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T3, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &T3)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, &T1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &X, &T2, &T2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &X, &X, &T4)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &T3, &T3, &X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T3, &T3, &T2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &T4, &T4, &P->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &Y, &T3, &T4)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->X, &X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Y, &Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R->Z, &Z)); cleanup: - mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 ); - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); + mbedtls_mpi_free(&T1); + mbedtls_mpi_free(&T2); + mbedtls_mpi_free(&T3); + mbedtls_mpi_free(&T4); + mbedtls_mpi_free(&X); + mbedtls_mpi_free(&Y); + mbedtls_mpi_free(&Z); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ } @@ -1686,55 +1619,53 @@ cleanup: * * This countermeasure was first suggested in [2]. */ -static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int ecp_randomize_jac(const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_randomize_jac(grp, pt, f_rng, p_rng)); #endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi l, ll; int count = 0; - size_t p_size = ( grp->pbits + 7 ) / 8; + size_t p_size = (grp->pbits + 7) / 8; - mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll ); + mbedtls_mpi_init(&l); + mbedtls_mpi_init(&ll); /* Generate l such that 1 < l < p */ - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&l, p_size, f_rng, p_rng)); - while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); + while (mbedtls_mpi_cmp_mpi(&l, &grp->P) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&l, 1)); - if( count++ > 10 ) - { + if (count++ > 10) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - } - while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); + } while (mbedtls_mpi_cmp_int(&l, 1) <= 0); /* Z = l * Z */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Z, &pt->Z, &l)); /* X = l^2 * X */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &l, &l)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->X, &pt->X, &ll)); /* Y = l^3 * Y */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &ll, &ll, &l)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &pt->Y, &pt->Y, &ll)); cleanup: - mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll ); + mbedtls_mpi_free(&l); + mbedtls_mpi_free(&ll); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */ } @@ -1798,33 +1729,31 @@ cleanup: * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d * (the result will be incorrect if these assumptions are not satisfied) */ -static void ecp_comb_recode_core( unsigned char x[], size_t d, - unsigned char w, const mbedtls_mpi *m ) -{ +static void ecp_comb_recode_core(unsigned char x[], size_t d, + unsigned char w, const mbedtls_mpi *m) { size_t i, j; unsigned char c, cc, adjust; - memset( x, 0, d+1 ); + memset(x, 0, d + 1); /* First get the classical comb values (except for x_d = 0) */ - for( i = 0; i < d; i++ ) - for( j = 0; j < w; j++ ) - x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j; + for (i = 0; i < d; i++) + for (j = 0; j < w; j++) + x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j; /* Now make sure x_1 .. x_d are odd */ c = 0; - for( i = 1; i <= d; i++ ) - { + for (i = 1; i <= d; i++) { /* Add carry and update it */ cc = x[i] & c; x[i] = x[i] ^ c; c = cc; /* Adjust if needed, avoiding branches */ - adjust = 1 - ( x[i] & 0x01 ); - c |= x[i] & ( x[i-1] * adjust ); - x[i] = x[i] ^ ( x[i-1] * adjust ); - x[i-1] |= adjust << 7; + adjust = 1 - (x[i] & 0x01); + c |= x[i] & (x[i - 1] * adjust); + x[i] = x[i] ^ (x[i - 1] * adjust); + x[i - 1] |= adjust << 7; } } @@ -1862,27 +1791,25 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order * to minimize maximum blocking time. */ -static int ecp_precompute_comb( const mbedtls_ecp_group *grp, - mbedtls_ecp_point T[], const mbedtls_ecp_point *P, - unsigned char w, size_t d, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int ecp_precompute_comb(const mbedtls_ecp_group *grp, + mbedtls_ecp_point T[], const mbedtls_ecp_point *P, + unsigned char w, size_t d, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; size_t j = 0; - const unsigned char T_size = 1U << ( w - 1 ); + const unsigned char T_size = 1U << (w - 1); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { - if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { + if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) goto dbl; - if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl ) + if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) goto norm_dbl; - if( rs_ctx->rsm->state == ecp_rsm_pre_add ) + if (rs_ctx->rsm->state == ecp_rsm_pre_add) goto add; - if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add ) + if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) goto norm_add; } #else @@ -1890,8 +1817,7 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { rs_ctx->rsm->state = ecp_rsm_pre_dbl; /* initial state for the loop */ @@ -1904,30 +1830,29 @@ dbl: * Set T[0] = P and * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) */ - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) j = rs_ctx->rsm->i; else #endif j = 0; - for( ; j < d * ( w - 1 ); j++ ) - { - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL ); + for (; j < d * (w - 1); j++) { + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL); - i = 1U << ( j / d ); + i = 1U << (j / d); cur = T + i; - if( j % d == 0 ) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); + if (j % d == 0) + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1))); - MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); + MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur)); } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; norm_dbl: @@ -1937,15 +1862,15 @@ norm_dbl: * use an auxiliary array of pointers to elements in T. */ j = 0; - for( i = 1; i < T_size; i <<= 1 ) + for (i = 1; i < T_size; i <<= 1) TT[j++] = T + i; - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); + MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) rs_ctx->rsm->state = ecp_rsm_pre_add; add: @@ -1954,17 +1879,16 @@ add: * Compute the remaining ones using the minimal number of additions * Be careful to update T[2^l] only after using it! */ - MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD ); + MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD); - for( i = 1; i < T_size; i <<= 1 ) - { + for (i = 1; i < T_size; i <<= 1) { j = i; - while( j-- ) - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); + while (j--) + MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i])); } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) rs_ctx->rsm->state = ecp_rsm_pre_norm_add; norm_add: @@ -1974,24 +1898,23 @@ norm_add: * still need the auxiliary array for homogeneity with the previous * call. Also, skip T[0] which is already normalised, being a copy of P. */ - for( j = 0; j + 1 < T_size; j++ ) + for (j = 0; j + 1 < T_size; j++) TT[j] = T + j + 1; - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); + MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); cleanup: #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { - if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL && + ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { + if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) rs_ctx->rsm->i = j; } #endif - return( ret ); + return (ret); } /* @@ -1999,28 +1922,26 @@ cleanup: * * See ecp_comb_recode_core() for background */ -static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char T_size, - unsigned char i ) -{ +static int ecp_select_comb(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point T[], unsigned char T_size, + unsigned char i) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char ii, j; /* Ignore the "sign" bit and scale down */ - ii = ( i & 0x7Fu ) >> 1; + ii = (i & 0x7Fu) >> 1; /* Read the whole table to thwart cache-based timing attacks */ - for( j = 0; j < T_size; j++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) ); + for (j = 0; j < T_size; j++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->X, &T[j].X, j == ii)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&R->Y, &T[j].Y, j == ii)); } /* Safely invert result if i is "negative" */ - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) ); + MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); cleanup: - return( ret ); + return (ret); } /* @@ -2029,74 +1950,68 @@ cleanup: * * Cost: d A + d D + 1 R */ -static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_ecp_point T[], unsigned char T_size, - const unsigned char x[], size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int ecp_mul_comb_core(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_ecp_point T[], unsigned char T_size, + const unsigned char x[], size_t d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Txi; size_t i; - mbedtls_ecp_point_init( &Txi ); + mbedtls_ecp_point_init(&Txi); #if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - rs_ctx->rsm->state != ecp_rsm_comb_core ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && + rs_ctx->rsm->state != ecp_rsm_comb_core) { rs_ctx->rsm->i = 0; rs_ctx->rsm->state = ecp_rsm_comb_core; } /* new 'if' instead of nested for the sake of the 'else' branch */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { /* restore current index (R already pointing to rs_ctx->rsm->R) */ i = rs_ctx->rsm->i; - } - else + } else #endif { /* Start with a non-zero point and randomize its coordinates */ i = d; - MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); + MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 1)); #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != 0 ) + if (f_rng != 0) #endif - MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); } - while( i != 0 ) - { - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); + while (i != 0) { + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD); --i; - MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); - MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); + MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R)); + MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); + MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi)); } cleanup: - mbedtls_ecp_point_free( &Txi ); + mbedtls_ecp_point_free(&Txi); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && - ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && + ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { rs_ctx->rsm->i = i; /* no need to save R, already pointing to rs_ctx->rsm->R */ } #endif - return( ret ); + return (ret); } /* @@ -2111,39 +2026,38 @@ cleanup: * * See ecp_comb_recode_core() for background. */ -static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, - const mbedtls_mpi *m, - unsigned char k[COMB_MAX_D + 1], - size_t d, - unsigned char w, - unsigned char *parity_trick ) -{ +static int ecp_comb_recode_scalar(const mbedtls_ecp_group *grp, + const mbedtls_mpi *m, + unsigned char k[COMB_MAX_D + 1], + size_t d, + unsigned char w, + unsigned char *parity_trick) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi M, mm; - mbedtls_mpi_init( &M ); - mbedtls_mpi_init( &mm ); + mbedtls_mpi_init(&M); + mbedtls_mpi_init(&mm); /* N is always odd (see above), just make extra sure */ - if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); /* do we need the parity trick? */ - *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 ); + *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0); /* execute parity fix in constant time */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick)); /* actual scalar recoding */ - ecp_comb_recode_core( k, d, w, &M ); + ecp_comb_recode_core(k, d, w, &M); cleanup: - mbedtls_mpi_free( &mm ); - mbedtls_mpi_free( &M ); + mbedtls_mpi_free(&mm); + mbedtls_mpi_free(&M); - return( ret ); + return (ret); } /* @@ -2153,44 +2067,42 @@ cleanup: * Scalar recoding may use a parity trick that makes us compute -m * P, * if that is the case we'll need to recover m * P at the end. */ -static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *T, - unsigned char T_size, - unsigned char w, - size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int ecp_mul_comb_after_precomp(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + const mbedtls_mpi *m, + const mbedtls_ecp_point *T, + unsigned char T_size, + unsigned char w, + size_t d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL) { RR = &rs_ctx->rsm->R; - if( rs_ctx->rsm->state == ecp_rsm_final_norm ) + if (rs_ctx->rsm->state == ecp_rsm_final_norm) goto final_norm; } #endif - MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, - &parity_trick ) ); - MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, - f_rng, p_rng, rs_ctx ) ); - MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); + MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, + &parity_trick)); + MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, + f_rng, p_rng, rs_ctx)); + MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) rs_ctx->rsm->state = ecp_rsm_final_norm; final_norm: - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); #endif /* * Knowledge of the jacobian coordinates may leak the last few bits of the @@ -2204,27 +2116,26 @@ final_norm: * Avoid the leak by randomizing coordinates before we normalize them. */ #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != 0 ) + if (f_rng != 0) #endif - MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); + MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); + if (rs_ctx != NULL && rs_ctx->rsm != NULL) + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR)); #endif cleanup: - return( ret ); + return (ret); } /* * Pick window size based on curve size and whether we optimize for base point */ -static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, - unsigned char p_eq_g ) -{ +static unsigned char ecp_pick_window_size(const mbedtls_ecp_group *grp, + unsigned char p_eq_g) { unsigned char w; /* @@ -2239,7 +2150,7 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * Just adding one avoids upping the cost of the first mul too much, * and the memory cost too. */ - if( p_eq_g ) + if (p_eq_g) w++; /* @@ -2247,13 +2158,13 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * (The last test is useful only for very small curves in the test suite.) */ #if( MBEDTLS_ECP_WINDOW_SIZE < 6 ) - if( w > MBEDTLS_ECP_WINDOW_SIZE ) + if (w > MBEDTLS_ECP_WINDOW_SIZE) w = MBEDTLS_ECP_WINDOW_SIZE; #endif - if( w >= grp->nbits ) + if (w >= grp->nbits) w = 2; - return( w ); + return (w); } /* @@ -2269,12 +2180,11 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * * See comments on ecp_comb_recode_core() regarding the computation strategy. */ -static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int ecp_mul_comb(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char w, p_eq_g, i; size_t d; @@ -2283,18 +2193,17 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_context drbg_ctx; - ecp_drbg_init( &drbg_ctx ); + ecp_drbg_init(&drbg_ctx); #endif - ECP_RS_ENTER( rsm ); + ECP_RS_ENTER(rsm); #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { + if (f_rng == NULL) { /* Adjust pointers */ f_rng = &ecp_drbg_random; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) p_rng = &rs_ctx->rsm->drbg_ctx; else #endif @@ -2302,15 +2211,15 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Initialize internal DRBG if necessary */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL || - rs_ctx->rsm->drbg_seeded == 0 ) + if (rs_ctx == NULL || rs_ctx->rsm == NULL || + rs_ctx->rsm->drbg_seeded == 0) #endif { - const size_t m_len = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) ); + const size_t m_len = (grp->nbits + 7) / 8; + MBEDTLS_MPI_CHK(ecp_drbg_seed(p_rng, m, m_len)); } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if (rs_ctx != NULL && rs_ctx->rsm != NULL) rs_ctx->rsm->drbg_seeded = 1; #endif } @@ -2318,61 +2227,54 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 - p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && - mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 ); + p_eq_g = (mbedtls_mpi_cmp_mpi(&P->Y, &grp->G.Y) == 0 && + mbedtls_mpi_cmp_mpi(&P->X, &grp->G.X) == 0); #else p_eq_g = 0; #endif /* Pick window size and deduce related sizes */ - w = ecp_pick_window_size( grp, p_eq_g ); - T_size = 1U << ( w - 1 ); - d = ( grp->nbits + w - 1 ) / w; + w = ecp_pick_window_size(grp, p_eq_g); + T_size = 1U << (w - 1); + d = (grp->nbits + w - 1) / w; /* Pre-computed table: do we have it already for the base point? */ - if( p_eq_g && grp->T != NULL ) - { + if (p_eq_g && grp->T != NULL) { /* second pointer to the same table, will be deleted on exit */ T = grp->T; T_ok = 1; - } - else + } else #if defined(MBEDTLS_ECP_RESTARTABLE) - /* Pre-computed table: do we have one in progress? complete? */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL ) - { - /* transfer ownership of T from rsm to local function */ - T = rs_ctx->rsm->T; - rs_ctx->rsm->T = NULL; - rs_ctx->rsm->T_size = 0; + /* Pre-computed table: do we have one in progress? complete? */ + if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) { + /* transfer ownership of T from rsm to local function */ + T = rs_ctx->rsm->T; + rs_ctx->rsm->T = NULL; + rs_ctx->rsm->T_size = 0; - /* This effectively jumps to the call to mul_comb_after_precomp() */ - T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; - } - else + /* This effectively jumps to the call to mul_comb_after_precomp() */ + T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; + } else #endif - /* Allocate table if we didn't have any */ - { - T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) ); - if( T == NULL ) + /* Allocate table if we didn't have any */ { - ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; - goto cleanup; + T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point)); + if (T == NULL) { + ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; + goto cleanup; + } + + for (i = 0; i < T_size; i++) + mbedtls_ecp_point_init(&T[i]); + + T_ok = 0; } - for( i = 0; i < T_size; i++ ) - mbedtls_ecp_point_init( &T[i] ); - - T_ok = 0; - } - /* Compute table (or finish computing it) if not done already */ - if( !T_ok ) - { - MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) ); + if (!T_ok) { + MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); - if( p_eq_g ) - { + if (p_eq_g) { /* almost transfer ownership of T to the group, but keep a copy of * the pointer to use for calling the next function more easily */ grp->T = T; @@ -2381,24 +2283,23 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, } /* Actual comb multiplication using precomputed points */ - MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, - T, T_size, w, d, - f_rng, p_rng, rs_ctx ) ); + MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, + T, T_size, w, d, + f_rng, p_rng, rs_ctx)); cleanup: #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); + ecp_drbg_free(&drbg_ctx); #endif /* does T belong to the group? */ - if( T == grp->T ) + if (T == grp->T) T = NULL; /* does T belong to the restart context? */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) - { + if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) { /* transfer ownership of T from local function to rsm */ rs_ctx->rsm->T_size = T_size; rs_ctx->rsm->T = T; @@ -2407,24 +2308,23 @@ cleanup: #endif /* did T belong to us? then let's destroy it! */ - if( T != NULL ) - { - for( i = 0; i < T_size; i++ ) - mbedtls_ecp_point_free( &T[i] ); - mbedtls_free( T ); + if (T != NULL) { + for (i = 0; i < T_size; i++) + mbedtls_ecp_point_free(&T[i]); + mbedtls_free(T); } /* don't free R while in progress in case R == P */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) #endif - /* prevent caller from using invalid value */ - if( ret != 0 ) - mbedtls_ecp_point_free( R ); + /* prevent caller from using invalid value */ + if (ret != 0) + mbedtls_ecp_point_free(R); - ECP_RS_LEAVE( rsm ); + ECP_RS_LEAVE(rsm); - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -2442,23 +2342,22 @@ cleanup: * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1 * Cost: 1M + 1I */ -static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P ) -{ +static int ecp_normalize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P) { #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_normalize_mxz( grp, P ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_normalize_mxz(grp, P)); #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&P->Z, &P->Z, &grp->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&P->Z, 1)); cleanup: - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */ } @@ -2470,109 +2369,116 @@ cleanup: * This countermeasure was first suggested in [2]. * Cost: 2M */ -static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int ecp_randomize_mxz(const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_randomize_mxz(grp, P, f_rng, p_rng); #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi l; - int count = 0; - size_t p_size = ( grp->pbits + 7 ) / 8; - mbedtls_mpi_init( &l ); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi l; + int count = 0; + size_t p_size = (grp->pbits + 7) / 8; + mbedtls_mpi_init(&l); - /* Generate l such that 1 < l < p */ - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); + /* Generate l such that 1 < l < p */ + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&l, p_size, f_rng, p_rng)); - while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); + while (mbedtls_mpi_cmp_mpi(&l, &grp->P) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&l, 1)); - if( count++ > 10 ) - { - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - goto cleanup; - } - } - while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); + if (count++ > 10) { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } + } while (mbedtls_mpi_cmp_int(&l, 1) <= 0); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->X, &P->X, &l)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &P->Z, &P->Z, &l)); -cleanup: - mbedtls_mpi_free( &l ); + cleanup: + mbedtls_mpi_free(&l); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */ -} + } -/* - * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q), - * for Montgomery curves in x/z coordinates. - * - * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3 - * with - * d = X1 - * P = (X2, Z2) - * Q = (X3, Z3) - * R = (X4, Z4) - * S = (X5, Z5) - * and eliminating temporary variables tO, ..., t4. - * - * Cost: 5M + 4S - */ -static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, mbedtls_ecp_point *S, - const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, - const mbedtls_mpi *d ) -{ + /* + * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q), + * for Montgomery curves in x/z coordinates. + * + * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3 + * with + * d = X1 + * P = (X2, Z2) + * Q = (X3, Z3) + * R = (X4, Z4) + * S = (X5, Z5) + * and eliminating temporary variables tO, ..., t4. + * + * Cost: 5M + 4S + */ + static int ecp_double_add_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, mbedtls_ecp_point *S, + const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q, +const mbedtls_mpi *d) { #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) ); + if (mbedtls_internal_ecp_grp_capable(grp)) + return (mbedtls_internal_ecp_double_add_mxz(grp, R, S, P, Q, d)); #endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; - mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B ); - mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C ); - mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB ); + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&AA); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&BB); + mbedtls_mpi_init(&E); + mbedtls_mpi_init(&C); + mbedtls_mpi_init(&D); + mbedtls_mpi_init(&DA); + mbedtls_mpi_init(&CB); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB, &B, &B ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E, &AA, &BB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C, &Q->X, &Q->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D, &Q->X, &Q->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA, &D, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB, &C, &B ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA, &CB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X, &S->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA, &CB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z, &S->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d, &S->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA, &BB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &A, &P->X, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &AA, &A, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &B, &P->X, &P->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &BB, &B, &B)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &E, &AA, &BB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &C, &Q->X, &Q->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &D, &Q->X, &Q->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &DA, &D, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &CB, &C, &B)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &S->X, &DA, &CB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->X, &S->X, &S->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, &S->Z, &DA, &CB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, &S->Z, &S->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &S->Z, d, &S->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->X, &AA, &BB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &grp->A, &E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &R->Z, &BB, &R->Z)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &R->Z, &E, &R->Z)); cleanup: - mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B ); - mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C ); - mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB ); + mbedtls_mpi_free(&A); + mbedtls_mpi_free(&AA); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&BB); + mbedtls_mpi_free(&E); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&D); + mbedtls_mpi_free(&DA); + mbedtls_mpi_free(&CB); - return( ret ); + return (ret); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */ } @@ -2580,11 +2486,10 @@ cleanup: * Multiplication with Montgomery ladder in x/z coordinates, * for curves in Montgomery form */ -static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; unsigned char b; @@ -2593,43 +2498,42 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_context drbg_ctx; - ecp_drbg_init( &drbg_ctx ); + ecp_drbg_init(&drbg_ctx); #endif - mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); + mbedtls_ecp_point_init(&RP); + mbedtls_mpi_init(&PX); #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { - const size_t m_len = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) ); + if (f_rng == NULL) { + const size_t m_len = (grp->nbits + 7) / 8; + MBEDTLS_MPI_CHK(ecp_drbg_seed(&drbg_ctx, m, m_len)); f_rng = &ecp_drbg_random; p_rng = &drbg_ctx; } #endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ /* Save PX and read from P before writing to R, in case P == R */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&PX, &P->X)); + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&RP, P)); /* Set R to zero in modified x/z coordinates */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) ); - mbedtls_mpi_free( &R->Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->X, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&R->Z, 0)); + mbedtls_mpi_free(&R->Y); /* RP.X might be sligtly larger than P, so reduce it */ - MOD_ADD( RP.X ); + MOD_ADD(RP.X); /* Randomize coordinates of the starting point */ #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != NULL ) + if (f_rng != NULL) #endif - MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, &RP, f_rng, p_rng)); /* Loop invariant: R = result so far, RP = R + P */ - i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */ - while( i-- > 0 ) - { - b = mbedtls_mpi_get_bit( m, i ); + i = mbedtls_mpi_bitlen(m); /* one past the (zero-based) most significant bit */ + while (i-- > 0) { + b = mbedtls_mpi_get_bit(m, i); /* * if (b) R = 2R + P else R = 2R, * which is: @@ -2637,11 +2541,11 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * else double_add( R, RP, R, RP ) * but using safe conditional swaps to avoid leaks */ - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); - MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b)); + MBEDTLS_MPI_CHK(ecp_double_add_mxz(grp, R, &RP, R, &RP, &PX)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->X, &RP.X, b)); + MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_swap(&R->Z, &RP.Z, b)); } /* @@ -2656,20 +2560,21 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * Avoid the leak by randomizing coordinates before we normalize them. */ #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != NULL ) + if (f_rng != NULL) #endif - MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(ecp_randomize_mxz(grp, R, f_rng, p_rng)); - MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); + MBEDTLS_MPI_CHK(ecp_normalize_mxz(grp, R)); cleanup: #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); + ecp_drbg_free(&drbg_ctx); #endif - mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); + mbedtls_ecp_point_free(&RP); + mbedtls_mpi_free(&PX); - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ @@ -2677,83 +2582,81 @@ cleanup: /* * Restartable multiplication R = m * P */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) + if (rs_ctx != NULL && rs_ctx->depth++ == 0) rs_ctx->ops_done = 0; #else (void) rs_ctx; #endif #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) - MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); + if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) + MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) /* skip argument check when restarting */ - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + if (rs_ctx == NULL || rs_ctx->rsm == NULL) #endif { /* check_privkey is free */ - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK); /* Common sanity checks */ - MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); + MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); } ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) + MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) + MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); #endif cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( is_grp_capable ) - mbedtls_internal_ecp_free( grp ); + if (is_grp_capable) + mbedtls_internal_ecp_free(grp); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL ) + if (rs_ctx != NULL) rs_ctx->depth--; #endif - return( ret ); + return (ret); } /* * Multiplication R = m * P */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); +int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); + return (mbedtls_ecp_mul_restartable(grp, R, m, P, f_rng, p_rng, NULL)); } #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) @@ -2761,48 +2664,47 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * Check that an affine point is valid as a public key, * short weierstrass curves (SEC1 3.2.3.1) */ -static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) -{ +static int ecp_check_pubkey_sw(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi YY, RHS; /* pt coordinates must be normalized for our checks */ - if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 || - mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 || - mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 || - mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || + mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || + mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || + mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) + return (MBEDTLS_ERR_ECP_INVALID_KEY); - mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS ); + mbedtls_mpi_init(&YY); + mbedtls_mpi_init(&RHS); /* * YY = Y^2 * RHS = X (X^2 + A) + B = X^3 + A X + B */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &YY, &pt->Y, &pt->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &pt->X, &pt->X)); /* Special case for A = -3 */ - if( grp->A.p == NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) ); + if (grp->A.p == NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&RHS, &RHS, 3)); + MOD_SUB(RHS); + } else { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->A)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, &RHS, &RHS, &pt->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, &RHS, &RHS, &grp->B)); - if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 ) + if (mbedtls_mpi_cmp_mpi(&YY, &RHS) != 0) ret = MBEDTLS_ERR_ECP_INVALID_KEY; cleanup: - mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS ); + mbedtls_mpi_free(&YY); + mbedtls_mpi_free(&RHS); - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -2811,32 +2713,26 @@ cleanup: * R = m * P with shortcuts for m == 1 and m == -1 * NOT constant-time - ONLY for short Weierstrass! */ -static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *P, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ +static int mbedtls_ecp_mul_shortcuts(mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + const mbedtls_mpi *m, + const mbedtls_ecp_point *P, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); - } - else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 ) - { - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); - if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, - NULL, NULL, rs_ctx ) ); + if (mbedtls_mpi_cmp_int(m, 1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); + } else if (mbedtls_mpi_cmp_int(m, -1) == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); + if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y)); + } else { + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, R, m, P, + NULL, NULL, rs_ctx)); } cleanup: - return( ret ); + return (ret); } /* @@ -2844,11 +2740,10 @@ cleanup: * NOT constant-time */ int mbedtls_ecp_muladd_restartable( - mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q, - mbedtls_ecp_restart_ctx *rs_ctx ) -{ + mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q, + mbedtls_ecp_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point mP; mbedtls_ecp_point *pmP = &mP; @@ -2856,101 +2751,99 @@ int mbedtls_ecp_muladd_restartable( #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( n != NULL ); - ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(n != NULL); + ECP_VALIDATE_RET(Q != NULL); - if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); - mbedtls_ecp_point_init( &mP ); + mbedtls_ecp_point_init(&mP); - ECP_RS_ENTER( ma ); + ECP_RS_ENTER(ma); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) - { + if (rs_ctx != NULL && rs_ctx->ma != NULL) { /* redirect intermediate results to restart context */ pmP = &rs_ctx->ma->mP; pR = &rs_ctx->ma->R; /* jump to next operation */ - if( rs_ctx->ma->state == ecp_rsma_mul2 ) + if (rs_ctx->ma->state == ecp_rsma_mul2) goto mul2; - if( rs_ctx->ma->state == ecp_rsma_add ) + if (rs_ctx->ma->state == ecp_rsma_add) goto add; - if( rs_ctx->ma->state == ecp_rsma_norm ) + if (rs_ctx->ma->state == ecp_rsma_norm) goto norm; } #endif /* MBEDTLS_ECP_RESTARTABLE */ - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if (rs_ctx != NULL && rs_ctx->ma != NULL) rs_ctx->ma->state = ecp_rsma_mul2; mul2: #endif - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) - MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); + if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) + MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if (rs_ctx != NULL && rs_ctx->ma != NULL) rs_ctx->ma->state = ecp_rsma_add; add: #endif - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD ); - MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD); + MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if (rs_ctx != NULL && rs_ctx->ma != NULL) rs_ctx->ma->state = ecp_rsma_norm; norm: #endif - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); + MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); + MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) - MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) ); + if (rs_ctx != NULL && rs_ctx->ma != NULL) + MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR)); #endif cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( is_grp_capable ) - mbedtls_internal_ecp_free( grp ); + if (is_grp_capable) + mbedtls_internal_ecp_free(grp); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - mbedtls_ecp_point_free( &mP ); + mbedtls_ecp_point_free(&mP); - ECP_RS_LEAVE( ma ); + ECP_RS_LEAVE(ma); - return( ret ); + return (ret); } /* * Linear combination * NOT constant-time */ -int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) -{ - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( n != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); +int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q) { + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(R != NULL); + ECP_VALIDATE_RET(m != NULL); + ECP_VALIDATE_RET(P != NULL); + ECP_VALIDATE_RET(n != NULL); + ECP_VALIDATE_RET(Q != NULL); + return (mbedtls_ecp_muladd_restartable(grp, R, m, P, n, Q, NULL)); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -2958,130 +2851,121 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* * Check validity of a public key for Montgomery curves with x-only schemes */ -static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) -{ +static int ecp_check_pubkey_mx(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt) { /* [Curve25519 p. 5] Just check X is the correct number of bytes */ /* Allow any public value, if it's too big then we'll just reduce it mod p * (RFC 7748 sec. 5 para. 3). */ - if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_size(&pt->X) > (grp->nbits + 7) / 8) + return (MBEDTLS_ERR_ECP_INVALID_KEY); - return( 0 ); + return (0); } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ /* * Check that a point is valid as a public key */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt ) -{ - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); +int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt) { + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(pt != NULL); /* Must use affine coordinates */ - if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) + return (MBEDTLS_ERR_ECP_INVALID_KEY); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - return( ecp_check_pubkey_mx( grp, pt ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) + return (ecp_check_pubkey_mx(grp, pt)); #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - return( ecp_check_pubkey_sw( grp, pt ) ); + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) + return (ecp_check_pubkey_sw(grp, pt)); #endif - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } /* * Check that an mbedtls_mpi is valid as a private key */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, - const mbedtls_mpi *d ) -{ - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); +int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, + const mbedtls_mpi *d) { + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { /* see RFC 7748 sec. 5 para. 5 */ - if( mbedtls_mpi_get_bit( d, 0 ) != 0 || - mbedtls_mpi_get_bit( d, 1 ) != 0 || - mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_get_bit(d, 0) != 0 || + mbedtls_mpi_get_bit(d, 1) != 0 || + mbedtls_mpi_bitlen(d) - 1 != grp->nbits) /* mbedtls_mpi_bitlen is one-based! */ + return (MBEDTLS_ERR_ECP_INVALID_KEY); /* see [Curve25519] page 5 */ - if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) + return (MBEDTLS_ERR_ECP_INVALID_KEY); - return( 0 ); + return (0); } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { /* see SEC1 3.2 */ - if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || - mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) - return( MBEDTLS_ERR_ECP_INVALID_KEY ); + if (mbedtls_mpi_cmp_int(d, 1) < 0 || + mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) + return (MBEDTLS_ERR_ECP_INVALID_KEY); else - return( 0 ); + return (0); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } /* * Generate a private key */ -int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; size_t n_size; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - n_size = ( grp->nbits + 7 ) / 8; + n_size = (grp->nbits + 7) / 8; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { /* [M225] page 5 */ size_t b; do { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); - } while( mbedtls_mpi_bitlen( d ) == 0); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_size, f_rng, p_rng)); + } while (mbedtls_mpi_bitlen(d) == 0); /* Make sure the most significant bit is nbits */ - b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */ - if( b > grp->nbits ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) ); + b = mbedtls_mpi_bitlen(d) - 1; /* mbedtls_mpi_bitlen is one-based */ + if (b > grp->nbits) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, b - grp->nbits)); else - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, grp->nbits, 1)); /* Make sure the last two bits are unset for Curve448, three bits for Curve25519 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) ); - if( grp->nbits == 254 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 0, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 1, 0)); + if (grp->nbits == 254) { + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(d, 2, 0)); } } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { + if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { /* SEC1 3.2.1: Generate d such that 1 <= n < N */ int count = 0; unsigned cmp = 0; @@ -3093,10 +2977,9 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * - try until result is in the desired range. * This also avoids any biais, which is especially important for ECDSA. */ - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(d, n_size, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(d, 8 * n_size - grp->nbits)); /* * Each try has at worst a probability 1/2 of failing (the msb has @@ -3107,231 +2990,212 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * since N starts with a lot of 1s in binary, but some curves * such as secp224k1 are actually very close to the worst case. */ - if( ++count > 30 ) - { + if (++count > 30) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp ); - if( ret != 0 ) - { + ret = mbedtls_mpi_lt_mpi_ct(d, &grp->N, &cmp); + if (ret != 0) { goto cleanup; } - } - while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 ); + } while (mbedtls_mpi_cmp_int(d, 1) < 0 || cmp != 1); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ cleanup: - return( ret ); + return (ret); } /* * Generate a keypair with configurable base point */ -int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( G != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); + ECP_VALIDATE_RET(G != NULL); + ECP_VALIDATE_RET(Q != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, Q, d, G, f_rng, p_rng)); cleanup: - return( ret ); + return (ret); } /* * Generate key pair, wrapper for conventional base point */ -int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); +int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { + ECP_VALIDATE_RET(grp != NULL); + ECP_VALIDATE_RET(d != NULL); + ECP_VALIDATE_RET(Q != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); + return (mbedtls_ecp_gen_keypair_base(grp, &grp->G, d, Q, f_rng, p_rng)); } /* * Generate a keypair, prettier wrapper */ -int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET(key != NULL); + ECP_VALIDATE_RET(f_rng != NULL); - if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) + return (ret); - return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); + return (mbedtls_ecp_gen_keypair(&key->grp, &key->d, &key->Q, f_rng, p_rng)); } #define ECP_CURVE25519_KEY_SIZE 32 /* * Read a private key. */ -int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - const unsigned char *buf, size_t buflen ) -{ +int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + const unsigned char *buf, size_t buflen) { int ret = 0; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET(key != NULL); + ECP_VALIDATE_RET(buf != NULL); - if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_group_load(&key->grp, grp_id)) != 0) + return (ret); ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { /* * If it is Curve25519 curve then mask the key as mandated by RFC7748 */ - if( grp_id == MBEDTLS_ECP_DP_CURVE25519 ) - { - if( buflen != ECP_CURVE25519_KEY_SIZE ) + if (grp_id == MBEDTLS_ECP_DP_CURVE25519) { + if (buflen != ECP_CURVE25519_KEY_SIZE) return MBEDTLS_ERR_ECP_INVALID_KEY; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&key->d, buf, buflen)); /* Set the three least significant bits to 0 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 0, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 1, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&key->d, 2, 0)); /* Set the most significant bit to 0 */ MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit( &key->d, - ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 ) - ); + mbedtls_mpi_set_bit(&key->d, + ECP_CURVE25519_KEY_SIZE * 8 - 1, 0) + ); /* Set the second most significant bit to 1 */ MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit( &key->d, - ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 ) - ); - } - else + mbedtls_mpi_set_bit(&key->d, + ECP_CURVE25519_KEY_SIZE * 8 - 2, 1) + ); + } else ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) ); + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); - MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); } #endif cleanup: - if( ret != 0 ) - mbedtls_mpi_free( &key->d ); + if (ret != 0) + mbedtls_mpi_free(&key->d); - return( ret ); + return (ret); } /* * Write a private key. */ -int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen ) -{ +int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, + unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET(key != NULL); + ECP_VALIDATE_RET(buf != NULL); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) - { - if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 ) - { - if( buflen < ECP_CURVE25519_KEY_SIZE ) + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + if (key->grp.id == MBEDTLS_ECP_DP_CURVE25519) { + if (buflen < ECP_CURVE25519_KEY_SIZE) return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) ); - } - else + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary_le(&key->d, buf, buflen)); + } else ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) - if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->d, buf, buflen ) ); + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&key->d, buf, buflen)); } #endif cleanup: - return( ret ); + return (ret); } /* * Check a public-private key pair */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) -{ +int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Q; mbedtls_ecp_group grp; - ECP_VALIDATE_RET( pub != NULL ); - ECP_VALIDATE_RET( prv != NULL ); + ECP_VALIDATE_RET(pub != NULL); + ECP_VALIDATE_RET(prv != NULL); - if( pub->grp.id == MBEDTLS_ECP_DP_NONE || - pub->grp.id != prv->grp.id || - mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) || - mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) || - mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) ) - { - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + if (pub->grp.id == MBEDTLS_ECP_DP_NONE || + pub->grp.id != prv->grp.id || + mbedtls_mpi_cmp_mpi(&pub->Q.X, &prv->Q.X) || + mbedtls_mpi_cmp_mpi(&pub->Q.Y, &prv->Q.Y) || + mbedtls_mpi_cmp_mpi(&pub->Q.Z, &prv->Q.Z)) { + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); } - mbedtls_ecp_point_init( &Q ); - mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_point_init(&Q); + mbedtls_ecp_group_init(&grp); /* mbedtls_ecp_mul() needs a non-const group... */ - mbedtls_ecp_group_copy( &grp, &prv->grp ); + mbedtls_ecp_group_copy(&grp, &prv->grp); /* Also checks d is valid */ - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &Q, &prv->d, &prv->grp.G, NULL, NULL)); - if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) || - mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) || - mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) ) - { + if (mbedtls_mpi_cmp_mpi(&Q.X, &prv->Q.X) || + mbedtls_mpi_cmp_mpi(&Q.Y, &prv->Q.Y) || + mbedtls_mpi_cmp_mpi(&Q.Z, &prv->Q.Z)) { ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; goto cleanup; } cleanup: - mbedtls_ecp_point_free( &Q ); - mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_point_free(&Q); + mbedtls_ecp_group_free(&grp); - return( ret ); + return (ret); } #if defined(MBEDTLS_SELF_TEST) @@ -3339,26 +3203,24 @@ cleanup: /* Adjust the exponent to be a valid private point for the specified curve. * This is sometimes necessary because we use a single set of exponents * for all curves but the validity of values depends on the curve. */ -static int self_test_adjust_exponent( const mbedtls_ecp_group *grp, - mbedtls_mpi *m ) -{ +static int self_test_adjust_exponent(const mbedtls_ecp_group *grp, + mbedtls_mpi *m) { int ret = 0; - switch( grp->id ) - { - /* If Curve25519 is available, then that's what we use for the - * Montgomery test, so we don't need the adjustment code. */ + switch (grp->id) { + /* If Curve25519 is available, then that's what we use for the + * Montgomery test, so we don't need the adjustment code. */ #if ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: /* Move highest bit from 254 to N-1. Setting bit N-1 is * necessary to enforce the highest-bit-set constraint. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, 254, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, grp->nbits, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, 254, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(m, grp->nbits, 1)); /* Copy second-highest bit from 253 to N-2. This is not * necessary but improves the test variety a bit. */ MBEDTLS_MPI_CHK( - mbedtls_mpi_set_bit( m, grp->nbits - 1, - mbedtls_mpi_get_bit( m, 253 ) ) ); + mbedtls_mpi_set_bit(m, grp->nbits - 1, + mbedtls_mpi_get_bit(m, 253))); break; #endif #endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */ @@ -3369,19 +3231,18 @@ static int self_test_adjust_exponent( const mbedtls_ecp_group *grp, goto cleanup; } cleanup: - return( ret ); + return (ret); } /* Calculate R = m.P for each m in exponents. Check that the number of * basic operations doesn't depend on the value of m. */ -static int self_test_point( int verbose, - mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - mbedtls_mpi *m, - const mbedtls_ecp_point *P, - const char *const *exponents, - size_t n_exponents ) -{ +static int self_test_point(int verbose, + mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, + mbedtls_mpi *m, + const mbedtls_ecp_point *P, + const char *const *exponents, + size_t n_exponents) { int ret = 0; size_t i = 0; unsigned long add_c_prev, dbl_c_prev, mul_c_prev; @@ -3389,12 +3250,11 @@ static int self_test_point( int verbose, dbl_count = 0; mul_count = 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) ); - MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[0])); + MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, NULL, NULL)); - for( i = 1; i < n_exponents; i++ ) - { + for (i = 1; i < n_exponents; i++) { add_c_prev = add_count; dbl_c_prev = dbl_count; mul_c_prev = mul_count; @@ -3402,35 +3262,32 @@ static int self_test_point( int verbose, dbl_count = 0; mul_count = 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) ); - MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(m, 16, exponents[i])); + MBEDTLS_MPI_CHK(self_test_adjust_exponent(grp, m)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(grp, R, m, P, NULL, NULL)); - if( add_count != add_c_prev || - dbl_count != dbl_c_prev || - mul_count != mul_c_prev ) - { + if (add_count != add_c_prev || + dbl_count != dbl_c_prev || + mul_count != mul_c_prev) { ret = 1; break; } } cleanup: - if( verbose != 0 ) - { - if( ret != 0 ) - mbedtls_printf( "failed (%u)\n", (unsigned int) i ); + if (verbose != 0) { + if (ret != 0) + mbedtls_printf("failed (%u)\n", (unsigned int) i); else - mbedtls_printf( "passed\n" ); + mbedtls_printf("passed\n"); } - return( ret ); + return (ret); } /* * Checkup routine */ -int mbedtls_ecp_self_test( int verbose ) -{ +int mbedtls_ecp_self_test(int verbose) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; mbedtls_ecp_point R, P; @@ -3440,8 +3297,7 @@ int mbedtls_ecp_self_test( int verbose ) /* Exponents especially adapted for secp192k1, which has the lowest * order n of all supported curves (secp192r1 is in a slightly larger * field but the order of its base point is slightly smaller). */ - const char *sw_exponents[] = - { + const char *sw_exponents[] = { "000000000000000000000000000000000000000000000001", /* one */ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8C", /* n - 1 */ "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */ @@ -3451,8 +3307,7 @@ int mbedtls_ecp_self_test( int verbose ) }; #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - const char *m_exponents[] = - { + const char *m_exponents[] = { /* Valid private values for Curve25519. In a build with Curve448 * but not Curve25519, they will be adjusted in * self_test_adjust_exponent(). */ @@ -3465,77 +3320,77 @@ int mbedtls_ecp_self_test( int verbose ) }; #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ - mbedtls_ecp_group_init( &grp ); - mbedtls_ecp_point_init( &R ); - mbedtls_ecp_point_init( &P ); - mbedtls_mpi_init( &m ); + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_point_init(&R); + mbedtls_ecp_point_init(&P); + mbedtls_mpi_init(&m); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* Use secp192r1 if available, or any available curve */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP192R1)); #else - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, mbedtls_ecp_curve_list()->grp_id)); #endif - if( verbose != 0 ) - mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " ); + if (verbose != 0) + mbedtls_printf(" ECP SW test #1 (constant op_count, base point G): "); /* Do a dummy multiplication first to trigger precomputation */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) ); - ret = self_test_point( verbose, - &grp, &R, &m, &grp.G, - sw_exponents, - sizeof( sw_exponents ) / sizeof( sw_exponents[0] )); - if( ret != 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&m, 2)); + MBEDTLS_MPI_CHK(mbedtls_ecp_mul(&grp, &P, &m, &grp.G, NULL, NULL)); + ret = self_test_point(verbose, + &grp, &R, &m, &grp.G, + sw_exponents, + sizeof(sw_exponents) / sizeof(sw_exponents[0])); + if (ret != 0) goto cleanup; - if( verbose != 0 ) - mbedtls_printf( " ECP SW test #2 (constant op_count, other point): " ); + if (verbose != 0) + mbedtls_printf(" ECP SW test #2 (constant op_count, other point): "); /* We computed P = 2G last time, use it */ - ret = self_test_point( verbose, - &grp, &R, &m, &P, - sw_exponents, - sizeof( sw_exponents ) / sizeof( sw_exponents[0] )); - if( ret != 0 ) + ret = self_test_point(verbose, + &grp, &R, &m, &P, + sw_exponents, + sizeof(sw_exponents) / sizeof(sw_exponents[0])); + if (ret != 0) goto cleanup; - mbedtls_ecp_group_free( &grp ); - mbedtls_ecp_point_free( &R ); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&R); #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) - if( verbose != 0 ) - mbedtls_printf( " ECP Montgomery test (constant op_count): " ); + if (verbose != 0) + mbedtls_printf(" ECP Montgomery test (constant op_count): "); #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE25519)); #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE448 ) ); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_CURVE448)); #else #error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test" #endif - ret = self_test_point( verbose, - &grp, &R, &m, &grp.G, - m_exponents, - sizeof( m_exponents ) / sizeof( m_exponents[0] )); - if( ret != 0 ) + ret = self_test_point(verbose, + &grp, &R, &m, &grp.G, + m_exponents, + sizeof(m_exponents) / sizeof(m_exponents[0])); + if (ret != 0) goto cleanup; #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ cleanup: - if( ret < 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); + if (ret < 0 && verbose != 0) + mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int) ret); - mbedtls_ecp_group_free( &grp ); - mbedtls_ecp_point_free( &R ); - mbedtls_ecp_point_free( &P ); - mbedtls_mpi_free( &m ); + mbedtls_ecp_group_free(&grp); + mbedtls_ecp_point_free(&R); + mbedtls_ecp_point_free(&P); + mbedtls_mpi_free(&m); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/ecp.h b/common/mbedtls/ecp.h index 34dd0eaa6..a1a73476b 100644 --- a/common/mbedtls/ecp.h +++ b/common/mbedtls/ecp.h @@ -106,8 +106,7 @@ extern "C" { * - Add the curve to the ecp_supported_curves array in ecp.c. * - Add the curve to applicable profiles in x509_crt.c if applicable. */ -typedef enum -{ +typedef enum { MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */ MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */ MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */ @@ -134,8 +133,7 @@ typedef enum /* * Curve types */ -typedef enum -{ +typedef enum { MBEDTLS_ECP_TYPE_NONE = 0, MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */ MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */ @@ -144,8 +142,7 @@ typedef enum /** * Curve information, for use by other modules. */ -typedef struct mbedtls_ecp_curve_info -{ +typedef struct mbedtls_ecp_curve_info { mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ uint16_t bit_size; /*!< The curve size in bits. */ @@ -163,8 +160,7 @@ typedef struct mbedtls_ecp_curve_info * Otherwise, \p X and \p Y are its standard (affine) * coordinates. */ -typedef struct mbedtls_ecp_point -{ +typedef struct mbedtls_ecp_point { mbedtls_mpi X; /*!< The X coordinate of the ECP point. */ mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */ mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */ @@ -212,8 +208,7 @@ mbedtls_ecp_point; * identical. * */ -typedef struct mbedtls_ecp_group -{ +typedef struct mbedtls_ecp_group { mbedtls_ecp_group_id id; /*!< An internal group identifier. */ mbedtls_mpi P; /*!< The prime modulus of the base field. */ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For @@ -318,8 +313,7 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx; /** * \brief General context for resuming ECC operations */ -typedef struct -{ +typedef struct { unsigned ops_done; /*!< current ops count */ unsigned depth; /*!< call depth (0 = top-level) */ mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ @@ -345,9 +339,9 @@ typedef struct * \return \c 0 if doing \p ops basic ops is still allowed, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise. */ -int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, - mbedtls_ecp_restart_ctx *rs_ctx, - unsigned ops ); +int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp, + mbedtls_ecp_restart_ctx *rs_ctx, + unsigned ops); /* Utility macro for checking and updating ops budget */ #define MBEDTLS_ECP_BUDGET( ops ) \ @@ -371,8 +365,7 @@ typedef void mbedtls_ecp_restart_ctx; * \note Members are deliberately in the same order as in the * ::mbedtls_ecdsa_context structure. */ -typedef struct mbedtls_ecp_keypair -{ +typedef struct mbedtls_ecp_keypair { mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ mbedtls_mpi d; /*!< our secret value */ mbedtls_ecp_point Q; /*!< our public value */ @@ -448,7 +441,7 @@ mbedtls_ecp_keypair; * * \note This setting is currently ignored by Curve25519. */ -void mbedtls_ecp_set_max_ops( unsigned max_ops ); +void mbedtls_ecp_set_max_ops(unsigned max_ops); /** * \brief Check if restart is enabled (max_ops != 0) @@ -456,13 +449,13 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops ); * \return \c 0 if \c max_ops == 0 (restart disabled) * \return \c 1 otherwise (restart enabled) */ -int mbedtls_ecp_restart_is_enabled( void ); +int mbedtls_ecp_restart_is_enabled(void); #endif /* MBEDTLS_ECP_RESTARTABLE */ /* * Get the type of a curve */ -mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ); +mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp); /** * \brief This function retrieves the information defined in @@ -477,7 +470,7 @@ mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ); * * \return A statically allocated array. The last entry is 0. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void); /** * \brief This function retrieves the list of internal group @@ -493,7 +486,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ); * \return A statically allocated array, * terminated with MBEDTLS_ECP_DP_NONE. */ -const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); +const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void); /** * \brief This function retrieves curve information from an internal @@ -504,7 +497,7 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ); * \return The associated curve information on success. * \return NULL on failure. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id); /** * \brief This function retrieves curve information from a TLS @@ -515,7 +508,7 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr * \return The associated curve information on success. * \return NULL on failure. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id); /** * \brief This function retrieves curve information from a @@ -526,14 +519,14 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i * \return The associated curve information on success. * \return NULL on failure. */ -const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ); +const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name(const char *name); /** * \brief This function initializes a point as zero. * * \param pt The point to initialize. */ -void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); +void mbedtls_ecp_point_init(mbedtls_ecp_point *pt); /** * \brief This function initializes an ECP group context @@ -544,21 +537,21 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ); * mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group() * functions. */ -void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ); +void mbedtls_ecp_group_init(mbedtls_ecp_group *grp); /** * \brief This function initializes a key pair as an invalid one. * * \param key The key pair to initialize. */ -void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ); +void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key); /** * \brief This function frees the components of a point. * * \param pt The point to free. */ -void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); +void mbedtls_ecp_point_free(mbedtls_ecp_point *pt); /** * \brief This function frees the components of an ECP group. @@ -567,7 +560,7 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ); * case this function returns immediately. If it is not * \c NULL, it must point to an initialized ECP group. */ -void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); +void mbedtls_ecp_group_free(mbedtls_ecp_group *grp); /** * \brief This function frees the components of a key pair. @@ -576,7 +569,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ); * case this function returns immediately. If it is not * \c NULL, it must point to an initialized ECP key pair. */ -void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); +void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key); #if defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -585,7 +578,7 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ); * \param ctx The restart context to initialize. This must * not be \c NULL. */ -void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); +void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx); /** * \brief Free the components of a restart context. @@ -594,7 +587,7 @@ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ); * case this function returns immediately. If it is not * \c NULL, it must point to an initialized restart context. */ -void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); +void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx); #endif /* MBEDTLS_ECP_RESTARTABLE */ /** @@ -608,7 +601,7 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code for other kinds of failure. */ -int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); +int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q); /** * \brief This function copies the contents of group \p src into @@ -621,8 +614,8 @@ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ); * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, - const mbedtls_ecp_group *src ); +int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst, + const mbedtls_ecp_group *src); /** * \brief This function sets a point to the point at infinity. @@ -633,7 +626,7 @@ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); +int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt); /** * \brief This function checks if a point is the point at infinity. @@ -644,7 +637,7 @@ int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ); * \return \c 0 if the point is non-zero. * \return A negative error code on failure. */ -int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); +int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt); /** * \brief This function compares two points. @@ -658,8 +651,8 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ); * \return \c 0 if the points are equal. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal. */ -int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ); +int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q); /** * \brief This function imports a non-zero point from two ASCII @@ -673,8 +666,8 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_MPI_XXX error code on failure. */ -int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, - const char *x, const char *y ); +int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P, int radix, + const char *x, const char *y); /** * \brief This function exports a point into unsigned binary data. @@ -701,10 +694,10 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, * or the export for the given group is not implemented. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *P, - int format, size_t *olen, - unsigned char *buf, size_t buflen ); +int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *P, + int format, size_t *olen, + unsigned char *buf, size_t buflen); /** * \brief This function imports a point from unsigned binary data. @@ -728,9 +721,9 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the * given group is not implemented. */ -int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, - const unsigned char *buf, size_t ilen ); +int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P, + const unsigned char *buf, size_t ilen); /** * \brief This function imports a point from a TLS ECPoint record. @@ -750,9 +743,9 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, * failure. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid. */ -int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, - const unsigned char **buf, size_t len ); +int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, + const unsigned char **buf, size_t len); /** * \brief This function exports a point as a TLS ECPoint record @@ -776,10 +769,10 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, * is too small to hold the exported point. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt, - int format, size_t *olen, - unsigned char *buf, size_t blen ); +int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt, + int format, size_t *olen, + unsigned char *buf, size_t blen); /** * \brief This function sets up an ECP group context @@ -798,7 +791,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, * correspond to a known group. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); +int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id); /** * \brief This function sets up an ECP group context from a TLS @@ -817,8 +810,8 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); * recognized. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, - const unsigned char **buf, size_t len ); +int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp, + const unsigned char **buf, size_t len); /** * \brief This function extracts an elliptic curve group ID from a @@ -838,9 +831,9 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, * recognized. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, - const unsigned char **buf, - size_t len ); +int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, + const unsigned char **buf, + size_t len); /** * \brief This function exports an elliptic curve as a TLS * ECParameters record as defined in RFC 4492, Section 5.4. @@ -859,9 +852,9 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, * buffer is too small to hold the exported group. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, - size_t *olen, - unsigned char *buf, size_t blen ); +int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, + size_t *olen, + unsigned char *buf, size_t blen); /** * \brief This function performs a scalar multiplication of a point @@ -899,9 +892,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief This function performs multiplication of a point by @@ -933,10 +926,10 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ); +int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /** @@ -974,9 +967,9 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * designate a short Weierstrass curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ); +int mbedtls_ecp_muladd(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q); /** * \brief This function performs multiplication and addition of two @@ -1019,10 +1012,10 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_muladd_restartable( - mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q, - mbedtls_ecp_restart_ctx *rs_ctx ); + mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q, + mbedtls_ecp_restart_ctx *rs_ctx); #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ /** @@ -1052,8 +1045,8 @@ int mbedtls_ecp_muladd_restartable( * a valid public key for the given curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, - const mbedtls_ecp_point *pt ); +int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp, + const mbedtls_ecp_point *pt); /** * \brief This function checks that an \p mbedtls_mpi is a @@ -1074,8 +1067,8 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, * private key for the given curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, - const mbedtls_mpi *d ); +int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, + const mbedtls_mpi *d); /** * \brief This function generates a private key. @@ -1092,10 +1085,10 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, - mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, + mbedtls_mpi *d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function generates a keypair with a configurable base @@ -1124,11 +1117,11 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function generates an ECP keypair. @@ -1153,10 +1146,10 @@ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, - mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, + mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function generates an ECP key. @@ -1171,9 +1164,9 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code * on failure. */ -int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief This function reads an elliptic curve private key. @@ -1193,8 +1186,8 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * the group is not implemented. * \return Another negative error code on different kinds of failure. */ -int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - const unsigned char *buf, size_t buflen ); +int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, + const unsigned char *buf, size_t buflen); /** * \brief This function exports an elliptic curve private key. @@ -1212,8 +1205,8 @@ int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * the group is not implemented. * \return Another negative error code on different kinds of failure. */ -int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen ); +int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, + unsigned char *buf, size_t buflen); /** * \brief This function checks that the keypair objects @@ -1232,8 +1225,8 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, - const mbedtls_ecp_keypair *prv ); +int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, + const mbedtls_ecp_keypair *prv); #if defined(MBEDTLS_SELF_TEST) @@ -1243,7 +1236,7 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_ecp_self_test( int verbose ); +int mbedtls_ecp_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/ecp_curves.c b/common/mbedtls/ecp_curves.c index 839fb5e36..3dbfa65bf 100644 --- a/common/mbedtls/ecp_curves.c +++ b/common/mbedtls/ecp_curves.c @@ -89,29 +89,29 @@ */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) static const mbedtls_mpi_uint secp192r1_p[] = { - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp192r1_b[] = { - BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ), - BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ), - BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ), + BYTES_TO_T_UINT_8(0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE), + BYTES_TO_T_UINT_8(0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F), + BYTES_TO_T_UINT_8(0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64), }; static const mbedtls_mpi_uint secp192r1_gx[] = { - BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ), - BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ), - BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ), + BYTES_TO_T_UINT_8(0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4), + BYTES_TO_T_UINT_8(0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C), + BYTES_TO_T_UINT_8(0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18), }; static const mbedtls_mpi_uint secp192r1_gy[] = { - BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ), - BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ), - BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ), + BYTES_TO_T_UINT_8(0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73), + BYTES_TO_T_UINT_8(0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63), + BYTES_TO_T_UINT_8(0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07), }; static const mbedtls_mpi_uint secp192r1_n[] = { - BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ), - BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14), + BYTES_TO_T_UINT_8(0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ @@ -120,34 +120,34 @@ static const mbedtls_mpi_uint secp192r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static const mbedtls_mpi_uint secp224r1_p[] = { - BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), - BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), + BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), }; static const mbedtls_mpi_uint secp224r1_b[] = { - BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ), - BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ), - BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ), - BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ), + BYTES_TO_T_UINT_8(0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27), + BYTES_TO_T_UINT_8(0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50), + BYTES_TO_T_UINT_8(0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C), + BYTES_TO_T_UINT_4(0x85, 0x0A, 0x05, 0xB4), }; static const mbedtls_mpi_uint secp224r1_gx[] = { - BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ), - BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ), - BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ), - BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ), + BYTES_TO_T_UINT_8(0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34), + BYTES_TO_T_UINT_8(0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A), + BYTES_TO_T_UINT_8(0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B), + BYTES_TO_T_UINT_4(0xBD, 0x0C, 0x0E, 0xB7), }; static const mbedtls_mpi_uint secp224r1_gy[] = { - BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ), - BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ), - BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ), - BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ), + BYTES_TO_T_UINT_8(0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44), + BYTES_TO_T_UINT_8(0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD), + BYTES_TO_T_UINT_8(0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5), + BYTES_TO_T_UINT_4(0x88, 0x63, 0x37, 0xBD), }; static const mbedtls_mpi_uint secp224r1_n[] = { - BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ), - BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13), + BYTES_TO_T_UINT_8(0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ @@ -156,34 +156,34 @@ static const mbedtls_mpi_uint secp224r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static const mbedtls_mpi_uint secp256r1_p[] = { - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), - BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), - BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + BYTES_TO_T_UINT_8(0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp256r1_b[] = { - BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ), - BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ), - BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ), - BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ), + BYTES_TO_T_UINT_8(0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B), + BYTES_TO_T_UINT_8(0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65), + BYTES_TO_T_UINT_8(0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3), + BYTES_TO_T_UINT_8(0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A), }; static const mbedtls_mpi_uint secp256r1_gx[] = { - BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ), - BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ), - BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ), - BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ), + BYTES_TO_T_UINT_8(0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4), + BYTES_TO_T_UINT_8(0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77), + BYTES_TO_T_UINT_8(0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8), + BYTES_TO_T_UINT_8(0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B), }; static const mbedtls_mpi_uint secp256r1_gy[] = { - BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ), - BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ), - BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ), - BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ), + BYTES_TO_T_UINT_8(0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB), + BYTES_TO_T_UINT_8(0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B), + BYTES_TO_T_UINT_8(0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E), + BYTES_TO_T_UINT_8(0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F), }; static const mbedtls_mpi_uint secp256r1_n[] = { - BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ), - BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3), + BYTES_TO_T_UINT_8(0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ @@ -192,44 +192,44 @@ static const mbedtls_mpi_uint secp256r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) static const mbedtls_mpi_uint secp384r1_p[] = { - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ), - BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), + BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp384r1_b[] = { - BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ), - BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ), - BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ), - BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ), - BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ), - BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ), + BYTES_TO_T_UINT_8(0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A), + BYTES_TO_T_UINT_8(0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6), + BYTES_TO_T_UINT_8(0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03), + BYTES_TO_T_UINT_8(0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18), + BYTES_TO_T_UINT_8(0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98), + BYTES_TO_T_UINT_8(0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3), }; static const mbedtls_mpi_uint secp384r1_gx[] = { - BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ), - BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ), - BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ), - BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ), - BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ), - BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ), + BYTES_TO_T_UINT_8(0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A), + BYTES_TO_T_UINT_8(0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55), + BYTES_TO_T_UINT_8(0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59), + BYTES_TO_T_UINT_8(0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E), + BYTES_TO_T_UINT_8(0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E), + BYTES_TO_T_UINT_8(0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA), }; static const mbedtls_mpi_uint secp384r1_gy[] = { - BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ), - BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ), - BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ), - BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ), - BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ), - BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ), + BYTES_TO_T_UINT_8(0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A), + BYTES_TO_T_UINT_8(0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A), + BYTES_TO_T_UINT_8(0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9), + BYTES_TO_T_UINT_8(0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8), + BYTES_TO_T_UINT_8(0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D), + BYTES_TO_T_UINT_8(0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36), }; static const mbedtls_mpi_uint secp384r1_n[] = { - BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ), - BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ), - BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC), + BYTES_TO_T_UINT_8(0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58), + BYTES_TO_T_UINT_8(0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ @@ -238,154 +238,154 @@ static const mbedtls_mpi_uint secp384r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static const mbedtls_mpi_uint secp521r1_p[] = { - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_2( 0xFF, 0x01 ), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_2(0xFF, 0x01), }; static const mbedtls_mpi_uint secp521r1_b[] = { - BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ), - BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ), - BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ), - BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ), - BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ), - BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ), - BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ), - BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ), - BYTES_TO_T_UINT_2( 0x51, 0x00 ), + BYTES_TO_T_UINT_8(0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF), + BYTES_TO_T_UINT_8(0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35), + BYTES_TO_T_UINT_8(0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16), + BYTES_TO_T_UINT_8(0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56), + BYTES_TO_T_UINT_8(0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8), + BYTES_TO_T_UINT_8(0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2), + BYTES_TO_T_UINT_8(0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92), + BYTES_TO_T_UINT_8(0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95), + BYTES_TO_T_UINT_2(0x51, 0x00), }; static const mbedtls_mpi_uint secp521r1_gx[] = { - BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ), - BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ), - BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ), - BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ), - BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ), - BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ), - BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ), - BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ), - BYTES_TO_T_UINT_2( 0xC6, 0x00 ), + BYTES_TO_T_UINT_8(0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9), + BYTES_TO_T_UINT_8(0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33), + BYTES_TO_T_UINT_8(0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE), + BYTES_TO_T_UINT_8(0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1), + BYTES_TO_T_UINT_8(0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8), + BYTES_TO_T_UINT_8(0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C), + BYTES_TO_T_UINT_8(0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E), + BYTES_TO_T_UINT_8(0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85), + BYTES_TO_T_UINT_2(0xC6, 0x00), }; static const mbedtls_mpi_uint secp521r1_gy[] = { - BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ), - BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ), - BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ), - BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ), - BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ), - BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ), - BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ), - BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ), - BYTES_TO_T_UINT_2( 0x18, 0x01 ), + BYTES_TO_T_UINT_8(0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88), + BYTES_TO_T_UINT_8(0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35), + BYTES_TO_T_UINT_8(0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5), + BYTES_TO_T_UINT_8(0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97), + BYTES_TO_T_UINT_8(0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17), + BYTES_TO_T_UINT_8(0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98), + BYTES_TO_T_UINT_8(0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C), + BYTES_TO_T_UINT_8(0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39), + BYTES_TO_T_UINT_2(0x18, 0x01), }; static const mbedtls_mpi_uint secp521r1_n[] = { - BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ), - BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ), - BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ), - BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ), - BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_2( 0xFF, 0x01 ), + BYTES_TO_T_UINT_8(0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB), + BYTES_TO_T_UINT_8(0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B), + BYTES_TO_T_UINT_8(0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F), + BYTES_TO_T_UINT_8(0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51), + BYTES_TO_T_UINT_8(0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_2(0xFF, 0x01), }; #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) static const mbedtls_mpi_uint secp192k1_p[] = { - BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp192k1_a[] = { - BYTES_TO_T_UINT_2( 0x00, 0x00 ), + BYTES_TO_T_UINT_2(0x00, 0x00), }; static const mbedtls_mpi_uint secp192k1_b[] = { - BYTES_TO_T_UINT_2( 0x03, 0x00 ), + BYTES_TO_T_UINT_2(0x03, 0x00), }; static const mbedtls_mpi_uint secp192k1_gx[] = { - BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ), - BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ), - BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ), + BYTES_TO_T_UINT_8(0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D), + BYTES_TO_T_UINT_8(0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26), + BYTES_TO_T_UINT_8(0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB), }; static const mbedtls_mpi_uint secp192k1_gy[] = { - BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ), - BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ), - BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ), + BYTES_TO_T_UINT_8(0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40), + BYTES_TO_T_UINT_8(0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84), + BYTES_TO_T_UINT_8(0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B), }; static const mbedtls_mpi_uint secp192k1_n[] = { - BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ), - BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F), + BYTES_TO_T_UINT_8(0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) static const mbedtls_mpi_uint secp224k1_p[] = { - BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_4(0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp224k1_a[] = { - BYTES_TO_T_UINT_2( 0x00, 0x00 ), + BYTES_TO_T_UINT_2(0x00, 0x00), }; static const mbedtls_mpi_uint secp224k1_b[] = { - BYTES_TO_T_UINT_2( 0x05, 0x00 ), + BYTES_TO_T_UINT_2(0x05, 0x00), }; static const mbedtls_mpi_uint secp224k1_gx[] = { - BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ), - BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ), - BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ), - BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ), + BYTES_TO_T_UINT_8(0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F), + BYTES_TO_T_UINT_8(0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69), + BYTES_TO_T_UINT_8(0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D), + BYTES_TO_T_UINT_4(0x33, 0x5B, 0x45, 0xA1), }; static const mbedtls_mpi_uint secp224k1_gy[] = { - BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ), - BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ), - BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ), - BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ), + BYTES_TO_T_UINT_8(0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2), + BYTES_TO_T_UINT_8(0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7), + BYTES_TO_T_UINT_8(0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F), + BYTES_TO_T_UINT_4(0xED, 0x9F, 0x08, 0x7E), }; static const mbedtls_mpi_uint secp224k1_n[] = { - BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ), - BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ), - BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), - BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ), + BYTES_TO_T_UINT_8(0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA), + BYTES_TO_T_UINT_8(0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00), + BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00), }; #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) static const mbedtls_mpi_uint secp256k1_p[] = { - BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; static const mbedtls_mpi_uint secp256k1_a[] = { - BYTES_TO_T_UINT_2( 0x00, 0x00 ), + BYTES_TO_T_UINT_2(0x00, 0x00), }; static const mbedtls_mpi_uint secp256k1_b[] = { - BYTES_TO_T_UINT_2( 0x07, 0x00 ), + BYTES_TO_T_UINT_2(0x07, 0x00), }; static const mbedtls_mpi_uint secp256k1_gx[] = { - BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ), - BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ), - BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ), - BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ), + BYTES_TO_T_UINT_8(0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59), + BYTES_TO_T_UINT_8(0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02), + BYTES_TO_T_UINT_8(0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55), + BYTES_TO_T_UINT_8(0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79), }; static const mbedtls_mpi_uint secp256k1_gy[] = { - BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ), - BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ), - BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ), - BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ), + BYTES_TO_T_UINT_8(0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C), + BYTES_TO_T_UINT_8(0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD), + BYTES_TO_T_UINT_8(0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D), + BYTES_TO_T_UINT_8(0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48), }; static const mbedtls_mpi_uint secp256k1_n[] = { - BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ), - BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ), - BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), - BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ), + BYTES_TO_T_UINT_8(0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF), + BYTES_TO_T_UINT_8(0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA), + BYTES_TO_T_UINT_8(0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), + BYTES_TO_T_UINT_8(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), }; #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ @@ -394,40 +394,40 @@ static const mbedtls_mpi_uint secp256k1_n[] = { */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) static const mbedtls_mpi_uint brainpoolP256r1_p[] = { - BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ), - BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ), - BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ), - BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ), + BYTES_TO_T_UINT_8(0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20), + BYTES_TO_T_UINT_8(0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E), + BYTES_TO_T_UINT_8(0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), + BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), }; static const mbedtls_mpi_uint brainpoolP256r1_a[] = { - BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ), - BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ), - BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ), - BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ), + BYTES_TO_T_UINT_8(0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9), + BYTES_TO_T_UINT_8(0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB), + BYTES_TO_T_UINT_8(0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE), + BYTES_TO_T_UINT_8(0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D), }; static const mbedtls_mpi_uint brainpoolP256r1_b[] = { - BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ), - BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ), - BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ), - BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ), + BYTES_TO_T_UINT_8(0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B), + BYTES_TO_T_UINT_8(0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95), + BYTES_TO_T_UINT_8(0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3), + BYTES_TO_T_UINT_8(0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26), }; static const mbedtls_mpi_uint brainpoolP256r1_gx[] = { - BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ), - BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ), - BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ), - BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ), + BYTES_TO_T_UINT_8(0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A), + BYTES_TO_T_UINT_8(0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9), + BYTES_TO_T_UINT_8(0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C), + BYTES_TO_T_UINT_8(0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B), }; static const mbedtls_mpi_uint brainpoolP256r1_gy[] = { - BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ), - BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ), - BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ), - BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ), + BYTES_TO_T_UINT_8(0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C), + BYTES_TO_T_UINT_8(0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2), + BYTES_TO_T_UINT_8(0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97), + BYTES_TO_T_UINT_8(0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54), }; static const mbedtls_mpi_uint brainpoolP256r1_n[] = { - BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ), - BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ), - BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ), - BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ), + BYTES_TO_T_UINT_8(0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90), + BYTES_TO_T_UINT_8(0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C), + BYTES_TO_T_UINT_8(0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E), + BYTES_TO_T_UINT_8(0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9), }; #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ @@ -436,52 +436,52 @@ static const mbedtls_mpi_uint brainpoolP256r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) static const mbedtls_mpi_uint brainpoolP384r1_p[] = { - BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ), - BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ), - BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ), - BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ), - BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ), - BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ), + BYTES_TO_T_UINT_8(0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87), + BYTES_TO_T_UINT_8(0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC), + BYTES_TO_T_UINT_8(0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12), + BYTES_TO_T_UINT_8(0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), + BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), + BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), }; static const mbedtls_mpi_uint brainpoolP384r1_a[] = { - BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ), - BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ), - BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ), - BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ), - BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ), - BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ), + BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), + BYTES_TO_T_UINT_8(0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A), + BYTES_TO_T_UINT_8(0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13), + BYTES_TO_T_UINT_8(0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2), + BYTES_TO_T_UINT_8(0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C), + BYTES_TO_T_UINT_8(0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B), }; static const mbedtls_mpi_uint brainpoolP384r1_b[] = { - BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ), - BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ), - BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ), - BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ), - BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ), - BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ), + BYTES_TO_T_UINT_8(0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A), + BYTES_TO_T_UINT_8(0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C), + BYTES_TO_T_UINT_8(0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E), + BYTES_TO_T_UINT_8(0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F), + BYTES_TO_T_UINT_8(0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B), + BYTES_TO_T_UINT_8(0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04), }; static const mbedtls_mpi_uint brainpoolP384r1_gx[] = { - BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ), - BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ), - BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ), - BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ), - BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ), - BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ), + BYTES_TO_T_UINT_8(0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF), + BYTES_TO_T_UINT_8(0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8), + BYTES_TO_T_UINT_8(0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB), + BYTES_TO_T_UINT_8(0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88), + BYTES_TO_T_UINT_8(0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2), + BYTES_TO_T_UINT_8(0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D), }; static const mbedtls_mpi_uint brainpoolP384r1_gy[] = { - BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ), - BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ), - BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ), - BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ), - BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ), - BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ), + BYTES_TO_T_UINT_8(0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42), + BYTES_TO_T_UINT_8(0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E), + BYTES_TO_T_UINT_8(0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1), + BYTES_TO_T_UINT_8(0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62), + BYTES_TO_T_UINT_8(0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C), + BYTES_TO_T_UINT_8(0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A), }; static const mbedtls_mpi_uint brainpoolP384r1_n[] = { - BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ), - BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ), - BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ), - BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ), - BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ), - BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ), + BYTES_TO_T_UINT_8(0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B), + BYTES_TO_T_UINT_8(0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF), + BYTES_TO_T_UINT_8(0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F), + BYTES_TO_T_UINT_8(0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15), + BYTES_TO_T_UINT_8(0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F), + BYTES_TO_T_UINT_8(0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C), }; #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ @@ -490,64 +490,64 @@ static const mbedtls_mpi_uint brainpoolP384r1_n[] = { */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) static const mbedtls_mpi_uint brainpoolP512r1_p[] = { - BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ), - BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ), - BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ), - BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ), - BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ), - BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ), - BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ), - BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ), + BYTES_TO_T_UINT_8(0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28), + BYTES_TO_T_UINT_8(0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28), + BYTES_TO_T_UINT_8(0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE), + BYTES_TO_T_UINT_8(0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D), + BYTES_TO_T_UINT_8(0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), + BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), + BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), + BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), }; static const mbedtls_mpi_uint brainpoolP512r1_a[] = { - BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ), - BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ), - BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ), - BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ), - BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ), - BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ), - BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ), - BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ), + BYTES_TO_T_UINT_8(0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7), + BYTES_TO_T_UINT_8(0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F), + BYTES_TO_T_UINT_8(0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A), + BYTES_TO_T_UINT_8(0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D), + BYTES_TO_T_UINT_8(0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8), + BYTES_TO_T_UINT_8(0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94), + BYTES_TO_T_UINT_8(0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2), + BYTES_TO_T_UINT_8(0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78), }; static const mbedtls_mpi_uint brainpoolP512r1_b[] = { - BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ), - BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ), - BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ), - BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ), - BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ), - BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ), - BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ), - BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ), + BYTES_TO_T_UINT_8(0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28), + BYTES_TO_T_UINT_8(0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98), + BYTES_TO_T_UINT_8(0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77), + BYTES_TO_T_UINT_8(0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B), + BYTES_TO_T_UINT_8(0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B), + BYTES_TO_T_UINT_8(0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8), + BYTES_TO_T_UINT_8(0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA), + BYTES_TO_T_UINT_8(0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D), }; static const mbedtls_mpi_uint brainpoolP512r1_gx[] = { - BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ), - BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ), - BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ), - BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ), - BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ), - BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ), - BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ), - BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ), + BYTES_TO_T_UINT_8(0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B), + BYTES_TO_T_UINT_8(0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C), + BYTES_TO_T_UINT_8(0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50), + BYTES_TO_T_UINT_8(0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF), + BYTES_TO_T_UINT_8(0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4), + BYTES_TO_T_UINT_8(0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85), + BYTES_TO_T_UINT_8(0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A), + BYTES_TO_T_UINT_8(0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81), }; static const mbedtls_mpi_uint brainpoolP512r1_gy[] = { - BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ), - BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ), - BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ), - BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ), - BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ), - BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ), - BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ), - BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ), + BYTES_TO_T_UINT_8(0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78), + BYTES_TO_T_UINT_8(0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1), + BYTES_TO_T_UINT_8(0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B), + BYTES_TO_T_UINT_8(0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2), + BYTES_TO_T_UINT_8(0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0), + BYTES_TO_T_UINT_8(0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2), + BYTES_TO_T_UINT_8(0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0), + BYTES_TO_T_UINT_8(0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D), }; static const mbedtls_mpi_uint brainpoolP512r1_n[] = { - BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ), - BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ), - BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ), - BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ), - BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ), - BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ), - BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ), - BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ), + BYTES_TO_T_UINT_8(0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5), + BYTES_TO_T_UINT_8(0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D), + BYTES_TO_T_UINT_8(0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41), + BYTES_TO_T_UINT_8(0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55), + BYTES_TO_T_UINT_8(0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6), + BYTES_TO_T_UINT_8(0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB), + BYTES_TO_T_UINT_8(0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F), + BYTES_TO_T_UINT_8(0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA), }; #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ @@ -571,18 +571,16 @@ static const mbedtls_mpi_uint brainpoolP512r1_n[] = { * Create an MPI from embedded constants * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint) */ -static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len ) -{ +static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len) { X->s = 1; - X->n = len / sizeof( mbedtls_mpi_uint ); + X->n = len / sizeof(mbedtls_mpi_uint); X->p = (mbedtls_mpi_uint *) p; } /* * Set an MPI to static value 1 */ -static inline void ecp_mpi_set1( mbedtls_mpi *X ) -{ +static inline void ecp_mpi_set1(mbedtls_mpi *X) { static mbedtls_mpi_uint one[] = { 1 }; X->s = 1; X->n = 1; @@ -592,49 +590,48 @@ static inline void ecp_mpi_set1( mbedtls_mpi *X ) /* * Make group available from embedded constants */ -static int ecp_group_load( mbedtls_ecp_group *grp, - const mbedtls_mpi_uint *p, size_t plen, - const mbedtls_mpi_uint *a, size_t alen, - const mbedtls_mpi_uint *b, size_t blen, - const mbedtls_mpi_uint *gx, size_t gxlen, - const mbedtls_mpi_uint *gy, size_t gylen, - const mbedtls_mpi_uint *n, size_t nlen) -{ - ecp_mpi_load( &grp->P, p, plen ); - if( a != NULL ) - ecp_mpi_load( &grp->A, a, alen ); - ecp_mpi_load( &grp->B, b, blen ); - ecp_mpi_load( &grp->N, n, nlen ); +static int ecp_group_load(mbedtls_ecp_group *grp, + const mbedtls_mpi_uint *p, size_t plen, + const mbedtls_mpi_uint *a, size_t alen, + const mbedtls_mpi_uint *b, size_t blen, + const mbedtls_mpi_uint *gx, size_t gxlen, + const mbedtls_mpi_uint *gy, size_t gylen, + const mbedtls_mpi_uint *n, size_t nlen) { + ecp_mpi_load(&grp->P, p, plen); + if (a != NULL) + ecp_mpi_load(&grp->A, a, alen); + ecp_mpi_load(&grp->B, b, blen); + ecp_mpi_load(&grp->N, n, nlen); - ecp_mpi_load( &grp->G.X, gx, gxlen ); - ecp_mpi_load( &grp->G.Y, gy, gylen ); - ecp_mpi_set1( &grp->G.Z ); + ecp_mpi_load(&grp->G.X, gx, gxlen); + ecp_mpi_load(&grp->G.Y, gy, gylen); + ecp_mpi_set1(&grp->G.Z); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); - grp->nbits = mbedtls_mpi_bitlen( &grp->N ); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); + grp->nbits = mbedtls_mpi_bitlen(&grp->N); grp->h = 1; - return( 0 ); + return (0); } #endif /* ECP_LOAD_GROUP */ #if defined(MBEDTLS_ECP_NIST_OPTIM) /* Forward declarations */ #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -static int ecp_mod_p192( mbedtls_mpi * ); +static int ecp_mod_p192(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -static int ecp_mod_p224( mbedtls_mpi * ); +static int ecp_mod_p224(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -static int ecp_mod_p256( mbedtls_mpi * ); +static int ecp_mod_p256(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -static int ecp_mod_p384( mbedtls_mpi * ); +static int ecp_mod_p384(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -static int ecp_mod_p521( mbedtls_mpi * ); +static int ecp_mod_p521(mbedtls_mpi *); #endif #define NIST_MODP( P ) grp->modp = ecp_mod_ ## P; @@ -644,19 +641,19 @@ static int ecp_mod_p521( mbedtls_mpi * ); /* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -static int ecp_mod_p255( mbedtls_mpi * ); +static int ecp_mod_p255(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -static int ecp_mod_p448( mbedtls_mpi * ); +static int ecp_mod_p448(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -static int ecp_mod_p192k1( mbedtls_mpi * ); +static int ecp_mod_p192k1(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -static int ecp_mod_p224k1( mbedtls_mpi * ); +static int ecp_mod_p224k1(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -static int ecp_mod_p256k1( mbedtls_mpi * ); +static int ecp_mod_p256k1(mbedtls_mpi *); #endif #if defined(ECP_LOAD_GROUP) @@ -681,38 +678,37 @@ static int ecp_mod_p256k1( mbedtls_mpi * ); /* * Specialized function for creating the Curve25519 group */ -static int ecp_use_curve25519( mbedtls_ecp_group *grp ) -{ +static int ecp_use_curve25519(mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Actually ( A + 2 ) / 4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&grp->A, 16, "01DB42")); /* P = 2^255 - 19 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19)); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); /* N = 2^252 + 27742317777372353535851937790883648493 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16, - "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&grp->N, 16, + "14DEF9DEA2F79CD65812631A5CF5D3ED")); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1)); /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); - mbedtls_mpi_free( &grp->G.Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 9)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); + mbedtls_mpi_free(&grp->G.Y); /* Actually, the required msb for private keys */ grp->nbits = 254; cleanup: - if( ret != 0 ) - mbedtls_ecp_group_free( grp ); + if (ret != 0) + mbedtls_ecp_group_free(grp); - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ @@ -720,138 +716,135 @@ cleanup: /* * Specialized function for creating the Curve448 group */ -static int ecp_use_curve448( mbedtls_ecp_group *grp ) -{ +static int ecp_use_curve448(mbedtls_ecp_group *grp) { mbedtls_mpi Ns; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi_init( &Ns ); + mbedtls_mpi_init(&Ns); /* Actually ( A + 2 ) / 4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&grp->A, 16, "98AA")); /* P = 2^448 - 2^224 - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) ); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1)); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) ); - mbedtls_mpi_free( &grp->G.Y ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.X, 5)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1)); + mbedtls_mpi_free(&grp->G.Y); /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16, - "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Ns, 16, + "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D")); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns)); /* Actually, the required msb for private keys */ grp->nbits = 447; cleanup: - mbedtls_mpi_free( &Ns ); - if( ret != 0 ) - mbedtls_ecp_group_free( grp ); + mbedtls_mpi_free(&Ns); + if (ret != 0) + mbedtls_ecp_group_free(grp); - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ /* * Set a group using well-known domain parameters */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) -{ - ECP_VALIDATE_RET( grp != NULL ); - mbedtls_ecp_group_free( grp ); +int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) { + ECP_VALIDATE_RET(grp != NULL); + mbedtls_ecp_group_free(grp); grp->id = id; - switch( id ) - { + switch (id) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: - NIST_MODP( p192 ); - return( LOAD_GROUP( secp192r1 ) ); + NIST_MODP(p192); + return (LOAD_GROUP(secp192r1)); #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: - NIST_MODP( p224 ); - return( LOAD_GROUP( secp224r1 ) ); + NIST_MODP(p224); + return (LOAD_GROUP(secp224r1)); #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: - NIST_MODP( p256 ); - return( LOAD_GROUP( secp256r1 ) ); + NIST_MODP(p256); + return (LOAD_GROUP(secp256r1)); #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: - NIST_MODP( p384 ); - return( LOAD_GROUP( secp384r1 ) ); + NIST_MODP(p384); + return (LOAD_GROUP(secp384r1)); #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: - NIST_MODP( p521 ); - return( LOAD_GROUP( secp521r1 ) ); + NIST_MODP(p521); + return (LOAD_GROUP(secp521r1)); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: grp->modp = ecp_mod_p192k1; - return( LOAD_GROUP_A( secp192k1 ) ); + return (LOAD_GROUP_A(secp192k1)); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: grp->modp = ecp_mod_p224k1; - return( LOAD_GROUP_A( secp224k1 ) ); + return (LOAD_GROUP_A(secp224k1)); #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: grp->modp = ecp_mod_p256k1; - return( LOAD_GROUP_A( secp256k1 ) ); + return (LOAD_GROUP_A(secp256k1)); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case MBEDTLS_ECP_DP_BP256R1: - return( LOAD_GROUP_A( brainpoolP256r1 ) ); + return (LOAD_GROUP_A(brainpoolP256r1)); #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case MBEDTLS_ECP_DP_BP384R1: - return( LOAD_GROUP_A( brainpoolP384r1 ) ); + return (LOAD_GROUP_A(brainpoolP384r1)); #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case MBEDTLS_ECP_DP_BP512R1: - return( LOAD_GROUP_A( brainpoolP512r1 ) ); + return (LOAD_GROUP_A(brainpoolP512r1)); #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: grp->modp = ecp_mod_p255; - return( ecp_use_curve25519( grp ) ); + return (ecp_use_curve25519(grp)); #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: grp->modp = ecp_mod_p448; - return( ecp_use_curve448( grp ) ); + return (ecp_use_curve448(grp)); #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ default: grp->id = MBEDTLS_ECP_DP_NONE; - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE); } } @@ -880,26 +873,24 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) */ /* Add 64-bit chunks (dst += src) and update carry */ -static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry ) -{ +static inline void add64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry) { unsigned char i; mbedtls_mpi_uint c = 0; - for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ ) - { - *dst += c; c = ( *dst < c ); - *dst += *src; c += ( *dst < *src ); + for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) { + *dst += c; + c = (*dst < c); + *dst += *src; + c += (*dst < *src); } *carry += c; } /* Add carry to a 64-bit chunk and update carry */ -static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry ) -{ +static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry) { unsigned char i; - for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ ) - { + for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) { *dst += *carry; - *carry = ( *dst < *carry ); + *carry = (*dst < *carry); } } @@ -912,24 +903,30 @@ static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry ) /* * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1) */ -static int ecp_mod_p192( mbedtls_mpi *N ) -{ +static int ecp_mod_p192(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi_uint c = 0; mbedtls_mpi_uint *p, *end; /* Make sure we have enough blocks so that A(5) is legal */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, 6 * WIDTH)); p = N->p; end = p + N->n; - ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5 - ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5 - ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5 + ADD(3); + ADD(5); + NEXT; // A0 += A3 + A5 + ADD(3); + ADD(4); + ADD(5); + NEXT; // A1 += A3 + A4 + A5 + ADD(4); + ADD(5); + LAST; // A2 += A4 + A5 cleanup: - return( ret ); + return (ret); } #undef WIDTH @@ -985,15 +982,13 @@ cleanup: /* * Helpers for addition and subtraction of chunks, with signed carry. */ -static inline void add32( uint32_t *dst, uint32_t src, signed char *carry ) -{ +static inline void add32(uint32_t *dst, uint32_t src, signed char *carry) { *dst += src; - *carry += ( *dst < src ); + *carry += (*dst < src); } -static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) -{ - *carry -= ( *dst < src ); +static inline void sub32(uint32_t *dst, uint32_t src, signed char *carry) { + *carry -= (*dst < src); *dst -= src; } @@ -1039,47 +1034,62 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) * If the result is negative, we get it in the form * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits' */ -static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits ) -{ +static inline int fix_negative(mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* C = - c * 2^(bits + 32) */ #if !defined(MBEDTLS_HAVE_INT64) ((void) bits); #else - if( bits == 224 ) - C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) -c) << 32; + if (bits == 224) + C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) - c) << 32; else #endif - C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c; + C->p[ C->n - 1 ] = (mbedtls_mpi_uint) - c; /* N = - ( C - N ) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, C, N)); N->s = -1; cleanup: - return( ret ); + return (ret); } #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) /* * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) */ -static int ecp_mod_p224( mbedtls_mpi *N ) -{ - INIT( 224 ); +static int ecp_mod_p224(mbedtls_mpi *N) { + INIT(224); - SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11 - SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12 - SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13 - SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11 - SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12 - SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13 - SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10 + SUB(7); + SUB(11); + NEXT; // A0 += -A7 - A11 + SUB(8); + SUB(12); + NEXT; // A1 += -A8 - A12 + SUB(9); + SUB(13); + NEXT; // A2 += -A9 - A13 + SUB(10); + ADD(7); + ADD(11); + NEXT; // A3 += -A10 + A7 + A11 + SUB(11); + ADD(8); + ADD(12); + NEXT; // A4 += -A11 + A8 + A12 + SUB(12); + ADD(9); + ADD(13); + NEXT; // A5 += -A12 + A9 + A13 + SUB(13); + ADD(10); + LAST; // A6 += -A13 + A10 cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ @@ -1087,36 +1097,82 @@ cleanup: /* * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) */ -static int ecp_mod_p256( mbedtls_mpi *N ) -{ - INIT( 256 ); +static int ecp_mod_p256(mbedtls_mpi *N) { + INIT(256); - ADD( 8 ); ADD( 9 ); - SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0 + ADD(8); + ADD(9); + SUB(11); + SUB(12); + SUB(13); + SUB(14); + NEXT; // A0 - ADD( 9 ); ADD( 10 ); - SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1 + ADD(9); + ADD(10); + SUB(12); + SUB(13); + SUB(14); + SUB(15); + NEXT; // A1 - ADD( 10 ); ADD( 11 ); - SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2 + ADD(10); + ADD(11); + SUB(13); + SUB(14); + SUB(15); + NEXT; // A2 - ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 ); - SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3 + ADD(11); + ADD(11); + ADD(12); + ADD(12); + ADD(13); + SUB(15); + SUB(8); + SUB(9); + NEXT; // A3 - ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 ); - SUB( 9 ); SUB( 10 ); NEXT; // A4 + ADD(12); + ADD(12); + ADD(13); + ADD(13); + ADD(14); + SUB(9); + SUB(10); + NEXT; // A4 - ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 ); - SUB( 10 ); SUB( 11 ); NEXT; // A5 + ADD(13); + ADD(13); + ADD(14); + ADD(14); + ADD(15); + SUB(10); + SUB(11); + NEXT; // A5 - ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 ); - SUB( 8 ); SUB( 9 ); NEXT; // A6 + ADD(14); + ADD(14); + ADD(15); + ADD(15); + ADD(14); + ADD(13); + SUB(8); + SUB(9); + NEXT; // A6 - ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 ); - SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7 + ADD(15); + ADD(15); + ADD(15); + ADD(8); + SUB(10); + SUB(11); + SUB(12); + SUB(13); + LAST; // A7 cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ @@ -1124,48 +1180,101 @@ cleanup: /* * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) */ -static int ecp_mod_p384( mbedtls_mpi *N ) -{ - INIT( 384 ); +static int ecp_mod_p384(mbedtls_mpi *N) { + INIT(384); - ADD( 12 ); ADD( 21 ); ADD( 20 ); - SUB( 23 ); NEXT; // A0 + ADD(12); + ADD(21); + ADD(20); + SUB(23); + NEXT; // A0 - ADD( 13 ); ADD( 22 ); ADD( 23 ); - SUB( 12 ); SUB( 20 ); NEXT; // A2 + ADD(13); + ADD(22); + ADD(23); + SUB(12); + SUB(20); + NEXT; // A2 - ADD( 14 ); ADD( 23 ); - SUB( 13 ); SUB( 21 ); NEXT; // A2 + ADD(14); + ADD(23); + SUB(13); + SUB(21); + NEXT; // A2 - ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 ); - SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3 + ADD(15); + ADD(12); + ADD(20); + ADD(21); + SUB(14); + SUB(22); + SUB(23); + NEXT; // A3 - ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 ); - SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4 + ADD(21); + ADD(21); + ADD(16); + ADD(13); + ADD(12); + ADD(20); + ADD(22); + SUB(15); + SUB(23); + SUB(23); + NEXT; // A4 - ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 ); - SUB( 16 ); NEXT; // A5 + ADD(22); + ADD(22); + ADD(17); + ADD(14); + ADD(13); + ADD(21); + ADD(23); + SUB(16); + NEXT; // A5 - ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 ); - SUB( 17 ); NEXT; // A6 + ADD(23); + ADD(23); + ADD(18); + ADD(15); + ADD(14); + ADD(22); + SUB(17); + NEXT; // A6 - ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 ); - SUB( 18 ); NEXT; // A7 + ADD(19); + ADD(16); + ADD(15); + ADD(23); + SUB(18); + NEXT; // A7 - ADD( 20 ); ADD( 17 ); ADD( 16 ); - SUB( 19 ); NEXT; // A8 + ADD(20); + ADD(17); + ADD(16); + SUB(19); + NEXT; // A8 - ADD( 21 ); ADD( 18 ); ADD( 17 ); - SUB( 20 ); NEXT; // A9 + ADD(21); + ADD(18); + ADD(17); + SUB(20); + NEXT; // A9 - ADD( 22 ); ADD( 19 ); ADD( 18 ); - SUB( 21 ); NEXT; // A10 + ADD(22); + ADD(19); + ADD(18); + SUB(21); + NEXT; // A10 - ADD( 23 ); ADD( 20 ); ADD( 19 ); - SUB( 22 ); LAST; // A11 + ADD(23); + ADD(20); + ADD(19); + SUB(22); + LAST; // A11 cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ @@ -1197,8 +1306,7 @@ cleanup: * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) * Write N as A1 + 2^521 A0, return A0 + A1 */ -static int ecp_mod_p521( mbedtls_mpi *N ) -{ +static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M; @@ -1207,28 +1315,28 @@ static int ecp_mod_p521( mbedtls_mpi *N ) * we need to hold bits 513 to 1056, which is 34 limbs, that is * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ - if( N->n < P521_WIDTH ) - return( 0 ); + if (N->n < P521_WIDTH) + return (0); /* M = A1 */ M.s = 1; - M.n = N->n - ( P521_WIDTH - 1 ); - if( M.n > P521_WIDTH + 1 ) + M.n = N->n - (P521_WIDTH - 1); + if (M.n > P521_WIDTH + 1) M.n = P521_WIDTH + 1; M.p = Mp; - memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); + memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint)))); /* N = A0 */ N->p[P521_WIDTH - 1] &= P521_MASK; - for( i = P521_WIDTH; i < N->n; i++ ) + for (i = P521_WIDTH; i < N->n; i++) N->p[i] = 0; /* N = A0 + A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - return( ret ); + return (ret); } #undef P521_WIDTH @@ -1246,38 +1354,37 @@ cleanup: * Fast quasi-reduction modulo p255 = 2^255 - 19 * Write N as A0 + 2^255 A1, return A0 + 19 * A1 */ -static int ecp_mod_p255( mbedtls_mpi *N ) -{ +static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M; mbedtls_mpi_uint Mp[P255_WIDTH + 2]; - if( N->n < P255_WIDTH ) - return( 0 ); + if (N->n < P255_WIDTH) + return (0); /* M = A1 */ M.s = 1; - M.n = N->n - ( P255_WIDTH - 1 ); - if( M.n > P255_WIDTH + 1 ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + M.n = N->n - (P255_WIDTH - 1); + if (M.n > P255_WIDTH + 1) + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); M.p = Mp; - memset( Mp, 0, sizeof Mp ); - memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); + memset(Mp, 0, sizeof Mp); + memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint)))); M.n++; /* Make room for multiplication by 19 */ /* N = A0 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) ); - for( i = P255_WIDTH; i < N->n; i++ ) + MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(N, 255, 0)); + for (i = P255_WIDTH; i < N->n; i++) N->p[i] = 0; /* N = A0 + 19 * A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&M, &M, 19)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ @@ -1303,52 +1410,51 @@ cleanup: * but for 64-bit targets it should use half the number of operations if we do * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds. */ -static int ecp_mod_p448( mbedtls_mpi *N ) -{ +static int ecp_mod_p448(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M, Q; mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; - if( N->n <= P448_WIDTH ) - return( 0 ); + if (N->n <= P448_WIDTH) + return (0); /* M = A1 */ M.s = 1; - M.n = N->n - ( P448_WIDTH ); - if( M.n > P448_WIDTH ) + M.n = N->n - (P448_WIDTH); + if (M.n > P448_WIDTH) /* Shouldn't be called with N larger than 2^896! */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_ECP_BAD_INPUT_DATA); M.p = Mp; - memset( Mp, 0, sizeof( Mp ) ); - memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) ); + memset(Mp, 0, sizeof(Mp)); + memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint)); /* N = A0 */ - for( i = P448_WIDTH; i < N->n; i++ ) + for (i = P448_WIDTH; i < N->n; i++) N->p[i] = 0; /* N += A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); /* Q = B1, N += B1 */ Q = M; Q.p = Qp; - memcpy( Qp, Mp, sizeof( Qp ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) ); + memcpy(Qp, Mp, sizeof(Qp)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q)); /* M = (B0 + B1) * 2^224, N += M */ - if( sizeof( mbedtls_mpi_uint ) > 4 ) - Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS ); - for( i = P224_WIDTH_MAX; i < M.n; ++i ) + if (sizeof(mbedtls_mpi_uint) > 4) + Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint) - 1) >> (P224_UNUSED_BITS); + for (i = P224_WIDTH_MAX; i < M.n; ++i) Mp[i] = 0; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q)); M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M)); cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ @@ -1364,16 +1470,15 @@ cleanup: */ #define P_KOBLITZ_MAX ( 256 / 8 / sizeof( mbedtls_mpi_uint ) ) // Max limbs in P #define P_KOBLITZ_R ( 8 / sizeof( mbedtls_mpi_uint ) ) // Limbs in R -static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, - size_t adjust, size_t shift, mbedtls_mpi_uint mask ) -{ +static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, + size_t adjust, size_t shift, mbedtls_mpi_uint mask) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_mpi M, R; mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; - if( N->n < p_limbs ) - return( 0 ); + if (N->n < p_limbs) + return (0); /* Init R */ R.s = 1; @@ -1385,49 +1490,49 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t M.p = Mp; /* M = A1 */ - M.n = N->n - ( p_limbs - adjust ); - if( M.n > p_limbs + adjust ) + M.n = N->n - (p_limbs - adjust); + if (M.n > p_limbs + adjust) M.n = p_limbs + adjust; - memset( Mp, 0, sizeof Mp ); - memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); - if( shift != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); + memset(Mp, 0, sizeof Mp); + memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + if (shift != 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ - if( mask != 0 ) + if (mask != 0) N->p[p_limbs - 1] &= mask; - for( i = p_limbs; i < N->n; i++ ) + for (i = p_limbs; i < N->n; i++) N->p[i] = 0; /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); /* Second pass */ /* M = A1 */ - M.n = N->n - ( p_limbs - adjust ); - if( M.n > p_limbs + adjust ) + M.n = N->n - (p_limbs - adjust); + if (M.n > p_limbs + adjust) M.n = p_limbs + adjust; - memset( Mp, 0, sizeof Mp ); - memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); - if( shift != 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); + memset(Mp, 0, sizeof Mp); + memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint)); + if (shift != 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift)); M.n += R.n; /* Make room for multiplication by R */ /* N = A0 */ - if( mask != 0 ) + if (mask != 0) N->p[p_limbs - 1] &= mask; - for( i = p_limbs; i < N->n; i++ ) + for (i = p_limbs; i < N->n; i++) N->p[i] = 0; /* N = A0 + R * A1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) || MBEDTLS_ECP_DP_SECP224K1_ENABLED) || @@ -1438,12 +1543,12 @@ cleanup: * Fast quasi-reduction modulo p192k1 = 2^192 - R, * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119 */ -static int ecp_mod_p192k1( mbedtls_mpi *N ) -{ +static int ecp_mod_p192k1(mbedtls_mpi *N) { static mbedtls_mpi_uint Rp[] = { - BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) }; + BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) + }; - return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) ); + return (ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0)); } #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ @@ -1452,15 +1557,15 @@ static int ecp_mod_p192k1( mbedtls_mpi *N ) * Fast quasi-reduction modulo p224k1 = 2^224 - R, * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93 */ -static int ecp_mod_p224k1( mbedtls_mpi *N ) -{ +static int ecp_mod_p224k1(mbedtls_mpi *N) { static mbedtls_mpi_uint Rp[] = { - BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) }; + BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) + }; #if defined(MBEDTLS_HAVE_INT64) - return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) ); + return (ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF)); #else - return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) ); + return (ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0)); #endif } @@ -1471,11 +1576,11 @@ static int ecp_mod_p224k1( mbedtls_mpi *N ) * Fast quasi-reduction modulo p256k1 = 2^256 - R, * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1 */ -static int ecp_mod_p256k1( mbedtls_mpi *N ) -{ +static int ecp_mod_p256k1(mbedtls_mpi *N) { static mbedtls_mpi_uint Rp[] = { - BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) }; - return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) ); + BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) + }; + return (ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0, 0)); } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ diff --git a/common/mbedtls/ecp_internal.h b/common/mbedtls/ecp_internal.h index 6a47a8ff2..066b73628 100644 --- a/common/mbedtls/ecp_internal.h +++ b/common/mbedtls/ecp_internal.h @@ -76,7 +76,7 @@ * * \return Non-zero if successful. */ -unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ); +unsigned char mbedtls_internal_ecp_grp_capable(const mbedtls_ecp_group *grp); /** * \brief Initialise the Elliptic Curve Point module extension. @@ -93,7 +93,7 @@ unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp ); * * \return 0 if successful. */ -int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ); +int mbedtls_internal_ecp_init(const mbedtls_ecp_group *grp); /** * \brief Frees and deallocates the Elliptic Curve Point module @@ -101,7 +101,7 @@ int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp ); * * \param grp The pointer to the group the module was initialised for. */ -void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ); +void mbedtls_internal_ecp_free(const mbedtls_ecp_group *grp); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) @@ -121,9 +121,9 @@ void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp ); * * \return 0 if successful. */ -int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) @@ -166,9 +166,9 @@ int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp, * * \return 0 if successful. */ -int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ); +int mbedtls_internal_ecp_add_mixed(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q); #endif /** @@ -191,8 +191,8 @@ int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp, * \return 0 if successful. */ #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) -int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P ); +int mbedtls_internal_ecp_double_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, const mbedtls_ecp_point *P); #endif /** @@ -221,8 +221,8 @@ int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp, * an error if one of the points is zero. */ #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) -int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *T[], size_t t_len ); +int mbedtls_internal_ecp_normalize_jac_many(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *T[], size_t t_len); #endif /** @@ -239,8 +239,8 @@ int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp, * \return 0 if successful. */ #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) -int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt ); +int mbedtls_internal_ecp_normalize_jac(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt); #endif #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -248,9 +248,9 @@ int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp, #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) -int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q, const mbedtls_mpi *d ); +int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q, const mbedtls_mpi *d); #endif /** @@ -269,9 +269,9 @@ int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp, * \return 0 if successful */ #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) -int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif /** @@ -285,8 +285,8 @@ int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp, * \return 0 if successful */ #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) -int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P ); +int mbedtls_internal_ecp_normalize_mxz(const mbedtls_ecp_group *grp, + mbedtls_ecp_point *P); #endif #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ diff --git a/common/mbedtls/entropy.c b/common/mbedtls/entropy.c index b9aca86b1..b4db5aac7 100644 --- a/common/mbedtls/entropy.c +++ b/common/mbedtls/entropy.c @@ -57,103 +57,99 @@ #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ -void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) -{ +void mbedtls_entropy_init(mbedtls_entropy_context *ctx) { ctx->source_count = 0; - memset( ctx->source, 0, sizeof( ctx->source ) ); + memset(ctx->source, 0, sizeof(ctx->source)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif ctx->accumulator_started = 0; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_init( &ctx->accumulator ); + mbedtls_sha512_init(&ctx->accumulator); #else - mbedtls_sha256_init( &ctx->accumulator ); + mbedtls_sha256_init(&ctx->accumulator); #endif #if defined(MBEDTLS_HAVEGE_C) - mbedtls_havege_init( &ctx->havege_data ); + mbedtls_havege_init(&ctx->havege_data); #endif /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, - 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_null_entropy_poll, NULL, + 1, MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL, - MBEDTLS_ENTROPY_MIN_PLATFORM, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_platform_entropy_poll, NULL, + MBEDTLS_ENTROPY_MIN_PLATFORM, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if defined(MBEDTLS_TIMING_C) - mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL, - MBEDTLS_ENTROPY_MIN_HARDCLOCK, - MBEDTLS_ENTROPY_SOURCE_WEAK ); + mbedtls_entropy_add_source(ctx, mbedtls_hardclock_poll, NULL, + MBEDTLS_ENTROPY_MIN_HARDCLOCK, + MBEDTLS_ENTROPY_SOURCE_WEAK); #endif #if defined(MBEDTLS_HAVEGE_C) - mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data, - MBEDTLS_ENTROPY_MIN_HAVEGE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_havege_poll, &ctx->havege_data, + MBEDTLS_ENTROPY_MIN_HAVEGE, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL, - MBEDTLS_ENTROPY_MIN_HARDWARE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_hardware_poll, NULL, + MBEDTLS_ENTROPY_MIN_HARDWARE, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) - mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, - MBEDTLS_ENTROPY_BLOCK_SIZE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(ctx, mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG); ctx->initial_entropy_run = 0; #endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ } -void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) -{ +void mbedtls_entropy_free(mbedtls_entropy_context *ctx) { /* If the context was already free, don't call free() again. * This is important for mutexes which don't allow double-free. */ - if( ctx->accumulator_started == -1 ) + if (ctx->accumulator_started == -1) return; #if defined(MBEDTLS_HAVEGE_C) - mbedtls_havege_free( &ctx->havege_data ); + mbedtls_havege_free(&ctx->havege_data); #endif #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_free( &ctx->accumulator ); + mbedtls_sha512_free(&ctx->accumulator); #else - mbedtls_sha256_free( &ctx->accumulator ); + mbedtls_sha256_free(&ctx->accumulator); #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) ctx->initial_entropy_run = 0; #endif ctx->source_count = 0; - mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) ); + mbedtls_platform_zeroize(ctx->source, sizeof(ctx->source)); ctx->accumulator_started = -1; } -int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, - mbedtls_entropy_f_source_ptr f_source, void *p_source, - size_t threshold, int strong ) -{ +int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx, + mbedtls_entropy_f_source_ptr f_source, void *p_source, + size_t threshold, int strong) { int idx, ret = 0; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif idx = ctx->source_count; - if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES ) - { + if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) { ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES; goto exit; } @@ -167,32 +163,30 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, exit: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } /* * Entropy accumulator update */ -static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id, - const unsigned char *data, size_t len ) -{ +static int entropy_update(mbedtls_entropy_context *ctx, unsigned char source_id, + const unsigned char *data, size_t len) { unsigned char header[2]; unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = len; const unsigned char *p = data; int ret = 0; - if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) - { + if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 ) + if ((ret = mbedtls_sha512_ret(data, len, tmp, 0)) != 0) goto cleanup; #else - if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 ) + if ((ret = mbedtls_sha256_ret(data, len, tmp, 0)) != 0) goto cleanup; #endif p = tmp; @@ -208,177 +202,165 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id * gather entropy eventually execute this code. */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + if (ctx->accumulator_started == 0 && + (ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) goto cleanup; else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) + if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, header, 2)) != 0) goto cleanup; - ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ); + ret = mbedtls_sha512_update_ret(&ctx->accumulator, p, use_len); #else - if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + if (ctx->accumulator_started == 0 && + (ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) goto cleanup; else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) + if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, header, 2)) != 0) goto cleanup; - ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ); + ret = mbedtls_sha256_update_ret(&ctx->accumulator, p, use_len); #endif cleanup: - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); - return( ret ); + return (ret); } -int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, - const unsigned char *data, size_t len ) -{ +int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx, + const unsigned char *data, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len ); + ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } /* * Run through the different sources to add entropy to our accumulator */ -static int entropy_gather_internal( mbedtls_entropy_context *ctx ) -{ +static int entropy_gather_internal(mbedtls_entropy_context *ctx) { int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; int i; int have_one_strong = 0; unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER]; size_t olen; - if( ctx->source_count == 0 ) - return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED ); + if (ctx->source_count == 0) + return (MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED); /* * Run through our entropy sources */ - for( i = 0; i < ctx->source_count; i++ ) - { - if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG ) + for (i = 0; i < ctx->source_count; i++) { + if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) have_one_strong = 1; olen = 0; - if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source, - buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 ) - { + if ((ret = ctx->source[i].f_source(ctx->source[i].p_source, + buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) { goto cleanup; } /* * Add if we actually gathered something */ - if( olen > 0 ) - { - if( ( ret = entropy_update( ctx, (unsigned char) i, - buf, olen ) ) != 0 ) - return( ret ); + if (olen > 0) { + if ((ret = entropy_update(ctx, (unsigned char) i, + buf, olen)) != 0) + return (ret); ctx->source[i].size += olen; } } - if( have_one_strong == 0 ) + if (have_one_strong == 0) ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE; cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return (ret); } /* * Thread-safe wrapper for entropy_gather_internal() */ -int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ) -{ +int mbedtls_entropy_gather(mbedtls_entropy_context *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - ret = entropy_gather_internal( ctx ); + ret = entropy_gather_internal(ctx); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } -int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) -{ +int mbedtls_entropy_func(void *data, unsigned char *output, size_t len) { int ret, count = 0, i, thresholds_reached; size_t strong_size; mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - if( len > MBEDTLS_ENTROPY_BLOCK_SIZE ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); #if defined(MBEDTLS_ENTROPY_NV_SEED) /* Update the NV entropy seed before generating any entropy for outside * use. */ - if( ctx->initial_entropy_run == 0 ) - { + if (ctx->initial_entropy_run == 0) { ctx->initial_entropy_run = 1; - if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) + return (ret); } #endif #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif /* * Always gather extra entropy before a call */ - do - { - if( count++ > ENTROPY_MAX_LOOP ) - { + do { + if (count++ > ENTROPY_MAX_LOOP) { ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; goto exit; } - if( ( ret = entropy_gather_internal( ctx ) ) != 0 ) + if ((ret = entropy_gather_internal(ctx)) != 0) goto exit; thresholds_reached = 1; strong_size = 0; - for( i = 0; i < ctx->source_count; i++ ) - { - if( ctx->source[i].size < ctx->source[i].threshold ) + for (i = 0; i < ctx->source_count; i++) { + if (ctx->source[i].size < ctx->source[i].threshold) thresholds_reached = 0; - if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG ) + if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) strong_size += ctx->source[i].size; } - } - while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE ); + } while (! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE); - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) /* @@ -386,103 +368,100 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) * in a previous call to entropy_update(). If this is not guaranteed, the * code below will fail. */ - if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 ) + if ((ret = mbedtls_sha512_finish_ret(&ctx->accumulator, buf)) != 0) goto exit; /* * Reset accumulator and counters and recycle existing entropy */ - mbedtls_sha512_free( &ctx->accumulator ); - mbedtls_sha512_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + mbedtls_sha512_free(&ctx->accumulator); + mbedtls_sha512_init(&ctx->accumulator); + if ((ret = mbedtls_sha512_starts_ret(&ctx->accumulator, 0)) != 0) goto exit; - if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf, - MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + if ((ret = mbedtls_sha512_update_ret(&ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) goto exit; /* * Perform second SHA-512 on entropy */ - if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, - buf, 0 ) ) != 0 ) + if ((ret = mbedtls_sha512_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0)) != 0) goto exit; #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 ) + if ((ret = mbedtls_sha256_finish_ret(&ctx->accumulator, buf)) != 0) goto exit; /* * Reset accumulator and counters and recycle existing entropy */ - mbedtls_sha256_free( &ctx->accumulator ); - mbedtls_sha256_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + mbedtls_sha256_free(&ctx->accumulator); + mbedtls_sha256_init(&ctx->accumulator); + if ((ret = mbedtls_sha256_starts_ret(&ctx->accumulator, 0)) != 0) goto exit; - if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf, - MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + if ((ret = mbedtls_sha256_update_ret(&ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) goto exit; /* * Perform second SHA-256 on entropy */ - if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, - buf, 0 ) ) != 0 ) + if ((ret = mbedtls_sha256_ret(buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0)) != 0) goto exit; #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - for( i = 0; i < ctx->source_count; i++ ) + for (i = 0; i < ctx->source_count; i++) ctx->source[i].size = 0; - memcpy( output, buf, len ); + memcpy(output, buf, len); ret = 0; exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } #if defined(MBEDTLS_ENTROPY_NV_SEED) -int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) -{ +int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; /* Read new seed and write it to NV */ - if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) + return (ret); - if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) + return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR); /* Manually update the remaining stream with a separator value to diverge */ - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); - ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); + ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE); - return( ret ); + return (ret); } #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_FS_IO) -int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) -{ +int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; FILE *f; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - if( ( f = fopen( path, "wb" ) ) == NULL ) - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + if ((f = fopen(path, "wb")) == NULL) + return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR); - if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) goto exit; - if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE ) - { + if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) { ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; goto exit; } @@ -490,42 +469,41 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p ret = 0; exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - fclose( f ); - return( ret ); + fclose(f); + return (ret); } -int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ) -{ +int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path) { int ret = 0; FILE *f; size_t n; unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ]; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) + return (MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR); - fseek( f, 0, SEEK_END ); - n = (size_t) ftell( f ); - fseek( f, 0, SEEK_SET ); + fseek(f, 0, SEEK_END); + n = (size_t) ftell(f); + fseek(f, 0, SEEK_SET); - if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) + if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) n = MBEDTLS_ENTROPY_MAX_SEED_SIZE; - if( fread( buf, 1, n, f ) != n ) + if (fread(buf, 1, n, f) != n) ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; else - ret = mbedtls_entropy_update_manual( ctx, buf, n ); + ret = mbedtls_entropy_update_manual(ctx, buf, n); - fclose( f ); + fclose(f); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - if( ret != 0 ) - return( ret ); + if (ret != 0) + return (ret); - return( mbedtls_entropy_write_seed_file( ctx, path ) ); + return (mbedtls_entropy_write_seed_file(ctx, path)); } #endif /* MBEDTLS_FS_IO */ @@ -534,60 +512,54 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * /* * Dummy source function */ -static int entropy_dummy_source( void *data, unsigned char *output, - size_t len, size_t *olen ) -{ +static int entropy_dummy_source(void *data, unsigned char *output, + size_t len, size_t *olen) { ((void) data); - memset( output, 0x2a, len ); + memset(output, 0x2a, len); *olen = len; - return( 0 ); + return (0); } #endif /* !MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) -static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len ) -{ +static int mbedtls_entropy_source_self_test_gather(unsigned char *buf, size_t buf_len) { int ret = 0; size_t entropy_len = 0; size_t olen = 0; size_t attempts = buf_len; - while( attempts > 0 && entropy_len < buf_len ) - { - if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len, - buf_len - entropy_len, &olen ) ) != 0 ) - return( ret ); + while (attempts > 0 && entropy_len < buf_len) { + if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len, + buf_len - entropy_len, &olen)) != 0) + return (ret); entropy_len += olen; attempts--; } - if( entropy_len < buf_len ) - { + if (entropy_len < buf_len) { ret = 1; } - return( ret ); + return (ret); } -static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf, - size_t buf_len ) -{ - unsigned char set= 0xFF; +static int mbedtls_entropy_source_self_test_check_bits(const unsigned char *buf, + size_t buf_len) { + unsigned char set = 0xFF; unsigned char unset = 0x00; size_t i; - for( i = 0; i < buf_len; i++ ) - { + for (i = 0; i < buf_len; i++) { set &= buf[i]; unset |= buf[i]; } - return( set == 0xFF || unset == 0x00 ); + return (set == 0xFF || unset == 0x00); } /* @@ -601,45 +573,43 @@ static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf * are not equal. * - The error code returned by the entropy source is not an error. */ -int mbedtls_entropy_source_self_test( int verbose ) -{ +int mbedtls_entropy_source_self_test(int verbose) { int ret = 0; - unsigned char buf0[2 * sizeof( unsigned long long int )]; - unsigned char buf1[2 * sizeof( unsigned long long int )]; + unsigned char buf0[2 * sizeof(unsigned long long int)]; + unsigned char buf1[2 * sizeof(unsigned long long int)]; - if( verbose != 0 ) - mbedtls_printf( " ENTROPY_BIAS test: " ); + if (verbose != 0) + mbedtls_printf(" ENTROPY_BIAS test: "); - memset( buf0, 0x00, sizeof( buf0 ) ); - memset( buf1, 0x00, sizeof( buf1 ) ); + memset(buf0, 0x00, sizeof(buf0)); + memset(buf1, 0x00, sizeof(buf1)); - if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0) goto cleanup; - if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0) goto cleanup; /* Make sure that the returned values are not all 0 or 1 */ - if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0) goto cleanup; - if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0) goto cleanup; /* Make sure that the entropy source is not returning values in a * pattern */ - ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0; + ret = memcmp(buf0, buf1, sizeof(buf0)) == 0; cleanup: - if( verbose != 0 ) - { - if( ret != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + if (ret != 0) + mbedtls_printf("failed\n"); else - mbedtls_printf( "passed\n" ); + mbedtls_printf("passed\n"); - mbedtls_printf( "\n" ); + mbedtls_printf("\n"); } - return( ret != 0 ); + return (ret != 0); } #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ @@ -649,8 +619,7 @@ cleanup: * test that the functions don't cause errors and write the correct * amount of data to buffers. */ -int mbedtls_entropy_self_test( int verbose ) -{ +int mbedtls_entropy_self_test(int verbose) { int ret = 1; #if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_context ctx; @@ -659,22 +628,22 @@ int mbedtls_entropy_self_test( int verbose ) size_t i, j; #endif /* !MBEDTLS_TEST_NULL_ENTROPY */ - if( verbose != 0 ) - mbedtls_printf( " ENTROPY test: " ); + if (verbose != 0) + mbedtls_printf(" ENTROPY test: "); #if !defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_init( &ctx ); + mbedtls_entropy_init(&ctx); /* First do a gather to make sure we have default sources */ - if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 ) + if ((ret = mbedtls_entropy_gather(&ctx)) != 0) goto cleanup; - ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16, - MBEDTLS_ENTROPY_SOURCE_WEAK ); - if( ret != 0 ) + ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16, + MBEDTLS_ENTROPY_SOURCE_WEAK); + if (ret != 0) goto cleanup; - if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 ) + if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) goto cleanup; /* @@ -685,44 +654,40 @@ int mbedtls_entropy_self_test( int verbose ) * each of the 32 or 64 bytes to be non-zero has a false failure rate * of at most 2^(-58) which is acceptable. */ - for( i = 0; i < 8; i++ ) - { - if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 ) + for (i = 0; i < 8; i++) { + if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0) goto cleanup; - for( j = 0; j < sizeof( buf ); j++ ) + for (j = 0; j < sizeof(buf); j++) acc[j] |= buf[j]; } - for( j = 0; j < sizeof( buf ); j++ ) - { - if( acc[j] == 0 ) - { + for (j = 0; j < sizeof(buf); j++) { + if (acc[j] == 0) { ret = 1; goto cleanup; } } #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 ) + if ((ret = mbedtls_entropy_source_self_test(0)) != 0) goto cleanup; #endif cleanup: - mbedtls_entropy_free( &ctx ); + mbedtls_entropy_free(&ctx); #endif /* !MBEDTLS_TEST_NULL_ENTROPY */ - if( verbose != 0 ) - { - if( ret != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) { + if (ret != 0) + mbedtls_printf("failed\n"); else - mbedtls_printf( "passed\n" ); + mbedtls_printf("passed\n"); - mbedtls_printf( "\n" ); + mbedtls_printf("\n"); } - return( ret != 0 ); + return (ret != 0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/entropy.h b/common/mbedtls/entropy.h index fa0b24f67..9c6c54bc7 100644 --- a/common/mbedtls/entropy.h +++ b/common/mbedtls/entropy.h @@ -100,15 +100,14 @@ extern "C" { * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise */ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len, - size_t *olen); + size_t *olen); /** * \brief Entropy source state */ -typedef struct mbedtls_entropy_source_state -{ +typedef struct mbedtls_entropy_source_state { mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */ - void * p_source; /**< The callback data pointer */ + void *p_source; /**< The callback data pointer */ size_t size; /**< Amount received in bytes */ size_t threshold; /**< Minimum bytes required before release */ int strong; /**< Is the source strong? */ @@ -118,8 +117,7 @@ mbedtls_entropy_source_state; /** * \brief Entropy context structure */ -typedef struct mbedtls_entropy_context -{ +typedef struct mbedtls_entropy_context { int accumulator_started; /* 0 after init. * 1 after the first update. * -1 after free. */ @@ -147,14 +145,14 @@ mbedtls_entropy_context; * * \param ctx Entropy context to initialize */ -void mbedtls_entropy_init( mbedtls_entropy_context *ctx ); +void mbedtls_entropy_init(mbedtls_entropy_context *ctx); /** * \brief Free the data in the context * * \param ctx Entropy context to free */ -void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); +void mbedtls_entropy_free(mbedtls_entropy_context *ctx); /** * \brief Adds an entropy source to poll @@ -173,9 +171,9 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ); * * \return 0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES */ -int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, - mbedtls_entropy_f_source_ptr f_source, void *p_source, - size_t threshold, int strong ); +int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx, + mbedtls_entropy_f_source_ptr f_source, void *p_source, + size_t threshold, int strong); /** * \brief Trigger an extra gather poll for the accumulator @@ -185,7 +183,7 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, * * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ); +int mbedtls_entropy_gather(mbedtls_entropy_context *ctx); /** * \brief Retrieve entropy from the accumulator @@ -198,7 +196,7 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx ); * * \return 0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); +int mbedtls_entropy_func(void *data, unsigned char *output, size_t len); /** * \brief Add data to the accumulator manually @@ -210,8 +208,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ); * * \return 0 if successful */ -int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, - const unsigned char *data, size_t len ); +int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx, + const unsigned char *data, size_t len); #if defined(MBEDTLS_ENTROPY_NV_SEED) /** @@ -222,7 +220,7 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, * * \return 0 if successful */ -int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); +int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx); #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if defined(MBEDTLS_FS_IO) @@ -236,7 +234,7 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ); * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ); +int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx, const char *path); /** * \brief Read and update a seed file. Seed is added to this @@ -250,7 +248,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p * MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, * MBEDTLS_ERR_ENTROPY_SOURCE_FAILED */ -int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path ); +int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) @@ -262,7 +260,7 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_entropy_self_test( int verbose ); +int mbedtls_entropy_self_test(int verbose); #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) /** @@ -278,7 +276,7 @@ int mbedtls_entropy_self_test( int verbose ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_entropy_source_self_test( int verbose ); +int mbedtls_entropy_source_self_test(int verbose); #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/entropy_poll.c b/common/mbedtls/entropy_poll.c index 2c1e0937b..b1c0a326f 100644 --- a/common/mbedtls/entropy_poll.c +++ b/common/mbedtls/entropy_poll.c @@ -58,29 +58,26 @@ #include #include -int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len, - size_t *olen ) -{ +int mbedtls_platform_entropy_poll(void *data, unsigned char *output, size_t len, + size_t *olen) { HCRYPTPROV provider; ((void) data); *olen = 0; - if( CryptAcquireContext( &provider, NULL, NULL, - PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE ) - { - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (CryptAcquireContext(&provider, NULL, NULL, + PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) { + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); } - if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE ) - { - CryptReleaseContext( provider, 0 ); - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) { + CryptReleaseContext(provider, 0); + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); } - CryptReleaseContext( provider, 0 ); + CryptReleaseContext(provider, 0); *olen = len; - return( 0 ); + return (0); } #else /* _WIN32 && !EFIX64 && !EFI32 */ @@ -96,15 +93,14 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len #define HAVE_GETRANDOM #include -static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) -{ +static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) { /* MemSan cannot understand that the syscall writes to the buffer */ #if defined(__has_feature) #if __has_feature(memory_sanitizer) - memset( buf, 0, buflen ); + memset(buf, 0, buflen); #endif #endif - return( syscall( SYS_getrandom, buf, buflen, flags ) ); + return (syscall(SYS_getrandom, buf, buflen, flags)); } #endif /* SYS_getrandom */ #endif /* __linux__ || __midipix__ */ @@ -116,9 +112,8 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #include #include #define HAVE_GETRANDOM -static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) -{ - return getrandom( buf, buflen, flags ); +static int getrandom_wrapper(void *buf, size_t buflen, unsigned int flags) { + return getrandom(buf, buflen, flags); } #endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) || (__DragonFly__ && __DragonFly_version >= 500700) */ @@ -138,46 +133,41 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #if defined(KERN_ARND) #define HAVE_SYSCTL_ARND -static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen ) -{ +static int sysctl_arnd_wrapper(unsigned char *buf, size_t buflen) { int name[2]; size_t len; name[0] = CTL_KERN; name[1] = KERN_ARND; - while( buflen > 0 ) - { + while (buflen > 0) { len = buflen > 256 ? 256 : buflen; - if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) - return( -1 ); + if (sysctl(name, 2, buf, &len, NULL, 0) == -1) + return (-1); buflen -= len; buf += len; } - return( 0 ); + return (0); } #endif /* KERN_ARND */ #endif /* __FreeBSD__ || __NetBSD__ */ #include -int mbedtls_platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ +int mbedtls_platform_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { FILE *file; size_t read_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) data); #if defined(HAVE_GETRANDOM) - ret = getrandom_wrapper( output, len, 0 ); - if( ret >= 0 ) - { + ret = getrandom_wrapper(output, len, 0); + if (ret >= 0) { *olen = ret; - return( 0 ); - } - else if( errno != ENOSYS ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + return (0); + } else if (errno != ENOSYS) + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); /* Fall through if the system call isn't known. */ #else ((void) ret); @@ -186,105 +176,100 @@ int mbedtls_platform_entropy_poll( void *data, #if defined(HAVE_SYSCTL_ARND) ((void) file); ((void) read_len); - if( sysctl_arnd_wrapper( output, len ) == -1 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (sysctl_arnd_wrapper(output, len) == -1) + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); *olen = len; - return( 0 ); + return (0); #else *olen = 0; - file = fopen( "/dev/urandom", "rb" ); - if( file == NULL ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + file = fopen("/dev/urandom", "rb"); + if (file == NULL) + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); - read_len = fread( output, 1, len, file ); - if( read_len != len ) - { - fclose( file ); - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + read_len = fread(output, 1, len, file); + if (read_len != len) { + fclose(file); + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); } - fclose( file ); + fclose(file); *olen = len; - return( 0 ); + return (0); #endif /* HAVE_SYSCTL_ARND */ } #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) -int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ +int mbedtls_null_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { ((void) data); ((void) output); *olen = 0; - if( len < sizeof(unsigned char) ) - return( 0 ); + if (len < sizeof(unsigned char)) + return (0); output[0] = 0; *olen = sizeof(unsigned char); - return( 0 ); + return (0); } #endif #if defined(MBEDTLS_TIMING_C) -int mbedtls_hardclock_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ +int mbedtls_hardclock_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { unsigned long timer = mbedtls_timing_hardclock(); ((void) data); *olen = 0; - if( len < sizeof(unsigned long) ) - return( 0 ); + if (len < sizeof(unsigned long)) + return (0); - memcpy( output, &timer, sizeof(unsigned long) ); + memcpy(output, &timer, sizeof(unsigned long)); *olen = sizeof(unsigned long); - return( 0 ); + return (0); } #endif /* MBEDTLS_TIMING_C */ #if defined(MBEDTLS_HAVEGE_C) -int mbedtls_havege_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ +int mbedtls_havege_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { mbedtls_havege_state *hs = (mbedtls_havege_state *) data; *olen = 0; - if( mbedtls_havege_random( hs, output, len ) != 0 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (mbedtls_havege_random(hs, output, len) != 0) + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); *olen = len; - return( 0 ); + return (0); } #endif /* MBEDTLS_HAVEGE_C */ #if defined(MBEDTLS_ENTROPY_NV_SEED) -int mbedtls_nv_seed_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ +int mbedtls_nv_seed_poll(void *data, + unsigned char *output, size_t len, size_t *olen) { unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; ((void) data); - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); - if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); - if( len < use_len ) - use_len = len; + if (len < use_len) + use_len = len; - memcpy( output, buf, use_len ); + memcpy(output, buf, use_len); *olen = use_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_ENTROPY_NV_SEED */ diff --git a/common/mbedtls/entropy_poll.h b/common/mbedtls/entropy_poll.h index e1d7491aa..eca3b5620 100644 --- a/common/mbedtls/entropy_poll.h +++ b/common/mbedtls/entropy_poll.h @@ -48,16 +48,16 @@ extern "C" { * \brief Entropy poll callback that provides 0 entropy. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) - int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_null_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) /** * \brief Platform-specific entropy poll callback */ -int mbedtls_platform_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_platform_entropy_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_HAVEGE_C) @@ -66,16 +66,16 @@ int mbedtls_platform_entropy_poll( void *data, * * Requires an HAVEGE state as its data pointer. */ -int mbedtls_havege_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_havege_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_TIMING_C) /** * \brief mbedtls_timing_hardclock-based entropy poll callback */ -int mbedtls_hardclock_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_hardclock_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) @@ -87,8 +87,8 @@ int mbedtls_hardclock_poll( void *data, * * \note This must accept NULL as its first argument. */ -int mbedtls_hardware_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_hardware_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) @@ -97,8 +97,8 @@ int mbedtls_hardware_poll( void *data, * * \note This must accept NULL as its first argument. */ -int mbedtls_nv_seed_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); +int mbedtls_nv_seed_poll(void *data, + unsigned char *output, size_t len, size_t *olen); #endif #ifdef __cplusplus diff --git a/common/mbedtls/error.c b/common/mbedtls/error.c index 901a3699a..d5a46c557 100644 --- a/common/mbedtls/error.c +++ b/common/mbedtls/error.c @@ -211,360 +211,358 @@ #endif -const char * mbedtls_high_level_strerr( int error_code ) -{ +const char *mbedtls_high_level_strerr(int error_code) { int high_level_error_code; - if( error_code < 0 ) + if (error_code < 0) error_code = -error_code; /* Extract the high-level part from the error code. */ high_level_error_code = error_code & 0xFF80; - switch( high_level_error_code ) - { - /* Begin Auto-Generated Code. */ + switch (high_level_error_code) { + /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_CIPHER_C) case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): - return( "CIPHER - The selected feature is not available" ); + return ("CIPHER - The selected feature is not available"); case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA): - return( "CIPHER - Bad input parameters" ); + return ("CIPHER - Bad input parameters"); case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED): - return( "CIPHER - Failed to allocate memory" ); + return ("CIPHER - Failed to allocate memory"); case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING): - return( "CIPHER - Input data contains invalid padding and is rejected" ); + return ("CIPHER - Input data contains invalid padding and is rejected"); case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED): - return( "CIPHER - Decryption of block requires a full block" ); + return ("CIPHER - Decryption of block requires a full block"); case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED): - return( "CIPHER - Authentication failed (for AEAD modes)" ); + return ("CIPHER - Authentication failed (for AEAD modes)"); case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT): - return( "CIPHER - The context is invalid. For example, because it was freed" ); + return ("CIPHER - The context is invalid. For example, because it was freed"); case -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED): - return( "CIPHER - Cipher hardware accelerator failed" ); + return ("CIPHER - Cipher hardware accelerator failed"); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_DHM_C) case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA): - return( "DHM - Bad input parameters" ); + return ("DHM - Bad input parameters"); case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED): - return( "DHM - Reading of the DHM parameters failed" ); + return ("DHM - Reading of the DHM parameters failed"); case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED): - return( "DHM - Making of the DHM parameters failed" ); + return ("DHM - Making of the DHM parameters failed"); case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED): - return( "DHM - Reading of the public values failed" ); + return ("DHM - Reading of the public values failed"); case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED): - return( "DHM - Making of the public value failed" ); + return ("DHM - Making of the public value failed"); case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED): - return( "DHM - Calculation of the DHM secret failed" ); + return ("DHM - Calculation of the DHM secret failed"); case -(MBEDTLS_ERR_DHM_INVALID_FORMAT): - return( "DHM - The ASN.1 data is not formatted correctly" ); + return ("DHM - The ASN.1 data is not formatted correctly"); case -(MBEDTLS_ERR_DHM_ALLOC_FAILED): - return( "DHM - Allocation of memory failed" ); + return ("DHM - Allocation of memory failed"); case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR): - return( "DHM - Read or write of file failed" ); + return ("DHM - Read or write of file failed"); case -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED): - return( "DHM - DHM hardware accelerator failed" ); + return ("DHM - DHM hardware accelerator failed"); case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED): - return( "DHM - Setting the modulus and generator failed" ); + return ("DHM - Setting the modulus and generator failed"); #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_ECP_C) case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA): - return( "ECP - Bad input parameters to function" ); + return ("ECP - Bad input parameters to function"); case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL): - return( "ECP - The buffer is too small to write to" ); + return ("ECP - The buffer is too small to write to"); case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE): - return( "ECP - The requested feature is not available, for example, the requested curve is not supported" ); + return ("ECP - The requested feature is not available, for example, the requested curve is not supported"); case -(MBEDTLS_ERR_ECP_VERIFY_FAILED): - return( "ECP - The signature is not valid" ); + return ("ECP - The signature is not valid"); case -(MBEDTLS_ERR_ECP_ALLOC_FAILED): - return( "ECP - Memory allocation failed" ); + return ("ECP - Memory allocation failed"); case -(MBEDTLS_ERR_ECP_RANDOM_FAILED): - return( "ECP - Generation of random value, such as ephemeral key, failed" ); + return ("ECP - Generation of random value, such as ephemeral key, failed"); case -(MBEDTLS_ERR_ECP_INVALID_KEY): - return( "ECP - Invalid private or public key" ); + return ("ECP - Invalid private or public key"); case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH): - return( "ECP - The buffer contains a valid signature followed by more data" ); + return ("ECP - The buffer contains a valid signature followed by more data"); case -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED): - return( "ECP - The ECP hardware accelerator failed" ); + return ("ECP - The ECP hardware accelerator failed"); case -(MBEDTLS_ERR_ECP_IN_PROGRESS): - return( "ECP - Operation in progress, call again with the same parameters to continue" ); + return ("ECP - Operation in progress, call again with the same parameters to continue"); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE): - return( "MD - The selected feature is not available" ); + return ("MD - The selected feature is not available"); case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA): - return( "MD - Bad input parameters to function" ); + return ("MD - Bad input parameters to function"); case -(MBEDTLS_ERR_MD_ALLOC_FAILED): - return( "MD - Failed to allocate memory" ); + return ("MD - Failed to allocate memory"); case -(MBEDTLS_ERR_MD_FILE_IO_ERROR): - return( "MD - Opening or reading of file failed" ); + return ("MD - Opening or reading of file failed"); case -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED): - return( "MD - MD hardware accelerator failed" ); + return ("MD - MD hardware accelerator failed"); #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT): - return( "PEM - No PEM header or footer found" ); + return ("PEM - No PEM header or footer found"); case -(MBEDTLS_ERR_PEM_INVALID_DATA): - return( "PEM - PEM string is not as expected" ); + return ("PEM - PEM string is not as expected"); case -(MBEDTLS_ERR_PEM_ALLOC_FAILED): - return( "PEM - Failed to allocate memory" ); + return ("PEM - Failed to allocate memory"); case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV): - return( "PEM - RSA IV is not in hex-format" ); + return ("PEM - RSA IV is not in hex-format"); case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG): - return( "PEM - Unsupported key encryption algorithm" ); + return ("PEM - Unsupported key encryption algorithm"); case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED): - return( "PEM - Private key password can't be empty" ); + return ("PEM - Private key password can't be empty"); case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH): - return( "PEM - Given private key password does not allow for correct decryption" ); + return ("PEM - Given private key password does not allow for correct decryption"); case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE): - return( "PEM - Unavailable feature, e.g. hashing/encryption combination" ); + return ("PEM - Unavailable feature, e.g. hashing/encryption combination"); case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA): - return( "PEM - Bad input parameters to function" ); + return ("PEM - Bad input parameters to function"); #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ #if defined(MBEDTLS_PK_C) case -(MBEDTLS_ERR_PK_ALLOC_FAILED): - return( "PK - Memory allocation failed" ); + return ("PK - Memory allocation failed"); case -(MBEDTLS_ERR_PK_TYPE_MISMATCH): - return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); + return ("PK - Type mismatch, eg attempt to encrypt with an ECDSA key"); case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA): - return( "PK - Bad input parameters to function" ); + return ("PK - Bad input parameters to function"); case -(MBEDTLS_ERR_PK_FILE_IO_ERROR): - return( "PK - Read/write of file failed" ); + return ("PK - Read/write of file failed"); case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION): - return( "PK - Unsupported key version" ); + return ("PK - Unsupported key version"); case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT): - return( "PK - Invalid key tag or value" ); + return ("PK - Invalid key tag or value"); case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG): - return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); + return ("PK - Key algorithm is unsupported (only RSA and EC are supported)"); case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED): - return( "PK - Private key password can't be empty" ); + return ("PK - Private key password can't be empty"); case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH): - return( "PK - Given private key password does not allow for correct decryption" ); + return ("PK - Given private key password does not allow for correct decryption"); case -(MBEDTLS_ERR_PK_INVALID_PUBKEY): - return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); + return ("PK - The pubkey tag or value is invalid (only RSA and EC are supported)"); case -(MBEDTLS_ERR_PK_INVALID_ALG): - return( "PK - The algorithm tag or value is invalid" ); + return ("PK - The algorithm tag or value is invalid"); case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE): - return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); + return ("PK - Elliptic curve is unsupported (only NIST curves are supported)"); case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE): - return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); + return ("PK - Unavailable feature, e.g. RSA disabled for RSA key"); case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH): - return( "PK - The buffer contains a valid signature followed by more data" ); + return ("PK - The buffer contains a valid signature followed by more data"); case -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED): - return( "PK - PK hardware accelerator failed" ); + return ("PK - PK hardware accelerator failed"); #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_PKCS12_C) case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA): - return( "PKCS12 - Bad input parameters to function" ); + return ("PKCS12 - Bad input parameters to function"); case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE): - return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); + return ("PKCS12 - Feature not available, e.g. unsupported encryption scheme"); case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT): - return( "PKCS12 - PBE ASN.1 data not as expected" ); + return ("PKCS12 - PBE ASN.1 data not as expected"); case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH): - return( "PKCS12 - Given private key password does not allow for correct decryption" ); + return ("PKCS12 - Given private key password does not allow for correct decryption"); #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA): - return( "PKCS5 - Bad input parameters to function" ); + return ("PKCS5 - Bad input parameters to function"); case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT): - return( "PKCS5 - Unexpected ASN.1 data" ); + return ("PKCS5 - Unexpected ASN.1 data"); case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE): - return( "PKCS5 - Requested encryption or digest alg not available" ); + return ("PKCS5 - Requested encryption or digest alg not available"); case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH): - return( "PKCS5 - Given private key password does not allow for correct decryption" ); + return ("PKCS5 - Given private key password does not allow for correct decryption"); #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_RSA_C) case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA): - return( "RSA - Bad input parameters to function" ); + return ("RSA - Bad input parameters to function"); case -(MBEDTLS_ERR_RSA_INVALID_PADDING): - return( "RSA - Input data contains invalid padding and is rejected" ); + return ("RSA - Input data contains invalid padding and is rejected"); case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED): - return( "RSA - Something failed during generation of a key" ); + return ("RSA - Something failed during generation of a key"); case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED): - return( "RSA - Key failed to pass the validity check of the library" ); + return ("RSA - Key failed to pass the validity check of the library"); case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED): - return( "RSA - The public key operation failed" ); + return ("RSA - The public key operation failed"); case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED): - return( "RSA - The private key operation failed" ); + return ("RSA - The private key operation failed"); case -(MBEDTLS_ERR_RSA_VERIFY_FAILED): - return( "RSA - The PKCS#1 verification failed" ); + return ("RSA - The PKCS#1 verification failed"); case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE): - return( "RSA - The output buffer for decryption is not large enough" ); + return ("RSA - The output buffer for decryption is not large enough"); case -(MBEDTLS_ERR_RSA_RNG_FAILED): - return( "RSA - The random generator failed to generate non-zeros" ); + return ("RSA - The random generator failed to generate non-zeros"); case -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION): - return( "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" ); + return ("RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality"); case -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED): - return( "RSA - RSA hardware accelerator failed" ); + return ("RSA - RSA hardware accelerator failed"); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE): - return( "SSL - The requested feature is not available" ); + return ("SSL - The requested feature is not available"); case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA): - return( "SSL - Bad input parameters to function" ); + return ("SSL - Bad input parameters to function"); case -(MBEDTLS_ERR_SSL_INVALID_MAC): - return( "SSL - Verification of the message MAC failed" ); + return ("SSL - Verification of the message MAC failed"); case -(MBEDTLS_ERR_SSL_INVALID_RECORD): - return( "SSL - An invalid SSL record was received" ); + return ("SSL - An invalid SSL record was received"); case -(MBEDTLS_ERR_SSL_CONN_EOF): - return( "SSL - The connection indicated an EOF" ); + return ("SSL - The connection indicated an EOF"); case -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER): - return( "SSL - An unknown cipher was received" ); + return ("SSL - An unknown cipher was received"); case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN): - return( "SSL - The server has no ciphersuites in common with the client" ); + return ("SSL - The server has no ciphersuites in common with the client"); case -(MBEDTLS_ERR_SSL_NO_RNG): - return( "SSL - No RNG was provided to the SSL module" ); + return ("SSL - No RNG was provided to the SSL module"); case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): - return( "SSL - No client certification received from the client, but required by the authentication mode" ); + return ("SSL - No client certification received from the client, but required by the authentication mode"); case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE): - return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); + return ("SSL - Our own certificate(s) is/are too large to send in an SSL message"); case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED): - return( "SSL - The own certificate is not set, but needed by the server" ); + return ("SSL - The own certificate is not set, but needed by the server"); case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): - return( "SSL - The own private key or pre-shared key is not set, but needed" ); + return ("SSL - The own private key or pre-shared key is not set, but needed"); case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED): - return( "SSL - No CA Chain is set, but required to operate" ); + return ("SSL - No CA Chain is set, but required to operate"); case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE): - return( "SSL - An unexpected message was received from our peer" ); + return ("SSL - An unexpected message was received from our peer"); case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): - return( "SSL - A fatal alert message was received from our peer" ); + return ("SSL - A fatal alert message was received from our peer"); case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED): - return( "SSL - Verification of our peer failed" ); + return ("SSL - Verification of our peer failed"); case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): - return( "SSL - The peer notified us that the connection is going to be closed" ); + return ("SSL - The peer notified us that the connection is going to be closed"); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO): - return( "SSL - Processing of the ClientHello handshake message failed" ); + return ("SSL - Processing of the ClientHello handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO): - return( "SSL - Processing of the ServerHello handshake message failed" ); + return ("SSL - Processing of the ServerHello handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE): - return( "SSL - Processing of the Certificate handshake message failed" ); + return ("SSL - Processing of the Certificate handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST): - return( "SSL - Processing of the CertificateRequest handshake message failed" ); + return ("SSL - Processing of the CertificateRequest handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE): - return( "SSL - Processing of the ServerKeyExchange handshake message failed" ); + return ("SSL - Processing of the ServerKeyExchange handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE): - return( "SSL - Processing of the ServerHelloDone handshake message failed" ); + return ("SSL - Processing of the ServerHelloDone handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE): - return( "SSL - Processing of the ClientKeyExchange handshake message failed" ); + return ("SSL - Processing of the ClientKeyExchange handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP): - return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" ); + return ("SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public"); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS): - return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" ); + return ("SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret"); case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY): - return( "SSL - Processing of the CertificateVerify handshake message failed" ); + return ("SSL - Processing of the CertificateVerify handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC): - return( "SSL - Processing of the ChangeCipherSpec handshake message failed" ); + return ("SSL - Processing of the ChangeCipherSpec handshake message failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED): - return( "SSL - Processing of the Finished handshake message failed" ); + return ("SSL - Processing of the Finished handshake message failed"); case -(MBEDTLS_ERR_SSL_ALLOC_FAILED): - return( "SSL - Memory allocation failed" ); + return ("SSL - Memory allocation failed"); case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED): - return( "SSL - Hardware acceleration function returned with error" ); + return ("SSL - Hardware acceleration function returned with error"); case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH): - return( "SSL - Hardware acceleration function skipped / left alone data" ); + return ("SSL - Hardware acceleration function skipped / left alone data"); case -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED): - return( "SSL - Processing of the compression / decompression failed" ); + return ("SSL - Processing of the compression / decompression failed"); case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION): - return( "SSL - Handshake protocol not within min/max boundaries" ); + return ("SSL - Handshake protocol not within min/max boundaries"); case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET): - return( "SSL - Processing of the NewSessionTicket handshake message failed" ); + return ("SSL - Processing of the NewSessionTicket handshake message failed"); case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED): - return( "SSL - Session ticket has expired" ); + return ("SSL - Session ticket has expired"); case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH): - return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); + return ("SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)"); case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY): - return( "SSL - Unknown identity received (eg, PSK identity)" ); + return ("SSL - Unknown identity received (eg, PSK identity)"); case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR): - return( "SSL - Internal error (eg, unexpected failure in lower-level module)" ); + return ("SSL - Internal error (eg, unexpected failure in lower-level module)"); case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING): - return( "SSL - A counter would wrap (eg, too many messages exchanged)" ); + return ("SSL - A counter would wrap (eg, too many messages exchanged)"); case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO): - return( "SSL - Unexpected message at ServerHello in renegotiation" ); + return ("SSL - Unexpected message at ServerHello in renegotiation"); case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED): - return( "SSL - DTLS client must retry for hello verification" ); + return ("SSL - DTLS client must retry for hello verification"); case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL): - return( "SSL - A buffer is too small to receive or write a message" ); + return ("SSL - A buffer is too small to receive or write a message"); case -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE): - return( "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); + return ("SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)"); case -(MBEDTLS_ERR_SSL_WANT_READ): - return( "SSL - No data of requested type currently available on underlying transport" ); + return ("SSL - No data of requested type currently available on underlying transport"); case -(MBEDTLS_ERR_SSL_WANT_WRITE): - return( "SSL - Connection requires a write call" ); + return ("SSL - Connection requires a write call"); case -(MBEDTLS_ERR_SSL_TIMEOUT): - return( "SSL - The operation timed out" ); + return ("SSL - The operation timed out"); case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT): - return( "SSL - The client initiated a reconnect from the same port" ); + return ("SSL - The client initiated a reconnect from the same port"); case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD): - return( "SSL - Record header looks valid but is not expected" ); + return ("SSL - Record header looks valid but is not expected"); case -(MBEDTLS_ERR_SSL_NON_FATAL): - return( "SSL - The alert message received indicates a non-fatal error" ); + return ("SSL - The alert message received indicates a non-fatal error"); case -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH): - return( "SSL - Couldn't set the hash for verifying CertificateVerify" ); + return ("SSL - Couldn't set the hash for verifying CertificateVerify"); case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING): - return( "SSL - Internal-only message signaling that further message-processing should be done" ); + return ("SSL - Internal-only message signaling that further message-processing should be done"); case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS): - return( "SSL - The asynchronous operation is not completed yet" ); + return ("SSL - The asynchronous operation is not completed yet"); case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE): - return( "SSL - Internal-only message signaling that a message arrived early" ); + return ("SSL - Internal-only message signaling that a message arrived early"); case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID): - return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" ); + return ("SSL - An encrypted DTLS-frame with an unexpected CID was received"); case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH): - return( "SSL - An operation failed due to an unexpected version or configuration" ); + return ("SSL - An operation failed due to an unexpected version or configuration"); case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): - return( "SSL - A cryptographic operation is in progress. Try again later" ); + return ("SSL - A cryptographic operation is in progress. Try again later"); case -(MBEDTLS_ERR_SSL_BAD_CONFIG): - return( "SSL - Invalid value in SSL config" ); + return ("SSL - Invalid value in SSL config"); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE): - return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); + return ("X509 - Unavailable feature, e.g. RSA hashing/encryption combination"); case -(MBEDTLS_ERR_X509_UNKNOWN_OID): - return( "X509 - Requested OID is unknown" ); + return ("X509 - Requested OID is unknown"); case -(MBEDTLS_ERR_X509_INVALID_FORMAT): - return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); + return ("X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected"); case -(MBEDTLS_ERR_X509_INVALID_VERSION): - return( "X509 - The CRT/CRL/CSR version element is invalid" ); + return ("X509 - The CRT/CRL/CSR version element is invalid"); case -(MBEDTLS_ERR_X509_INVALID_SERIAL): - return( "X509 - The serial tag or value is invalid" ); + return ("X509 - The serial tag or value is invalid"); case -(MBEDTLS_ERR_X509_INVALID_ALG): - return( "X509 - The algorithm tag or value is invalid" ); + return ("X509 - The algorithm tag or value is invalid"); case -(MBEDTLS_ERR_X509_INVALID_NAME): - return( "X509 - The name tag or value is invalid" ); + return ("X509 - The name tag or value is invalid"); case -(MBEDTLS_ERR_X509_INVALID_DATE): - return( "X509 - The date tag or value is invalid" ); + return ("X509 - The date tag or value is invalid"); case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE): - return( "X509 - The signature tag or value invalid" ); + return ("X509 - The signature tag or value invalid"); case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS): - return( "X509 - The extension tag or value is invalid" ); + return ("X509 - The extension tag or value is invalid"); case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION): - return( "X509 - CRT/CRL/CSR has an unsupported version number" ); + return ("X509 - CRT/CRL/CSR has an unsupported version number"); case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG): - return( "X509 - Signature algorithm (oid) is unsupported" ); + return ("X509 - Signature algorithm (oid) is unsupported"); case -(MBEDTLS_ERR_X509_SIG_MISMATCH): - return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" ); + return ("X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)"); case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED): - return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); + return ("X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"); case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT): - return( "X509 - Format not recognized as DER or PEM" ); + return ("X509 - Format not recognized as DER or PEM"); case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA): - return( "X509 - Input invalid" ); + return ("X509 - Input invalid"); case -(MBEDTLS_ERR_X509_ALLOC_FAILED): - return( "X509 - Allocation of memory failed" ); + return ("X509 - Allocation of memory failed"); case -(MBEDTLS_ERR_X509_FILE_IO_ERROR): - return( "X509 - Read/write of file failed" ); + return ("X509 - Read/write of file failed"); case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL): - return( "X509 - Destination buffer is too small" ); + return ("X509 - Destination buffer is too small"); case -(MBEDTLS_ERR_X509_FATAL_ERROR): - return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); + return ("X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed"); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ /* End Auto-Generated Code. */ @@ -572,317 +570,315 @@ const char * mbedtls_high_level_strerr( int error_code ) break; } - return( NULL ); + return (NULL); } -const char * mbedtls_low_level_strerr( int error_code ) -{ +const char *mbedtls_low_level_strerr(int error_code) { int low_level_error_code; - if( error_code < 0 ) + if (error_code < 0) error_code = -error_code; /* Extract the low-level part from the error code. */ low_level_error_code = error_code & ~0xFF80; - switch( low_level_error_code ) - { - /* Begin Auto-Generated Code. */ + switch (low_level_error_code) { + /* Begin Auto-Generated Code. */ #if defined(MBEDTLS_AES_C) case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): - return( "AES - Invalid key length" ); + return ("AES - Invalid key length"); case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH): - return( "AES - Invalid data input length" ); + return ("AES - Invalid data input length"); case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA): - return( "AES - Invalid input data" ); + return ("AES - Invalid input data"); case -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE): - return( "AES - Feature not available. For example, an unsupported AES key size" ); + return ("AES - Feature not available. For example, an unsupported AES key size"); case -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED): - return( "AES - AES hardware accelerator failed" ); + return ("AES - AES hardware accelerator failed"); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ARC4_C) case -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED): - return( "ARC4 - ARC4 hardware accelerator failed" ); + return ("ARC4 - ARC4 hardware accelerator failed"); #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA): - return( "ARIA - Bad input data" ); + return ("ARIA - Bad input data"); case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH): - return( "ARIA - Invalid data input length" ); + return ("ARIA - Invalid data input length"); case -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE): - return( "ARIA - Feature not available. For example, an unsupported ARIA key size" ); + return ("ARIA - Feature not available. For example, an unsupported ARIA key size"); case -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED): - return( "ARIA - ARIA hardware accelerator failed" ); + return ("ARIA - ARIA hardware accelerator failed"); #endif /* MBEDTLS_ARIA_C */ #if defined(MBEDTLS_ASN1_PARSE_C) case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA): - return( "ASN1 - Out of data when parsing an ASN1 data structure" ); + return ("ASN1 - Out of data when parsing an ASN1 data structure"); case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG): - return( "ASN1 - ASN1 tag was of an unexpected value" ); + return ("ASN1 - ASN1 tag was of an unexpected value"); case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH): - return( "ASN1 - Error when trying to determine the length or invalid length" ); + return ("ASN1 - Error when trying to determine the length or invalid length"); case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH): - return( "ASN1 - Actual length differs from expected length" ); + return ("ASN1 - Actual length differs from expected length"); case -(MBEDTLS_ERR_ASN1_INVALID_DATA): - return( "ASN1 - Data is invalid" ); + return ("ASN1 - Data is invalid"); case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED): - return( "ASN1 - Memory allocation failed" ); + return ("ASN1 - Memory allocation failed"); case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL): - return( "ASN1 - Buffer too small when writing ASN.1 data structure" ); + return ("ASN1 - Buffer too small when writing ASN.1 data structure"); #endif /* MBEDTLS_ASN1_PARSE_C */ #if defined(MBEDTLS_BASE64_C) case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL): - return( "BASE64 - Output buffer too small" ); + return ("BASE64 - Output buffer too small"); case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER): - return( "BASE64 - Invalid character in input" ); + return ("BASE64 - Invalid character in input"); #endif /* MBEDTLS_BASE64_C */ #if defined(MBEDTLS_BIGNUM_C) case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR): - return( "BIGNUM - An error occurred while reading from or writing to a file" ); + return ("BIGNUM - An error occurred while reading from or writing to a file"); case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA): - return( "BIGNUM - Bad input parameters to function" ); + return ("BIGNUM - Bad input parameters to function"); case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER): - return( "BIGNUM - There is an invalid character in the digit string" ); + return ("BIGNUM - There is an invalid character in the digit string"); case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL): - return( "BIGNUM - The buffer is too small to write to" ); + return ("BIGNUM - The buffer is too small to write to"); case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE): - return( "BIGNUM - The input arguments are negative or result in illegal output" ); + return ("BIGNUM - The input arguments are negative or result in illegal output"); case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO): - return( "BIGNUM - The input argument for division is zero, which is not allowed" ); + return ("BIGNUM - The input argument for division is zero, which is not allowed"); case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE): - return( "BIGNUM - The input arguments are not acceptable" ); + return ("BIGNUM - The input arguments are not acceptable"); case -(MBEDTLS_ERR_MPI_ALLOC_FAILED): - return( "BIGNUM - Memory allocation failed" ); + return ("BIGNUM - Memory allocation failed"); #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) case -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA): - return( "BLOWFISH - Bad input data" ); + return ("BLOWFISH - Bad input data"); case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH): - return( "BLOWFISH - Invalid data input length" ); + return ("BLOWFISH - Invalid data input length"); case -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED): - return( "BLOWFISH - Blowfish hardware accelerator failed" ); + return ("BLOWFISH - Blowfish hardware accelerator failed"); #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA): - return( "CAMELLIA - Bad input data" ); + return ("CAMELLIA - Bad input data"); case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH): - return( "CAMELLIA - Invalid data input length" ); + return ("CAMELLIA - Invalid data input length"); case -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED): - return( "CAMELLIA - Camellia hardware accelerator failed" ); + return ("CAMELLIA - Camellia hardware accelerator failed"); #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CCM_C) case -(MBEDTLS_ERR_CCM_BAD_INPUT): - return( "CCM - Bad input parameters to the function" ); + return ("CCM - Bad input parameters to the function"); case -(MBEDTLS_ERR_CCM_AUTH_FAILED): - return( "CCM - Authenticated decryption failed" ); + return ("CCM - Authenticated decryption failed"); case -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED): - return( "CCM - CCM hardware accelerator failed" ); + return ("CCM - CCM hardware accelerator failed"); #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHA20_C) case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA): - return( "CHACHA20 - Invalid input parameter(s)" ); + return ("CHACHA20 - Invalid input parameter(s)"); case -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE): - return( "CHACHA20 - Feature not available. For example, s part of the API is not implemented" ); + return ("CHACHA20 - Feature not available. For example, s part of the API is not implemented"); case -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED): - return( "CHACHA20 - Chacha20 hardware accelerator failed" ); + return ("CHACHA20 - Chacha20 hardware accelerator failed"); #endif /* MBEDTLS_CHACHA20_C */ #if defined(MBEDTLS_CHACHAPOLY_C) case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE): - return( "CHACHAPOLY - The requested operation is not permitted in the current state" ); + return ("CHACHAPOLY - The requested operation is not permitted in the current state"); case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED): - return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" ); + return ("CHACHAPOLY - Authenticated decryption failed: data was not authentic"); #endif /* MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CMAC_C) case -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED): - return( "CMAC - CMAC hardware accelerator failed" ); + return ("CMAC - CMAC hardware accelerator failed"); #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_CTR_DRBG_C) case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED): - return( "CTR_DRBG - The entropy source failed" ); + return ("CTR_DRBG - The entropy source failed"); case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG): - return( "CTR_DRBG - The requested random buffer length is too big" ); + return ("CTR_DRBG - The requested random buffer length is too big"); case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG): - return( "CTR_DRBG - The input (entropy + additional data) is too large" ); + return ("CTR_DRBG - The input (entropy + additional data) is too large"); case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR): - return( "CTR_DRBG - Read or write error in file" ); + return ("CTR_DRBG - Read or write error in file"); #endif /* MBEDTLS_CTR_DRBG_C */ #if defined(MBEDTLS_DES_C) case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH): - return( "DES - The data input has an invalid length" ); + return ("DES - The data input has an invalid length"); case -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED): - return( "DES - DES hardware accelerator failed" ); + return ("DES - DES hardware accelerator failed"); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ENTROPY_C) case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED): - return( "ENTROPY - Critical entropy source failure" ); + return ("ENTROPY - Critical entropy source failure"); case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES): - return( "ENTROPY - No more sources can be added" ); + return ("ENTROPY - No more sources can be added"); case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED): - return( "ENTROPY - No sources have been added to poll" ); + return ("ENTROPY - No sources have been added to poll"); case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE): - return( "ENTROPY - No strong sources have been added to poll" ); + return ("ENTROPY - No strong sources have been added to poll"); case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR): - return( "ENTROPY - Read/write error in file" ); + return ("ENTROPY - Read/write error in file"); #endif /* MBEDTLS_ENTROPY_C */ #if defined(MBEDTLS_ERROR_C) case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR): - return( "ERROR - Generic error" ); + return ("ERROR - Generic error"); case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED): - return( "ERROR - This is a bug in the library" ); + return ("ERROR - This is a bug in the library"); #endif /* MBEDTLS_ERROR_C */ #if defined(MBEDTLS_GCM_C) case -(MBEDTLS_ERR_GCM_AUTH_FAILED): - return( "GCM - Authenticated decryption failed" ); + return ("GCM - Authenticated decryption failed"); case -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED): - return( "GCM - GCM hardware accelerator failed" ); + return ("GCM - GCM hardware accelerator failed"); case -(MBEDTLS_ERR_GCM_BAD_INPUT): - return( "GCM - Bad input parameters to function" ); + return ("GCM - Bad input parameters to function"); #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_HKDF_C) case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA): - return( "HKDF - Bad input parameters to function" ); + return ("HKDF - Bad input parameters to function"); #endif /* MBEDTLS_HKDF_C */ #if defined(MBEDTLS_HMAC_DRBG_C) case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG): - return( "HMAC_DRBG - Too many random requested in single call" ); + return ("HMAC_DRBG - Too many random requested in single call"); case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG): - return( "HMAC_DRBG - Input too large (Entropy + additional)" ); + return ("HMAC_DRBG - Input too large (Entropy + additional)"); case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR): - return( "HMAC_DRBG - Read/write error in file" ); + return ("HMAC_DRBG - Read/write error in file"); case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED): - return( "HMAC_DRBG - The entropy source failed" ); + return ("HMAC_DRBG - The entropy source failed"); #endif /* MBEDTLS_HMAC_DRBG_C */ #if defined(MBEDTLS_MD2_C) case -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED): - return( "MD2 - MD2 hardware accelerator failed" ); + return ("MD2 - MD2 hardware accelerator failed"); #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) case -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED): - return( "MD4 - MD4 hardware accelerator failed" ); + return ("MD4 - MD4 hardware accelerator failed"); #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) case -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED): - return( "MD5 - MD5 hardware accelerator failed" ); + return ("MD5 - MD5 hardware accelerator failed"); #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_NET_C) case -(MBEDTLS_ERR_NET_SOCKET_FAILED): - return( "NET - Failed to open a socket" ); + return ("NET - Failed to open a socket"); case -(MBEDTLS_ERR_NET_CONNECT_FAILED): - return( "NET - The connection to the given server / port failed" ); + return ("NET - The connection to the given server / port failed"); case -(MBEDTLS_ERR_NET_BIND_FAILED): - return( "NET - Binding of the socket failed" ); + return ("NET - Binding of the socket failed"); case -(MBEDTLS_ERR_NET_LISTEN_FAILED): - return( "NET - Could not listen on the socket" ); + return ("NET - Could not listen on the socket"); case -(MBEDTLS_ERR_NET_ACCEPT_FAILED): - return( "NET - Could not accept the incoming connection" ); + return ("NET - Could not accept the incoming connection"); case -(MBEDTLS_ERR_NET_RECV_FAILED): - return( "NET - Reading information from the socket failed" ); + return ("NET - Reading information from the socket failed"); case -(MBEDTLS_ERR_NET_SEND_FAILED): - return( "NET - Sending information through the socket failed" ); + return ("NET - Sending information through the socket failed"); case -(MBEDTLS_ERR_NET_CONN_RESET): - return( "NET - Connection was reset by peer" ); + return ("NET - Connection was reset by peer"); case -(MBEDTLS_ERR_NET_UNKNOWN_HOST): - return( "NET - Failed to get an IP address for the given hostname" ); + return ("NET - Failed to get an IP address for the given hostname"); case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL): - return( "NET - Buffer is too small to hold the data" ); + return ("NET - Buffer is too small to hold the data"); case -(MBEDTLS_ERR_NET_INVALID_CONTEXT): - return( "NET - The context is invalid, eg because it was free()ed" ); + return ("NET - The context is invalid, eg because it was free()ed"); case -(MBEDTLS_ERR_NET_POLL_FAILED): - return( "NET - Polling the net context failed" ); + return ("NET - Polling the net context failed"); case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA): - return( "NET - Input invalid" ); + return ("NET - Input invalid"); #endif /* MBEDTLS_NET_C */ #if defined(MBEDTLS_OID_C) case -(MBEDTLS_ERR_OID_NOT_FOUND): - return( "OID - OID is not found" ); + return ("OID - OID is not found"); case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL): - return( "OID - output buffer is too small" ); + return ("OID - output buffer is too small"); #endif /* MBEDTLS_OID_C */ #if defined(MBEDTLS_PADLOCK_C) case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED): - return( "PADLOCK - Input data should be aligned" ); + return ("PADLOCK - Input data should be aligned"); #endif /* MBEDTLS_PADLOCK_C */ #if defined(MBEDTLS_PLATFORM_C) case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED): - return( "PLATFORM - Hardware accelerator failed" ); + return ("PLATFORM - Hardware accelerator failed"); case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED): - return( "PLATFORM - The requested feature is not supported by the platform" ); + return ("PLATFORM - The requested feature is not supported by the platform"); #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_POLY1305_C) case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA): - return( "POLY1305 - Invalid input parameter(s)" ); + return ("POLY1305 - Invalid input parameter(s)"); case -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE): - return( "POLY1305 - Feature not available. For example, s part of the API is not implemented" ); + return ("POLY1305 - Feature not available. For example, s part of the API is not implemented"); case -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED): - return( "POLY1305 - Poly1305 hardware accelerator failed" ); + return ("POLY1305 - Poly1305 hardware accelerator failed"); #endif /* MBEDTLS_POLY1305_C */ #if defined(MBEDTLS_RIPEMD160_C) case -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED): - return( "RIPEMD160 - RIPEMD160 hardware accelerator failed" ); + return ("RIPEMD160 - RIPEMD160 hardware accelerator failed"); #endif /* MBEDTLS_RIPEMD160_C */ #if defined(MBEDTLS_SHA1_C) case -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED): - return( "SHA1 - SHA-1 hardware accelerator failed" ); + return ("SHA1 - SHA-1 hardware accelerator failed"); case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA): - return( "SHA1 - SHA-1 input data was malformed" ); + return ("SHA1 - SHA-1 input data was malformed"); #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) case -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED): - return( "SHA256 - SHA-256 hardware accelerator failed" ); + return ("SHA256 - SHA-256 hardware accelerator failed"); case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA): - return( "SHA256 - SHA-256 input data was malformed" ); + return ("SHA256 - SHA-256 input data was malformed"); #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) case -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED): - return( "SHA512 - SHA-512 hardware accelerator failed" ); + return ("SHA512 - SHA-512 hardware accelerator failed"); case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA): - return( "SHA512 - SHA-512 input data was malformed" ); + return ("SHA512 - SHA-512 input data was malformed"); #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_THREADING_C) case -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE): - return( "THREADING - The selected feature is not available" ); + return ("THREADING - The selected feature is not available"); case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA): - return( "THREADING - Bad input parameters to function" ); + return ("THREADING - Bad input parameters to function"); case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR): - return( "THREADING - Locking / unlocking / free failed with error code" ); + return ("THREADING - Locking / unlocking / free failed with error code"); #endif /* MBEDTLS_THREADING_C */ #if defined(MBEDTLS_XTEA_C) case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH): - return( "XTEA - The data input has an invalid length" ); + return ("XTEA - The data input has an invalid length"); case -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED): - return( "XTEA - XTEA hardware accelerator failed" ); + return ("XTEA - XTEA hardware accelerator failed"); #endif /* MBEDTLS_XTEA_C */ /* End Auto-Generated Code. */ @@ -890,72 +886,69 @@ const char * mbedtls_low_level_strerr( int error_code ) break; } - return( NULL ); + return (NULL); } -void mbedtls_strerror( int ret, char *buf, size_t buflen ) -{ +void mbedtls_strerror(int ret, char *buf, size_t buflen) { size_t len; int use_ret; - const char * high_level_error_description = NULL; - const char * low_level_error_description = NULL; + const char *high_level_error_description = NULL; + const char *low_level_error_description = NULL; - if( buflen == 0 ) + if (buflen == 0) return; - memset( buf, 0x00, buflen ); + memset(buf, 0x00, buflen); - if( ret < 0 ) + if (ret < 0) ret = -ret; - if( ret & 0xFF80 ) - { + if (ret & 0xFF80) { use_ret = ret & 0xFF80; // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr( ret ); + high_level_error_description = mbedtls_high_level_strerr(ret); - if( high_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); + if (high_level_error_description == NULL) + mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); else - mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); + mbedtls_snprintf(buf, buflen, "%s", high_level_error_description); #if defined(MBEDTLS_SSL_TLS_C) // Early return in case of a fatal error - do not try to translate low // level code. - if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) + if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) return; #endif /* MBEDTLS_SSL_TLS_C */ } use_ret = ret & ~0xFF80; - if( use_ret == 0 ) + if (use_ret == 0) return; // If high level code is present, make a concatenation between both // error strings. // - len = strlen( buf ); + len = strlen(buf); - if( len > 0 ) - { - if( buflen - len < 5 ) + if (len > 0) { + if (buflen - len < 5) return; - mbedtls_snprintf( buf + len, buflen - len, " : " ); + mbedtls_snprintf(buf + len, buflen - len, " : "); buf += len + 3; buflen -= len + 3; } // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr( ret ); + low_level_error_description = mbedtls_low_level_strerr(ret); - if( low_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); + if (low_level_error_description == NULL) + mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); else - mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); + mbedtls_snprintf(buf, buflen, "%s", low_level_error_description); } #else /* MBEDTLS_ERROR_C */ @@ -963,11 +956,10 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) /* * Provide an non-function in case MBEDTLS_ERROR_C is not defined */ -void mbedtls_strerror( int ret, char *buf, size_t buflen ) -{ +void mbedtls_strerror(int ret, char *buf, size_t buflen) { ((void) ret); - if( buflen > 0 ) + if (buflen > 0) buf[0] = '\0'; } diff --git a/common/mbedtls/error.h b/common/mbedtls/error.h index cd7731e6b..fa63292a6 100644 --- a/common/mbedtls/error.h +++ b/common/mbedtls/error.h @@ -123,7 +123,7 @@ extern "C" { * \param buffer buffer to place representation in * \param buflen length of the buffer */ -void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); +void mbedtls_strerror(int errnum, char *buffer, size_t buflen); /** * \brief Translate the high-level part of an Mbed TLS error code into a string @@ -138,7 +138,7 @@ void mbedtls_strerror( int errnum, char *buffer, size_t buflen ); * \return The string representation of the error code, or \c NULL if the error * code is unknown. */ -const char * mbedtls_high_level_strerr( int error_code ); +const char *mbedtls_high_level_strerr(int error_code); /** * \brief Translate the low-level part of an Mbed TLS error code into a string @@ -153,7 +153,7 @@ const char * mbedtls_high_level_strerr( int error_code ); * \return The string representation of the error code, or \c NULL if the error * code is unknown. */ -const char * mbedtls_low_level_strerr( int error_code ); +const char *mbedtls_low_level_strerr(int error_code); #ifdef __cplusplus } diff --git a/common/mbedtls/gcm.c b/common/mbedtls/gcm.c index f237bab7d..cb1baae06 100644 --- a/common/mbedtls/gcm.c +++ b/common/mbedtls/gcm.c @@ -84,10 +84,9 @@ /* * Initialize a context */ -void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) -{ - GCM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_gcm_context ) ); +void mbedtls_gcm_init(mbedtls_gcm_context *ctx) { + GCM_VALIDATE(ctx != NULL); + memset(ctx, 0, sizeof(mbedtls_gcm_context)); } /* @@ -98,25 +97,24 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL * corresponds to P^127. */ -static int gcm_gen_table( mbedtls_gcm_context *ctx ) -{ +static int gcm_gen_table(mbedtls_gcm_context *ctx) { int ret, i, j; uint64_t hi, lo; uint64_t vl, vh; unsigned char h[16]; size_t olen = 0; - memset( h, 0, 16 ); - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 ) - return( ret ); + memset(h, 0, 16); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) + return (ret); /* pack h as two 64-bits ints, big-endian */ - GET_UINT32_BE( hi, h, 0 ); - GET_UINT32_BE( lo, h, 4 ); + GET_UINT32_BE(hi, h, 0); + GET_UINT32_BE(lo, h, 4); vh = (uint64_t) hi << 32 | lo; - GET_UINT32_BE( hi, h, 8 ); - GET_UINT32_BE( lo, h, 12 ); + GET_UINT32_BE(hi, h, 8); + GET_UINT32_BE(lo, h, 12); vl = (uint64_t) hi << 32 | lo; /* 8 = 1000 corresponds to 1 in GF(2^128) */ @@ -125,74 +123,69 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) /* With CLMUL support, we need only h, not the rest of the table */ - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) - return( 0 ); + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) + return (0); #endif /* 0 corresponds to 0 in GF(2^128) */ ctx->HH[0] = 0; ctx->HL[0] = 0; - for( i = 4; i > 0; i >>= 1 ) - { - uint32_t T = ( vl & 1 ) * 0xe1000000U; - vl = ( vh << 63 ) | ( vl >> 1 ); - vh = ( vh >> 1 ) ^ ( (uint64_t) T << 32); + for (i = 4; i > 0; i >>= 1) { + uint32_t T = (vl & 1) * 0xe1000000U; + vl = (vh << 63) | (vl >> 1); + vh = (vh >> 1) ^ ((uint64_t) T << 32); ctx->HL[i] = vl; ctx->HH[i] = vh; } - for( i = 2; i <= 8; i *= 2 ) - { + for (i = 2; i <= 8; i *= 2) { uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i; vh = *HiH; vl = *HiL; - for( j = 1; j < i; j++ ) - { + for (j = 1; j < i; j++) { HiH[j] = vh ^ ctx->HH[j]; HiL[j] = vl ^ ctx->HL[j]; } } - return( 0 ); + return (0); } -int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ) -{ +int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( key != NULL ); - GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(key != NULL); + GCM_VALIDATE_RET(keybits == 128 || keybits == 192 || keybits == 256); - cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, + MBEDTLS_MODE_ECB); + if (cipher_info == NULL) + return (MBEDTLS_ERR_GCM_BAD_INPUT); - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (cipher_info->block_size != 16) + return (MBEDTLS_ERR_GCM_BAD_INPUT); - mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_cipher_free(&ctx->cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) + return (ret); - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + MBEDTLS_ENCRYPT)) != 0) { + return (ret); } - if( ( ret = gcm_gen_table( ctx ) ) != 0 ) - return( ret ); + if ((ret = gcm_gen_table(ctx)) != 0) + return (ret); - return( 0 ); + return (0); } /* @@ -200,8 +193,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * last4[x] = x times P^128 * where x and last4[x] are seen as elements of GF(2^128) as in [MGV] */ -static const uint64_t last4[16] = -{ +static const uint64_t last4[16] = { 0x0000, 0x1c20, 0x3840, 0x2460, 0x7080, 0x6ca0, 0x48c0, 0x54e0, 0xe100, 0xfd20, 0xd940, 0xc560, @@ -212,23 +204,22 @@ static const uint64_t last4[16] = * Sets output to x times H using the precomputed tables. * x and output are seen as elements of GF(2^128) as in [MGV]. */ -static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], - unsigned char output[16] ) -{ +static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], + unsigned char output[16]) { int i = 0; unsigned char lo, hi, rem; uint64_t zh, zl; #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) - if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) { + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { unsigned char h[16]; - PUT_UINT32_BE( ctx->HH[8] >> 32, h, 0 ); - PUT_UINT32_BE( ctx->HH[8], h, 4 ); - PUT_UINT32_BE( ctx->HL[8] >> 32, h, 8 ); - PUT_UINT32_BE( ctx->HL[8], h, 12 ); + PUT_UINT32_BE(ctx->HH[8] >> 32, h, 0); + PUT_UINT32_BE(ctx->HH[8], h, 4); + PUT_UINT32_BE(ctx->HL[8] >> 32, h, 8); + PUT_UINT32_BE(ctx->HL[8], h, 12); - mbedtls_aesni_gcm_mult( output, x, h ); + mbedtls_aesni_gcm_mult(output, x, h); return; } #endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */ @@ -238,16 +229,14 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], zh = ctx->HH[lo]; zl = ctx->HL[lo]; - for( i = 15; i >= 0; i-- ) - { + for (i = 15; i >= 0; i--) { lo = x[i] & 0xf; - hi = ( x[i] >> 4 ) & 0xf; + hi = (x[i] >> 4) & 0xf; - if( i != 15 ) - { + if (i != 15) { rem = (unsigned char) zl & 0xf; - zl = ( zh << 60 ) | ( zl >> 4 ); - zh = ( zh >> 4 ); + zl = (zh << 60) | (zl >> 4); + zh = (zh >> 4); zh ^= (uint64_t) last4[rem] << 48; zh ^= ctx->HH[lo]; zl ^= ctx->HL[lo]; @@ -255,111 +244,102 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16], } rem = (unsigned char) zl & 0xf; - zl = ( zh << 60 ) | ( zl >> 4 ); - zh = ( zh >> 4 ); + zl = (zh << 60) | (zl >> 4); + zh = (zh >> 4); zh ^= (uint64_t) last4[rem] << 48; zh ^= ctx->HH[hi]; zl ^= ctx->HL[hi]; } - PUT_UINT32_BE( zh >> 32, output, 0 ); - PUT_UINT32_BE( zh, output, 4 ); - PUT_UINT32_BE( zl >> 32, output, 8 ); - PUT_UINT32_BE( zl, output, 12 ); + PUT_UINT32_BE(zh >> 32, output, 0); + PUT_UINT32_BE(zh, output, 4); + PUT_UINT32_BE(zl >> 32, output, 8); + PUT_UINT32_BE(zl, output, 12); } -int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, - int mode, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len ) -{ +int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, + int mode, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char work_buf[16]; size_t i; const unsigned char *p; size_t use_len, olen = 0; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( iv != NULL ); - GCM_VALIDATE_RET( add_len == 0 || add != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(iv != NULL); + GCM_VALIDATE_RET(add_len == 0 || add != NULL); /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ /* IV is not allowed to be zero length */ - if( iv_len == 0 || - ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) - { - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (iv_len == 0 || + ((uint64_t) iv_len) >> 61 != 0 || + ((uint64_t) add_len) >> 61 != 0) { + return (MBEDTLS_ERR_GCM_BAD_INPUT); } - memset( ctx->y, 0x00, sizeof(ctx->y) ); - memset( ctx->buf, 0x00, sizeof(ctx->buf) ); + memset(ctx->y, 0x00, sizeof(ctx->y)); + memset(ctx->buf, 0x00, sizeof(ctx->buf)); ctx->mode = mode; ctx->len = 0; ctx->add_len = 0; - if( iv_len == 12 ) - { - memcpy( ctx->y, iv, iv_len ); + if (iv_len == 12) { + memcpy(ctx->y, iv, iv_len); ctx->y[15] = 1; - } - else - { - memset( work_buf, 0x00, 16 ); - PUT_UINT32_BE( iv_len * 8, work_buf, 12 ); + } else { + memset(work_buf, 0x00, 16); + PUT_UINT32_BE(iv_len * 8, work_buf, 12); p = iv; - while( iv_len > 0 ) - { - use_len = ( iv_len < 16 ) ? iv_len : 16; + while (iv_len > 0) { + use_len = (iv_len < 16) ? iv_len : 16; - for( i = 0; i < use_len; i++ ) + for (i = 0; i < use_len; i++) ctx->y[i] ^= p[i]; - gcm_mult( ctx, ctx->y, ctx->y ); + gcm_mult(ctx, ctx->y, ctx->y); iv_len -= use_len; p += use_len; } - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) ctx->y[i] ^= work_buf[i]; - gcm_mult( ctx, ctx->y, ctx->y ); + gcm_mult(ctx, ctx->y, ctx->y); } - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, - ctx->base_ectr, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, + ctx->base_ectr, &olen)) != 0) { + return (ret); } ctx->add_len = add_len; p = add; - while( add_len > 0 ) - { - use_len = ( add_len < 16 ) ? add_len : 16; + while (add_len > 0) { + use_len = (add_len < 16) ? add_len : 16; - for( i = 0; i < use_len; i++ ) + for (i = 0; i < use_len; i++) ctx->buf[i] ^= p[i]; - gcm_mult( ctx, ctx->buf, ctx->buf ); + gcm_mult(ctx, ctx->buf, ctx->buf); add_len -= use_len; p += use_len; } - return( 0 ); + return (0); } -int mbedtls_gcm_update( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_gcm_update(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char ectr[16]; size_t i; @@ -367,180 +347,169 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, unsigned char *out_p = output; size_t use_len, olen = 0; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(length == 0 || input != NULL); + GCM_VALIDATE_RET(length == 0 || output != NULL); - if( output > input && (size_t) ( output - input ) < length ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (output > input && (size_t)(output - input) < length) + return (MBEDTLS_ERR_GCM_BAD_INPUT); /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes * Also check for possible overflow */ - if( ctx->len + length < ctx->len || - (uint64_t) ctx->len + length > 0xFFFFFFFE0ull ) - { - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (ctx->len + length < ctx->len || + (uint64_t) ctx->len + length > 0xFFFFFFFE0ull) { + return (MBEDTLS_ERR_GCM_BAD_INPUT); } ctx->len += length; p = input; - while( length > 0 ) - { - use_len = ( length < 16 ) ? length : 16; + while (length > 0) { + use_len = (length < 16) ? length : 16; - for( i = 16; i > 12; i-- ) - if( ++ctx->y[i - 1] != 0 ) + for (i = 16; i > 12; i--) + if (++ctx->y[i - 1] != 0) break; - if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr, - &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr, + &olen)) != 0) { + return (ret); } - for( i = 0; i < use_len; i++ ) - { - if( ctx->mode == MBEDTLS_GCM_DECRYPT ) + for (i = 0; i < use_len; i++) { + if (ctx->mode == MBEDTLS_GCM_DECRYPT) ctx->buf[i] ^= p[i]; out_p[i] = ectr[i] ^ p[i]; - if( ctx->mode == MBEDTLS_GCM_ENCRYPT ) + if (ctx->mode == MBEDTLS_GCM_ENCRYPT) ctx->buf[i] ^= out_p[i]; } - gcm_mult( ctx, ctx->buf, ctx->buf ); + gcm_mult(ctx, ctx->buf, ctx->buf); length -= use_len; p += use_len; out_p += use_len; } - return( 0 ); + return (0); } -int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, - unsigned char *tag, - size_t tag_len ) -{ +int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, + unsigned char *tag, + size_t tag_len) { unsigned char work_buf[16]; size_t i; uint64_t orig_len; uint64_t orig_add_len; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( tag != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(tag != NULL); orig_len = ctx->len * 8; orig_add_len = ctx->add_len * 8; - if( tag_len > 16 || tag_len < 4 ) - return( MBEDTLS_ERR_GCM_BAD_INPUT ); + if (tag_len > 16 || tag_len < 4) + return (MBEDTLS_ERR_GCM_BAD_INPUT); - memcpy( tag, ctx->base_ectr, tag_len ); + memcpy(tag, ctx->base_ectr, tag_len); - if( orig_len || orig_add_len ) - { - memset( work_buf, 0x00, 16 ); + if (orig_len || orig_add_len) { + memset(work_buf, 0x00, 16); - PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0 ); - PUT_UINT32_BE( ( orig_add_len ), work_buf, 4 ); - PUT_UINT32_BE( ( orig_len >> 32 ), work_buf, 8 ); - PUT_UINT32_BE( ( orig_len ), work_buf, 12 ); + PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0); + PUT_UINT32_BE((orig_add_len), work_buf, 4); + PUT_UINT32_BE((orig_len >> 32), work_buf, 8); + PUT_UINT32_BE((orig_len), work_buf, 12); - for( i = 0; i < 16; i++ ) + for (i = 0; i < 16; i++) ctx->buf[i] ^= work_buf[i]; - gcm_mult( ctx, ctx->buf, ctx->buf ); + gcm_mult(ctx, ctx->buf, ctx->buf); - for( i = 0; i < tag_len; i++ ) + for (i = 0; i < tag_len; i++) tag[i] ^= ctx->buf[i]; } - return( 0 ); + return (0); } -int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, - int mode, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *input, - unsigned char *output, - size_t tag_len, - unsigned char *tag ) -{ +int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx, + int mode, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *input, + unsigned char *output, + size_t tag_len, + unsigned char *tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( iv != NULL ); - GCM_VALIDATE_RET( add_len == 0 || add != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); - GCM_VALIDATE_RET( tag != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(iv != NULL); + GCM_VALIDATE_RET(add_len == 0 || add != NULL); + GCM_VALIDATE_RET(length == 0 || input != NULL); + GCM_VALIDATE_RET(length == 0 || output != NULL); + GCM_VALIDATE_RET(tag != NULL); - if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len, add, add_len)) != 0) + return (ret); - if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_gcm_update(ctx, length, input, output)) != 0) + return (ret); - if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_gcm_finish(ctx, tag, tag_len)) != 0) + return (ret); - return( 0 ); + return (0); } -int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *tag, - size_t tag_len, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *tag, + size_t tag_len, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char check_tag[16]; size_t i; int diff; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( iv != NULL ); - GCM_VALIDATE_RET( add_len == 0 || add != NULL ); - GCM_VALIDATE_RET( tag != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); + GCM_VALIDATE_RET(ctx != NULL); + GCM_VALIDATE_RET(iv != NULL); + GCM_VALIDATE_RET(add_len == 0 || add != NULL); + GCM_VALIDATE_RET(tag != NULL); + GCM_VALIDATE_RET(length == 0 || input != NULL); + GCM_VALIDATE_RET(length == 0 || output != NULL); - if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length, - iv, iv_len, add, add_len, - input, output, tag_len, check_tag ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length, + iv, iv_len, add, add_len, + input, output, tag_len, check_tag)) != 0) { + return (ret); } /* Check tag in "constant-time" */ - for( diff = 0, i = 0; i < tag_len; i++ ) + for (diff = 0, i = 0; i < tag_len; i++) diff |= tag[i] ^ check_tag[i]; - if( diff != 0 ) - { - mbedtls_platform_zeroize( output, length ); - return( MBEDTLS_ERR_GCM_AUTH_FAILED ); + if (diff != 0) { + mbedtls_platform_zeroize(output, length); + return (MBEDTLS_ERR_GCM_AUTH_FAILED); } - return( 0 ); + return (0); } -void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_gcm_free(mbedtls_gcm_context *ctx) { + if (ctx == NULL) return; - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); + mbedtls_cipher_free(&ctx->cipher_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); } #endif /* !MBEDTLS_GCM_ALT */ @@ -554,469 +523,527 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) #define MAX_TESTS 6 static const int key_index_test_data[MAX_TESTS] = - { 0, 0, 1, 1, 1, 1 }; +{ 0, 0, 1, 1, 1, 1 }; -static const unsigned char key_test_data[MAX_TESTS][32] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, +static const unsigned char key_test_data[MAX_TESTS][32] = { + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }, }; static const size_t iv_len_test_data[MAX_TESTS] = - { 12, 12, 12, 12, 8, 60 }; +{ 12, 12, 12, 12, 8, 60 }; static const int iv_index_test_data[MAX_TESTS] = - { 0, 0, 1, 1, 1, 2 }; +{ 0, 0, 1, 1, 1, 2 }; -static const unsigned char iv_test_data[MAX_TESTS][64] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 }, - { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, - 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, - 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, - 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, - 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, - 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, - 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, - 0xa6, 0x37, 0xb3, 0x9b }, +static const unsigned char iv_test_data[MAX_TESTS][64] = { + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + }, + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }, + { + 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b + }, }; static const size_t add_len_test_data[MAX_TESTS] = - { 0, 0, 0, 20, 20, 20 }; +{ 0, 0, 0, 20, 20, 20 }; static const int add_index_test_data[MAX_TESTS] = - { 0, 0, 0, 1, 1, 1 }; +{ 0, 0, 0, 1, 1, 1 }; -static const unsigned char additional_test_data[MAX_TESTS][64] = -{ +static const unsigned char additional_test_data[MAX_TESTS][64] = { { 0x00 }, - { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 }, + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }, }; static const size_t pt_len_test_data[MAX_TESTS] = - { 0, 16, 64, 60, 60, 60 }; +{ 0, 16, 64, 60, 60, 60 }; static const int pt_index_test_data[MAX_TESTS] = - { 0, 0, 1, 1, 1, 1 }; +{ 0, 0, 1, 1, 1, 1 }; -static const unsigned char pt_test_data[MAX_TESTS][64] = -{ - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 }, +static const unsigned char pt_test_data[MAX_TESTS][64] = { + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }, + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 + }, }; -static const unsigned char ct_test_data[MAX_TESTS * 3][64] = -{ +static const unsigned char ct_test_data[MAX_TESTS * 3][64] = { { 0x00 }, - { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, - 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 }, - { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 }, - { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, - 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, - 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, - 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, - 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, - 0x3d, 0x58, 0xe0, 0x91 }, - { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, - 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, - 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, - 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, - 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, - 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, - 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, - 0xc2, 0x3f, 0x45, 0x98 }, - { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, - 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, - 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, - 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, - 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, - 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, - 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, - 0x4c, 0x34, 0xae, 0xe5 }, + { + 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, + 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 + }, + { + 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 + }, + { + 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91 + }, + { + 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, + 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, + 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, + 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, + 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, + 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, + 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, + 0xc2, 0x3f, 0x45, 0x98 + }, + { + 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, + 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, + 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, + 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, + 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, + 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, + 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, + 0x4c, 0x34, 0xae, 0xe5 + }, { 0x00 }, - { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, - 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 }, - { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, - 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, - 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, - 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, - 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, - 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, - 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, - 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 }, - { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, - 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, - 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, - 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, - 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, - 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, - 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, - 0xcc, 0xda, 0x27, 0x10 }, - { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, - 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, - 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, - 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, - 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, - 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, - 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, - 0xa0, 0xf0, 0x62, 0xf7 }, - { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, - 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, - 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, - 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, - 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, - 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, - 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, - 0xe9, 0xb7, 0x37, 0x3b }, + { + 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41, + 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 + }, + { + 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, + 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, + 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, + 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, + 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, + 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, + 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, + 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 + }, + { + 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41, + 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57, + 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84, + 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c, + 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25, + 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47, + 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9, + 0xcc, 0xda, 0x27, 0x10 + }, + { + 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54, + 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8, + 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f, + 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57, + 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75, + 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9, + 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f, + 0xa0, 0xf0, 0x62, 0xf7 + }, + { + 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, + 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, + 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, + 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, + 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, + 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, + 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, + 0xe9, 0xb7, 0x37, 0x3b + }, { 0x00 }, - { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, - 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 }, - { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad }, - { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62 }, - { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, - 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, - 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, - 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, - 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, - 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, - 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, - 0xf4, 0x7c, 0x9b, 0x1f }, - { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, - 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, - 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, - 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, - 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, - 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, - 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, - 0x44, 0xae, 0x7e, 0x3f }, + { + 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, + 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 + }, + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad + }, + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }, + { + 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, + 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb, + 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, + 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, + 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0, + 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, + 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, + 0xf4, 0x7c, 0x9b, 0x1f + }, + { + 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1, + 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20, + 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19, + 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4, + 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45, + 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde, + 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e, + 0x44, 0xae, 0x7e, 0x3f + }, }; -static const unsigned char tag_test_data[MAX_TESTS * 3][16] = -{ - { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, - 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }, - { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, - 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }, - { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, - 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 }, - { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, - 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 }, - { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, - 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb }, - { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, - 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 }, - { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, - 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 }, - { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, - 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb }, - { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, - 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 }, - { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, - 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c }, - { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, - 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 }, - { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, - 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 }, - { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, - 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b }, - { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, - 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 }, - { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, - 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c }, - { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, - 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b }, - { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, - 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 }, - { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, - 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a }, +static const unsigned char tag_test_data[MAX_TESTS * 3][16] = { + { + 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, + 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a + }, + { + 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, + 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf + }, + { + 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, + 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 + }, + { + 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, + 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 + }, + { + 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, + 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb + }, + { + 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, + 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 + }, + { + 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b, + 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 + }, + { + 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab, + 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb + }, + { + 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf, + 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 + }, + { + 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f, + 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c + }, + { + 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24, + 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 + }, + { + 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, + 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 + }, + { + 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9, + 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b + }, + { + 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, + 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 + }, + { + 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd, + 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c + }, + { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + }, + { + 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, + 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 + }, + { + 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0, + 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a + }, }; -int mbedtls_gcm_self_test( int verbose ) -{ +int mbedtls_gcm_self_test(int verbose) { mbedtls_gcm_context ctx; unsigned char buf[64]; unsigned char tag_buf[16]; int i, j, ret; mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES; - for( j = 0; j < 3; j++ ) - { + for (j = 0; j < 3; j++) { int key_len = 128 + 64 * j; - for( i = 0; i < MAX_TESTS; i++ ) - { - mbedtls_gcm_init( &ctx ); + for (i = 0; i < MAX_TESTS; i++) { + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-GCM-%3d #%d (%s): ", + key_len, i, "enc"); - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); /* * AES-192 is an optional feature that may be unavailable when * there is an alternative underlying implementation i.e. when * MBEDTLS_AES_ALT is defined. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) { + mbedtls_printf("skipped\n"); break; - } - else if( ret != 0 ) - { + } else if (ret != 0) { goto exit; } - ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, - pt_len_test_data[i], - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i], - pt_test_data[pt_index_test_data[i]], - buf, 16, tag_buf ); + ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, + pt_len_test_data[i], + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i], + pt_test_data[pt_index_test_data[i]], + buf, 16, tag_buf); #if defined(MBEDTLS_GCM_ALT) /* Allow alternative implementations to only support 12-byte nonces. */ - if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && - iv_len_test_data[i] != 12 ) - { - mbedtls_printf( "skipped\n" ); + if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && + iv_len_test_data[i] != 12) { + mbedtls_printf("skipped\n"); break; } #endif /* defined(MBEDTLS_GCM_ALT) */ - if( ret != 0 ) + if (ret != 0) goto exit; - if ( memcmp( buf, ct_test_data[j * 6 + i], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, ct_test_data[j * 6 + i], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - mbedtls_gcm_init( &ctx ); + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "dec" ); + if (verbose != 0) + mbedtls_printf(" AES-GCM-%3d #%d (%s): ", + key_len, i, "dec"); - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); - if( ret != 0 ) + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); + if (ret != 0) goto exit; - ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT, - pt_len_test_data[i], - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i], - ct_test_data[j * 6 + i], buf, 16, tag_buf ); + ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT, + pt_len_test_data[i], + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i], + ct_test_data[j * 6 + i], buf, 16, tag_buf); - if( ret != 0 ) + if (ret != 0) goto exit; - if( memcmp( buf, pt_test_data[pt_index_test_data[i]], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, pt_test_data[pt_index_test_data[i]], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - mbedtls_gcm_init( &ctx ); + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "enc" ); + if (verbose != 0) + mbedtls_printf(" AES-GCM-%3d #%d split (%s): ", + key_len, i, "enc"); - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); - if( ret != 0 ) + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); + if (ret != 0) goto exit; - ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT, - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i] ); - if( ret != 0 ) + ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT, + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i]); + if (ret != 0) goto exit; - if( pt_len_test_data[i] > 32 ) - { + if (pt_len_test_data[i] > 32) { size_t rest_len = pt_len_test_data[i] - 32; - ret = mbedtls_gcm_update( &ctx, 32, - pt_test_data[pt_index_test_data[i]], - buf ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, 32, + pt_test_data[pt_index_test_data[i]], + buf); + if (ret != 0) goto exit; - ret = mbedtls_gcm_update( &ctx, rest_len, - pt_test_data[pt_index_test_data[i]] + 32, - buf + 32 ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, rest_len, + pt_test_data[pt_index_test_data[i]] + 32, + buf + 32); + if (ret != 0) goto exit; - } - else - { - ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i], - pt_test_data[pt_index_test_data[i]], - buf ); - if( ret != 0 ) + } else { + ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i], + pt_test_data[pt_index_test_data[i]], + buf); + if (ret != 0) goto exit; } - ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 ) + ret = mbedtls_gcm_finish(&ctx, tag_buf, 16); + if (ret != 0) goto exit; - if( memcmp( buf, ct_test_data[j * 6 + i], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, ct_test_data[j * 6 + i], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - mbedtls_gcm_init( &ctx ); + mbedtls_gcm_init(&ctx); - if( verbose != 0 ) - mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "dec" ); + if (verbose != 0) + mbedtls_printf(" AES-GCM-%3d #%d split (%s): ", + key_len, i, "dec"); - ret = mbedtls_gcm_setkey( &ctx, cipher, - key_test_data[key_index_test_data[i]], - key_len ); - if( ret != 0 ) + ret = mbedtls_gcm_setkey(&ctx, cipher, + key_test_data[key_index_test_data[i]], + key_len); + if (ret != 0) goto exit; - ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT, - iv_test_data[iv_index_test_data[i]], - iv_len_test_data[i], - additional_test_data[add_index_test_data[i]], - add_len_test_data[i] ); - if( ret != 0 ) + ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, + iv_test_data[iv_index_test_data[i]], + iv_len_test_data[i], + additional_test_data[add_index_test_data[i]], + add_len_test_data[i]); + if (ret != 0) goto exit; - if( pt_len_test_data[i] > 32 ) - { + if (pt_len_test_data[i] > 32) { size_t rest_len = pt_len_test_data[i] - 32; - ret = mbedtls_gcm_update( &ctx, 32, ct_test_data[j * 6 + i], - buf ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, 32, ct_test_data[j * 6 + i], + buf); + if (ret != 0) goto exit; - ret = mbedtls_gcm_update( &ctx, rest_len, - ct_test_data[j * 6 + i] + 32, - buf + 32 ); - if( ret != 0 ) + ret = mbedtls_gcm_update(&ctx, rest_len, + ct_test_data[j * 6 + i] + 32, + buf + 32); + if (ret != 0) goto exit; - } - else - { - ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i], - ct_test_data[j * 6 + i], - buf ); - if( ret != 0 ) + } else { + ret = mbedtls_gcm_update(&ctx, pt_len_test_data[i], + ct_test_data[j * 6 + i], + buf); + if (ret != 0) goto exit; } - ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 ) + ret = mbedtls_gcm_finish(&ctx, tag_buf, 16); + if (ret != 0) goto exit; - if( memcmp( buf, pt_test_data[pt_index_test_data[i]], - pt_len_test_data[i] ) != 0 || - memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 ) - { + if (memcmp(buf, pt_test_data[pt_index_test_data[i]], + pt_len_test_data[i]) != 0 || + memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { ret = 1; goto exit; } - mbedtls_gcm_free( &ctx ); + mbedtls_gcm_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); ret = 0; exit: - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - mbedtls_gcm_free( &ctx ); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); + mbedtls_gcm_free(&ctx); } - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/common/mbedtls/gcm.h b/common/mbedtls/gcm.h index 6b673616f..59c7886cf 100644 --- a/common/mbedtls/gcm.h +++ b/common/mbedtls/gcm.h @@ -60,8 +60,7 @@ extern "C" { /** * \brief The GCM context structure. */ -typedef struct mbedtls_gcm_context -{ +typedef struct mbedtls_gcm_context { mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ uint64_t HL[16]; /*!< Precalculated HTable low. */ uint64_t HH[16]; /*!< Precalculated HTable high. */ @@ -91,7 +90,7 @@ mbedtls_gcm_context; * * \param ctx The GCM context to initialize. This must not be \c NULL. */ -void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); +void mbedtls_gcm_init(mbedtls_gcm_context *ctx); /** * \brief This function associates a GCM context with a @@ -109,10 +108,10 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx ); * \return \c 0 on success. * \return A cipher-specific error code on failure. */ -int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits ); +int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits); /** * \brief This function performs GCM encryption or decryption of a buffer. @@ -165,17 +164,17 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, * not valid or a cipher-specific error code if the encryption * or decryption failed. */ -int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, - int mode, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *input, - unsigned char *output, - size_t tag_len, - unsigned char *tag ); +int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx, + int mode, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *input, + unsigned char *output, + size_t tag_len, + unsigned char *tag); /** * \brief This function performs a GCM authenticated decryption of a @@ -210,16 +209,16 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, * not valid or a cipher-specific error code if the decryption * failed. */ -int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len, - const unsigned char *tag, - size_t tag_len, - const unsigned char *input, - unsigned char *output ); +int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len, + const unsigned char *tag, + size_t tag_len, + const unsigned char *input, + unsigned char *output); /** * \brief This function starts a GCM encryption or decryption @@ -238,12 +237,12 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, * * \return \c 0 on success. */ -int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, - int mode, - const unsigned char *iv, - size_t iv_len, - const unsigned char *add, - size_t add_len ); +int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, + int mode, + const unsigned char *iv, + size_t iv_len, + const unsigned char *add, + size_t add_len); /** * \brief This function feeds an input buffer into an ongoing GCM @@ -270,10 +269,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ -int mbedtls_gcm_update( mbedtls_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output ); +int mbedtls_gcm_update(mbedtls_gcm_context *ctx, + size_t length, + const unsigned char *input, + unsigned char *output); /** * \brief This function finishes the GCM operation and generates @@ -291,9 +290,9 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. */ -int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, - unsigned char *tag, - size_t tag_len ); +int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, + unsigned char *tag, + size_t tag_len); /** * \brief This function clears a GCM context and the underlying @@ -302,7 +301,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, * \param ctx The GCM context to clear. If this is \c NULL, the call has * no effect. Otherwise, this must be initialized. */ -void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); +void mbedtls_gcm_free(mbedtls_gcm_context *ctx); #if defined(MBEDTLS_SELF_TEST) @@ -312,7 +311,7 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_gcm_self_test( int verbose ); +int mbedtls_gcm_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/havege.c b/common/mbedtls/havege.c index 2a360a150..1be2cf9a3 100644 --- a/common/mbedtls/havege.c +++ b/common/mbedtls/havege.c @@ -151,8 +151,7 @@ /* * Entropy gathering function */ -static void havege_fill( mbedtls_havege_state *hs ) -{ +static void havege_fill(mbedtls_havege_state *hs) { size_t n = 0; size_t i; uint32_t U1, U2, *A, *B, *C, *D; @@ -168,10 +167,9 @@ static void havege_fill( mbedtls_havege_state *hs ) (void)PTX; - memset( RES, 0, sizeof( RES ) ); + memset(RES, 0, sizeof(RES)); - while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 ) - { + while (n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4) { ONE_ITERATION ONE_ITERATION ONE_ITERATION @@ -188,50 +186,46 @@ static void havege_fill( mbedtls_havege_state *hs ) /* * HAVEGE initialization */ -void mbedtls_havege_init( mbedtls_havege_state *hs ) -{ - memset( hs, 0, sizeof( mbedtls_havege_state ) ); +void mbedtls_havege_init(mbedtls_havege_state *hs) { + memset(hs, 0, sizeof(mbedtls_havege_state)); - havege_fill( hs ); + havege_fill(hs); } -void mbedtls_havege_free( mbedtls_havege_state *hs ) -{ - if( hs == NULL ) +void mbedtls_havege_free(mbedtls_havege_state *hs) { + if (hs == NULL) return; - mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) ); + mbedtls_platform_zeroize(hs, sizeof(mbedtls_havege_state)); } /* * HAVEGE rand function */ -int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len ) -{ +int mbedtls_havege_random(void *p_rng, unsigned char *buf, size_t len) { uint32_t val; size_t use_len; mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng; unsigned char *p = buf; - while( len > 0 ) - { + while (len > 0) { use_len = len; - if( use_len > sizeof( val ) ) - use_len = sizeof( val ); + if (use_len > sizeof(val)) + use_len = sizeof(val); - if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE ) - havege_fill( hs ); + if (hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE) + havege_fill(hs); val = hs->pool[hs->offset[0]++]; val ^= hs->pool[hs->offset[1]++]; - memcpy( p, &val, use_len ); + memcpy(p, &val, use_len); len -= use_len; p += use_len; } - return( 0 ); + return (0); } #endif /* MBEDTLS_HAVEGE_C */ diff --git a/common/mbedtls/havege.h b/common/mbedtls/havege.h index 7d27039e8..7d042d196 100644 --- a/common/mbedtls/havege.h +++ b/common/mbedtls/havege.h @@ -40,8 +40,7 @@ extern "C" { /** * \brief HAVEGE state structure */ -typedef struct mbedtls_havege_state -{ +typedef struct mbedtls_havege_state { uint32_t PT1, PT2, offset[2]; uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE]; uint32_t WALK[8192]; @@ -53,14 +52,14 @@ mbedtls_havege_state; * * \param hs HAVEGE state to be initialized */ -void mbedtls_havege_init( mbedtls_havege_state *hs ); +void mbedtls_havege_init(mbedtls_havege_state *hs); /** * \brief Clear HAVEGE state * * \param hs HAVEGE state to be cleared */ -void mbedtls_havege_free( mbedtls_havege_state *hs ); +void mbedtls_havege_free(mbedtls_havege_state *hs); /** * \brief HAVEGE rand function @@ -71,7 +70,7 @@ void mbedtls_havege_free( mbedtls_havege_state *hs ); * * \return 0 */ -int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len ); +int mbedtls_havege_random(void *p_rng, unsigned char *output, size_t len); #ifdef __cplusplus } diff --git a/common/mbedtls/hkdf.c b/common/mbedtls/hkdf.c index 5013729d2..cf4000b07 100644 --- a/common/mbedtls/hkdf.c +++ b/common/mbedtls/hkdf.c @@ -25,47 +25,41 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, - size_t salt_len, const unsigned char *ikm, size_t ikm_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ) -{ +int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, + size_t salt_len, const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char prk[MBEDTLS_MD_MAX_SIZE]; - ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); + ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk); - if( ret == 0 ) - { - ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ), - info, info_len, okm, okm_len ); + if (ret == 0) { + ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md), + info, info_len, okm, okm_len); } - mbedtls_platform_zeroize( prk, sizeof( prk ) ); + mbedtls_platform_zeroize(prk, sizeof(prk)); - return( ret ); + return (ret); } -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk ) -{ +int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *prk) { unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; - if( salt == NULL ) - { + if (salt == NULL) { size_t hash_len; - if( salt_len != 0 ) - { + if (salt_len != 0) { return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } - hash_len = mbedtls_md_get_size( md ); + hash_len = mbedtls_md_get_size(md); - if( hash_len == 0 ) - { + if (hash_len == 0) { return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; } @@ -73,13 +67,12 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, salt_len = hash_len; } - return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) ); + return (mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk)); } -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, - size_t prk_len, const unsigned char *info, - size_t info_len, unsigned char *okm, size_t okm_len ) -{ +int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, + size_t prk_len, const unsigned char *info, + size_t info_len, unsigned char *okm, size_t okm_len) { size_t hash_len; size_t where = 0; size_t n; @@ -89,28 +82,24 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, mbedtls_md_context_t ctx; unsigned char t[MBEDTLS_MD_MAX_SIZE]; - if( okm == NULL ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); + if (okm == NULL) { + return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA); } - hash_len = mbedtls_md_get_size( md ); + hash_len = mbedtls_md_get_size(md); - if( prk_len < hash_len || hash_len == 0 ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); + if (prk_len < hash_len || hash_len == 0) { + return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA); } - if( info == NULL ) - { + if (info == NULL) { info = (const unsigned char *) ""; info_len = 0; } n = okm_len / hash_len; - if( okm_len % hash_len != 0 ) - { + if (okm_len % hash_len != 0) { n++; } @@ -118,72 +107,64 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, * Per RFC 5869 Section 2.3, okm_len must not exceed * 255 times the hash length */ - if( n > 255 ) - { - return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); + if (n > 255) { + return (MBEDTLS_ERR_HKDF_BAD_INPUT_DATA); } - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) { goto exit; } - memset( t, 0, hash_len ); + memset(t, 0, hash_len); /* * Compute T = T(1) | T(2) | T(3) | ... | T(N) * Where T(N) is defined in RFC 5869 Section 2.3 */ - for( i = 1; i <= n; i++ ) - { + for (i = 1; i <= n; i++) { size_t num_to_copy; unsigned char c = i & 0xff; - ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len); + if (ret != 0) { goto exit; } - ret = mbedtls_md_hmac_update( &ctx, t, t_len ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_update(&ctx, t, t_len); + if (ret != 0) { goto exit; } - ret = mbedtls_md_hmac_update( &ctx, info, info_len ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_update(&ctx, info, info_len); + if (ret != 0) { goto exit; } /* The constant concatenated to the end of each T(n) is a single octet. * */ - ret = mbedtls_md_hmac_update( &ctx, &c, 1 ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_update(&ctx, &c, 1); + if (ret != 0) { goto exit; } - ret = mbedtls_md_hmac_finish( &ctx, t ); - if( ret != 0 ) - { + ret = mbedtls_md_hmac_finish(&ctx, t); + if (ret != 0) { goto exit; } num_to_copy = i != n ? hash_len : okm_len - where; - memcpy( okm + where, t, num_to_copy ); + memcpy(okm + where, t, num_to_copy); where += hash_len; t_len = hash_len; } exit: - mbedtls_md_free( &ctx ); - mbedtls_platform_zeroize( t, sizeof( t ) ); + mbedtls_md_free(&ctx); + mbedtls_platform_zeroize(t, sizeof(t)); - return( ret ); + return (ret); } #endif /* MBEDTLS_HKDF_C */ diff --git a/common/mbedtls/hkdf.h b/common/mbedtls/hkdf.h index 2e6b36304..449b7a7a6 100644 --- a/common/mbedtls/hkdf.h +++ b/common/mbedtls/hkdf.h @@ -68,10 +68,10 @@ extern "C" { * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, - size_t salt_len, const unsigned char *ikm, size_t ikm_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ); +int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, + size_t salt_len, const unsigned char *ikm, size_t ikm_len, + const unsigned char *info, size_t info_len, + unsigned char *okm, size_t okm_len); /** * \brief Take the input keying material \p ikm and extract from it a @@ -97,10 +97,10 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk ); +int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, + const unsigned char *salt, size_t salt_len, + const unsigned char *ikm, size_t ikm_len, + unsigned char *prk); /** * \brief Expand the supplied \p prk into several additional pseudorandom @@ -128,9 +128,9 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md, * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying * MD layer. */ -int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, - size_t prk_len, const unsigned char *info, - size_t info_len, unsigned char *okm, size_t okm_len ); +int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, + size_t prk_len, const unsigned char *info, + size_t info_len, unsigned char *okm, size_t okm_len); #ifdef __cplusplus } diff --git a/common/mbedtls/hmac_drbg.c b/common/mbedtls/hmac_drbg.c index de9706885..a6fabb619 100644 --- a/common/mbedtls/hmac_drbg.c +++ b/common/mbedtls/hmac_drbg.c @@ -49,9 +49,8 @@ /* * HMAC_DRBG context initialization */ -void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) ); +void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_hmac_drbg_context)); ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL; } @@ -59,74 +58,69 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) /* * HMAC_DRBG update, using optional additional data (10.1.2.2) */ -int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) -{ - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); - unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1; +int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { + size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info); + unsigned char rounds = (additional != NULL && add_len != 0) ? 2 : 1; unsigned char sep[1]; unsigned char K[MBEDTLS_MD_MAX_SIZE]; int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA; - for( sep[0] = 0; sep[0] < rounds; sep[0]++ ) - { + for (sep[0] = 0; sep[0] < rounds; sep[0]++) { /* Step 1 or 4 */ - if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - ctx->V, md_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + ctx->V, md_len)) != 0) goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - sep, 1 ) ) != 0 ) - goto exit; - if( rounds == 2 ) - { - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - additional, add_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + sep, 1)) != 0) goto exit; + if (rounds == 2) { + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + additional, add_len)) != 0) + goto exit; } - if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, K)) != 0) goto exit; /* Step 2 or 5 */ - if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, K, md_len)) != 0) goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - ctx->V, md_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + ctx->V, md_len)) != 0) goto exit; - if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) goto exit; } exit: - mbedtls_platform_zeroize( K, sizeof( K ) ); - return( ret ); + mbedtls_platform_zeroize(K, sizeof(K)); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) -{ - (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len ); +void mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, + size_t add_len) { + (void) mbedtls_hmac_drbg_update_ret(ctx, additional, add_len); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ /* * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ -int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - const unsigned char *data, size_t data_len ) -{ +int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + const unsigned char *data, size_t data_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) + return (ret); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif /* @@ -134,15 +128,15 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * Use the V memory location, which is currently all 0, to initialize the * MD context with an all-zero key. Then set V to its initial value. */ - if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, - mbedtls_md_get_size( md_info ) ) ) != 0 ) - return( ret ); - memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) ); + if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, + mbedtls_md_get_size(md_info))) != 0) + return (ret); + memset(ctx->V, 0x01, mbedtls_md_get_size(md_info)); - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, data, data_len)) != 0) + return (ret); - return( 0 ); + return (0); } /* @@ -150,10 +144,9 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * Comments starting with arabic numbers refer to section 10.1.2.4 * of SP800-90A, while roman numbers refer to section 9.2. */ -static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len, - int use_nonce ) -{ +static int hmac_drbg_reseed_core(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t len, + int use_nonce) { unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -161,33 +154,30 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, { size_t total_entropy_len; - if( use_nonce == 0 ) + if (use_nonce == 0) total_entropy_len = ctx->entropy_len; else total_entropy_len = ctx->entropy_len * 3 / 2; /* III. Check input length */ - if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT || - total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ) - { - return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG ); + if (len > MBEDTLS_HMAC_DRBG_MAX_INPUT || + total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) { + return (MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG); } } - memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); + memset(seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT); /* IV. Gather entropy_len bytes of entropy for the seed */ - if( ( ret = ctx->f_entropy( ctx->p_entropy, - seed, ctx->entropy_len ) ) != 0 ) - { - return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED ); + if ((ret = ctx->f_entropy(ctx->p_entropy, + seed, ctx->entropy_len)) != 0) { + return (MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED); } seedlen += ctx->entropy_len; /* For initial seeding, allow adding of nonce generated * from the entropy source. See Sect 8.6.7 in SP800-90A. */ - if( use_nonce ) - { + if (use_nonce) { /* Note: We don't merge the two calls to f_entropy() in order * to avoid requesting too much entropy from f_entropy() * at once. Specifically, if the underlying digest is not @@ -195,11 +185,10 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, * is larger than the maximum of 32 Bytes that our own * entropy source implementation can emit in a single * call in configurations disabling SHA-512. */ - if( ( ret = ctx->f_entropy( ctx->p_entropy, - seed + seedlen, - ctx->entropy_len / 2 ) ) != 0 ) - { - return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED ); + if ((ret = ctx->f_entropy(ctx->p_entropy, + seed + seedlen, + ctx->entropy_len / 2)) != 0) { + return (MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED); } seedlen += ctx->entropy_len / 2; @@ -207,14 +196,13 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, /* 1. Concatenate entropy and additional data if any */ - if( additional != NULL && len != 0 ) - { - memcpy( seed + seedlen, additional, len ); + if (additional != NULL && len != 0) { + memcpy(seed + seedlen, additional, len); seedlen += len; } /* 2. Update state */ - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 ) + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, seed, seedlen)) != 0) goto exit; /* 3. Reset reseed_counter */ @@ -222,17 +210,16 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, exit: /* 4. Done */ - mbedtls_platform_zeroize( seed, seedlen ); - return( ret ); + mbedtls_platform_zeroize(seed, seedlen); + return (ret); } /* * HMAC_DRBG reseeding: 10.1.2.4 + 9.2 */ -int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len ) -{ - return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) ); +int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t len) { + return (hmac_drbg_reseed_core(ctx, additional, len, 0)); } /* @@ -241,40 +228,38 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, * The nonce is not passed as a separate parameter but extracted * from the entropy source as suggested in 8.6.7. */ -int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ) -{ +int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t md_size; - if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md_setup(&ctx->md_ctx, md_info, 1)) != 0) + return (ret); /* The mutex is initialized iff the md context is set up. */ #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif - md_size = mbedtls_md_get_size( md_info ); + md_size = mbedtls_md_get_size(md_info); /* * Set initial working state. * Use the V memory location, which is currently all 0, to initialize the * MD context with an all-zero key. Then set V to its initial value. */ - if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 ) - return( ret ); - memset( ctx->V, 0x01, md_size ); + if ((ret = mbedtls_md_hmac_starts(&ctx->md_ctx, ctx->V, md_size)) != 0) + return (ret); + memset(ctx->V, 0x01, md_size); ctx->f_entropy = f_entropy; ctx->p_entropy = p_entropy; - if( ctx->entropy_len == 0 ) - { + if (ctx->entropy_len == 0) { /* * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by * each hash function, then according to SP800-90A rev1 10.1 table 2, @@ -287,37 +272,33 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, 32; /* better (256+) -> 256 bits */ } - if( ( ret = hmac_drbg_reseed_core( ctx, custom, len, - 1 /* add nonce */ ) ) != 0 ) - { - return( ret ); + if ((ret = hmac_drbg_reseed_core(ctx, custom, len, + 1 /* add nonce */)) != 0) { + return (ret); } - return( 0 ); + return (0); } /* * Set prediction resistance */ -void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx, - int resistance ) -{ +void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx, + int resistance) { ctx->prediction_resistance = resistance; } /* * Set entropy length grabbed for seeding */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len ) -{ +void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, size_t len) { ctx->entropy_len = len; } /* * Set reseed interval */ -void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval ) -{ +void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, int interval) { ctx->reseed_interval = interval; } @@ -325,64 +306,60 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int * HMAC_DRBG random function with optional additional data: * 10.1.2.5 (arabic) + 9.3 (Roman) */ -int mbedtls_hmac_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t out_len, - const unsigned char *additional, size_t add_len ) -{ +int mbedtls_hmac_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t out_len, + const unsigned char *additional, size_t add_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; - size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); + size_t md_len = mbedtls_md_get_size(ctx->md_ctx.md_info); size_t left = out_len; unsigned char *out = output; /* II. Check request length */ - if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST ) - return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG ); + if (out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST) + return (MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG); /* III. Check input length */ - if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT ) - return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG ); + if (add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT) + return (MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG); /* 1. (aka VII and IX) Check reseed counter and PR */ - if( ctx->f_entropy != NULL && /* For no-reseeding instances */ - ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON || - ctx->reseed_counter > ctx->reseed_interval ) ) - { - if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 ) - return( ret ); + if (ctx->f_entropy != NULL && /* For no-reseeding instances */ + (ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON || + ctx->reseed_counter > ctx->reseed_interval)) { + if ((ret = mbedtls_hmac_drbg_reseed(ctx, additional, add_len)) != 0) + return (ret); add_len = 0; /* VII.4 */ } /* 2. Use additional data if any */ - if( additional != NULL && add_len != 0 ) - { - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, - additional, add_len ) ) != 0 ) + if (additional != NULL && add_len != 0) { + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, + additional, add_len)) != 0) goto exit; } /* 3, 4, 5. Generate bytes */ - while( left != 0 ) - { + while (left != 0) { size_t use_len = left > md_len ? md_len : left; - if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(&ctx->md_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx, - ctx->V, md_len ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(&ctx->md_ctx, + ctx->V, md_len)) != 0) goto exit; - if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(&ctx->md_ctx, ctx->V)) != 0) goto exit; - memcpy( out, ctx->V, use_len ); + memcpy(out, ctx->V, use_len); out += use_len; left -= use_len; } /* 6. Update */ - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, - additional, add_len ) ) != 0 ) + if ((ret = mbedtls_hmac_drbg_update_ret(ctx, + additional, add_len)) != 0) goto exit; /* 7. Update reseed counter */ @@ -390,66 +367,62 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, exit: /* 8. Done */ - return( ret ); + return (ret); } /* * HMAC_DRBG random function */ -int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len ) -{ +int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 ); + ret = mbedtls_hmac_drbg_random_with_add(ctx, output, out_len, NULL, 0); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } /* * This function resets HMAC_DRBG context to the state immediately * after initial call of mbedtls_hmac_drbg_init(). */ -void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx) { + if (ctx == NULL) return; #if defined(MBEDTLS_THREADING_C) /* The mutex is initialized iff the md context is set up. */ - if( ctx->md_ctx.md_info != NULL ) - mbedtls_mutex_free( &ctx->mutex ); + if (ctx->md_ctx.md_info != NULL) + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_md_free( &ctx->md_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_md_free(&ctx->md_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_hmac_drbg_context)); ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL; } #if defined(MBEDTLS_FS_IO) -int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) -{ +int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; - if( ( f = fopen( path, "wb" ) ) == NULL ) - return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "wb")) == NULL) + return (MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR); - if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 ) + if ((ret = mbedtls_hmac_drbg_random(ctx, buf, sizeof(buf))) != 0) goto exit; - if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) ) - { + if (fwrite(buf, 1, sizeof(buf), f) != sizeof(buf)) { ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; goto exit; } @@ -457,46 +430,43 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha ret = 0; exit: - fclose( f ); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + fclose(f); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return (ret); } -int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) -{ +int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path) { int ret = 0; FILE *f = NULL; size_t n; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; unsigned char c; - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) + return (MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR); - n = fread( buf, 1, sizeof( buf ), f ); - if( fread( &c, 1, 1, f ) != 0 ) - { + n = fread(buf, 1, sizeof(buf), f); + if (fread(&c, 1, 1, f) != 0) { ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG; goto exit; } - if( n == 0 || ferror( f ) ) - { + if (n == 0 || ferror(f)) { ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR; goto exit; } - fclose( f ); + fclose(f); f = NULL; - ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); + ret = mbedtls_hmac_drbg_update_ret(ctx, buf, n); exit: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - if( f != NULL ) - fclose( f ); - if( ret != 0 ) - return( ret ); - return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + if (f != NULL) + fclose(f); + if (ret != 0) + return (ret); + return (mbedtls_hmac_drbg_write_seed_file(ctx, path)); } #endif /* MBEDTLS_FS_IO */ @@ -505,10 +475,9 @@ exit: #if !defined(MBEDTLS_SHA1_C) /* Dummy checkup routine */ -int mbedtls_hmac_drbg_self_test( int verbose ) -{ +int mbedtls_hmac_drbg_self_test(int verbose) { (void) verbose; - return( 0 ); + return (0); } #else @@ -520,7 +489,8 @@ static const unsigned char entropy_pr[] = { 0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11, 0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42, 0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3, - 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 }; + 0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 +}; static const unsigned char result_pr[OUTPUT_LEN] = { 0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39, 0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94, @@ -528,14 +498,16 @@ static const unsigned char result_pr[OUTPUT_LEN] = { 0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e, 0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab, 0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3, - 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 }; + 0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 +}; /* From a NIST PR=false test vector */ static const unsigned char entropy_nopr[] = { 0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66, 0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8, 0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3, - 0xe9, 0x9d, 0xfe, 0xdf }; + 0xe9, 0x9d, 0xfe, 0xdf +}; static const unsigned char result_nopr[OUTPUT_LEN] = { 0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f, 0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6, @@ -543,17 +515,17 @@ static const unsigned char result_nopr[OUTPUT_LEN] = { 0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec, 0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd, 0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49, - 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 }; + 0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 +}; /* "Entropy" from buffer */ static size_t test_offset; -static int hmac_drbg_self_test_entropy( void *data, - unsigned char *buf, size_t len ) -{ +static int hmac_drbg_self_test_entropy(void *data, + unsigned char *buf, size_t len) { const unsigned char *p = data; - memcpy( buf, p + test_offset, len ); + memcpy(buf, p + test_offset, len); test_offset += len; - return( 0 ); + return (0); } #define CHK( c ) if( (c) != 0 ) \ @@ -566,62 +538,61 @@ static int hmac_drbg_self_test_entropy( void *data, /* * Checkup routine for HMAC_DRBG with SHA-1 */ -int mbedtls_hmac_drbg_self_test( int verbose ) -{ +int mbedtls_hmac_drbg_self_test(int verbose) { mbedtls_hmac_drbg_context ctx; unsigned char buf[OUTPUT_LEN]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - mbedtls_hmac_drbg_init( &ctx ); + mbedtls_hmac_drbg_init(&ctx); /* * PR = True */ - if( verbose != 0 ) - mbedtls_printf( " HMAC_DRBG (PR = True) : " ); + if (verbose != 0) + mbedtls_printf(" HMAC_DRBG (PR = True) : "); test_offset = 0; - CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, - hmac_drbg_self_test_entropy, (void *) entropy_pr, - NULL, 0 ) ); - mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( memcmp( buf, result_pr, OUTPUT_LEN ) ); - mbedtls_hmac_drbg_free( &ctx ); + CHK(mbedtls_hmac_drbg_seed(&ctx, md_info, + hmac_drbg_self_test_entropy, (void *) entropy_pr, + NULL, 0)); + mbedtls_hmac_drbg_set_prediction_resistance(&ctx, MBEDTLS_HMAC_DRBG_PR_ON); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(memcmp(buf, result_pr, OUTPUT_LEN)); + mbedtls_hmac_drbg_free(&ctx); - mbedtls_hmac_drbg_free( &ctx ); + mbedtls_hmac_drbg_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); /* * PR = False */ - if( verbose != 0 ) - mbedtls_printf( " HMAC_DRBG (PR = False) : " ); + if (verbose != 0) + mbedtls_printf(" HMAC_DRBG (PR = False) : "); - mbedtls_hmac_drbg_init( &ctx ); + mbedtls_hmac_drbg_init(&ctx); test_offset = 0; - CHK( mbedtls_hmac_drbg_seed( &ctx, md_info, - hmac_drbg_self_test_entropy, (void *) entropy_nopr, - NULL, 0 ) ); - CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) ); - CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) ); - mbedtls_hmac_drbg_free( &ctx ); + CHK(mbedtls_hmac_drbg_seed(&ctx, md_info, + hmac_drbg_self_test_entropy, (void *) entropy_nopr, + NULL, 0)); + CHK(mbedtls_hmac_drbg_reseed(&ctx, NULL, 0)); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(mbedtls_hmac_drbg_random(&ctx, buf, OUTPUT_LEN)); + CHK(memcmp(buf, result_nopr, OUTPUT_LEN)); + mbedtls_hmac_drbg_free(&ctx); - mbedtls_hmac_drbg_free( &ctx ); + mbedtls_hmac_drbg_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/hmac_drbg.h b/common/mbedtls/hmac_drbg.h index fa33611f2..f380f9234 100644 --- a/common/mbedtls/hmac_drbg.h +++ b/common/mbedtls/hmac_drbg.h @@ -82,8 +82,7 @@ extern "C" { /** * HMAC_DRBG context. */ -typedef struct mbedtls_hmac_drbg_context -{ +typedef struct mbedtls_hmac_drbg_context { /* Working state: the key K is not stored explicitly, * but is implied by the HMAC context */ mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */ @@ -125,7 +124,7 @@ typedef struct mbedtls_hmac_drbg_context * * \param ctx HMAC_DRBG context to be initialized. */ -void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); +void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx); /** * \brief HMAC_DRBG initial seeding. @@ -195,12 +194,12 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ); * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED * if the call to \p f_entropy failed. */ -int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - int (*f_entropy)(void *, unsigned char *, size_t), - void *p_entropy, - const unsigned char *custom, - size_t len ); +int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + int (*f_entropy)(void *, unsigned char *, size_t), + void *p_entropy, + const unsigned char *custom, + size_t len); /** * \brief Initilisation of simpified HMAC_DRBG (never reseeds). @@ -230,9 +229,9 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, * \return #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough * memory to allocate context data. */ -int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, - const mbedtls_md_info_t * md_info, - const unsigned char *data, size_t data_len ); +int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx, + const mbedtls_md_info_t *md_info, + const unsigned char *data, size_t data_len); /** * \brief This function turns prediction resistance on or off. @@ -247,8 +246,8 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, * \param ctx The HMAC_DRBG context. * \param resistance #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF. */ -void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx, - int resistance ); +void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx, + int resistance); /** * \brief This function sets the amount of entropy grabbed on each @@ -259,8 +258,8 @@ void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx * \param ctx The HMAC_DRBG context. * \param len The amount of entropy to grab, in bytes. */ -void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, - size_t len ); +void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx, + size_t len); /** * \brief Set the reseed interval. @@ -274,8 +273,8 @@ void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, * \param ctx The HMAC_DRBG context. * \param interval The reseed interval. */ -void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, - int interval ); +void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx, + int interval); /** * \brief This function updates the state of the HMAC_DRBG context. @@ -294,8 +293,8 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, * \return \c 0 on success, or an error from the underlying * hash calculation. */ -int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); +int mbedtls_hmac_drbg_update_ret(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t add_len); /** * \brief This function reseeds the HMAC_DRBG context, that is @@ -321,8 +320,8 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED * if a call to the entropy function failed. */ -int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t len ); +int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t len); /** * \brief This function updates an HMAC_DRBG instance with additional @@ -355,10 +354,10 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx, * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if * \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT. */ -int mbedtls_hmac_drbg_random_with_add( void *p_rng, - unsigned char *output, size_t output_len, - const unsigned char *additional, - size_t add_len ); +int mbedtls_hmac_drbg_random_with_add(void *p_rng, + unsigned char *output, size_t output_len, + const unsigned char *additional, + size_t add_len); /** * \brief This function uses HMAC_DRBG to generate random data. @@ -387,7 +386,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, * \return #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if * \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST. */ -int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len ); +int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len); /** * \brief This function resets HMAC_DRBG context to the state immediately @@ -395,7 +394,7 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len * * \param ctx The HMAC_DRBG context to free. */ -void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); +void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx); #if ! defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -417,7 +416,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); */ MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); + const unsigned char *additional, size_t add_len); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -433,7 +432,7 @@ MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update( * \return #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed * failure. */ -int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ); +int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path); /** * \brief This function reads and updates a seed file. The seed @@ -449,7 +448,7 @@ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const cha * \return #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing * seed file is too large. */ -int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ); +int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ @@ -460,7 +459,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch * \return \c 0 if successful. * \return \c 1 if the test failed. */ -int mbedtls_hmac_drbg_self_test( int verbose ); +int mbedtls_hmac_drbg_self_test(int verbose); #endif #ifdef __cplusplus diff --git a/common/mbedtls/md.c b/common/mbedtls/md.c index a10a83563..9e0991914 100644 --- a/common/mbedtls/md.c +++ b/common/mbedtls/md.c @@ -137,174 +137,166 @@ const mbedtls_md_info_t mbedtls_sha512_info = { static const int supported_digests[] = { #if defined(MBEDTLS_SHA512_C) - MBEDTLS_MD_SHA512, + MBEDTLS_MD_SHA512, #if !defined(MBEDTLS_SHA512_NO_SHA384) - MBEDTLS_MD_SHA384, + MBEDTLS_MD_SHA384, #endif #endif #if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, - MBEDTLS_MD_SHA224, + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA224, #endif #if defined(MBEDTLS_SHA1_C) - MBEDTLS_MD_SHA1, + MBEDTLS_MD_SHA1, #endif #if defined(MBEDTLS_RIPEMD160_C) - MBEDTLS_MD_RIPEMD160, + MBEDTLS_MD_RIPEMD160, #endif #if defined(MBEDTLS_MD5_C) - MBEDTLS_MD_MD5, + MBEDTLS_MD_MD5, #endif #if defined(MBEDTLS_MD4_C) - MBEDTLS_MD_MD4, + MBEDTLS_MD_MD4, #endif #if defined(MBEDTLS_MD2_C) - MBEDTLS_MD_MD2, + MBEDTLS_MD_MD2, #endif - MBEDTLS_MD_NONE + MBEDTLS_MD_NONE }; -const int *mbedtls_md_list( void ) -{ - return( supported_digests ); +const int *mbedtls_md_list(void) { + return (supported_digests); } -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) -{ - if( NULL == md_name ) - return( NULL ); +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) { + if (NULL == md_name) + return (NULL); /* Get the appropriate digest information */ #if defined(MBEDTLS_MD2_C) - if( !strcmp( "MD2", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 ); + if (!strcmp("MD2", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_MD2); #endif #if defined(MBEDTLS_MD4_C) - if( !strcmp( "MD4", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 ); + if (!strcmp("MD4", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_MD4); #endif #if defined(MBEDTLS_MD5_C) - if( !strcmp( "MD5", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ); + if (!strcmp("MD5", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); #endif #if defined(MBEDTLS_RIPEMD160_C) - if( !strcmp( "RIPEMD160", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 ); + if (!strcmp("RIPEMD160", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); #endif #if defined(MBEDTLS_SHA1_C) - if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); + if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); #endif #if defined(MBEDTLS_SHA256_C) - if( !strcmp( "SHA224", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 ); - if( !strcmp( "SHA256", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ); + if (!strcmp("SHA224", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); + if (!strcmp("SHA256", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) - if( !strcmp( "SHA384", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 ); + if (!strcmp("SHA384", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); #endif - if( !strcmp( "SHA512", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 ); + if (!strcmp("SHA512", md_name)) + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); #endif - return( NULL ); + return (NULL); } -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) -{ - switch( md_type ) - { +const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { + switch (md_type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( &mbedtls_md2_info ); + return (&mbedtls_md2_info); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( &mbedtls_md4_info ); + return (&mbedtls_md4_info); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( &mbedtls_md5_info ); + return (&mbedtls_md5_info); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( &mbedtls_ripemd160_info ); + return (&mbedtls_ripemd160_info); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( &mbedtls_sha1_info ); + return (&mbedtls_sha1_info); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( &mbedtls_sha224_info ); + return (&mbedtls_sha224_info); case MBEDTLS_MD_SHA256: - return( &mbedtls_sha256_info ); + return (&mbedtls_sha256_info); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( &mbedtls_sha384_info ); + return (&mbedtls_sha384_info); #endif case MBEDTLS_MD_SHA512: - return( &mbedtls_sha512_info ); + return (&mbedtls_sha512_info); #endif default: - return( NULL ); + return (NULL); } } -void mbedtls_md_init( mbedtls_md_context_t *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); +void mbedtls_md_init(mbedtls_md_context_t *ctx) { + memset(ctx, 0, sizeof(mbedtls_md_context_t)); } -void mbedtls_md_free( mbedtls_md_context_t *ctx ) -{ - if( ctx == NULL || ctx->md_info == NULL ) +void mbedtls_md_free(mbedtls_md_context_t *ctx) { + if (ctx == NULL || ctx->md_info == NULL) return; - if( ctx->md_ctx != NULL ) - { - switch( ctx->md_info->type ) - { + if (ctx->md_ctx != NULL) { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - mbedtls_md2_free( ctx->md_ctx ); + mbedtls_md2_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - mbedtls_md4_free( ctx->md_ctx ); + mbedtls_md4_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - mbedtls_md5_free( ctx->md_ctx ); + mbedtls_md5_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - mbedtls_ripemd160_free( ctx->md_ctx ); + mbedtls_ripemd160_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - mbedtls_sha1_free( ctx->md_ctx ); + mbedtls_sha1_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - mbedtls_sha256_free( ctx->md_ctx ); + mbedtls_sha256_free(ctx->md_ctx); break; #endif #if defined(MBEDTLS_SHA512_C) @@ -312,67 +304,63 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - mbedtls_sha512_free( ctx->md_ctx ); + mbedtls_sha512_free(ctx->md_ctx); break; #endif default: /* Shouldn't happen */ break; } - mbedtls_free( ctx->md_ctx ); + mbedtls_free(ctx->md_ctx); } - if( ctx->hmac_ctx != NULL ) - { - mbedtls_platform_zeroize( ctx->hmac_ctx, - 2 * ctx->md_info->block_size ); - mbedtls_free( ctx->hmac_ctx ); + if (ctx->hmac_ctx != NULL) { + mbedtls_platform_zeroize(ctx->hmac_ctx, + 2 * ctx->md_info->block_size); + mbedtls_free(ctx->hmac_ctx); } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); } -int mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ) -{ - if( dst == NULL || dst->md_info == NULL || - src == NULL || src->md_info == NULL || - dst->md_info != src->md_info ) - { - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_clone(mbedtls_md_context_t *dst, + const mbedtls_md_context_t *src) { + if (dst == NULL || dst->md_info == NULL || + src == NULL || src->md_info == NULL || + dst->md_info != src->md_info) { + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } - switch( src->md_info->type ) - { + switch (src->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - mbedtls_md2_clone( dst->md_ctx, src->md_ctx ); + mbedtls_md2_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - mbedtls_md4_clone( dst->md_ctx, src->md_ctx ); + mbedtls_md4_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - mbedtls_md5_clone( dst->md_ctx, src->md_ctx ); + mbedtls_md5_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - mbedtls_ripemd160_clone( dst->md_ctx, src->md_ctx ); + mbedtls_ripemd160_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - mbedtls_sha1_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha1_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - mbedtls_sha256_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha256_clone(dst->md_ctx, src->md_ctx); break; #endif #if defined(MBEDTLS_SHA512_C) @@ -380,20 +368,19 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - mbedtls_sha512_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha512_clone(dst->md_ctx, src->md_ctx); break; #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } - return( 0 ); + return (0); } #if ! defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) -{ - return mbedtls_md_setup( ctx, md_info, 1 ); +int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info) { + return mbedtls_md_setup(ctx, md_info, 1); } #endif @@ -406,46 +393,44 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ } \ while( 0 ) -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) -{ - if( md_info == NULL || ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) { + if (md_info == NULL || ctx == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); ctx->md_info = md_info; ctx->md_ctx = NULL; ctx->hmac_ctx = NULL; - switch( md_info->type ) - { + switch (md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - ALLOC( md2 ); + ALLOC(md2); break; #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - ALLOC( md4 ); + ALLOC(md4); break; #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - ALLOC( md5 ); + ALLOC(md5); break; #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - ALLOC( ripemd160 ); + ALLOC(ripemd160); break; #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - ALLOC( sha1 ); + ALLOC(sha1); break; #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - ALLOC( sha256 ); + ALLOC(sha256); break; #endif #if defined(MBEDTLS_SHA512_C) @@ -453,266 +438,253 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - ALLOC( sha512 ); + ALLOC(sha512); break; #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } - if( hmac != 0 ) - { - ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); - if( ctx->hmac_ctx == NULL ) - { - mbedtls_md_free( ctx ); - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + if (hmac != 0) { + ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); + if (ctx->hmac_ctx == NULL) { + mbedtls_md_free(ctx); + return (MBEDTLS_ERR_MD_ALLOC_FAILED); } } - return( 0 ); + return (0); } #undef ALLOC -int mbedtls_md_starts( mbedtls_md_context_t *ctx ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_starts(mbedtls_md_context_t *ctx) { + if (ctx == NULL || ctx->md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_starts_ret( ctx->md_ctx ) ); + return (mbedtls_md2_starts_ret(ctx->md_ctx)); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_starts_ret( ctx->md_ctx ) ); + return (mbedtls_md4_starts_ret(ctx->md_ctx)); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_starts_ret( ctx->md_ctx ) ); + return (mbedtls_md5_starts_ret(ctx->md_ctx)); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) ); + return (mbedtls_ripemd160_starts_ret(ctx->md_ctx)); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_starts_ret( ctx->md_ctx ) ); + return (mbedtls_sha1_starts_ret(ctx->md_ctx)); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) ); + return (mbedtls_sha256_starts_ret(ctx->md_ctx, 1)); case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) ); + return (mbedtls_sha256_starts_ret(ctx->md_ctx, 0)); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) ); + return (mbedtls_sha512_starts_ret(ctx->md_ctx, 1)); #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) ); + return (mbedtls_sha512_starts_ret(ctx->md_ctx, 0)); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } } -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) { + if (ctx == NULL || ctx->md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_md2_update_ret(ctx->md_ctx, input, ilen)); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_md4_update_ret(ctx->md_ctx, input, ilen)); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_md5_update_ret(ctx->md_ctx, input, ilen)); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_ripemd160_update_ret(ctx->md_ctx, input, ilen)); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_sha1_update_ret(ctx->md_ctx, input, ilen)); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_sha256_update_ret(ctx->md_ctx, input, ilen)); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); + return (mbedtls_sha512_update_ret(ctx->md_ctx, input, ilen)); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } } -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) { + if (ctx == NULL || ctx->md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_md2_finish_ret(ctx->md_ctx, output)); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_md4_finish_ret(ctx->md_ctx, output)); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_md5_finish_ret(ctx->md_ctx, output)); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_ripemd160_finish_ret(ctx->md_ctx, output)); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_sha1_finish_ret(ctx->md_ctx, output)); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_sha256_finish_ret(ctx->md_ctx, output)); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); + return (mbedtls_sha512_finish_ret(ctx->md_ctx, output)); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } } -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, + unsigned char *output) { + if (md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - switch( md_info->type ) - { + switch (md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_ret( input, ilen, output ) ); + return (mbedtls_md2_ret(input, ilen, output)); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_ret( input, ilen, output ) ); + return (mbedtls_md4_ret(input, ilen, output)); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_ret( input, ilen, output ) ); + return (mbedtls_md5_ret(input, ilen, output)); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_ret( input, ilen, output ) ); + return (mbedtls_ripemd160_ret(input, ilen, output)); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_ret( input, ilen, output ) ); + return (mbedtls_sha1_ret(input, ilen, output)); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); + return (mbedtls_sha256_ret(input, ilen, output, 1)); case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); + return (mbedtls_sha256_ret(input, ilen, output, 0)); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); + return (mbedtls_sha512_ret(input, ilen, output, 1)); #endif case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); + return (mbedtls_sha512_ret(input, ilen, output, 0)); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } } #if defined(MBEDTLS_FS_IO) -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ) -{ +int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; FILE *f; size_t n; mbedtls_md_context_t ctx; unsigned char buf[1024]; - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_MD_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) + return (MBEDTLS_ERR_MD_FILE_IO_ERROR); - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) goto cleanup; - if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(&ctx)) != 0) goto cleanup; - while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - if( ( ret = mbedtls_md_update( &ctx, buf, n ) ) != 0 ) + while ((n = fread(buf, 1, sizeof(buf), f)) > 0) + if ((ret = mbedtls_md_update(&ctx, buf, n)) != 0) goto cleanup; - if( ferror( f ) != 0 ) + if (ferror(f) != 0) ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; else - ret = mbedtls_md_finish( &ctx, output ); + ret = mbedtls_md_finish(&ctx, output); cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - fclose( f ); - mbedtls_md_free( &ctx ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + fclose(f); + mbedtls_md_free(&ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ -int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) -{ +int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - if( keylen > (size_t) ctx->md_info->block_size ) - { - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) + if (keylen > (size_t) ctx->md_info->block_size) { + if ((ret = mbedtls_md_starts(ctx)) != 0) goto cleanup; - if( ( ret = mbedtls_md_update( ctx, key, keylen ) ) != 0 ) + if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) goto cleanup; - if( ( ret = mbedtls_md_finish( ctx, sum ) ) != 0 ) + if ((ret = mbedtls_md_finish(ctx, sum)) != 0) goto cleanup; keylen = ctx->md_info->size; @@ -722,167 +694,157 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, ipad = (unsigned char *) ctx->hmac_ctx; opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - memset( ipad, 0x36, ctx->md_info->block_size ); - memset( opad, 0x5C, ctx->md_info->block_size ); + memset(ipad, 0x36, ctx->md_info->block_size); + memset(opad, 0x5C, ctx->md_info->block_size); - for( i = 0; i < keylen; i++ ) - { - ipad[i] = (unsigned char)( ipad[i] ^ key[i] ); - opad[i] = (unsigned char)( opad[i] ^ key[i] ); + for (i = 0; i < keylen; i++) { + ipad[i] = (unsigned char)(ipad[i] ^ key[i]); + opad[i] = (unsigned char)(opad[i] ^ key[i]); } - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(ctx)) != 0) goto cleanup; - if( ( ret = mbedtls_md_update( ctx, ipad, - ctx->md_info->block_size ) ) != 0 ) + if ((ret = mbedtls_md_update(ctx, ipad, + ctx->md_info->block_size)) != 0) goto cleanup; cleanup: - mbedtls_platform_zeroize( sum, sizeof( sum ) ); + mbedtls_platform_zeroize(sum, sizeof(sum)); - return( ret ); + return (ret); } -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) -{ - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) { + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - return( mbedtls_md_update( ctx, input, ilen ) ); + return (mbedtls_md_update(ctx, input, ilen)); } -int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) -{ +int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - if( ( ret = mbedtls_md_finish( ctx, tmp ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_update( ctx, opad, - ctx->md_info->block_size ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_update( ctx, tmp, - ctx->md_info->size ) ) != 0 ) - return( ret ); - return( mbedtls_md_finish( ctx, output ) ); + if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) + return (ret); + if ((ret = mbedtls_md_starts(ctx)) != 0) + return (ret); + if ((ret = mbedtls_md_update(ctx, opad, + ctx->md_info->block_size)) != 0) + return (ret); + if ((ret = mbedtls_md_update(ctx, tmp, + ctx->md_info->size)) != 0) + return (ret); + return (mbedtls_md_finish(ctx, output)); } -int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) -{ +int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ipad; - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); ipad = (unsigned char *) ctx->hmac_ctx; - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - return( ret ); - return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) ); + if ((ret = mbedtls_md_starts(ctx)) != 0) + return (ret); + return (mbedtls_md_update(ctx, ipad, ctx->md_info->block_size)); } -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, - const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) -{ +int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output) { mbedtls_md_context_t ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + if (md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); - if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) + if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) goto cleanup; cleanup: - mbedtls_md_free( &ctx ); + mbedtls_md_free(&ctx); - return( ret ); + return (ret); } -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data) { + if (ctx == NULL || ctx->md_info == NULL) + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); - switch( ctx->md_info->type ) - { + switch (ctx->md_info->type) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_internal_md2_process( ctx->md_ctx ) ); + return (mbedtls_internal_md2_process(ctx->md_ctx)); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_internal_md4_process( ctx->md_ctx, data ) ); + return (mbedtls_internal_md4_process(ctx->md_ctx, data)); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_internal_md5_process( ctx->md_ctx, data ) ); + return (mbedtls_internal_md5_process(ctx->md_ctx, data)); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_internal_ripemd160_process( ctx->md_ctx, data ) ); + return (mbedtls_internal_ripemd160_process(ctx->md_ctx, data)); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) ); + return (mbedtls_internal_sha1_process(ctx->md_ctx, data)); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: case MBEDTLS_MD_SHA256: - return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) ); + return (mbedtls_internal_sha256_process(ctx->md_ctx, data)); #endif #if defined(MBEDTLS_SHA512_C) #if !defined(MBEDTLS_SHA512_NO_SHA384) case MBEDTLS_MD_SHA384: #endif case MBEDTLS_MD_SHA512: - return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); + return (mbedtls_internal_sha512_process(ctx->md_ctx, data)); #endif default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); } } -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( 0 ); +unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { + if (md_info == NULL) + return (0); return md_info->size; } -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( MBEDTLS_MD_NONE ); +mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) { + if (md_info == NULL) + return (MBEDTLS_MD_NONE); return md_info->type; } -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( NULL ); +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) { + if (md_info == NULL) + return (NULL); return md_info->name; } diff --git a/common/mbedtls/md.h b/common/mbedtls/md.h index e4354badc..e543fc63a 100644 --- a/common/mbedtls/md.h +++ b/common/mbedtls/md.h @@ -1,10 +1,10 @@ - /** - * \file md.h - * - * \brief This file contains the generic message-digest wrapper. - * - * \author Adriaan de Jong - */ +/** +* \file md.h +* +* \brief This file contains the generic message-digest wrapper. +* +* \author Adriaan de Jong +*/ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -54,7 +54,7 @@ extern "C" { * */ typedef enum { - MBEDTLS_MD_NONE=0, /**< None. */ + MBEDTLS_MD_NONE = 0, /**< None. */ MBEDTLS_MD_MD2, /**< The MD2 message digest. */ MBEDTLS_MD_MD4, /**< The MD4 message digest. */ MBEDTLS_MD_MD5, /**< The MD5 message digest. */ @@ -86,8 +86,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t; /** * The generic message-digest context. */ -typedef struct mbedtls_md_context_t -{ +typedef struct mbedtls_md_context_t { /** Information about the associated message digest. */ const mbedtls_md_info_t *md_info; @@ -109,7 +108,7 @@ typedef struct mbedtls_md_context_t * message-digest enumeration #mbedtls_md_type_t. * The last entry is 0. */ -const int *mbedtls_md_list( void ); +const int *mbedtls_md_list(void); /** * \brief This function returns the message-digest information @@ -120,7 +119,7 @@ const int *mbedtls_md_list( void ); * \return The message-digest information associated with \p md_name. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); /** * \brief This function returns the message-digest information @@ -131,7 +130,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ); * \return The message-digest information associated with \p md_type. * \return NULL if the associated message-digest information is not found. */ -const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); +const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); /** * \brief This function initializes a message-digest context without @@ -141,7 +140,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ); * context for mbedtls_md_setup() for binding it to a * message-digest algorithm. */ -void mbedtls_md_init( mbedtls_md_context_t *ctx ); +void mbedtls_md_init(mbedtls_md_context_t *ctx); /** * \brief This function clears the internal structure of \p ctx and @@ -156,7 +155,7 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx ); * You must not call this function if you have not called * mbedtls_md_init(). */ -void mbedtls_md_free( mbedtls_md_context_t *ctx ); +void mbedtls_md_free(mbedtls_md_context_t *ctx); #if ! defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -182,7 +181,7 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ); * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED; +int mbedtls_md_init_ctx(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info) MBEDTLS_DEPRECATED; #undef MBEDTLS_DEPRECATED #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -205,7 +204,7 @@ int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_ * failure. * \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure. */ -int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ); +int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac); /** * \brief This function clones the state of an message-digest @@ -226,8 +225,8 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf * \return \c 0 on success. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure. */ -int mbedtls_md_clone( mbedtls_md_context_t *dst, - const mbedtls_md_context_t *src ); +int mbedtls_md_clone(mbedtls_md_context_t *dst, + const mbedtls_md_context_t *src); /** * \brief This function extracts the message-digest size from the @@ -238,7 +237,7 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, * * \return The size of the message-digest output in Bytes. */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); +unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); /** * \brief This function extracts the message-digest type from the @@ -249,7 +248,7 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); * * \return The type of the message digest. */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); +mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); /** * \brief This function extracts the message-digest name from the @@ -260,7 +259,7 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); * * \return The name of the message digest. */ -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); /** * \brief This function starts a message-digest computation. @@ -275,7 +274,7 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_starts( mbedtls_md_context_t *ctx ); +int mbedtls_md_starts(mbedtls_md_context_t *ctx); /** * \brief This function feeds an input buffer into an ongoing @@ -293,7 +292,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen); /** * \brief This function finishes the digest operation, @@ -313,7 +312,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); +int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output); /** * \brief This function calculates the message-digest of a buffer, @@ -333,8 +332,8 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ); +int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, + unsigned char *output); #if defined(MBEDTLS_FS_IO) /** @@ -354,8 +353,8 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si * the file pointed by \p path. * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL. */ -int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, - unsigned char *output ); +int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, + unsigned char *output); #endif /* MBEDTLS_FS_IO */ /** @@ -376,8 +375,8 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, - size_t keylen ); +int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, + size_t keylen); /** * \brief This function feeds an input buffer into an ongoing HMAC @@ -398,8 +397,8 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, + size_t ilen); /** * \brief This function finishes the HMAC operation, and writes @@ -419,7 +418,7 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); +int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output); /** * \brief This function prepares to authenticate a new message with @@ -436,7 +435,7 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); +int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx); /** * \brief This function calculates the full generic HMAC @@ -460,12 +459,12 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ); +int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output); /* Internal use */ -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); +int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data); #ifdef __cplusplus } diff --git a/common/mbedtls/md2.c b/common/mbedtls/md2.c index 7264e3031..f3fd2d482 100644 --- a/common/mbedtls/md2.c +++ b/common/mbedtls/md2.c @@ -44,8 +44,7 @@ #if !defined(MBEDTLS_MD2_ALT) -static const unsigned char PI_SUBST[256] = -{ +static const unsigned char PI_SUBST[256] = { 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, @@ -74,89 +73,78 @@ static const unsigned char PI_SUBST[256] = 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14 }; -void mbedtls_md2_init( mbedtls_md2_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md2_context ) ); +void mbedtls_md2_init(mbedtls_md2_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_md2_context)); } -void mbedtls_md2_free( mbedtls_md2_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_md2_free(mbedtls_md2_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md2_context)); } -void mbedtls_md2_clone( mbedtls_md2_context *dst, - const mbedtls_md2_context *src ) -{ +void mbedtls_md2_clone(mbedtls_md2_context *dst, + const mbedtls_md2_context *src) { *dst = *src; } /* * MD2 context setup */ -int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) -{ - memset( ctx->cksum, 0, 16 ); - memset( ctx->state, 0, 46 ); - memset( ctx->buffer, 0, 16 ); +int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx) { + memset(ctx->cksum, 0, 16); + memset(ctx->state, 0, 46); + memset(ctx->buffer, 0, 16); ctx->left = 0; - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_starts( mbedtls_md2_context *ctx ) -{ - mbedtls_md2_starts_ret( ctx ); +void mbedtls_md2_starts(mbedtls_md2_context *ctx) { + mbedtls_md2_starts_ret(ctx); } #endif #if !defined(MBEDTLS_MD2_PROCESS_ALT) -int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) -{ +int mbedtls_internal_md2_process(mbedtls_md2_context *ctx) { int i, j; unsigned char t = 0; - for( i = 0; i < 16; i++ ) - { + for (i = 0; i < 16; i++) { ctx->state[i + 16] = ctx->buffer[i]; ctx->state[i + 32] = - (unsigned char)( ctx->buffer[i] ^ ctx->state[i]); + (unsigned char)(ctx->buffer[i] ^ ctx->state[i]); } - for( i = 0; i < 18; i++ ) - { - for( j = 0; j < 48; j++ ) - { + for (i = 0; i < 18; i++) { + for (j = 0; j < 48; j++) { ctx->state[j] = (unsigned char) - ( ctx->state[j] ^ PI_SUBST[t] ); + (ctx->state[j] ^ PI_SUBST[t]); t = ctx->state[j]; } - t = (unsigned char)( t + i ); + t = (unsigned char)(t + i); } t = ctx->cksum[15]; - for( i = 0; i < 16; i++ ) - { + for (i = 0; i < 16; i++) { ctx->cksum[i] = (unsigned char) - ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); + (ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t]); t = ctx->cksum[i]; } /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &t, sizeof( t ) ); + mbedtls_platform_zeroize(&t, sizeof(t)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_process( mbedtls_md2_context *ctx ) -{ - mbedtls_internal_md2_process( ctx ); +void mbedtls_md2_process(mbedtls_md2_context *ctx) { + mbedtls_internal_md2_process(ctx); } #endif #endif /* !MBEDTLS_MD2_PROCESS_ALT */ @@ -164,78 +152,72 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx ) /* * MD2 process buffer */ -int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_md2_update_ret(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; - while( ilen > 0 ) - { - if( ilen > 16 - ctx->left ) + while (ilen > 0) { + if (ilen > 16 - ctx->left) fill = 16 - ctx->left; else fill = ilen; - memcpy( ctx->buffer + ctx->left, input, fill ); + memcpy(ctx->buffer + ctx->left, input, fill); ctx->left += fill; input += fill; ilen -= fill; - if( ctx->left == 16 ) - { + if (ctx->left == 16) { ctx->left = 0; - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md2_process(ctx)) != 0) + return (ret); } } - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_update( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md2_update_ret( ctx, input, ilen ); +void mbedtls_md2_update(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_md2_update_ret(ctx, input, ilen); } #endif /* * MD2 final digest */ -int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, - unsigned char output[16] ) -{ +int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; unsigned char x; - x = (unsigned char)( 16 - ctx->left ); + x = (unsigned char)(16 - ctx->left); - for( i = ctx->left; i < 16; i++ ) + for (i = ctx->left; i < 16; i++) ctx->buffer[i] = x; - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md2_process(ctx)) != 0) + return (ret); - memcpy( ctx->buffer, ctx->cksum, 16 ); - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); + memcpy(ctx->buffer, ctx->cksum, 16); + if ((ret = mbedtls_internal_md2_process(ctx)) != 0) + return (ret); - memcpy( output, ctx->state, 16 ); + memcpy(output, ctx->state, 16); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2_finish( mbedtls_md2_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md2_finish_ret( ctx, output ); +void mbedtls_md2_finish(mbedtls_md2_context *ctx, + unsigned char output[16]) { + mbedtls_md2_finish_ret(ctx, output); } #endif @@ -244,36 +226,34 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, /* * output = MD2( input buffer ) */ -int mbedtls_md2_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ +int mbedtls_md2_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md2_context ctx; - mbedtls_md2_init( &ctx ); + mbedtls_md2_init(&ctx); - if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_md2_starts_ret(&ctx)) != 0) goto exit; - if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md2_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md2_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_md2_free( &ctx ); + mbedtls_md2_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md2_ret( input, ilen, output ); +void mbedtls_md2(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { + mbedtls_md2_ret(input, ilen, output); } #endif @@ -282,8 +262,7 @@ void mbedtls_md2( const unsigned char *input, /* * RFC 1319 test vectors */ -static const unsigned char md2_test_str[7][81] = -{ +static const unsigned char md2_test_str[7][81] = { { "" }, { "a" }, { "abc" }, @@ -293,66 +272,75 @@ static const unsigned char md2_test_str[7][81] = { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; -static const size_t md2_test_strlen[7] = -{ +static const size_t md2_test_strlen[7] = { 0, 1, 3, 14, 26, 62, 80 }; -static const unsigned char md2_test_sum[7][16] = -{ - { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D, - 0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 }, - { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72, - 0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 }, - { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B, - 0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB }, - { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B, - 0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 }, - { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB, - 0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B }, - { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39, - 0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD }, - { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D, - 0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 } +static const unsigned char md2_test_sum[7][16] = { + { + 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D, + 0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 + }, + { + 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72, + 0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 + }, + { + 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B, + 0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB + }, + { + 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B, + 0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 + }, + { + 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB, + 0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B + }, + { + 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39, + 0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD + }, + { + 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D, + 0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 + } }; /* * Checkup routine */ -int mbedtls_md2_self_test( int verbose ) -{ +int mbedtls_md2_self_test(int verbose) { int i, ret = 0; unsigned char md2sum[16]; - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD2 test #%d: ", i + 1 ); + for (i = 0; i < 7; i++) { + if (verbose != 0) + mbedtls_printf(" MD2 test #%d: ", i + 1); - ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum ); - if( ret != 0 ) + ret = mbedtls_md2_ret(md2_test_str[i], md2_test_strlen[i], md2sum); + if (ret != 0) goto fail; - if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) - { + if (memcmp(md2sum, md2_test_sum[i], 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/md2.h b/common/mbedtls/md2.h index 23c48f47c..878e89196 100644 --- a/common/mbedtls/md2.h +++ b/common/mbedtls/md2.h @@ -54,8 +54,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_md2_context -{ +typedef struct mbedtls_md2_context { unsigned char cksum[16]; /*!< checksum of the data block */ unsigned char state[48]; /*!< intermediate digest state */ unsigned char buffer[16]; /*!< data block being processed */ @@ -77,7 +76,7 @@ mbedtls_md2_context; * stronger message digests instead. * */ -void mbedtls_md2_init( mbedtls_md2_context *ctx ); +void mbedtls_md2_init(mbedtls_md2_context *ctx); /** * \brief Clear MD2 context @@ -89,7 +88,7 @@ void mbedtls_md2_init( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md2_free( mbedtls_md2_context *ctx ); +void mbedtls_md2_free(mbedtls_md2_context *ctx); /** * \brief Clone (the state of) an MD2 context @@ -102,8 +101,8 @@ void mbedtls_md2_free( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md2_clone( mbedtls_md2_context *dst, - const mbedtls_md2_context *src ); +void mbedtls_md2_clone(mbedtls_md2_context *dst, + const mbedtls_md2_context *src); /** * \brief MD2 context setup @@ -117,7 +116,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * stronger message digests instead. * */ -int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts_ret(mbedtls_md2_context *ctx); /** * \brief MD2 process buffer @@ -133,9 +132,9 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md2_update_ret(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD2 final digest @@ -150,8 +149,8 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, - unsigned char output[16] ); +int mbedtls_md2_finish_ret(mbedtls_md2_context *ctx, + unsigned char output[16]); /** * \brief MD2 process data block (internal use only) @@ -165,7 +164,7 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); +int mbedtls_internal_md2_process(mbedtls_md2_context *ctx); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -185,7 +184,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md2_starts(mbedtls_md2_context *ctx); /** * \brief MD2 process buffer @@ -201,9 +200,9 @@ MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_md2_update(mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD2 final digest @@ -218,8 +217,8 @@ MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md2_finish(mbedtls_md2_context *ctx, + unsigned char output[16]); /** * \brief MD2 process data block (internal use only) @@ -233,7 +232,7 @@ MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md2_process(mbedtls_md2_context *ctx); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -250,9 +249,9 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md2_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md2_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -274,9 +273,9 @@ int mbedtls_md2_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md2(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -293,7 +292,7 @@ MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input, * stronger message digests instead. * */ -int mbedtls_md2_self_test( int verbose ); +int mbedtls_md2_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/md4.c b/common/mbedtls/md4.c index 4fd6bc3e4..297c2fe1d 100644 --- a/common/mbedtls/md4.c +++ b/common/mbedtls/md4.c @@ -67,30 +67,26 @@ } #endif -void mbedtls_md4_init( mbedtls_md4_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md4_context ) ); +void mbedtls_md4_init(mbedtls_md4_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_md4_context)); } -void mbedtls_md4_free( mbedtls_md4_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_md4_free(mbedtls_md4_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md4_context)); } -void mbedtls_md4_clone( mbedtls_md4_context *dst, - const mbedtls_md4_context *src ) -{ +void mbedtls_md4_clone(mbedtls_md4_context *dst, + const mbedtls_md4_context *src) { *dst = *src; } /* * MD4 context setup */ -int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) -{ +int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -99,41 +95,38 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_starts( mbedtls_md4_context *ctx ) -{ - mbedtls_md4_starts_ret( ctx ); +void mbedtls_md4_starts(mbedtls_md4_context *ctx) { + mbedtls_md4_starts_ret(ctx); } #endif #if !defined(MBEDTLS_MD4_PROCESS_ALT) -int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ) -{ - struct - { +int mbedtls_internal_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]) { + struct { uint32_t X[16], A, B, C, D; } local; - GET_UINT32_LE( local.X[ 0], data, 0 ); - GET_UINT32_LE( local.X[ 1], data, 4 ); - GET_UINT32_LE( local.X[ 2], data, 8 ); - GET_UINT32_LE( local.X[ 3], data, 12 ); - GET_UINT32_LE( local.X[ 4], data, 16 ); - GET_UINT32_LE( local.X[ 5], data, 20 ); - GET_UINT32_LE( local.X[ 6], data, 24 ); - GET_UINT32_LE( local.X[ 7], data, 28 ); - GET_UINT32_LE( local.X[ 8], data, 32 ); - GET_UINT32_LE( local.X[ 9], data, 36 ); - GET_UINT32_LE( local.X[10], data, 40 ); - GET_UINT32_LE( local.X[11], data, 44 ); - GET_UINT32_LE( local.X[12], data, 48 ); - GET_UINT32_LE( local.X[13], data, 52 ); - GET_UINT32_LE( local.X[14], data, 56 ); - GET_UINT32_LE( local.X[15], data, 60 ); + GET_UINT32_LE(local.X[ 0], data, 0); + GET_UINT32_LE(local.X[ 1], data, 4); + GET_UINT32_LE(local.X[ 2], data, 8); + GET_UINT32_LE(local.X[ 3], data, 12); + GET_UINT32_LE(local.X[ 4], data, 16); + GET_UINT32_LE(local.X[ 5], data, 20); + GET_UINT32_LE(local.X[ 6], data, 24); + GET_UINT32_LE(local.X[ 7], data, 28); + GET_UINT32_LE(local.X[ 8], data, 32); + GET_UINT32_LE(local.X[ 9], data, 36); + GET_UINT32_LE(local.X[10], data, 40); + GET_UINT32_LE(local.X[11], data, 44); + GET_UINT32_LE(local.X[12], data, 48); + GET_UINT32_LE(local.X[13], data, 52); + GET_UINT32_LE(local.X[14], data, 56); + GET_UINT32_LE(local.X[15], data, 60); #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) @@ -151,22 +144,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, } while( 0 ) - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 1], 7 ); - P( local.C, local.D, local.A, local.B, local.X[ 2], 11 ); - P( local.B, local.C, local.D, local.A, local.X[ 3], 19 ); - P( local.A, local.B, local.C, local.D, local.X[ 4], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 5], 7 ); - P( local.C, local.D, local.A, local.B, local.X[ 6], 11 ); - P( local.B, local.C, local.D, local.A, local.X[ 7], 19 ); - P( local.A, local.B, local.C, local.D, local.X[ 8], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 9], 7 ); - P( local.C, local.D, local.A, local.B, local.X[10], 11 ); - P( local.B, local.C, local.D, local.A, local.X[11], 19 ); - P( local.A, local.B, local.C, local.D, local.X[12], 3 ); - P( local.D, local.A, local.B, local.C, local.X[13], 7 ); - P( local.C, local.D, local.A, local.B, local.X[14], 11 ); - P( local.B, local.C, local.D, local.A, local.X[15], 19 ); + P(local.A, local.B, local.C, local.D, local.X[ 0], 3); + P(local.D, local.A, local.B, local.C, local.X[ 1], 7); + P(local.C, local.D, local.A, local.B, local.X[ 2], 11); + P(local.B, local.C, local.D, local.A, local.X[ 3], 19); + P(local.A, local.B, local.C, local.D, local.X[ 4], 3); + P(local.D, local.A, local.B, local.C, local.X[ 5], 7); + P(local.C, local.D, local.A, local.B, local.X[ 6], 11); + P(local.B, local.C, local.D, local.A, local.X[ 7], 19); + P(local.A, local.B, local.C, local.D, local.X[ 8], 3); + P(local.D, local.A, local.B, local.C, local.X[ 9], 7); + P(local.C, local.D, local.A, local.B, local.X[10], 11); + P(local.B, local.C, local.D, local.A, local.X[11], 19); + P(local.A, local.B, local.C, local.D, local.X[12], 3); + P(local.D, local.A, local.B, local.C, local.X[13], 7); + P(local.C, local.D, local.A, local.B, local.X[14], 11); + P(local.B, local.C, local.D, local.A, local.X[15], 19); #undef P #undef F @@ -179,22 +172,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, (a) = S((a),(s)); \ } while( 0 ) - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 4], 5 ); - P( local.C, local.D, local.A, local.B, local.X[ 8], 9 ); - P( local.B, local.C, local.D, local.A, local.X[12], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 1], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 5], 5 ); - P( local.C, local.D, local.A, local.B, local.X[ 9], 9 ); - P( local.B, local.C, local.D, local.A, local.X[13], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 2], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 6], 5 ); - P( local.C, local.D, local.A, local.B, local.X[10], 9 ); - P( local.B, local.C, local.D, local.A, local.X[14], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 3], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 7], 5 ); - P( local.C, local.D, local.A, local.B, local.X[11], 9 ); - P( local.B, local.C, local.D, local.A, local.X[15], 13 ); + P(local.A, local.B, local.C, local.D, local.X[ 0], 3); + P(local.D, local.A, local.B, local.C, local.X[ 4], 5); + P(local.C, local.D, local.A, local.B, local.X[ 8], 9); + P(local.B, local.C, local.D, local.A, local.X[12], 13); + P(local.A, local.B, local.C, local.D, local.X[ 1], 3); + P(local.D, local.A, local.B, local.C, local.X[ 5], 5); + P(local.C, local.D, local.A, local.B, local.X[ 9], 9); + P(local.B, local.C, local.D, local.A, local.X[13], 13); + P(local.A, local.B, local.C, local.D, local.X[ 2], 3); + P(local.D, local.A, local.B, local.C, local.X[ 6], 5); + P(local.C, local.D, local.A, local.B, local.X[10], 9); + P(local.B, local.C, local.D, local.A, local.X[14], 13); + P(local.A, local.B, local.C, local.D, local.X[ 3], 3); + P(local.D, local.A, local.B, local.C, local.X[ 7], 5); + P(local.C, local.D, local.A, local.B, local.X[11], 9); + P(local.B, local.C, local.D, local.A, local.X[15], 13); #undef P #undef F @@ -207,22 +200,22 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, (a) = S((a),(s)); \ } while( 0 ) - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 8], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 4], 11 ); - P( local.B, local.C, local.D, local.A, local.X[12], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 2], 3 ); - P( local.D, local.A, local.B, local.C, local.X[10], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 6], 11 ); - P( local.B, local.C, local.D, local.A, local.X[14], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 1], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 9], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 5], 11 ); - P( local.B, local.C, local.D, local.A, local.X[13], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 3], 3 ); - P( local.D, local.A, local.B, local.C, local.X[11], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 7], 11 ); - P( local.B, local.C, local.D, local.A, local.X[15], 15 ); + P(local.A, local.B, local.C, local.D, local.X[ 0], 3); + P(local.D, local.A, local.B, local.C, local.X[ 8], 9); + P(local.C, local.D, local.A, local.B, local.X[ 4], 11); + P(local.B, local.C, local.D, local.A, local.X[12], 15); + P(local.A, local.B, local.C, local.D, local.X[ 2], 3); + P(local.D, local.A, local.B, local.C, local.X[10], 9); + P(local.C, local.D, local.A, local.B, local.X[ 6], 11); + P(local.B, local.C, local.D, local.A, local.X[14], 15); + P(local.A, local.B, local.C, local.D, local.X[ 1], 3); + P(local.D, local.A, local.B, local.C, local.X[ 9], 9); + P(local.C, local.D, local.A, local.B, local.X[ 5], 11); + P(local.B, local.C, local.D, local.A, local.X[13], 15); + P(local.A, local.B, local.C, local.D, local.X[ 3], 3); + P(local.D, local.A, local.B, local.C, local.X[11], 9); + P(local.C, local.D, local.A, local.B, local.X[ 7], 11); + P(local.B, local.C, local.D, local.A, local.X[15], 15); #undef F #undef P @@ -233,16 +226,15 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, ctx->state[3] += local.D; /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_md4_process( ctx, data ); +void mbedtls_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]) { + mbedtls_internal_md4_process(ctx, data); } #endif #endif /* !MBEDTLS_MD4_PROCESS_ALT */ @@ -250,16 +242,15 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx, /* * MD4 process buffer */ -int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_md4_update_ret(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) + return (0); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -267,52 +258,47 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) ctx->total[1]++; - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); + if (left && ilen >= fill) { + memcpy((void *)(ctx->buffer + left), + (void *) input, fill); - if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md4_process(ctx, ctx->buffer)) != 0) + return (ret); input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_md4_process(ctx, input)) != 0) + return (ret); input += 64; ilen -= 64; } - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); + if (ilen > 0) { + memcpy((void *)(ctx->buffer + left), + (void *) input, ilen); } - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_update( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md4_update_ret( ctx, input, ilen ); +void mbedtls_md4_update(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_md4_update_ret(ctx, input, ilen); } #endif -static const unsigned char md4_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +static const unsigned char md4_padding[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -321,45 +307,43 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, - unsigned char output[16] ) -{ +int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - PUT_UINT32_LE( low, msglen, 0 ); - PUT_UINT32_LE( high, msglen, 4 ); + PUT_UINT32_LE(low, msglen, 0); + PUT_UINT32_LE(high, msglen, 4); last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + padn = (last < 56) ? (56 - last) : (120 - last); - ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md4_update_ret(ctx, (unsigned char *)md4_padding, padn); + if (ret != 0) + return (ret); - if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md4_update_ret(ctx, msglen, 8)) != 0) + return (ret); - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); + PUT_UINT32_LE(ctx->state[0], output, 0); + PUT_UINT32_LE(ctx->state[1], output, 4); + PUT_UINT32_LE(ctx->state[2], output, 8); + PUT_UINT32_LE(ctx->state[3], output, 12); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4_finish( mbedtls_md4_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md4_finish_ret( ctx, output ); +void mbedtls_md4_finish(mbedtls_md4_context *ctx, + unsigned char output[16]) { + mbedtls_md4_finish_ret(ctx, output); } #endif @@ -368,36 +352,34 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, /* * output = MD4( input buffer ) */ -int mbedtls_md4_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ +int mbedtls_md4_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md4_context ctx; - mbedtls_md4_init( &ctx ); + mbedtls_md4_init(&ctx); - if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_md4_starts_ret(&ctx)) != 0) goto exit; - if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md4_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md4_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_md4_free( &ctx ); + mbedtls_md4_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md4_ret( input, ilen, output ); +void mbedtls_md4(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { + mbedtls_md4_ret(input, ilen, output); } #endif @@ -406,8 +388,7 @@ void mbedtls_md4( const unsigned char *input, /* * RFC 1320 test vectors */ -static const unsigned char md4_test_str[7][81] = -{ +static const unsigned char md4_test_str[7][81] = { { "" }, { "a" }, { "abc" }, @@ -417,66 +398,75 @@ static const unsigned char md4_test_str[7][81] = { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; -static const size_t md4_test_strlen[7] = -{ +static const size_t md4_test_strlen[7] = { 0, 1, 3, 14, 26, 62, 80 }; -static const unsigned char md4_test_sum[7][16] = -{ - { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31, - 0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 }, - { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46, - 0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 }, - { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52, - 0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D }, - { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8, - 0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B }, - { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD, - 0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 }, - { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35, - 0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 }, - { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19, - 0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 } +static const unsigned char md4_test_sum[7][16] = { + { + 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31, + 0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 + }, + { + 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46, + 0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 + }, + { + 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52, + 0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D + }, + { + 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8, + 0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B + }, + { + 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD, + 0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 + }, + { + 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35, + 0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 + }, + { + 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19, + 0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 + } }; /* * Checkup routine */ -int mbedtls_md4_self_test( int verbose ) -{ +int mbedtls_md4_self_test(int verbose) { int i, ret = 0; unsigned char md4sum[16]; - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD4 test #%d: ", i + 1 ); + for (i = 0; i < 7; i++) { + if (verbose != 0) + mbedtls_printf(" MD4 test #%d: ", i + 1); - ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum ); - if( ret != 0 ) + ret = mbedtls_md4_ret(md4_test_str[i], md4_test_strlen[i], md4sum); + if (ret != 0) goto fail; - if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) - { + if (memcmp(md4sum, md4_test_sum[i], 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/md4.h b/common/mbedtls/md4.h index eeb167090..63eaf0828 100644 --- a/common/mbedtls/md4.h +++ b/common/mbedtls/md4.h @@ -55,8 +55,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_md4_context -{ +typedef struct mbedtls_md4_context { uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[4]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ @@ -77,7 +76,7 @@ mbedtls_md4_context; * stronger message digests instead. * */ -void mbedtls_md4_init( mbedtls_md4_context *ctx ); +void mbedtls_md4_init(mbedtls_md4_context *ctx); /** * \brief Clear MD4 context @@ -89,7 +88,7 @@ void mbedtls_md4_init( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md4_free( mbedtls_md4_context *ctx ); +void mbedtls_md4_free(mbedtls_md4_context *ctx); /** * \brief Clone (the state of) an MD4 context @@ -102,8 +101,8 @@ void mbedtls_md4_free( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md4_clone( mbedtls_md4_context *dst, - const mbedtls_md4_context *src ); +void mbedtls_md4_clone(mbedtls_md4_context *dst, + const mbedtls_md4_context *src); /** * \brief MD4 context setup @@ -116,7 +115,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * constitutes a security risk. We recommend considering * stronger message digests instead. */ -int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts_ret(mbedtls_md4_context *ctx); /** * \brief MD4 process buffer @@ -132,9 +131,9 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md4_update_ret(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD4 final digest @@ -149,8 +148,8 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, - unsigned char output[16] ); +int mbedtls_md4_finish_ret(mbedtls_md4_context *ctx, + unsigned char output[16]); /** * \brief MD4 process data block (internal use only) @@ -165,8 +164,8 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -186,7 +185,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md4_starts(mbedtls_md4_context *ctx); /** * \brief MD4 process buffer @@ -202,9 +201,9 @@ MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_md4_update(mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD4 final digest @@ -219,8 +218,8 @@ MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md4_finish(mbedtls_md4_context *ctx, + unsigned char output[16]); /** * \brief MD4 process data block (internal use only) @@ -235,8 +234,8 @@ MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_md4_process(mbedtls_md4_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -255,9 +254,9 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_md4_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md4_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -279,9 +278,9 @@ int mbedtls_md4_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md4(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -298,7 +297,7 @@ MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input, * stronger message digests instead. * */ -int mbedtls_md4_self_test( int verbose ); +int mbedtls_md4_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/md5.c b/common/mbedtls/md5.c index c4f2dbfac..c6d8a8f52 100644 --- a/common/mbedtls/md5.c +++ b/common/mbedtls/md5.c @@ -66,30 +66,26 @@ } #endif -void mbedtls_md5_init( mbedtls_md5_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md5_context ) ); +void mbedtls_md5_init(mbedtls_md5_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_md5_context)); } -void mbedtls_md5_free( mbedtls_md5_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_md5_free(mbedtls_md5_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md5_context)); } -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ) -{ +void mbedtls_md5_clone(mbedtls_md5_context *dst, + const mbedtls_md5_context *src) { *dst = *src; } /* * MD5 context setup */ -int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) -{ +int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -98,41 +94,38 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_starts( mbedtls_md5_context *ctx ) -{ - mbedtls_md5_starts_ret( ctx ); +void mbedtls_md5_starts(mbedtls_md5_context *ctx) { + mbedtls_md5_starts_ret(ctx); } #endif #if !defined(MBEDTLS_MD5_PROCESS_ALT) -int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ) -{ - struct - { +int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]) { + struct { uint32_t X[16], A, B, C, D; } local; - GET_UINT32_LE( local.X[ 0], data, 0 ); - GET_UINT32_LE( local.X[ 1], data, 4 ); - GET_UINT32_LE( local.X[ 2], data, 8 ); - GET_UINT32_LE( local.X[ 3], data, 12 ); - GET_UINT32_LE( local.X[ 4], data, 16 ); - GET_UINT32_LE( local.X[ 5], data, 20 ); - GET_UINT32_LE( local.X[ 6], data, 24 ); - GET_UINT32_LE( local.X[ 7], data, 28 ); - GET_UINT32_LE( local.X[ 8], data, 32 ); - GET_UINT32_LE( local.X[ 9], data, 36 ); - GET_UINT32_LE( local.X[10], data, 40 ); - GET_UINT32_LE( local.X[11], data, 44 ); - GET_UINT32_LE( local.X[12], data, 48 ); - GET_UINT32_LE( local.X[13], data, 52 ); - GET_UINT32_LE( local.X[14], data, 56 ); - GET_UINT32_LE( local.X[15], data, 60 ); + GET_UINT32_LE(local.X[ 0], data, 0); + GET_UINT32_LE(local.X[ 1], data, 4); + GET_UINT32_LE(local.X[ 2], data, 8); + GET_UINT32_LE(local.X[ 3], data, 12); + GET_UINT32_LE(local.X[ 4], data, 16); + GET_UINT32_LE(local.X[ 5], data, 20); + GET_UINT32_LE(local.X[ 6], data, 24); + GET_UINT32_LE(local.X[ 7], data, 28); + GET_UINT32_LE(local.X[ 8], data, 32); + GET_UINT32_LE(local.X[ 9], data, 36); + GET_UINT32_LE(local.X[10], data, 40); + GET_UINT32_LE(local.X[11], data, 44); + GET_UINT32_LE(local.X[12], data, 48); + GET_UINT32_LE(local.X[13], data, 52); + GET_UINT32_LE(local.X[14], data, 56); + GET_UINT32_LE(local.X[15], data, 60); #define S(x,n) \ ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) ) @@ -151,85 +144,85 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) - P( local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478 ); - P( local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756 ); - P( local.C, local.D, local.A, local.B, 2, 17, 0x242070DB ); - P( local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE ); - P( local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF ); - P( local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A ); - P( local.C, local.D, local.A, local.B, 6, 17, 0xA8304613 ); - P( local.B, local.C, local.D, local.A, 7, 22, 0xFD469501 ); - P( local.A, local.B, local.C, local.D, 8, 7, 0x698098D8 ); - P( local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF ); - P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 ); - P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE ); - P( local.A, local.B, local.C, local.D, 12, 7, 0x6B901122 ); - P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 ); - P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E ); - P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 ); + P(local.A, local.B, local.C, local.D, 0, 7, 0xD76AA478); + P(local.D, local.A, local.B, local.C, 1, 12, 0xE8C7B756); + P(local.C, local.D, local.A, local.B, 2, 17, 0x242070DB); + P(local.B, local.C, local.D, local.A, 3, 22, 0xC1BDCEEE); + P(local.A, local.B, local.C, local.D, 4, 7, 0xF57C0FAF); + P(local.D, local.A, local.B, local.C, 5, 12, 0x4787C62A); + P(local.C, local.D, local.A, local.B, 6, 17, 0xA8304613); + P(local.B, local.C, local.D, local.A, 7, 22, 0xFD469501); + P(local.A, local.B, local.C, local.D, 8, 7, 0x698098D8); + P(local.D, local.A, local.B, local.C, 9, 12, 0x8B44F7AF); + P(local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1); + P(local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE); + P(local.A, local.B, local.C, local.D, 12, 7, 0x6B901122); + P(local.D, local.A, local.B, local.C, 13, 12, 0xFD987193); + P(local.C, local.D, local.A, local.B, 14, 17, 0xA679438E); + P(local.B, local.C, local.D, local.A, 15, 22, 0x49B40821); #undef F #define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y)))) - P( local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562 ); - P( local.D, local.A, local.B, local.C, 6, 9, 0xC040B340 ); - P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 ); - P( local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA ); - P( local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D ); - P( local.D, local.A, local.B, local.C, 10, 9, 0x02441453 ); - P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 ); - P( local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8 ); - P( local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6 ); - P( local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6 ); - P( local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87 ); - P( local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED ); - P( local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905 ); - P( local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8 ); - P( local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9 ); - P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A ); + P(local.A, local.B, local.C, local.D, 1, 5, 0xF61E2562); + P(local.D, local.A, local.B, local.C, 6, 9, 0xC040B340); + P(local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51); + P(local.B, local.C, local.D, local.A, 0, 20, 0xE9B6C7AA); + P(local.A, local.B, local.C, local.D, 5, 5, 0xD62F105D); + P(local.D, local.A, local.B, local.C, 10, 9, 0x02441453); + P(local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681); + P(local.B, local.C, local.D, local.A, 4, 20, 0xE7D3FBC8); + P(local.A, local.B, local.C, local.D, 9, 5, 0x21E1CDE6); + P(local.D, local.A, local.B, local.C, 14, 9, 0xC33707D6); + P(local.C, local.D, local.A, local.B, 3, 14, 0xF4D50D87); + P(local.B, local.C, local.D, local.A, 8, 20, 0x455A14ED); + P(local.A, local.B, local.C, local.D, 13, 5, 0xA9E3E905); + P(local.D, local.A, local.B, local.C, 2, 9, 0xFCEFA3F8); + P(local.C, local.D, local.A, local.B, 7, 14, 0x676F02D9); + P(local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A); #undef F #define F(x,y,z) ((x) ^ (y) ^ (z)) - P( local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942 ); - P( local.D, local.A, local.B, local.C, 8, 11, 0x8771F681 ); - P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 ); - P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C ); - P( local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44 ); - P( local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9 ); - P( local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60 ); - P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 ); - P( local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6 ); - P( local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA ); - P( local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085 ); - P( local.B, local.C, local.D, local.A, 6, 23, 0x04881D05 ); - P( local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039 ); - P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 ); - P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 ); - P( local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665 ); + P(local.A, local.B, local.C, local.D, 5, 4, 0xFFFA3942); + P(local.D, local.A, local.B, local.C, 8, 11, 0x8771F681); + P(local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122); + P(local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C); + P(local.A, local.B, local.C, local.D, 1, 4, 0xA4BEEA44); + P(local.D, local.A, local.B, local.C, 4, 11, 0x4BDECFA9); + P(local.C, local.D, local.A, local.B, 7, 16, 0xF6BB4B60); + P(local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70); + P(local.A, local.B, local.C, local.D, 13, 4, 0x289B7EC6); + P(local.D, local.A, local.B, local.C, 0, 11, 0xEAA127FA); + P(local.C, local.D, local.A, local.B, 3, 16, 0xD4EF3085); + P(local.B, local.C, local.D, local.A, 6, 23, 0x04881D05); + P(local.A, local.B, local.C, local.D, 9, 4, 0xD9D4D039); + P(local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5); + P(local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8); + P(local.B, local.C, local.D, local.A, 2, 23, 0xC4AC5665); #undef F #define F(x,y,z) ((y) ^ ((x) | ~(z))) - P( local.A, local.B, local.C, local.D, 0, 6, 0xF4292244 ); - P( local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97 ); - P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 ); - P( local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039 ); - P( local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3 ); - P( local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92 ); - P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D ); - P( local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1 ); - P( local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F ); - P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 ); - P( local.C, local.D, local.A, local.B, 6, 15, 0xA3014314 ); - P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 ); - P( local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82 ); - P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 ); - P( local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB ); - P( local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391 ); + P(local.A, local.B, local.C, local.D, 0, 6, 0xF4292244); + P(local.D, local.A, local.B, local.C, 7, 10, 0x432AFF97); + P(local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7); + P(local.B, local.C, local.D, local.A, 5, 21, 0xFC93A039); + P(local.A, local.B, local.C, local.D, 12, 6, 0x655B59C3); + P(local.D, local.A, local.B, local.C, 3, 10, 0x8F0CCC92); + P(local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D); + P(local.B, local.C, local.D, local.A, 1, 21, 0x85845DD1); + P(local.A, local.B, local.C, local.D, 8, 6, 0x6FA87E4F); + P(local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0); + P(local.C, local.D, local.A, local.B, 6, 15, 0xA3014314); + P(local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1); + P(local.A, local.B, local.C, local.D, 4, 6, 0xF7537E82); + P(local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235); + P(local.C, local.D, local.A, local.B, 2, 15, 0x2AD7D2BB); + P(local.B, local.C, local.D, local.A, 9, 21, 0xEB86D391); #undef F @@ -239,16 +232,15 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, ctx->state[3] += local.D; /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_md5_process( ctx, data ); +void mbedtls_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]) { + mbedtls_internal_md5_process(ctx, data); } #endif #endif /* !MBEDTLS_MD5_PROCESS_ALT */ @@ -256,16 +248,15 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, /* * MD5 process buffer */ -int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_md5_update_ret(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) + return (0); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -273,52 +264,47 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) ctx->total[1]++; - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if (left && ilen >= fill) { + memcpy((void *)(ctx->buffer + left), input, fill); + if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) + return (ret); input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_md5_process(ctx, input)) != 0) + return (ret); input += 64; ilen -= 64; } - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *)(ctx->buffer + left), input, ilen); } - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_update( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_md5_update_ret( ctx, input, ilen ); +void mbedtls_md5_update(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_md5_update_ret(ctx, input, ilen); } #endif /* * MD5 final digest */ -int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, - unsigned char output[16] ) -{ +int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; @@ -330,51 +316,47 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 56 ) - { + if (used <= 56) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + memset(ctx->buffer + used, 0, 56 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + memset(ctx->buffer + used, 0, 64 - used); - if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) + return (ret); - memset( ctx->buffer, 0, 56 ); + memset(ctx->buffer, 0, 56); } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - PUT_UINT32_LE( low, ctx->buffer, 56 ); - PUT_UINT32_LE( high, ctx->buffer, 60 ); + PUT_UINT32_LE(low, ctx->buffer, 56); + PUT_UINT32_LE(high, ctx->buffer, 60); - if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) + return (ret); /* * Output final state */ - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); + PUT_UINT32_LE(ctx->state[0], output, 0); + PUT_UINT32_LE(ctx->state[1], output, 4); + PUT_UINT32_LE(ctx->state[2], output, 8); + PUT_UINT32_LE(ctx->state[3], output, 12); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5_finish( mbedtls_md5_context *ctx, - unsigned char output[16] ) -{ - mbedtls_md5_finish_ret( ctx, output ); +void mbedtls_md5_finish(mbedtls_md5_context *ctx, + unsigned char output[16]) { + mbedtls_md5_finish_ret(ctx, output); } #endif @@ -383,36 +365,34 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, /* * output = MD5( input buffer ) */ -int mbedtls_md5_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ +int mbedtls_md5_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md5_context ctx; - mbedtls_md5_init( &ctx ); + mbedtls_md5_init(&ctx); - if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&ctx)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_md5_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_md5_free( &ctx ); + mbedtls_md5_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - mbedtls_md5_ret( input, ilen, output ); +void mbedtls_md5(const unsigned char *input, + size_t ilen, + unsigned char output[16]) { + mbedtls_md5_ret(input, ilen, output); } #endif @@ -420,8 +400,7 @@ void mbedtls_md5( const unsigned char *input, /* * RFC 1321 test vectors */ -static const unsigned char md5_test_buf[7][81] = -{ +static const unsigned char md5_test_buf[7][81] = { { "" }, { "a" }, { "abc" }, @@ -431,66 +410,75 @@ static const unsigned char md5_test_buf[7][81] = { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } }; -static const size_t md5_test_buflen[7] = -{ +static const size_t md5_test_buflen[7] = { 0, 1, 3, 14, 26, 62, 80 }; -static const unsigned char md5_test_sum[7][16] = -{ - { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04, - 0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E }, - { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8, - 0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 }, - { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, - 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 }, - { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D, - 0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 }, - { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00, - 0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B }, - { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5, - 0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F }, - { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55, - 0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A } +static const unsigned char md5_test_sum[7][16] = { + { + 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04, + 0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E + }, + { + 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8, + 0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 + }, + { + 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, + 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 + }, + { + 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D, + 0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 + }, + { + 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00, + 0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B + }, + { + 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5, + 0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F + }, + { + 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55, + 0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A + } }; /* * Checkup routine */ -int mbedtls_md5_self_test( int verbose ) -{ +int mbedtls_md5_self_test(int verbose) { int i, ret = 0; unsigned char md5sum[16]; - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD5 test #%d: ", i + 1 ); + for (i = 0; i < 7; i++) { + if (verbose != 0) + mbedtls_printf(" MD5 test #%d: ", i + 1); - ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum ); - if( ret != 0 ) + ret = mbedtls_md5_ret(md5_test_buf[i], md5_test_buflen[i], md5sum); + if (ret != 0) goto fail; - if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) - { + if (memcmp(md5sum, md5_test_sum[i], 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/md5.h b/common/mbedtls/md5.h index aaca0f274..b27f3d192 100644 --- a/common/mbedtls/md5.h +++ b/common/mbedtls/md5.h @@ -54,8 +54,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_md5_context -{ +typedef struct mbedtls_md5_context { uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[4]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ @@ -76,7 +75,7 @@ mbedtls_md5_context; * stronger message digests instead. * */ -void mbedtls_md5_init( mbedtls_md5_context *ctx ); +void mbedtls_md5_init(mbedtls_md5_context *ctx); /** * \brief Clear MD5 context @@ -88,7 +87,7 @@ void mbedtls_md5_init( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md5_free( mbedtls_md5_context *ctx ); +void mbedtls_md5_free(mbedtls_md5_context *ctx); /** * \brief Clone (the state of) an MD5 context @@ -101,8 +100,8 @@ void mbedtls_md5_free( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -void mbedtls_md5_clone( mbedtls_md5_context *dst, - const mbedtls_md5_context *src ); +void mbedtls_md5_clone(mbedtls_md5_context *dst, + const mbedtls_md5_context *src); /** * \brief MD5 context setup @@ -116,7 +115,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * stronger message digests instead. * */ -int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts_ret(mbedtls_md5_context *ctx); /** * \brief MD5 process buffer @@ -132,9 +131,9 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md5_update_ret(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD5 final digest @@ -149,8 +148,8 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, - unsigned char output[16] ); +int mbedtls_md5_finish_ret(mbedtls_md5_context *ctx, + unsigned char output[16]); /** * \brief MD5 process data block (internal use only) @@ -165,8 +164,8 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -186,7 +185,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_md5_starts(mbedtls_md5_context *ctx); /** * \brief MD5 process buffer @@ -202,9 +201,9 @@ MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_md5_update(mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief MD5 final digest @@ -219,8 +218,8 @@ MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md5_finish(mbedtls_md5_context *ctx, + unsigned char output[16]); /** * \brief MD5 process data block (internal use only) @@ -235,8 +234,8 @@ MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_md5_process(mbedtls_md5_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -255,9 +254,9 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_md5_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md5_ret(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -279,9 +278,9 @@ int mbedtls_md5_ret( const unsigned char *input, * stronger message digests instead. * */ -MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +MBEDTLS_DEPRECATED void mbedtls_md5(const unsigned char *input, + size_t ilen, + unsigned char output[16]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -298,7 +297,7 @@ MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input, * stronger message digests instead. * */ -int mbedtls_md5_self_test( int verbose ); +int mbedtls_md5_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/md_internal.h b/common/mbedtls/md_internal.h index f33cdf608..9e10f2409 100644 --- a/common/mbedtls/md_internal.h +++ b/common/mbedtls/md_internal.h @@ -42,10 +42,9 @@ extern "C" { * Message digest information. * Allows message digest functions to be called in a generic way. */ -struct mbedtls_md_info_t -{ +struct mbedtls_md_info_t { /** Name of the message digest */ - const char * name; + const char *name; /** Digest identifier */ mbedtls_md_type_t type; diff --git a/common/mbedtls/memory_buffer_alloc.c b/common/mbedtls/memory_buffer_alloc.c index 0d5d27d3d..a1e9accda 100644 --- a/common/mbedtls/memory_buffer_alloc.c +++ b/common/mbedtls/memory_buffer_alloc.c @@ -42,8 +42,7 @@ #define MAX_BT 20 typedef struct _memory_header memory_header; -struct _memory_header -{ +struct _memory_header { size_t magic1; size_t size; size_t alloc; @@ -58,8 +57,7 @@ struct _memory_header size_t magic2; }; -typedef struct -{ +typedef struct { unsigned char *buf; size_t len; memory_header *first; @@ -82,147 +80,130 @@ buffer_alloc_ctx; static buffer_alloc_ctx heap; #if defined(MBEDTLS_MEMORY_DEBUG) -static void debug_header( memory_header *hdr ) -{ +static void debug_header(memory_header *hdr) { #if defined(MBEDTLS_MEMORY_BACKTRACE) size_t i; #endif - mbedtls_fprintf( stderr, "HDR: PTR(%10zu), PREV(%10zu), NEXT(%10zu), " - "ALLOC(%zu), SIZE(%10zu)\n", - (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next, - hdr->alloc, hdr->size ); - mbedtls_fprintf( stderr, " FPREV(%10zu), FNEXT(%10zu)\n", - (size_t) hdr->prev_free, (size_t) hdr->next_free ); + mbedtls_fprintf(stderr, "HDR: PTR(%10zu), PREV(%10zu), NEXT(%10zu), " + "ALLOC(%zu), SIZE(%10zu)\n", + (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next, + hdr->alloc, hdr->size); + mbedtls_fprintf(stderr, " FPREV(%10zu), FNEXT(%10zu)\n", + (size_t) hdr->prev_free, (size_t) hdr->next_free); #if defined(MBEDTLS_MEMORY_BACKTRACE) - mbedtls_fprintf( stderr, "TRACE: \n" ); - for( i = 0; i < hdr->trace_count; i++ ) - mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] ); - mbedtls_fprintf( stderr, "\n" ); + mbedtls_fprintf(stderr, "TRACE: \n"); + for (i = 0; i < hdr->trace_count; i++) + mbedtls_fprintf(stderr, "%s\n", hdr->trace[i]); + mbedtls_fprintf(stderr, "\n"); #endif } -static void debug_chain( void ) -{ +static void debug_chain(void) { memory_header *cur = heap.first; - mbedtls_fprintf( stderr, "\nBlock list\n" ); - while( cur != NULL ) - { - debug_header( cur ); + mbedtls_fprintf(stderr, "\nBlock list\n"); + while (cur != NULL) { + debug_header(cur); cur = cur->next; } - mbedtls_fprintf( stderr, "Free list\n" ); + mbedtls_fprintf(stderr, "Free list\n"); cur = heap.first_free; - while( cur != NULL ) - { - debug_header( cur ); + while (cur != NULL) { + debug_header(cur); cur = cur->next_free; } } #endif /* MBEDTLS_MEMORY_DEBUG */ -static int verify_header( memory_header *hdr ) -{ - if( hdr->magic1 != MAGIC1 ) - { +static int verify_header(memory_header *hdr) { + if (hdr->magic1 != MAGIC1) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" ); + mbedtls_fprintf(stderr, "FATAL: MAGIC1 mismatch\n"); #endif - return( 1 ); + return (1); } - if( hdr->magic2 != MAGIC2 ) - { + if (hdr->magic2 != MAGIC2) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" ); + mbedtls_fprintf(stderr, "FATAL: MAGIC2 mismatch\n"); #endif - return( 1 ); + return (1); } - if( hdr->alloc > 1 ) - { + if (hdr->alloc > 1) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" ); + mbedtls_fprintf(stderr, "FATAL: alloc has illegal value\n"); #endif - return( 1 ); + return (1); } - if( hdr->prev != NULL && hdr->prev == hdr->next ) - { + if (hdr->prev != NULL && hdr->prev == hdr->next) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: prev == next\n" ); + mbedtls_fprintf(stderr, "FATAL: prev == next\n"); #endif - return( 1 ); + return (1); } - if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free ) - { + if (hdr->prev_free != NULL && hdr->prev_free == hdr->next_free) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" ); + mbedtls_fprintf(stderr, "FATAL: prev_free == next_free\n"); #endif - return( 1 ); + return (1); } - return( 0 ); + return (0); } -static int verify_chain( void ) -{ +static int verify_chain(void) { memory_header *prv = heap.first, *cur; - if( prv == NULL || verify_header( prv ) != 0 ) - { + if (prv == NULL || verify_header(prv) != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification of first header " - "failed\n" ); + mbedtls_fprintf(stderr, "FATAL: verification of first header " + "failed\n"); #endif - return( 1 ); + return (1); } - if( heap.first->prev != NULL ) - { + if (heap.first->prev != NULL) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification failed: " - "first->prev != NULL\n" ); + mbedtls_fprintf(stderr, "FATAL: verification failed: " + "first->prev != NULL\n"); #endif - return( 1 ); + return (1); } cur = heap.first->next; - while( cur != NULL ) - { - if( verify_header( cur ) != 0 ) - { + while (cur != NULL) { + if (verify_header(cur) != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification of header " - "failed\n" ); + mbedtls_fprintf(stderr, "FATAL: verification of header " + "failed\n"); #endif - return( 1 ); + return (1); } - if( cur->prev != prv ) - { + if (cur->prev != prv) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: verification failed: " - "cur->prev != prv\n" ); + mbedtls_fprintf(stderr, "FATAL: verification failed: " + "cur->prev != prv\n"); #endif - return( 1 ); + return (1); } prv = cur; cur = cur->next; } - return( 0 ); + return (0); } -static void *buffer_alloc_calloc( size_t n, size_t size ) -{ +static void *buffer_alloc_calloc(size_t n, size_t size) { memory_header *new, *cur = heap.first_free; unsigned char *p; void *ret; @@ -232,42 +213,39 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) size_t trace_cnt; #endif - if( heap.buf == NULL || heap.first == NULL ) - return( NULL ); + if (heap.buf == NULL || heap.first == NULL) + return (NULL); original_len = len = n * size; - if( n == 0 || size == 0 || len / n != size ) - return( NULL ); - else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - return( NULL ); + if (n == 0 || size == 0 || len / n != size) + return (NULL); + else if (len > (size_t) - MBEDTLS_MEMORY_ALIGN_MULTIPLE) + return (NULL); - if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - { + if (len % MBEDTLS_MEMORY_ALIGN_MULTIPLE) { len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE; len += MBEDTLS_MEMORY_ALIGN_MULTIPLE; } // Find block that fits // - while( cur != NULL ) - { - if( cur->size >= len ) + while (cur != NULL) { + if (cur->size >= len) break; cur = cur->next_free; } - if( cur == NULL ) - return( NULL ); + if (cur == NULL) + return (NULL); - if( cur->alloc != 0 ) - { + if (cur->alloc != 0) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated " - "data\n" ); + mbedtls_fprintf(stderr, "FATAL: block in free_list but allocated " + "data\n"); #endif - mbedtls_exit( 1 ); + mbedtls_exit(1); } #if defined(MBEDTLS_MEMORY_DEBUG) @@ -276,19 +254,18 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) // Found location, split block if > memory_header + 4 room left // - if( cur->size - len < sizeof(memory_header) + - MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - { + if (cur->size - len < sizeof(memory_header) + + MBEDTLS_MEMORY_ALIGN_MULTIPLE) { cur->alloc = 1; // Remove from free_list // - if( cur->prev_free != NULL ) + if (cur->prev_free != NULL) cur->prev_free->next_free = cur->next_free; else heap.first_free = cur->next_free; - if( cur->next_free != NULL ) + if (cur->next_free != NULL) cur->next_free->prev_free = cur->prev_free; cur->prev_free = NULL; @@ -296,25 +273,25 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) #if defined(MBEDTLS_MEMORY_DEBUG) heap.total_used += cur->size; - if( heap.total_used > heap.maximum_used ) + if (heap.total_used > heap.maximum_used) heap.maximum_used = heap.total_used; #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) - trace_cnt = backtrace( trace_buffer, MAX_BT ); - cur->trace = backtrace_symbols( trace_buffer, trace_cnt ); + trace_cnt = backtrace(trace_buffer, MAX_BT); + cur->trace = backtrace_symbols(trace_buffer, trace_cnt); cur->trace_count = trace_cnt; #endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 ) - mbedtls_exit( 1 ); + if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) + mbedtls_exit(1); - ret = (unsigned char *) cur + sizeof( memory_header ); - memset( ret, 0, original_len ); + ret = (unsigned char *) cur + sizeof(memory_header); + memset(ret, 0, original_len); - return( ret ); + return (ret); } - p = ( (unsigned char *) cur ) + sizeof(memory_header) + len; + p = ((unsigned char *) cur) + sizeof(memory_header) + len; new = (memory_header *) p; new->size = cur->size - len - sizeof(memory_header); @@ -328,19 +305,19 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) new->magic1 = MAGIC1; new->magic2 = MAGIC2; - if( new->next != NULL ) + if (new->next != NULL) new->next->prev = new; // Replace cur with new in free_list // new->prev_free = cur->prev_free; new->next_free = cur->next_free; - if( new->prev_free != NULL ) + if (new->prev_free != NULL) new->prev_free->next_free = new; else heap.first_free = new; - if( new->next_free != NULL ) + if (new->next_free != NULL) new->next_free->prev_free = new; cur->alloc = 1; @@ -351,57 +328,54 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) #if defined(MBEDTLS_MEMORY_DEBUG) heap.header_count++; - if( heap.header_count > heap.maximum_header_count ) + if (heap.header_count > heap.maximum_header_count) heap.maximum_header_count = heap.header_count; heap.total_used += cur->size; - if( heap.total_used > heap.maximum_used ) + if (heap.total_used > heap.maximum_used) heap.maximum_used = heap.total_used; #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) - trace_cnt = backtrace( trace_buffer, MAX_BT ); - cur->trace = backtrace_symbols( trace_buffer, trace_cnt ); + trace_cnt = backtrace(trace_buffer, MAX_BT); + cur->trace = backtrace_symbols(trace_buffer, trace_cnt); cur->trace_count = trace_cnt; #endif - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 ) - mbedtls_exit( 1 ); + if ((heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC) && verify_chain() != 0) + mbedtls_exit(1); - ret = (unsigned char *) cur + sizeof( memory_header ); - memset( ret, 0, original_len ); + ret = (unsigned char *) cur + sizeof(memory_header); + memset(ret, 0, original_len); - return( ret ); + return (ret); } -static void buffer_alloc_free( void *ptr ) -{ +static void buffer_alloc_free(void *ptr) { memory_header *hdr, *old = NULL; unsigned char *p = (unsigned char *) ptr; - if( ptr == NULL || heap.buf == NULL || heap.first == NULL ) + if (ptr == NULL || heap.buf == NULL || heap.first == NULL) return; - if( p < heap.buf || p >= heap.buf + heap.len ) - { + if (p < heap.buf || p >= heap.buf + heap.len) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed " - "space\n" ); + mbedtls_fprintf(stderr, "FATAL: mbedtls_free() outside of managed " + "space\n"); #endif - mbedtls_exit( 1 ); + mbedtls_exit(1); } p -= sizeof(memory_header); hdr = (memory_header *) p; - if( verify_header( hdr ) != 0 ) - mbedtls_exit( 1 ); + if (verify_header(hdr) != 0) + mbedtls_exit(1); - if( hdr->alloc != 1 ) - { + if (hdr->alloc != 1) { #if defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated " - "data\n" ); + mbedtls_fprintf(stderr, "FATAL: mbedtls_free() on unallocated " + "data\n"); #endif - mbedtls_exit( 1 ); + mbedtls_exit(1); } hdr->alloc = 0; @@ -412,15 +386,14 @@ static void buffer_alloc_free( void *ptr ) #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) - free( hdr->trace ); + free(hdr->trace); hdr->trace = NULL; hdr->trace_count = 0; #endif // Regroup with block before // - if( hdr->prev != NULL && hdr->prev->alloc == 0 ) - { + if (hdr->prev != NULL && hdr->prev->alloc == 0) { #if defined(MBEDTLS_MEMORY_DEBUG) heap.header_count--; #endif @@ -429,16 +402,15 @@ static void buffer_alloc_free( void *ptr ) old = hdr; hdr = hdr->prev; - if( hdr->next != NULL ) + if (hdr->next != NULL) hdr->next->prev = hdr; - memset( old, 0, sizeof(memory_header) ); + memset(old, 0, sizeof(memory_header)); } // Regroup with block after // - if( hdr->next != NULL && hdr->next->alloc == 0 ) - { + if (hdr->next != NULL && hdr->next->alloc == 0) { #if defined(MBEDTLS_MEMORY_DEBUG) heap.header_count--; #endif @@ -446,192 +418,173 @@ static void buffer_alloc_free( void *ptr ) old = hdr->next; hdr->next = hdr->next->next; - if( hdr->prev_free != NULL || hdr->next_free != NULL ) - { - if( hdr->prev_free != NULL ) + if (hdr->prev_free != NULL || hdr->next_free != NULL) { + if (hdr->prev_free != NULL) hdr->prev_free->next_free = hdr->next_free; else heap.first_free = hdr->next_free; - if( hdr->next_free != NULL ) + if (hdr->next_free != NULL) hdr->next_free->prev_free = hdr->prev_free; } hdr->prev_free = old->prev_free; hdr->next_free = old->next_free; - if( hdr->prev_free != NULL ) + if (hdr->prev_free != NULL) hdr->prev_free->next_free = hdr; else heap.first_free = hdr; - if( hdr->next_free != NULL ) + if (hdr->next_free != NULL) hdr->next_free->prev_free = hdr; - if( hdr->next != NULL ) + if (hdr->next != NULL) hdr->next->prev = hdr; - memset( old, 0, sizeof(memory_header) ); + memset(old, 0, sizeof(memory_header)); } // Prepend to free_list if we have not merged // (Does not have to stay in same order as prev / next list) // - if( old == NULL ) - { + if (old == NULL) { hdr->next_free = heap.first_free; - if( heap.first_free != NULL ) + if (heap.first_free != NULL) heap.first_free->prev_free = hdr; heap.first_free = hdr; } - if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 ) - mbedtls_exit( 1 ); + if ((heap.verify & MBEDTLS_MEMORY_VERIFY_FREE) && verify_chain() != 0) + mbedtls_exit(1); } -void mbedtls_memory_buffer_set_verify( int verify ) -{ +void mbedtls_memory_buffer_set_verify(int verify) { heap.verify = verify; } -int mbedtls_memory_buffer_alloc_verify( void ) -{ +int mbedtls_memory_buffer_alloc_verify(void) { return verify_chain(); } #if defined(MBEDTLS_MEMORY_DEBUG) -void mbedtls_memory_buffer_alloc_status( void ) -{ - mbedtls_fprintf( stderr, - "Current use: %zu blocks / %zu bytes, max: %zu blocks / " - "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n", - heap.header_count, heap.total_used, - heap.maximum_header_count, heap.maximum_used, - heap.maximum_header_count * sizeof( memory_header ) - + heap.maximum_used, - heap.alloc_count, heap.free_count ); +void mbedtls_memory_buffer_alloc_status(void) { + mbedtls_fprintf(stderr, + "Current use: %zu blocks / %zu bytes, max: %zu blocks / " + "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n", + heap.header_count, heap.total_used, + heap.maximum_header_count, heap.maximum_used, + heap.maximum_header_count * sizeof(memory_header) + + heap.maximum_used, + heap.alloc_count, heap.free_count); - if( heap.first->next == NULL ) - { - mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" ); - } - else - { - mbedtls_fprintf( stderr, "Memory currently allocated:\n" ); + if (heap.first->next == NULL) { + mbedtls_fprintf(stderr, "All memory de-allocated in stack buffer\n"); + } else { + mbedtls_fprintf(stderr, "Memory currently allocated:\n"); debug_chain(); } } -void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ) -{ +void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks) { *max_used = heap.maximum_used; *max_blocks = heap.maximum_header_count; } -void mbedtls_memory_buffer_alloc_max_reset( void ) -{ +void mbedtls_memory_buffer_alloc_max_reset(void) { heap.maximum_used = 0; heap.maximum_header_count = 0; } -void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) -{ +void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks) { *cur_used = heap.total_used; *cur_blocks = heap.header_count; } #endif /* MBEDTLS_MEMORY_DEBUG */ #if defined(MBEDTLS_THREADING_C) -static void *buffer_alloc_calloc_mutexed( size_t n, size_t size ) -{ +static void *buffer_alloc_calloc_mutexed(size_t n, size_t size) { void *buf; - if( mbedtls_mutex_lock( &heap.mutex ) != 0 ) - return( NULL ); - buf = buffer_alloc_calloc( n, size ); - if( mbedtls_mutex_unlock( &heap.mutex ) ) - return( NULL ); - return( buf ); + if (mbedtls_mutex_lock(&heap.mutex) != 0) + return (NULL); + buf = buffer_alloc_calloc(n, size); + if (mbedtls_mutex_unlock(&heap.mutex)) + return (NULL); + return (buf); } -static void buffer_alloc_free_mutexed( void *ptr ) -{ +static void buffer_alloc_free_mutexed(void *ptr) { /* We have to good option here, but corrupting the heap seems * worse than loosing memory. */ - if( mbedtls_mutex_lock( &heap.mutex ) ) + if (mbedtls_mutex_lock(&heap.mutex)) return; - buffer_alloc_free( ptr ); - (void) mbedtls_mutex_unlock( &heap.mutex ); + buffer_alloc_free(ptr); + (void) mbedtls_mutex_unlock(&heap.mutex); } #endif /* MBEDTLS_THREADING_C */ -void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) -{ - memset( &heap, 0, sizeof( buffer_alloc_ctx ) ); +void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len) { + memset(&heap, 0, sizeof(buffer_alloc_ctx)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &heap.mutex ); - mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed, - buffer_alloc_free_mutexed ); + mbedtls_mutex_init(&heap.mutex); + mbedtls_platform_set_calloc_free(buffer_alloc_calloc_mutexed, + buffer_alloc_free_mutexed); #else - mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free ); + mbedtls_platform_set_calloc_free(buffer_alloc_calloc, buffer_alloc_free); #endif - if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE ) + if (len < sizeof(memory_header) + MBEDTLS_MEMORY_ALIGN_MULTIPLE) return; - else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE ) - { + else if ((size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE) { /* Adjust len first since buf is used in the computation */ len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE - - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; + - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; } - memset( buf, 0, len ); + memset(buf, 0, len); heap.buf = buf; heap.len = len; heap.first = (memory_header *)buf; - heap.first->size = len - sizeof( memory_header ); + heap.first->size = len - sizeof(memory_header); heap.first->magic1 = MAGIC1; heap.first->magic2 = MAGIC2; heap.first_free = heap.first; } -void mbedtls_memory_buffer_alloc_free( void ) -{ +void mbedtls_memory_buffer_alloc_free(void) { #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &heap.mutex ); + mbedtls_mutex_free(&heap.mutex); #endif - mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) ); + mbedtls_platform_zeroize(&heap, sizeof(buffer_alloc_ctx)); } #if defined(MBEDTLS_SELF_TEST) -static int check_pointer( void *p ) -{ - if( p == NULL ) - return( -1 ); +static int check_pointer(void *p) { + if (p == NULL) + return (-1); - if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 ) - return( -1 ); + if ((size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0) + return (-1); - return( 0 ); + return (0); } -static int check_all_free( void ) -{ - if( +static int check_all_free(void) { + if ( #if defined(MBEDTLS_MEMORY_DEBUG) heap.total_used != 0 || #endif heap.first != heap.first_free || - (void *) heap.first != (void *) heap.buf ) - { - return( -1 ); + (void *) heap.first != (void *) heap.buf) { + return (-1); } - return( 0 ); + return (0); } #define TEST_ASSERT( condition ) \ @@ -644,100 +597,99 @@ static int check_all_free( void ) goto cleanup; \ } -int mbedtls_memory_buffer_alloc_self_test( int verbose ) -{ +int mbedtls_memory_buffer_alloc_self_test(int verbose) { unsigned char buf[1024]; unsigned char *p, *q, *r, *end; int ret = 0; - if( verbose != 0 ) - mbedtls_printf( " MBA test #1 (basic alloc-free cycle): " ); + if (verbose != 0) + mbedtls_printf(" MBA test #1 (basic alloc-free cycle): "); - mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + mbedtls_memory_buffer_alloc_init(buf, sizeof(buf)); - p = mbedtls_calloc( 1, 1 ); - q = mbedtls_calloc( 1, 128 ); - r = mbedtls_calloc( 1, 16 ); + p = mbedtls_calloc(1, 1); + q = mbedtls_calloc(1, 128); + r = mbedtls_calloc(1, 16); - TEST_ASSERT( check_pointer( p ) == 0 && - check_pointer( q ) == 0 && - check_pointer( r ) == 0 ); + TEST_ASSERT(check_pointer(p) == 0 && + check_pointer(q) == 0 && + check_pointer(r) == 0); - mbedtls_free( r ); - mbedtls_free( q ); - mbedtls_free( p ); + mbedtls_free(r); + mbedtls_free(q); + mbedtls_free(p); - TEST_ASSERT( check_all_free( ) == 0 ); + TEST_ASSERT(check_all_free() == 0); /* Memorize end to compare with the next test */ end = heap.buf + heap.len; - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( " MBA test #2 (buf not aligned): " ); + if (verbose != 0) + mbedtls_printf(" MBA test #2 (buf not aligned): "); - mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 ); + mbedtls_memory_buffer_alloc_init(buf + 1, sizeof(buf) - 1); - TEST_ASSERT( heap.buf + heap.len == end ); + TEST_ASSERT(heap.buf + heap.len == end); - p = mbedtls_calloc( 1, 1 ); - q = mbedtls_calloc( 1, 128 ); - r = mbedtls_calloc( 1, 16 ); + p = mbedtls_calloc(1, 1); + q = mbedtls_calloc(1, 128); + r = mbedtls_calloc(1, 16); - TEST_ASSERT( check_pointer( p ) == 0 && - check_pointer( q ) == 0 && - check_pointer( r ) == 0 ); + TEST_ASSERT(check_pointer(p) == 0 && + check_pointer(q) == 0 && + check_pointer(r) == 0); - mbedtls_free( r ); - mbedtls_free( q ); - mbedtls_free( p ); + mbedtls_free(r); + mbedtls_free(q); + mbedtls_free(p); - TEST_ASSERT( check_all_free( ) == 0 ); + TEST_ASSERT(check_all_free() == 0); - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( " MBA test #3 (full): " ); + if (verbose != 0) + mbedtls_printf(" MBA test #3 (full): "); - mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) ); + mbedtls_memory_buffer_alloc_init(buf, sizeof(buf)); - p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) ); + p = mbedtls_calloc(1, sizeof(buf) - sizeof(memory_header)); - TEST_ASSERT( check_pointer( p ) == 0 ); - TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL ); + TEST_ASSERT(check_pointer(p) == 0); + TEST_ASSERT(mbedtls_calloc(1, 1) == NULL); - mbedtls_free( p ); + mbedtls_free(p); - p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 ); - q = mbedtls_calloc( 1, 16 ); + p = mbedtls_calloc(1, sizeof(buf) - 2 * sizeof(memory_header) - 16); + q = mbedtls_calloc(1, 16); - TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 ); - TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL ); + TEST_ASSERT(check_pointer(p) == 0 && check_pointer(q) == 0); + TEST_ASSERT(mbedtls_calloc(1, 1) == NULL); - mbedtls_free( q ); + mbedtls_free(q); - TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL ); + TEST_ASSERT(mbedtls_calloc(1, 17) == NULL); - mbedtls_free( p ); + mbedtls_free(p); - TEST_ASSERT( check_all_free( ) == 0 ); + TEST_ASSERT(check_all_free() == 0); - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); cleanup: - mbedtls_memory_buffer_alloc_free( ); + mbedtls_memory_buffer_alloc_free(); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/memory_buffer_alloc.h b/common/mbedtls/memory_buffer_alloc.h index 233977252..16aabce60 100644 --- a/common/mbedtls/memory_buffer_alloc.h +++ b/common/mbedtls/memory_buffer_alloc.h @@ -68,12 +68,12 @@ extern "C" { * \param buf buffer to use as heap * \param len size of the buffer */ -void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ); +void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len); /** * \brief Free the mutex for thread-safety and clear remaining memory */ -void mbedtls_memory_buffer_alloc_free( void ); +void mbedtls_memory_buffer_alloc_free(void); /** * \brief Determine when the allocator should automatically verify the state @@ -83,7 +83,7 @@ void mbedtls_memory_buffer_alloc_free( void ); * \param verify One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC, * MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS */ -void mbedtls_memory_buffer_set_verify( int verify ); +void mbedtls_memory_buffer_set_verify(int verify); #if defined(MBEDTLS_MEMORY_DEBUG) /** @@ -92,7 +92,7 @@ void mbedtls_memory_buffer_set_verify( int verify ); * Prints out a list of 'still allocated' blocks and their stack * trace if MBEDTLS_MEMORY_BACKTRACE is defined. */ -void mbedtls_memory_buffer_alloc_status( void ); +void mbedtls_memory_buffer_alloc_status(void); /** * \brief Get the peak heap usage so far @@ -102,12 +102,12 @@ void mbedtls_memory_buffer_alloc_status( void ); * into smaller blocks but larger than the requested size. * \param max_blocks Peak number of blocks in use, including free and used */ -void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks ); +void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks); /** * \brief Reset peak statistics */ -void mbedtls_memory_buffer_alloc_max_reset( void ); +void mbedtls_memory_buffer_alloc_max_reset(void); /** * \brief Get the current heap usage @@ -117,7 +117,7 @@ void mbedtls_memory_buffer_alloc_max_reset( void ); * into smaller blocks but larger than the requested size. * \param cur_blocks Current number of blocks in use, including free and used */ -void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ); +void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks); #endif /* MBEDTLS_MEMORY_DEBUG */ /** @@ -131,7 +131,7 @@ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) * * \return 0 if verified, 1 otherwise */ -int mbedtls_memory_buffer_alloc_verify( void ); +int mbedtls_memory_buffer_alloc_verify(void); #if defined(MBEDTLS_SELF_TEST) /** @@ -139,7 +139,7 @@ int mbedtls_memory_buffer_alloc_verify( void ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_memory_buffer_alloc_self_test( int verbose ); +int mbedtls_memory_buffer_alloc_self_test(int verbose); #endif #ifdef __cplusplus diff --git a/common/mbedtls/net_sockets.c b/common/mbedtls/net_sockets.c index ad1ac13fb..f990f73ca 100644 --- a/common/mbedtls/net_sockets.c +++ b/common/mbedtls/net_sockets.c @@ -110,139 +110,125 @@ static int wsa_init_done = 0; /* * Prepare for using the sockets interface */ -static int net_prepare( void ) -{ +static int net_prepare(void) { #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) WSADATA wsaData; - if( wsa_init_done == 0 ) - { - if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 ) - return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + if (wsa_init_done == 0) { + if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) + return (MBEDTLS_ERR_NET_SOCKET_FAILED); wsa_init_done = 1; } #else #if !defined(EFIX64) && !defined(EFI32) - signal( SIGPIPE, SIG_IGN ); + signal(SIGPIPE, SIG_IGN); #endif #endif - return( 0 ); + return (0); } /* * Initialize a context */ -void mbedtls_net_init( mbedtls_net_context *ctx ) -{ +void mbedtls_net_init(mbedtls_net_context *ctx) { ctx->fd = -1; } /* * Initiate a TCP connection with host:port and the given protocol */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, - const char *port, int proto ) -{ +int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, + const char *port, int proto) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct addrinfo hints, *addr_list, *cur; - if( ( ret = net_prepare() ) != 0 ) - return( ret ); + if ((ret = net_prepare()) != 0) + return (ret); /* Do name resolution with both IPv6 and IPv4 */ - memset( &hints, 0, sizeof( hints ) ); + memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if( getaddrinfo( host, port, &hints, &addr_list ) != 0 ) - return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + if (getaddrinfo(host, port, &hints, &addr_list) != 0) + return (MBEDTLS_ERR_NET_UNKNOWN_HOST); /* Try the sockaddrs until a connection succeeds */ ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for( cur = addr_list; cur != NULL; cur = cur->ai_next ) - { - ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, - cur->ai_protocol ); - if( ctx->fd < 0 ) - { + for (cur = addr_list; cur != NULL; cur = cur->ai_next) { + ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, + cur->ai_protocol); + if (ctx->fd < 0) { ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } - if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 ) - { + if (connect(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) == 0) { ret = 0; break; } - close( ctx->fd ); + close(ctx->fd); ret = MBEDTLS_ERR_NET_CONNECT_FAILED; } - freeaddrinfo( addr_list ); + freeaddrinfo(addr_list); - return( ret ); + return (ret); } /* * Create a listening socket on bind_ip:port */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ) -{ +int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto) { int n, ret; struct addrinfo hints, *addr_list, *cur; - if( ( ret = net_prepare() ) != 0 ) - return( ret ); + if ((ret = net_prepare()) != 0) + return (ret); /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ - memset( &hints, 0, sizeof( hints ) ); + memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; - if( bind_ip == NULL ) + if (bind_ip == NULL) hints.ai_flags = AI_PASSIVE; - if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 ) - return( MBEDTLS_ERR_NET_UNKNOWN_HOST ); + if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) + return (MBEDTLS_ERR_NET_UNKNOWN_HOST); /* Try the sockaddrs until a binding succeeds */ ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; - for( cur = addr_list; cur != NULL; cur = cur->ai_next ) - { - ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype, - cur->ai_protocol ); - if( ctx->fd < 0 ) - { + for (cur = addr_list; cur != NULL; cur = cur->ai_next) { + ctx->fd = (int) socket(cur->ai_family, cur->ai_socktype, + cur->ai_protocol); + if (ctx->fd < 0) { ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } n = 1; - if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &n, sizeof( n ) ) != 0 ) - { - close( ctx->fd ); + if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &n, sizeof(n)) != 0) { + close(ctx->fd); ret = MBEDTLS_ERR_NET_SOCKET_FAILED; continue; } - if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 ) - { - close( ctx->fd ); + if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) { + close(ctx->fd); ret = MBEDTLS_ERR_NET_BIND_FAILED; continue; } /* Listen only makes sense for TCP */ - if( proto == MBEDTLS_NET_PROTO_TCP ) - { - if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 ) - { - close( ctx->fd ); + if (proto == MBEDTLS_NET_PROTO_TCP) { + if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) { + close(ctx->fd); ret = MBEDTLS_ERR_NET_LISTEN_FAILED; continue; } @@ -253,9 +239,9 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char break; } - freeaddrinfo( addr_list ); + freeaddrinfo(addr_list); - return( ret ); + return (ret); } @@ -265,10 +251,9 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * Check if the requested operation would be blocking on a non-blocking socket * and thus 'failed' with a negative return value. */ -static int net_would_block( const mbedtls_net_context *ctx ) -{ +static int net_would_block(const mbedtls_net_context *ctx) { ((void) ctx); - return( WSAGetLastError() == WSAEWOULDBLOCK ); + return (WSAGetLastError() == WSAEWOULDBLOCK); } #else /* @@ -277,40 +262,36 @@ static int net_would_block( const mbedtls_net_context *ctx ) * * Note: on a blocking socket this function always returns 0! */ -static int net_would_block( const mbedtls_net_context *ctx ) -{ +static int net_would_block(const mbedtls_net_context *ctx) { int err = errno; /* * Never return 'WOULD BLOCK' on a blocking socket */ - if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) - { + if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) { errno = err; - return( 0 ); + return (0); } - switch( errno = err ) - { + switch (errno = err) { #if defined EAGAIN case EAGAIN: #endif #if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN case EWOULDBLOCK: #endif - return( 1 ); + return (1); } - return( 0 ); + return (0); } #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* * Accept a connection from a remote client */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ) -{ +int mbedtls_net_accept(mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int type; @@ -319,132 +300,117 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) - socklen_t n = (socklen_t) sizeof( client_addr ); - socklen_t type_len = (socklen_t) sizeof( type ); + socklen_t n = (socklen_t) sizeof(client_addr); + socklen_t type_len = (socklen_t) sizeof(type); #else - int n = (int) sizeof( client_addr ); - int type_len = (int) sizeof( type ); + int n = (int) sizeof(client_addr); + int type_len = (int) sizeof(type); #endif /* Is this a TCP or UDP socket? */ - if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE, - (void *) &type, &type_len ) != 0 || - ( type != SOCK_STREAM && type != SOCK_DGRAM ) ) - { - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE, + (void *) &type, &type_len) != 0 || + (type != SOCK_STREAM && type != SOCK_DGRAM)) { + return (MBEDTLS_ERR_NET_ACCEPT_FAILED); } - if( type == SOCK_STREAM ) - { + if (type == SOCK_STREAM) { /* TCP: actual accept() */ - ret = client_ctx->fd = (int) accept( bind_ctx->fd, - (struct sockaddr *) &client_addr, &n ); - } - else - { + ret = client_ctx->fd = (int) accept(bind_ctx->fd, + (struct sockaddr *) &client_addr, &n); + } else { /* UDP: wait for a message, but keep it in the queue */ char buf[1] = { 0 }; - ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK, - (struct sockaddr *) &client_addr, &n ); + ret = (int) recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK, + (struct sockaddr *) &client_addr, &n); #if defined(_WIN32) - if( ret == SOCKET_ERROR && - WSAGetLastError() == WSAEMSGSIZE ) - { + if (ret == SOCKET_ERROR && + WSAGetLastError() == WSAEMSGSIZE) { /* We know buf is too small, thanks, just peeking here */ ret = 0; } #endif } - if( ret < 0 ) - { - if( net_would_block( bind_ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ret < 0) { + if (net_would_block(bind_ctx) != 0) + return (MBEDTLS_ERR_SSL_WANT_READ); - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + return (MBEDTLS_ERR_NET_ACCEPT_FAILED); } /* UDP: hijack the listening socket to communicate with the client, * then bind a new socket to accept new connections */ - if( type != SOCK_STREAM ) - { + if (type != SOCK_STREAM) { struct sockaddr_storage local_addr; int one = 1; - if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 ) - return( MBEDTLS_ERR_NET_ACCEPT_FAILED ); + if (connect(bind_ctx->fd, (struct sockaddr *) &client_addr, n) != 0) + return (MBEDTLS_ERR_NET_ACCEPT_FAILED); client_ctx->fd = bind_ctx->fd; bind_ctx->fd = -1; /* In case we exit early */ - n = sizeof( struct sockaddr_storage ); - if( getsockname( client_ctx->fd, - (struct sockaddr *) &local_addr, &n ) != 0 || - ( bind_ctx->fd = (int) socket( local_addr.ss_family, - SOCK_DGRAM, IPPROTO_UDP ) ) < 0 || - setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, - (const char *) &one, sizeof( one ) ) != 0 ) - { - return( MBEDTLS_ERR_NET_SOCKET_FAILED ); + n = sizeof(struct sockaddr_storage); + if (getsockname(client_ctx->fd, + (struct sockaddr *) &local_addr, &n) != 0 || + (bind_ctx->fd = (int) socket(local_addr.ss_family, + SOCK_DGRAM, IPPROTO_UDP)) < 0 || + setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, + (const char *) &one, sizeof(one)) != 0) { + return (MBEDTLS_ERR_NET_SOCKET_FAILED); } - if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 ) - { - return( MBEDTLS_ERR_NET_BIND_FAILED ); + if (bind(bind_ctx->fd, (struct sockaddr *) &local_addr, n) != 0) { + return (MBEDTLS_ERR_NET_BIND_FAILED); } } - if( client_ip != NULL ) - { - if( client_addr.ss_family == AF_INET ) - { + if (client_ip != NULL) { + if (client_addr.ss_family == AF_INET) { struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr; - *ip_len = sizeof( addr4->sin_addr.s_addr ); + *ip_len = sizeof(addr4->sin_addr.s_addr); - if( buf_size < *ip_len ) - return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + if (buf_size < *ip_len) + return (MBEDTLS_ERR_NET_BUFFER_TOO_SMALL); - memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len ); - } - else - { + memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len); + } else { struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr; - *ip_len = sizeof( addr6->sin6_addr.s6_addr ); + *ip_len = sizeof(addr6->sin6_addr.s6_addr); - if( buf_size < *ip_len ) - return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL ); + if (buf_size < *ip_len) + return (MBEDTLS_ERR_NET_BUFFER_TOO_SMALL); - memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len); + memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len); } } - return( 0 ); + return (0); } /* * Set the socket blocking or non-blocking */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ) -{ +int mbedtls_net_set_block(mbedtls_net_context *ctx) { #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) u_long n = 0; - return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); + return (ioctlsocket(ctx->fd, FIONBIO, &n)); #else - return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) ); + return (fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK)); #endif } -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) -{ +int mbedtls_net_set_nonblock(mbedtls_net_context *ctx) { #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) u_long n = 1; - return( ioctlsocket( ctx->fd, FIONBIO, &n ) ); + return (ioctlsocket(ctx->fd, FIONBIO, &n)); #else - return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) ); + return (fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK)); #endif } @@ -452,8 +418,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ) * Check if data is available on the socket */ -int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) -{ +int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct timeval tv; @@ -462,72 +427,67 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) int fd = ctx->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if (fd < 0) + return (MBEDTLS_ERR_NET_INVALID_CONTEXT); /* A limitation of select() is that it only works with file descriptors * that are strictly less than FD_SETSIZE. This is a limitation of the * fd_set type. Error out early, because attempting to call FD_SET on a * large file descriptor is a buffer overflow on typical platforms. */ - if( fd >= FD_SETSIZE ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + if (fd >= FD_SETSIZE) + return (MBEDTLS_ERR_NET_POLL_FAILED); #if defined(__has_feature) #if __has_feature(memory_sanitizer) /* Ensure that memory sanitizers consider read_fds and write_fds as * initialized even on platforms such as Glibc/x86_64 where FD_ZERO * is implemented in assembly. */ - memset( &read_fds, 0, sizeof( read_fds ) ); - memset( &write_fds, 0, sizeof( write_fds ) ); + memset(&read_fds, 0, sizeof(read_fds)); + memset(&write_fds, 0, sizeof(write_fds)); #endif #endif - FD_ZERO( &read_fds ); - if( rw & MBEDTLS_NET_POLL_READ ) - { + FD_ZERO(&read_fds); + if (rw & MBEDTLS_NET_POLL_READ) { rw &= ~MBEDTLS_NET_POLL_READ; - FD_SET( fd, &read_fds ); + FD_SET(fd, &read_fds); } - FD_ZERO( &write_fds ); - if( rw & MBEDTLS_NET_POLL_WRITE ) - { + FD_ZERO(&write_fds); + if (rw & MBEDTLS_NET_POLL_WRITE) { rw &= ~MBEDTLS_NET_POLL_WRITE; - FD_SET( fd, &write_fds ); + FD_SET(fd, &write_fds); } - if( rw != 0 ) - return( MBEDTLS_ERR_NET_BAD_INPUT_DATA ); + if (rw != 0) + return (MBEDTLS_ERR_NET_BAD_INPUT_DATA); tv.tv_sec = timeout / 1000; - tv.tv_usec = ( timeout % 1000 ) * 1000; + tv.tv_usec = (timeout % 1000) * 1000; - do - { - ret = select( fd + 1, &read_fds, &write_fds, NULL, - timeout == (uint32_t) -1 ? NULL : &tv ); - } - while( IS_EINTR( ret ) ); + do { + ret = select(fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t) -1 ? NULL : &tv); + } while (IS_EINTR(ret)); - if( ret < 0 ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + if (ret < 0) + return (MBEDTLS_ERR_NET_POLL_FAILED); ret = 0; - if( FD_ISSET( fd, &read_fds ) ) + if (FD_ISSET(fd, &read_fds)) ret |= MBEDTLS_NET_POLL_READ; - if( FD_ISSET( fd, &write_fds ) ) + if (FD_ISSET(fd, &write_fds)) ret |= MBEDTLS_NET_POLL_WRITE; - return( ret ); + return (ret); } /* * Portable usleep helper */ -void mbedtls_net_usleep( unsigned long usec ) -{ +void mbedtls_net_usleep(unsigned long usec) { #if defined(_WIN32) - Sleep( ( usec + 999 ) / 1000 ); + Sleep((usec + 999) / 1000); #else struct timeval tv; tv.tv_sec = usec / 1000000; @@ -537,142 +497,135 @@ void mbedtls_net_usleep( unsigned long usec ) #else tv.tv_usec = usec % 1000000; #endif - select( 0, NULL, NULL, NULL, &tv ); + select(0, NULL, NULL, NULL, &tv); #endif } /* * Read at most 'len' characters */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) -{ +int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if (fd < 0) + return (MBEDTLS_ERR_NET_INVALID_CONTEXT); - ret = (int) read( fd, buf, len ); + ret = (int) read(fd, buf, len); - if( ret < 0 ) - { - if( net_would_block( ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ret < 0) { + if (net_would_block(ctx) != 0) + return (MBEDTLS_ERR_SSL_WANT_READ); #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) - if( WSAGetLastError() == WSAECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if (WSAGetLastError() == WSAECONNRESET) + return (MBEDTLS_ERR_NET_CONN_RESET); #else - if( errno == EPIPE || errno == ECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if (errno == EPIPE || errno == ECONNRESET) + return (MBEDTLS_ERR_NET_CONN_RESET); - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (errno == EINTR) + return (MBEDTLS_ERR_SSL_WANT_READ); #endif - return( MBEDTLS_ERR_NET_RECV_FAILED ); + return (MBEDTLS_ERR_NET_RECV_FAILED); } - return( ret ); + return (ret); } /* * Read at most 'len' characters, blocking for at most 'timeout' ms */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, - size_t len, uint32_t timeout ) -{ +int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, + size_t len, uint32_t timeout) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; struct timeval tv; fd_set read_fds; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if (fd < 0) + return (MBEDTLS_ERR_NET_INVALID_CONTEXT); /* A limitation of select() is that it only works with file descriptors * that are strictly less than FD_SETSIZE. This is a limitation of the * fd_set type. Error out early, because attempting to call FD_SET on a * large file descriptor is a buffer overflow on typical platforms. */ - if( fd >= FD_SETSIZE ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + if (fd >= FD_SETSIZE) + return (MBEDTLS_ERR_NET_POLL_FAILED); - FD_ZERO( &read_fds ); - FD_SET( fd, &read_fds ); + FD_ZERO(&read_fds); + FD_SET(fd, &read_fds); tv.tv_sec = timeout / 1000; - tv.tv_usec = ( timeout % 1000 ) * 1000; + tv.tv_usec = (timeout % 1000) * 1000; - ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv ); + ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv); /* Zero fds ready means we timed out */ - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_TIMEOUT ); + if (ret == 0) + return (MBEDTLS_ERR_SSL_TIMEOUT); - if( ret < 0 ) - { + if (ret < 0) { #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) - if( WSAGetLastError() == WSAEINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (WSAGetLastError() == WSAEINTR) + return (MBEDTLS_ERR_SSL_WANT_READ); #else - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (errno == EINTR) + return (MBEDTLS_ERR_SSL_WANT_READ); #endif - return( MBEDTLS_ERR_NET_RECV_FAILED ); + return (MBEDTLS_ERR_NET_RECV_FAILED); } /* This call will not block */ - return( mbedtls_net_recv( ctx, buf, len ) ); + return (mbedtls_net_recv(ctx, buf, len)); } /* * Write at most 'len' characters */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) -{ +int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + if (fd < 0) + return (MBEDTLS_ERR_NET_INVALID_CONTEXT); - ret = (int) write( fd, buf, len ); + ret = (int) write(fd, buf, len); - if( ret < 0 ) - { - if( net_would_block( ctx ) != 0 ) - return( MBEDTLS_ERR_SSL_WANT_WRITE ); + if (ret < 0) { + if (net_would_block(ctx) != 0) + return (MBEDTLS_ERR_SSL_WANT_WRITE); #if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \ !defined(EFI32) - if( WSAGetLastError() == WSAECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if (WSAGetLastError() == WSAECONNRESET) + return (MBEDTLS_ERR_NET_CONN_RESET); #else - if( errno == EPIPE || errno == ECONNRESET ) - return( MBEDTLS_ERR_NET_CONN_RESET ); + if (errno == EPIPE || errno == ECONNRESET) + return (MBEDTLS_ERR_NET_CONN_RESET); - if( errno == EINTR ) - return( MBEDTLS_ERR_SSL_WANT_WRITE ); + if (errno == EINTR) + return (MBEDTLS_ERR_SSL_WANT_WRITE); #endif - return( MBEDTLS_ERR_NET_SEND_FAILED ); + return (MBEDTLS_ERR_NET_SEND_FAILED); } - return( ret ); + return (ret); } /* * Close the connection */ -void mbedtls_net_close( mbedtls_net_context *ctx ) -{ - if( ctx->fd == -1 ) +void mbedtls_net_close(mbedtls_net_context *ctx) { + if (ctx->fd == -1) return; - close( ctx->fd ); + close(ctx->fd); ctx->fd = -1; } @@ -680,13 +633,12 @@ void mbedtls_net_close( mbedtls_net_context *ctx ) /* * Gracefully close the connection */ -void mbedtls_net_free( mbedtls_net_context *ctx ) -{ - if( ctx->fd == -1 ) +void mbedtls_net_free(mbedtls_net_context *ctx) { + if (ctx->fd == -1) return; - shutdown( ctx->fd, 2 ); - close( ctx->fd ); + shutdown(ctx->fd, 2); + close(ctx->fd); ctx->fd = -1; } diff --git a/common/mbedtls/net_sockets.h b/common/mbedtls/net_sockets.h index 319f4be53..14beecd02 100644 --- a/common/mbedtls/net_sockets.h +++ b/common/mbedtls/net_sockets.h @@ -82,8 +82,7 @@ extern "C" { * (eg two file descriptors for combined IPv4 + IPv6 support, or additional * structures for hand-made UDP demultiplexing). */ -typedef struct mbedtls_net_context -{ +typedef struct mbedtls_net_context { int fd; /**< The underlying file descriptor */ } mbedtls_net_context; @@ -94,7 +93,7 @@ mbedtls_net_context; * * \param ctx Context to initialize */ -void mbedtls_net_init( mbedtls_net_context *ctx ); +void mbedtls_net_init(mbedtls_net_context *ctx); /** * \brief Initiate a connection with host:port in the given protocol @@ -111,7 +110,7 @@ void mbedtls_net_init( mbedtls_net_context *ctx ); * * \note Sets the socket in connected mode even with UDP. */ -int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto ); +int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, const char *port, int proto); /** * \brief Create a receiving socket on bind_ip:port in the chosen @@ -131,7 +130,7 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char * \note Regardless of the protocol, opens the sockets and binds it. * In addition, make the socket listening if protocol is TCP. */ -int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto ); +int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto); /** * \brief Accept a connection from a remote client @@ -151,9 +150,9 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to * non-blocking and accept() would block. */ -int mbedtls_net_accept( mbedtls_net_context *bind_ctx, - mbedtls_net_context *client_ctx, - void *client_ip, size_t buf_size, size_t *ip_len ); +int mbedtls_net_accept(mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, + void *client_ip, size_t buf_size, size_t *ip_len); /** * \brief Check and wait for the context to be ready for read/write @@ -180,7 +179,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE * on success or timeout, or a negative return code otherwise. */ -int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); +int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout); /** * \brief Set the socket blocking @@ -189,7 +188,7 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ); * * \return 0 if successful, or a non-zero error code */ -int mbedtls_net_set_block( mbedtls_net_context *ctx ); +int mbedtls_net_set_block(mbedtls_net_context *ctx); /** * \brief Set the socket non-blocking @@ -198,7 +197,7 @@ int mbedtls_net_set_block( mbedtls_net_context *ctx ); * * \return 0 if successful, or a non-zero error code */ -int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); +int mbedtls_net_set_nonblock(mbedtls_net_context *ctx); /** * \brief Portable usleep helper @@ -208,7 +207,7 @@ int mbedtls_net_set_nonblock( mbedtls_net_context *ctx ); * \note Real amount of time slept will not be less than * select()'s timeout granularity (typically, 10ms). */ -void mbedtls_net_usleep( unsigned long usec ); +void mbedtls_net_usleep(unsigned long usec); /** * \brief Read at most 'len' characters. If no error occurs, @@ -222,7 +221,7 @@ void mbedtls_net_usleep( unsigned long usec ); * or a non-zero error code; with a non-blocking socket, * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. */ -int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); +int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len); /** * \brief Write at most 'len' characters. If no error occurs, @@ -236,7 +235,7 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ); * or a non-zero error code; with a non-blocking socket, * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. */ -int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); +int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len); /** * \brief Read at most 'len' characters, blocking for at most @@ -264,22 +263,22 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ); * non-blocking. Handling timeouts with non-blocking reads * requires a different strategy. */ -int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ); +int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout); /** * \brief Closes down the connection and free associated data * * \param ctx The context to close */ -void mbedtls_net_close( mbedtls_net_context *ctx ); +void mbedtls_net_close(mbedtls_net_context *ctx); /** * \brief Gracefully shutdown the connection and free associated data * * \param ctx The context to free */ -void mbedtls_net_free( mbedtls_net_context *ctx ); +void mbedtls_net_free(mbedtls_net_context *ctx); #ifdef __cplusplus } diff --git a/common/mbedtls/nist_kw.c b/common/mbedtls/nist_kw.c index 04829a0b9..3bb2ede69 100644 --- a/common/mbedtls/nist_kw.c +++ b/common/mbedtls/nist_kw.c @@ -53,15 +53,13 @@ #define MIN_SEMIBLOCKS_COUNT 3 /* constant-time buffer comparison */ -static inline unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n ) -{ +static inline unsigned char mbedtls_nist_kw_safer_memcmp(const void *a, const void *b, size_t n) { size_t i; volatile const unsigned char *A = (volatile const unsigned char *) a; volatile const unsigned char *B = (volatile const unsigned char *) b; volatile unsigned char diff = 0; - for( i = 0; i < n; i++ ) - { + for (i = 0; i < n; i++) { /* Read volatile data in order before computing diff. * This avoids IAR compiler warning: * 'the order of volatile accesses is undefined ..' */ @@ -69,7 +67,7 @@ static inline unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const v diff |= x ^ y; } - return( diff ); + return (diff); } /*! The 64-bit default integrity check value (ICV) for KW mode. */ @@ -100,28 +98,26 @@ do { \ /* * Initialize context */ -void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) ); +void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_nist_kw_context)); } -int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits, - const int is_wrap ) -{ +int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits, + const int is_wrap) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_values( cipher, - keybits, - MBEDTLS_MODE_ECB ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_values(cipher, + keybits, + MBEDTLS_MODE_ECB); + if (cipher_info == NULL) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); - if( cipher_info->block_size != 16 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (cipher_info->block_size != 16) + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); /* * SP 800-38F currently defines AES cipher as the only block cipher allowed: @@ -132,44 +128,40 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, * Currently we don't support other 128 bit block ciphers for key wrapping, * such as Camellia and Aria. */ - if( cipher != MBEDTLS_CIPHER_ID_AES ) - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); + if (cipher != MBEDTLS_CIPHER_ID_AES) + return (MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); - mbedtls_cipher_free( &ctx->cipher_ctx ); + mbedtls_cipher_free(&ctx->cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) + return (ret); - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - is_wrap ? MBEDTLS_ENCRYPT : - MBEDTLS_DECRYPT ) - ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, + is_wrap ? MBEDTLS_ENCRYPT : + MBEDTLS_DECRYPT) + ) != 0) { + return (ret); } - return( 0 ); + return (0); } /* * Free context */ -void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ) -{ - mbedtls_cipher_free( &ctx->cipher_ctx ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) ); +void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx) { + mbedtls_cipher_free(&ctx->cipher_ctx); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context)); } /* * Helper function for Xoring the uint64_t "t" with the encrypted A. * Defined in NIST SP 800-38F section 6.1 */ -static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t ) -{ +static void calc_a_xor_t(unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t) { size_t i = 0; - for( i = 0; i < sizeof( t ); i++ ) - { - A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff; + for (i = 0; i < sizeof(t); i++) { + A[i] ^= (t >> ((sizeof(t) - 1 - i) * 8)) & 0xff; } } @@ -177,11 +169,10 @@ static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t ) * KW-AE as defined in SP 800-38F section 6.2 * KWP-AE as defined in SP 800-38F section 6.3 */ -int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, - mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t *out_len, size_t out_size ) -{ +int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, + mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size) { int ret = 0; size_t semiblocks = 0; size_t s; @@ -196,102 +187,89 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, /* * Generate the String to work on */ - if( mode == MBEDTLS_KW_MODE_KW ) - { - if( out_size < in_len + KW_SEMIBLOCK_LENGTH ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (mode == MBEDTLS_KW_MODE_KW) { + if (out_size < in_len + KW_SEMIBLOCK_LENGTH) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } /* * According to SP 800-38F Table 1, the plaintext length for KW * must be between 2 to 2^54-1 semiblocks inclusive. */ - if( in_len < 16 || + if (in_len < 16 || #if SIZE_MAX > 0x1FFFFFFFFFFFFF8 - in_len > 0x1FFFFFFFFFFFFF8 || + in_len > 0x1FFFFFFFFFFFFF8 || #endif - in_len % KW_SEMIBLOCK_LENGTH != 0 ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + in_len % KW_SEMIBLOCK_LENGTH != 0) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH ); - memmove( output + KW_SEMIBLOCK_LENGTH, input, in_len ); - } - else - { - if( in_len % 8 != 0 ) - { - padlen = ( 8 - ( in_len % 8 ) ); + memcpy(output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH); + memmove(output + KW_SEMIBLOCK_LENGTH, input, in_len); + } else { + if (in_len % 8 != 0) { + padlen = (8 - (in_len % 8)); } - if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } /* * According to SP 800-38F Table 1, the plaintext length for KWP * must be between 1 and 2^32-1 octets inclusive. */ - if( in_len < 1 + if (in_len < 1 #if SIZE_MAX > 0xFFFFFFFF - || in_len > 0xFFFFFFFF + || in_len > 0xFFFFFFFF #endif - ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + ) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 ); - PUT_UINT32_BE( ( in_len & 0xffffffff ), output, - KW_SEMIBLOCK_LENGTH / 2 ); + memcpy(output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2); + PUT_UINT32_BE((in_len & 0xffffffff), output, + KW_SEMIBLOCK_LENGTH / 2); - memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len ); - memset( output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen ); + memcpy(output + KW_SEMIBLOCK_LENGTH, input, in_len); + memset(output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen); } - semiblocks = ( ( in_len + padlen ) / KW_SEMIBLOCK_LENGTH ) + 1; + semiblocks = ((in_len + padlen) / KW_SEMIBLOCK_LENGTH) + 1; - s = 6 * ( semiblocks - 1 ); + s = 6 * (semiblocks - 1); - if( mode == MBEDTLS_KW_MODE_KWP - && in_len <= KW_SEMIBLOCK_LENGTH ) - { - memcpy( inbuff, output, 16 ); - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - inbuff, 16, output, &olen ); - if( ret != 0 ) + if (mode == MBEDTLS_KW_MODE_KWP + && in_len <= KW_SEMIBLOCK_LENGTH) { + memcpy(inbuff, output, 16); + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + inbuff, 16, output, &olen); + if (ret != 0) goto cleanup; - } - else - { + } else { /* * Do the wrapping function W, as defined in RFC 3394 section 2.2.1 */ - if( semiblocks < MIN_SEMIBLOCKS_COUNT ) - { + if (semiblocks < MIN_SEMIBLOCKS_COUNT) { ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; goto cleanup; } /* Calculate intermediate values */ - for( t = 1; t <= s; t++ ) - { - memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH ); - memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH ); + for (t = 1; t <= s; t++) { + memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH); + memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH); - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - inbuff, 16, outbuff, &olen ); - if( ret != 0 ) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + inbuff, 16, outbuff, &olen); + if (ret != 0) goto cleanup; - memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH ); - calc_a_xor_t( A, t ); + memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH); + calc_a_xor_t(A, t); - memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH ); + memcpy(R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH); R2 += KW_SEMIBLOCK_LENGTH; - if( R2 >= output + ( semiblocks * KW_SEMIBLOCK_LENGTH ) ) + if (R2 >= output + (semiblocks * KW_SEMIBLOCK_LENGTH)) R2 = output + KW_SEMIBLOCK_LENGTH; } } @@ -300,14 +278,13 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, cleanup: - if( ret != 0) - { - memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH ); + if (ret != 0) { + memset(output, 0, semiblocks * KW_SEMIBLOCK_LENGTH); } - mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 ); - mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 ); + mbedtls_platform_zeroize(inbuff, KW_SEMIBLOCK_LENGTH * 2); + mbedtls_platform_zeroize(outbuff, KW_SEMIBLOCK_LENGTH * 2); - return( ret ); + return (ret); } /* @@ -318,161 +295,146 @@ cleanup: * 3. Minimal number of semiblocks is 3. * 4. A is a buffer to hold the first semiblock of the input buffer. */ -static int unwrap( mbedtls_nist_kw_context *ctx, - const unsigned char *input, size_t semiblocks, - unsigned char A[KW_SEMIBLOCK_LENGTH], - unsigned char *output, size_t* out_len ) -{ +static int unwrap(mbedtls_nist_kw_context *ctx, + const unsigned char *input, size_t semiblocks, + unsigned char A[KW_SEMIBLOCK_LENGTH], + unsigned char *output, size_t *out_len) { int ret = 0; - const size_t s = 6 * ( semiblocks - 1 ); + const size_t s = 6 * (semiblocks - 1); size_t olen; uint64_t t = 0; unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2]; - unsigned char *R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH; + unsigned char *R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH; *out_len = 0; - if( semiblocks < MIN_SEMIBLOCKS_COUNT ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (semiblocks < MIN_SEMIBLOCKS_COUNT) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - memcpy( A, input, KW_SEMIBLOCK_LENGTH ); - memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); + memcpy(A, input, KW_SEMIBLOCK_LENGTH); + memmove(output, input + KW_SEMIBLOCK_LENGTH, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH); /* Calculate intermediate values */ - for( t = s; t >= 1; t-- ) - { - calc_a_xor_t( A, t ); + for (t = s; t >= 1; t--) { + calc_a_xor_t(A, t); - memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH ); - memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH ); + memcpy(inbuff, A, KW_SEMIBLOCK_LENGTH); + memcpy(inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH); - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - inbuff, 16, outbuff, &olen ); - if( ret != 0 ) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + inbuff, 16, outbuff, &olen); + if (ret != 0) goto cleanup; - memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH ); + memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH); /* Set R as LSB64 of outbuff */ - memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH ); + memcpy(R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH); - if( R == output ) - R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH; + if (R == output) + R = output + (semiblocks - 2) * KW_SEMIBLOCK_LENGTH; else R -= KW_SEMIBLOCK_LENGTH; } - *out_len = ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH; + *out_len = (semiblocks - 1) * KW_SEMIBLOCK_LENGTH; cleanup: - if( ret != 0) - memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); - mbedtls_platform_zeroize( inbuff, sizeof( inbuff ) ); - mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) ); + if (ret != 0) + memset(output, 0, (semiblocks - 1) * KW_SEMIBLOCK_LENGTH); + mbedtls_platform_zeroize(inbuff, sizeof(inbuff)); + mbedtls_platform_zeroize(outbuff, sizeof(outbuff)); - return( ret ); + return (ret); } /* * KW-AD as defined in SP 800-38F section 6.2 * KWP-AD as defined in SP 800-38F section 6.3 */ -int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, - mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t *out_len, size_t out_size ) -{ +int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, + mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size) { int ret = 0; size_t i, olen; unsigned char A[KW_SEMIBLOCK_LENGTH]; unsigned char diff, bad_padding = 0; *out_len = 0; - if( out_size < in_len - KW_SEMIBLOCK_LENGTH ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + if (out_size < in_len - KW_SEMIBLOCK_LENGTH) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - if( mode == MBEDTLS_KW_MODE_KW ) - { + if (mode == MBEDTLS_KW_MODE_KW) { /* * According to SP 800-38F Table 1, the ciphertext length for KW * must be between 3 to 2^54 semiblocks inclusive. */ - if( in_len < 24 || + if (in_len < 24 || #if SIZE_MAX > 0x200000000000000 - in_len > 0x200000000000000 || + in_len > 0x200000000000000 || #endif - in_len % KW_SEMIBLOCK_LENGTH != 0 ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + in_len % KW_SEMIBLOCK_LENGTH != 0) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH, - A, output, out_len ); - if( ret != 0 ) + ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH, + A, output, out_len); + if (ret != 0) goto cleanup; /* Check ICV in "constant-time" */ - diff = mbedtls_nist_kw_safer_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH ); + diff = mbedtls_nist_kw_safer_memcmp(NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH); - if( diff != 0 ) - { + if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; goto cleanup; } - } - else if( mode == MBEDTLS_KW_MODE_KWP ) - { + } else if (mode == MBEDTLS_KW_MODE_KWP) { size_t padlen = 0; uint32_t Plen; /* * According to SP 800-38F Table 1, the ciphertext length for KWP * must be between 2 to 2^29 semiblocks inclusive. */ - if( in_len < KW_SEMIBLOCK_LENGTH * 2 || + if (in_len < KW_SEMIBLOCK_LENGTH * 2 || #if SIZE_MAX > 0x100000000 - in_len > 0x100000000 || + in_len > 0x100000000 || #endif - in_len % KW_SEMIBLOCK_LENGTH != 0 ) - { - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); + in_len % KW_SEMIBLOCK_LENGTH != 0) { + return (MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); } - if( in_len == KW_SEMIBLOCK_LENGTH * 2 ) - { + if (in_len == KW_SEMIBLOCK_LENGTH * 2) { unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2]; - ret = mbedtls_cipher_update( &ctx->cipher_ctx, - input, 16, outbuff, &olen ); - if( ret != 0 ) + ret = mbedtls_cipher_update(&ctx->cipher_ctx, + input, 16, outbuff, &olen); + if (ret != 0) goto cleanup; - memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH ); - memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH ); - mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) ); + memcpy(A, outbuff, KW_SEMIBLOCK_LENGTH); + memcpy(output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH); + mbedtls_platform_zeroize(outbuff, sizeof(outbuff)); *out_len = KW_SEMIBLOCK_LENGTH; - } - else - { + } else { /* in_len >= KW_SEMIBLOCK_LENGTH * 3 */ - ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH, - A, output, out_len ); - if( ret != 0 ) + ret = unwrap(ctx, input, in_len / KW_SEMIBLOCK_LENGTH, + A, output, out_len); + if (ret != 0) goto cleanup; } /* Check ICV in "constant-time" */ - diff = mbedtls_nist_kw_safer_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 ); + diff = mbedtls_nist_kw_safer_memcmp(NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2); - if( diff != 0 ) - { + if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } - GET_UINT32_BE( Plen, A, KW_SEMIBLOCK_LENGTH / 2 ); + GET_UINT32_BE(Plen, A, KW_SEMIBLOCK_LENGTH / 2); /* * Plen is the length of the plaintext, when the input is valid. @@ -480,51 +442,44 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, * larger than 8, because of the type wrap around. */ padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen; - if ( padlen > 7 ) - { + if (padlen > 7) { padlen &= 7; ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } /* Check padding in "constant-time" */ - for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ ) - { - if( i >= KW_SEMIBLOCK_LENGTH - padlen ) - diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; - else - bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; + for (diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++) { + if (i >= KW_SEMIBLOCK_LENGTH - padlen) + diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; + else + bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i]; } - if( diff != 0 ) - { + if (diff != 0) { ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED; } - if( ret != 0 ) - { + if (ret != 0) { goto cleanup; } - memset( output + Plen, 0, padlen ); + memset(output + Plen, 0, padlen); *out_len = Plen; - } - else - { + } else { ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; goto cleanup; } cleanup: - if( ret != 0 ) - { - memset( output, 0, *out_len ); + if (ret != 0) { + memset(output, 0, *out_len); *out_len = 0; } - mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) ); - mbedtls_platform_zeroize( &diff, sizeof( diff ) ); - mbedtls_platform_zeroize( A, sizeof( A ) ); + mbedtls_platform_zeroize(&bad_padding, sizeof(bad_padding)); + mbedtls_platform_zeroize(&diff, sizeof(diff)); + mbedtls_platform_zeroize(A, sizeof(A)); - return( ret ); + return (ret); } #endif /* !MBEDTLS_NIST_KW_ALT */ @@ -540,209 +495,232 @@ cleanup: static const unsigned int key_len[KW_TESTS] = { 16, 24, 32 }; static const unsigned char kw_key[KW_TESTS][32] = { - { 0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2, - 0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6 }, - { 0x2d, 0x85, 0x26, 0x08, 0x1d, 0x02, 0xfb, 0x5b, - 0x85, 0xf6, 0x9a, 0xc2, 0x86, 0xec, 0xd5, 0x7d, - 0x40, 0xdf, 0x5d, 0xf3, 0x49, 0x47, 0x44, 0xd3 }, - { 0x11, 0x2a, 0xd4, 0x1b, 0x48, 0x56, 0xc7, 0x25, - 0x4a, 0x98, 0x48, 0xd3, 0x0f, 0xdd, 0x78, 0x33, - 0x5b, 0x03, 0x9a, 0x48, 0xa8, 0x96, 0x2c, 0x4d, - 0x1c, 0xb7, 0x8e, 0xab, 0xd5, 0xda, 0xd7, 0x88 } + { + 0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2, + 0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6 + }, + { + 0x2d, 0x85, 0x26, 0x08, 0x1d, 0x02, 0xfb, 0x5b, + 0x85, 0xf6, 0x9a, 0xc2, 0x86, 0xec, 0xd5, 0x7d, + 0x40, 0xdf, 0x5d, 0xf3, 0x49, 0x47, 0x44, 0xd3 + }, + { + 0x11, 0x2a, 0xd4, 0x1b, 0x48, 0x56, 0xc7, 0x25, + 0x4a, 0x98, 0x48, 0xd3, 0x0f, 0xdd, 0x78, 0x33, + 0x5b, 0x03, 0x9a, 0x48, 0xa8, 0x96, 0x2c, 0x4d, + 0x1c, 0xb7, 0x8e, 0xab, 0xd5, 0xda, 0xd7, 0x88 + } }; static const unsigned char kw_msg[KW_TESTS][40] = { - { 0x42, 0x13, 0x6d, 0x3c, 0x38, 0x4a, 0x3e, 0xea, - 0xc9, 0x5a, 0x06, 0x6f, 0xd2, 0x8f, 0xed, 0x3f }, - { 0x95, 0xc1, 0x1b, 0xf5, 0x35, 0x3a, 0xfe, 0xdb, - 0x98, 0xfd, 0xd6, 0xc8, 0xca, 0x6f, 0xdb, 0x6d, - 0xa5, 0x4b, 0x74, 0xb4, 0x99, 0x0f, 0xdc, 0x45, - 0xc0, 0x9d, 0x15, 0x8f, 0x51, 0xce, 0x62, 0x9d, - 0xe2, 0xaf, 0x26, 0xe3, 0x25, 0x0e, 0x6b, 0x4c }, - { 0x1b, 0x20, 0xbf, 0x19, 0x90, 0xb0, 0x65, 0xd7, - 0x98, 0xe1, 0xb3, 0x22, 0x64, 0xad, 0x50, 0xa8, - 0x74, 0x74, 0x92, 0xba, 0x09, 0xa0, 0x4d, 0xd1 } + { + 0x42, 0x13, 0x6d, 0x3c, 0x38, 0x4a, 0x3e, 0xea, + 0xc9, 0x5a, 0x06, 0x6f, 0xd2, 0x8f, 0xed, 0x3f + }, + { + 0x95, 0xc1, 0x1b, 0xf5, 0x35, 0x3a, 0xfe, 0xdb, + 0x98, 0xfd, 0xd6, 0xc8, 0xca, 0x6f, 0xdb, 0x6d, + 0xa5, 0x4b, 0x74, 0xb4, 0x99, 0x0f, 0xdc, 0x45, + 0xc0, 0x9d, 0x15, 0x8f, 0x51, 0xce, 0x62, 0x9d, + 0xe2, 0xaf, 0x26, 0xe3, 0x25, 0x0e, 0x6b, 0x4c + }, + { + 0x1b, 0x20, 0xbf, 0x19, 0x90, 0xb0, 0x65, 0xd7, + 0x98, 0xe1, 0xb3, 0x22, 0x64, 0xad, 0x50, 0xa8, + 0x74, 0x74, 0x92, 0xba, 0x09, 0xa0, 0x4d, 0xd1 + } }; static const size_t kw_msg_len[KW_TESTS] = { 16, 40, 24 }; static const size_t kw_out_len[KW_TESTS] = { 24, 48, 32 }; static const unsigned char kw_res[KW_TESTS][48] = { - { 0x03, 0x1f, 0x6b, 0xd7, 0xe6, 0x1e, 0x64, 0x3d, - 0xf6, 0x85, 0x94, 0x81, 0x6f, 0x64, 0xca, 0xa3, - 0xf5, 0x6f, 0xab, 0xea, 0x25, 0x48, 0xf5, 0xfb }, - { 0x44, 0x3c, 0x6f, 0x15, 0x09, 0x83, 0x71, 0x91, - 0x3e, 0x5c, 0x81, 0x4c, 0xa1, 0xa0, 0x42, 0xec, - 0x68, 0x2f, 0x7b, 0x13, 0x6d, 0x24, 0x3a, 0x4d, - 0x6c, 0x42, 0x6f, 0xc6, 0x97, 0x15, 0x63, 0xe8, - 0xa1, 0x4a, 0x55, 0x8e, 0x09, 0x64, 0x16, 0x19, - 0xbf, 0x03, 0xfc, 0xaf, 0x90, 0xb1, 0xfc, 0x2d }, - { 0xba, 0x8a, 0x25, 0x9a, 0x47, 0x1b, 0x78, 0x7d, - 0xd5, 0xd5, 0x40, 0xec, 0x25, 0xd4, 0x3d, 0x87, - 0x20, 0x0f, 0xda, 0xdc, 0x6d, 0x1f, 0x05, 0xd9, - 0x16, 0x58, 0x4f, 0xa9, 0xf6, 0xcb, 0xf5, 0x12 } + { + 0x03, 0x1f, 0x6b, 0xd7, 0xe6, 0x1e, 0x64, 0x3d, + 0xf6, 0x85, 0x94, 0x81, 0x6f, 0x64, 0xca, 0xa3, + 0xf5, 0x6f, 0xab, 0xea, 0x25, 0x48, 0xf5, 0xfb + }, + { + 0x44, 0x3c, 0x6f, 0x15, 0x09, 0x83, 0x71, 0x91, + 0x3e, 0x5c, 0x81, 0x4c, 0xa1, 0xa0, 0x42, 0xec, + 0x68, 0x2f, 0x7b, 0x13, 0x6d, 0x24, 0x3a, 0x4d, + 0x6c, 0x42, 0x6f, 0xc6, 0x97, 0x15, 0x63, 0xe8, + 0xa1, 0x4a, 0x55, 0x8e, 0x09, 0x64, 0x16, 0x19, + 0xbf, 0x03, 0xfc, 0xaf, 0x90, 0xb1, 0xfc, 0x2d + }, + { + 0xba, 0x8a, 0x25, 0x9a, 0x47, 0x1b, 0x78, 0x7d, + 0xd5, 0xd5, 0x40, 0xec, 0x25, 0xd4, 0x3d, 0x87, + 0x20, 0x0f, 0xda, 0xdc, 0x6d, 0x1f, 0x05, 0xd9, + 0x16, 0x58, 0x4f, 0xa9, 0xf6, 0xcb, 0xf5, 0x12 + } }; static const unsigned char kwp_key[KW_TESTS][32] = { - { 0x78, 0x65, 0xe2, 0x0f, 0x3c, 0x21, 0x65, 0x9a, - 0xb4, 0x69, 0x0b, 0x62, 0x9c, 0xdf, 0x3c, 0xc4 }, - { 0xf5, 0xf8, 0x96, 0xa3, 0xbd, 0x2f, 0x4a, 0x98, - 0x23, 0xef, 0x16, 0x2b, 0x00, 0xb8, 0x05, 0xd7, - 0xde, 0x1e, 0xa4, 0x66, 0x26, 0x96, 0xa2, 0x58 }, - { 0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5, - 0x25, 0x54, 0xee, 0x2a, 0x8d, 0xf1, 0x38, 0x6f, - 0x5b, 0x94, 0xa1, 0xa6, 0x0e, 0xd8, 0xa4, 0xae, - 0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, 0x22, 0x5a } + { + 0x78, 0x65, 0xe2, 0x0f, 0x3c, 0x21, 0x65, 0x9a, + 0xb4, 0x69, 0x0b, 0x62, 0x9c, 0xdf, 0x3c, 0xc4 + }, + { + 0xf5, 0xf8, 0x96, 0xa3, 0xbd, 0x2f, 0x4a, 0x98, + 0x23, 0xef, 0x16, 0x2b, 0x00, 0xb8, 0x05, 0xd7, + 0xde, 0x1e, 0xa4, 0x66, 0x26, 0x96, 0xa2, 0x58 + }, + { + 0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5, + 0x25, 0x54, 0xee, 0x2a, 0x8d, 0xf1, 0x38, 0x6f, + 0x5b, 0x94, 0xa1, 0xa6, 0x0e, 0xd8, 0xa4, 0xae, + 0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, 0x22, 0x5a + } }; static const unsigned char kwp_msg[KW_TESTS][31] = { - { 0xbd, 0x68, 0x43, 0xd4, 0x20, 0x37, 0x8d, 0xc8, - 0x96 }, - { 0x6c, 0xcd, 0xd5, 0x85, 0x18, 0x40, 0x97, 0xeb, - 0xd5, 0xc3, 0xaf, 0x3e, 0x47, 0xd0, 0x2c, 0x19, - 0x14, 0x7b, 0x4d, 0x99, 0x5f, 0x96, 0x43, 0x66, - 0x91, 0x56, 0x75, 0x8c, 0x13, 0x16, 0x8f }, + { + 0xbd, 0x68, 0x43, 0xd4, 0x20, 0x37, 0x8d, 0xc8, + 0x96 + }, + { + 0x6c, 0xcd, 0xd5, 0x85, 0x18, 0x40, 0x97, 0xeb, + 0xd5, 0xc3, 0xaf, 0x3e, 0x47, 0xd0, 0x2c, 0x19, + 0x14, 0x7b, 0x4d, 0x99, 0x5f, 0x96, 0x43, 0x66, + 0x91, 0x56, 0x75, 0x8c, 0x13, 0x16, 0x8f + }, { 0xd1 } }; static const size_t kwp_msg_len[KW_TESTS] = { 9, 31, 1 }; static const unsigned char kwp_res[KW_TESTS][48] = { - { 0x41, 0xec, 0xa9, 0x56, 0xd4, 0xaa, 0x04, 0x7e, - 0xb5, 0xcf, 0x4e, 0xfe, 0x65, 0x96, 0x61, 0xe7, - 0x4d, 0xb6, 0xf8, 0xc5, 0x64, 0xe2, 0x35, 0x00 }, - { 0x4e, 0x9b, 0xc2, 0xbc, 0xbc, 0x6c, 0x1e, 0x13, - 0xd3, 0x35, 0xbc, 0xc0, 0xf7, 0x73, 0x6a, 0x88, - 0xfa, 0x87, 0x53, 0x66, 0x15, 0xbb, 0x8e, 0x63, - 0x8b, 0xcc, 0x81, 0x66, 0x84, 0x68, 0x17, 0x90, - 0x67, 0xcf, 0xa9, 0x8a, 0x9d, 0x0e, 0x33, 0x26 }, - { 0x06, 0xba, 0x7a, 0xe6, 0xf3, 0x24, 0x8c, 0xfd, - 0xcf, 0x26, 0x75, 0x07, 0xfa, 0x00, 0x1b, 0xc4 } + { + 0x41, 0xec, 0xa9, 0x56, 0xd4, 0xaa, 0x04, 0x7e, + 0xb5, 0xcf, 0x4e, 0xfe, 0x65, 0x96, 0x61, 0xe7, + 0x4d, 0xb6, 0xf8, 0xc5, 0x64, 0xe2, 0x35, 0x00 + }, + { + 0x4e, 0x9b, 0xc2, 0xbc, 0xbc, 0x6c, 0x1e, 0x13, + 0xd3, 0x35, 0xbc, 0xc0, 0xf7, 0x73, 0x6a, 0x88, + 0xfa, 0x87, 0x53, 0x66, 0x15, 0xbb, 0x8e, 0x63, + 0x8b, 0xcc, 0x81, 0x66, 0x84, 0x68, 0x17, 0x90, + 0x67, 0xcf, 0xa9, 0x8a, 0x9d, 0x0e, 0x33, 0x26 + }, + { + 0x06, 0xba, 0x7a, 0xe6, 0xf3, 0x24, 0x8c, 0xfd, + 0xcf, 0x26, 0x75, 0x07, 0xfa, 0x00, 0x1b, 0xc4 + } }; static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 }; -int mbedtls_nist_kw_self_test( int verbose ) -{ +int mbedtls_nist_kw_self_test(int verbose) { mbedtls_nist_kw_context ctx; unsigned char out[48]; size_t olen; int i; int ret = 0; - mbedtls_nist_kw_init( &ctx ); + mbedtls_nist_kw_init(&ctx); - for( i = 0; i < KW_TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " KW-AES-%u ", (unsigned int) key_len[i] * 8 ); + for (i = 0; i < KW_TESTS; i++) { + if (verbose != 0) + mbedtls_printf(" KW-AES-%u ", (unsigned int) key_len[i] * 8); - ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - kw_key[i], key_len[i] * 8, 1 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KW: setup failed " ); + ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, + kw_key[i], key_len[i] * 8, 1); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf(" KW: setup failed "); goto end; } - ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i], - kw_msg_len[i], out, &olen, sizeof( out ) ); - if( ret != 0 || kw_out_len[i] != olen || - memcmp( out, kw_res[i], kw_out_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed. "); + ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KW, kw_msg[i], + kw_msg_len[i], out, &olen, sizeof(out)); + if (ret != 0 || kw_out_len[i] != olen || + memcmp(out, kw_res[i], kw_out_len[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed. "); ret = 1; goto end; } - if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - kw_key[i], key_len[i] * 8, 0 ) ) - != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KW: setup failed "); + if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, + kw_key[i], key_len[i] * 8, 0)) + != 0) { + if (verbose != 0) + mbedtls_printf(" KW: setup failed "); goto end; } - ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KW, - out, olen, out, &olen, sizeof( out ) ); + ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KW, + out, olen, out, &olen, sizeof(out)); - if( ret != 0 || olen != kw_msg_len[i] || - memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (ret != 0 || olen != kw_msg_len[i] || + memcmp(out, kw_msg[i], kw_msg_len[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto end; } - if( verbose != 0 ) - mbedtls_printf( " passed\n" ); + if (verbose != 0) + mbedtls_printf(" passed\n"); } - for( i = 0; i < KW_TESTS; i++ ) - { - olen = sizeof( out ); - if( verbose != 0 ) - mbedtls_printf( " KWP-AES-%u ", (unsigned int) key_len[i] * 8 ); + for (i = 0; i < KW_TESTS; i++) { + olen = sizeof(out); + if (verbose != 0) + mbedtls_printf(" KWP-AES-%u ", (unsigned int) key_len[i] * 8); - ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i], - key_len[i] * 8, 1 ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KWP: setup failed " ); + ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i], + key_len[i] * 8, 1); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf(" KWP: setup failed "); goto end; } - ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i], - kwp_msg_len[i], out, &olen, sizeof( out ) ); + ret = mbedtls_nist_kw_wrap(&ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i], + kwp_msg_len[i], out, &olen, sizeof(out)); - if( ret != 0 || kwp_out_len[i] != olen || - memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed. "); + if (ret != 0 || kwp_out_len[i] != olen || + memcmp(out, kwp_res[i], kwp_out_len[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed. "); ret = 1; goto end; } - if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, - kwp_key[i], key_len[i] * 8, 0 ) ) - != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( " KWP: setup failed "); + if ((ret = mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, + kwp_key[i], key_len[i] * 8, 0)) + != 0) { + if (verbose != 0) + mbedtls_printf(" KWP: setup failed "); goto end; } - ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KWP, out, - olen, out, &olen, sizeof( out ) ); + ret = mbedtls_nist_kw_unwrap(&ctx, MBEDTLS_KW_MODE_KWP, out, + olen, out, &olen, sizeof(out)); - if( ret != 0 || olen != kwp_msg_len[i] || - memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed. "); + if (ret != 0 || olen != kwp_msg_len[i] || + memcmp(out, kwp_msg[i], kwp_msg_len[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed. "); ret = 1; goto end; } - if( verbose != 0 ) - mbedtls_printf( " passed\n" ); + if (verbose != 0) + mbedtls_printf(" passed\n"); } end: - mbedtls_nist_kw_free( &ctx ); + mbedtls_nist_kw_free(&ctx); - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ diff --git a/common/mbedtls/nist_kw.h b/common/mbedtls/nist_kw.h index 7f3e64a52..8d3a4a53b 100644 --- a/common/mbedtls/nist_kw.h +++ b/common/mbedtls/nist_kw.h @@ -47,8 +47,7 @@ extern "C" { #endif -typedef enum -{ +typedef enum { MBEDTLS_KW_MODE_KW = 0, MBEDTLS_KW_MODE_KWP = 1 } mbedtls_nist_kw_mode_t; @@ -80,7 +79,7 @@ typedef struct { * \param ctx The key wrapping context to initialize. * */ -void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ); +void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx); /** * \brief This function initializes the key wrapping context set in the @@ -98,11 +97,11 @@ void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ); * which are not supported. * \return cipher-specific error code on failure of the underlying cipher. */ -int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, - mbedtls_cipher_id_t cipher, - const unsigned char *key, - unsigned int keybits, - const int is_wrap ); +int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx, + mbedtls_cipher_id_t cipher, + const unsigned char *key, + unsigned int keybits, + const int is_wrap); /** * \brief This function releases and clears the specified key wrapping context @@ -110,7 +109,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, * * \param ctx The key wrapping context to clear. */ -void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ); +void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx); /** * \brief This function encrypts a buffer using key wrapping. @@ -133,9 +132,9 @@ void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx ); * \return \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length. * \return cipher-specific error code on failure of the underlying cipher. */ -int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t* out_len, size_t out_size ); +int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size); /** * \brief This function decrypts a buffer using key wrapping. @@ -160,9 +159,9 @@ int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t m * \return \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext. * \return cipher-specific error code on failure of the underlying cipher. */ -int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, - const unsigned char *input, size_t in_len, - unsigned char *output, size_t* out_len, size_t out_size); +int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode, + const unsigned char *input, size_t in_len, + unsigned char *output, size_t *out_len, size_t out_size); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -172,7 +171,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_nist_kw_self_test( int verbose ); +int mbedtls_nist_kw_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ #ifdef __cplusplus diff --git a/common/mbedtls/oid.c b/common/mbedtls/oid.c index 19c8ac207..c3723c0f1 100644 --- a/common/mbedtls/oid.c +++ b/common/mbedtls/oid.c @@ -154,82 +154,81 @@ typedef struct { const char *short_name; } oid_x520_attr_t; -static const oid_x520_attr_t oid_x520_attr_type[] = -{ +static const oid_x520_attr_t oid_x520_attr_type[] = { { - { ADD_LEN( MBEDTLS_OID_AT_CN ), "id-at-commonName", "Common Name" }, + { ADD_LEN(MBEDTLS_OID_AT_CN), "id-at-commonName", "Common Name" }, "CN", }, { - { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ), "id-at-countryName", "Country" }, + { ADD_LEN(MBEDTLS_OID_AT_COUNTRY), "id-at-countryName", "Country" }, "C", }, { - { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ), "id-at-locality", "Locality" }, + { ADD_LEN(MBEDTLS_OID_AT_LOCALITY), "id-at-locality", "Locality" }, "L", }, { - { ADD_LEN( MBEDTLS_OID_AT_STATE ), "id-at-state", "State" }, + { ADD_LEN(MBEDTLS_OID_AT_STATE), "id-at-state", "State" }, "ST", }, { - { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" }, + { ADD_LEN(MBEDTLS_OID_AT_ORGANIZATION), "id-at-organizationName", "Organization" }, "O", }, { - { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" }, + { ADD_LEN(MBEDTLS_OID_AT_ORG_UNIT), "id-at-organizationalUnitName", "Org Unit" }, "OU", }, { - { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" }, + { ADD_LEN(MBEDTLS_OID_PKCS9_EMAIL), "emailAddress", "E-mail address" }, "emailAddress", }, { - { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" }, + { ADD_LEN(MBEDTLS_OID_AT_SERIAL_NUMBER), "id-at-serialNumber", "Serial number" }, "serialNumber", }, { - { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" }, + { ADD_LEN(MBEDTLS_OID_AT_POSTAL_ADDRESS), "id-at-postalAddress", "Postal address" }, "postalAddress", }, { - { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" }, + { ADD_LEN(MBEDTLS_OID_AT_POSTAL_CODE), "id-at-postalCode", "Postal code" }, "postalCode", }, { - { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ), "id-at-surName", "Surname" }, + { ADD_LEN(MBEDTLS_OID_AT_SUR_NAME), "id-at-surName", "Surname" }, "SN", }, { - { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" }, + { ADD_LEN(MBEDTLS_OID_AT_GIVEN_NAME), "id-at-givenName", "Given name" }, "GN", }, { - { ADD_LEN( MBEDTLS_OID_AT_INITIALS ), "id-at-initials", "Initials" }, + { ADD_LEN(MBEDTLS_OID_AT_INITIALS), "id-at-initials", "Initials" }, "initials", }, { - { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" }, + { ADD_LEN(MBEDTLS_OID_AT_GENERATION_QUALIFIER), "id-at-generationQualifier", "Generation qualifier" }, "generationQualifier", }, { - { ADD_LEN( MBEDTLS_OID_AT_TITLE ), "id-at-title", "Title" }, + { ADD_LEN(MBEDTLS_OID_AT_TITLE), "id-at-title", "Title" }, "title", }, { - { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" }, + { ADD_LEN(MBEDTLS_OID_AT_DN_QUALIFIER), "id-at-dnQualifier", "Distinguished Name qualifier" }, "dnQualifier", }, { - { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" }, + { ADD_LEN(MBEDTLS_OID_AT_PSEUDONYM), "id-at-pseudonym", "Pseudonym" }, "pseudonym", }, { - { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" }, + { ADD_LEN(MBEDTLS_OID_DOMAIN_COMPONENT), "id-domainComponent", "Domain component" }, "DC", }, { - { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" }, + { ADD_LEN(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER), "id-at-uniqueIdentifier", "Unique Identifier" }, "uniqueIdentifier", }, { @@ -249,30 +248,29 @@ typedef struct { int ext_type; } oid_x509_ext_t; -static const oid_x509_ext_t oid_x509_ext[] = -{ +static const oid_x509_ext_t oid_x509_ext[] = { { - { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, + { ADD_LEN(MBEDTLS_OID_BASIC_CONSTRAINTS), "id-ce-basicConstraints", "Basic Constraints" }, MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, }, { - { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, + { ADD_LEN(MBEDTLS_OID_KEY_USAGE), "id-ce-keyUsage", "Key Usage" }, MBEDTLS_OID_X509_EXT_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, + { ADD_LEN(MBEDTLS_OID_EXTENDED_KEY_USAGE), "id-ce-extKeyUsage", "Extended Key Usage" }, MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, + { ADD_LEN(MBEDTLS_OID_SUBJECT_ALT_NAME), "id-ce-subjectAltName", "Subject Alt Name" }, MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, }, { - { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, + { ADD_LEN(MBEDTLS_OID_NS_CERT_TYPE), "id-netscape-certtype", "Netscape Certificate Type" }, MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, }, { - { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" }, + { ADD_LEN(MBEDTLS_OID_CERTIFICATE_POLICIES), "id-ce-certificatePolicies", "Certificate Policies" }, MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, }, { @@ -284,24 +282,22 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) -static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = -{ - { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, - { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, - { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, - { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, - { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, - { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, - { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" }, +static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { + { ADD_LEN(MBEDTLS_OID_SERVER_AUTH), "id-kp-serverAuth", "TLS Web Server Authentication" }, + { ADD_LEN(MBEDTLS_OID_CLIENT_AUTH), "id-kp-clientAuth", "TLS Web Client Authentication" }, + { ADD_LEN(MBEDTLS_OID_CODE_SIGNING), "id-kp-codeSigning", "Code Signing" }, + { ADD_LEN(MBEDTLS_OID_EMAIL_PROTECTION), "id-kp-emailProtection", "E-mail Protection" }, + { ADD_LEN(MBEDTLS_OID_TIME_STAMPING), "id-kp-timeStamping", "Time Stamping" }, + { ADD_LEN(MBEDTLS_OID_OCSP_SIGNING), "id-kp-OCSPSigning", "OCSP Signing" }, + { ADD_LEN(MBEDTLS_OID_WISUN_FAN), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" }, { NULL, 0, NULL, NULL }, }; FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description) -static const mbedtls_oid_descriptor_t oid_certificate_policies[] = -{ - { ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" }, +static const mbedtls_oid_descriptor_t oid_certificate_policies[] = { + { ADD_LEN(MBEDTLS_OID_ANY_POLICY), "anyPolicy", "Any Policy" }, { NULL, 0, NULL, NULL }, }; @@ -318,56 +314,55 @@ typedef struct { mbedtls_pk_type_t pk_alg; } oid_sig_alg_t; -static const oid_sig_alg_t oid_sig_alg[] = -{ +static const oid_sig_alg_t oid_sig_alg[] = { #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_MD2_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_MD2), "md2WithRSAEncryption", "RSA with MD2" }, MBEDTLS_MD_MD2, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_MD4), "md4WithRSAEncryption", "RSA with MD4" }, MBEDTLS_MD_MD4, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_MD5), "md5WithRSAEncryption", "RSA with MD5" }, MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA1), "sha-1WithRSAEncryption", "RSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA224), "sha224WithRSAEncryption", "RSA with SHA-224" }, MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA256), "sha256WithRSAEncryption", "RSA with SHA-256" }, MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA384), "sha384WithRSAEncryption", "RSA with SHA-384" }, MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_SHA512), "sha512WithRSAEncryption", "RSA with SHA-512" }, MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" }, + { ADD_LEN(MBEDTLS_OID_RSA_SHA_OBS), "sha-1WithRSAEncryption", "RSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA1_C */ @@ -375,34 +370,34 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA1), "ecdsa-with-SHA1", "ECDSA with SHA1" }, MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA224), "ecdsa-with-SHA224", "ECDSA with SHA224" }, MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, }, { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA256), "ecdsa-with-SHA256", "ECDSA with SHA256" }, MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA384), "ecdsa-with-SHA384", "ECDSA with SHA384" }, MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, }, { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" }, + { ADD_LEN(MBEDTLS_OID_ECDSA_SHA512), "ecdsa-with-SHA512", "ECDSA with SHA512" }, MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) { - { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" }, + { ADD_LEN(MBEDTLS_OID_RSASSA_PSS), "RSASSA-PSS", "RSASSA-PSS" }, MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, }, #endif /* MBEDTLS_RSA_C */ @@ -426,18 +421,17 @@ typedef struct { mbedtls_pk_type_t pk_alg; } oid_pk_alg_t; -static const oid_pk_alg_t oid_pk_alg[] = -{ +static const oid_pk_alg_t oid_pk_alg[] = { { - { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ), "rsaEncryption", "RSA" }, + { ADD_LEN(MBEDTLS_OID_PKCS1_RSA), "rsaEncryption", "RSA" }, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" }, + { ADD_LEN(MBEDTLS_OID_EC_ALG_UNRESTRICTED), "id-ecPublicKey", "Generic EC key" }, MBEDTLS_PK_ECKEY, }, { - { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" }, + { ADD_LEN(MBEDTLS_OID_EC_ALG_ECDH), "id-ecDH", "EC key for ECDH" }, MBEDTLS_PK_ECKEY_DH, }, { @@ -459,71 +453,70 @@ typedef struct { mbedtls_ecp_group_id grp_id; } oid_ecp_grp_t; -static const oid_ecp_grp_t oid_ecp_grp[] = -{ +static const oid_ecp_grp_t oid_ecp_grp[] = { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192R1), "secp192r1", "secp192r1" }, MBEDTLS_ECP_DP_SECP192R1, }, #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224R1), "secp224r1", "secp224r1" }, MBEDTLS_ECP_DP_SECP224R1, }, #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256R1), "secp256r1", "secp256r1" }, MBEDTLS_ECP_DP_SECP256R1, }, #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP384R1), "secp384r1", "secp384r1" }, MBEDTLS_ECP_DP_SECP384R1, }, #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP521R1), "secp521r1", "secp521r1" }, MBEDTLS_ECP_DP_SECP521R1, }, #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192K1), "secp192k1", "secp192k1" }, MBEDTLS_ECP_DP_SECP192K1, }, #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224K1), "secp224k1", "secp224k1" }, MBEDTLS_ECP_DP_SECP224K1, }, #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256K1), "secp256k1", "secp256k1" }, MBEDTLS_ECP_DP_SECP256K1, }, #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_BP256R1), "brainpoolP256r1", "brainpool256r1" }, MBEDTLS_ECP_DP_BP256R1, }, #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_BP384R1), "brainpoolP384r1", "brainpool384r1" }, MBEDTLS_ECP_DP_BP384R1, }, #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" }, + { ADD_LEN(MBEDTLS_OID_EC_GRP_BP512R1), "brainpoolP512r1", "brainpool512r1" }, MBEDTLS_ECP_DP_BP512R1, }, #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ @@ -547,14 +540,13 @@ typedef struct { mbedtls_cipher_type_t cipher_alg; } oid_cipher_alg_t; -static const oid_cipher_alg_t oid_cipher_alg[] = -{ +static const oid_cipher_alg_t oid_cipher_alg[] = { { - { ADD_LEN( MBEDTLS_OID_DES_CBC ), "desCBC", "DES-CBC" }, + { ADD_LEN(MBEDTLS_OID_DES_CBC), "desCBC", "DES-CBC" }, MBEDTLS_CIPHER_DES_CBC, }, { - { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" }, + { ADD_LEN(MBEDTLS_OID_DES_EDE3_CBC), "des-ede3-cbc", "DES-EDE3-CBC" }, MBEDTLS_CIPHER_DES_EDE3_CBC, }, { @@ -576,55 +568,54 @@ typedef struct { mbedtls_md_type_t md_alg; } oid_md_alg_t; -static const oid_md_alg_t oid_md_alg[] = -{ +static const oid_md_alg_t oid_md_alg[] = { #if defined(MBEDTLS_MD2_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD2), "id-md2", "MD2" }, MBEDTLS_MD_MD2, }, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD4), "id-md4", "MD4" }, MBEDTLS_MD_MD4, }, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD5), "id-md5", "MD5" }, MBEDTLS_MD_MD5, }, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA1), "id-sha1", "SHA-1" }, MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA224), "id-sha224", "SHA-224" }, MBEDTLS_MD_SHA224, }, { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA256), "id-sha256", "SHA-256" }, MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA384), "id-sha384", "SHA-384" }, MBEDTLS_MD_SHA384, }, { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA512), "id-sha512", "SHA-512" }, MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_RIPEMD160_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" }, + { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_RIPEMD160), "id-ripemd160", "RIPEMD-160" }, MBEDTLS_MD_RIPEMD160, }, #endif /* MBEDTLS_RIPEMD160_C */ @@ -646,31 +637,30 @@ typedef struct { mbedtls_md_type_t md_hmac; } oid_md_hmac_t; -static const oid_md_hmac_t oid_md_hmac[] = -{ +static const oid_md_hmac_t oid_md_hmac[] = { #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA1), "hmacSHA1", "HMAC-SHA-1" }, MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA224), "hmacSHA224", "HMAC-SHA-224" }, MBEDTLS_MD_SHA224, }, { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA256), "hmacSHA256", "HMAC-SHA-256" }, MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA384), "hmacSHA384", "HMAC-SHA-384" }, MBEDTLS_MD_SHA384, }, { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" }, + { ADD_LEN(MBEDTLS_OID_HMAC_SHA512), "hmacSHA512", "HMAC-SHA-512" }, MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ @@ -694,14 +684,13 @@ typedef struct { mbedtls_cipher_type_t cipher_alg; } oid_pkcs12_pbe_alg_t; -static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = -{ +static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = { { - { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" }, + { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" }, MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, }, { - { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" }, + { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" }, MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, }, { @@ -724,9 +713,8 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pb } while( 0 ) /* Return the x.y.z.... style numeric string for the given OID */ -int mbedtls_oid_get_numeric_string( char *buf, size_t size, - const mbedtls_asn1_buf *oid ) -{ +int mbedtls_oid_get_numeric_string(char *buf, size_t size, + const mbedtls_asn1_buf *oid) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n; unsigned int value; @@ -736,32 +724,29 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, n = size; /* First byte contains first two dots */ - if( oid->len > 0 ) - { - ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 ); + if (oid->len > 0) { + ret = mbedtls_snprintf(p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40); OID_SAFE_SNPRINTF; } value = 0; - for( i = 1; i < oid->len; i++ ) - { + for (i = 1; i < oid->len; i++) { /* Prevent overflow in value. */ - if( ( ( value << 7 ) >> 7 ) != value ) - return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); + if (((value << 7) >> 7) != value) + return (MBEDTLS_ERR_OID_BUF_TOO_SMALL); value <<= 7; value += oid->p[i] & 0x7F; - if( !( oid->p[i] & 0x80 ) ) - { + if (!(oid->p[i] & 0x80)) { /* Last byte */ - ret = mbedtls_snprintf( p, n, ".%u", value ); + ret = mbedtls_snprintf(p, n, ".%u", value); OID_SAFE_SNPRINTF; value = 0; } } - return( (int) ( size - n ) ); + return ((int)(size - n)); } #endif /* MBEDTLS_OID_C */ diff --git a/common/mbedtls/oid.h b/common/mbedtls/oid.h index e4c697b2d..20833221e 100644 --- a/common/mbedtls/oid.h +++ b/common/mbedtls/oid.h @@ -437,8 +437,7 @@ extern "C" { /** * \brief Base OID descriptor structure */ -typedef struct mbedtls_oid_descriptor_t -{ +typedef struct mbedtls_oid_descriptor_t { const char *asn1; /*!< OID ASN.1 representation */ size_t asn1_len; /*!< length of asn1 */ const char *name; /*!< official name (e.g. from RFC) */ @@ -456,7 +455,7 @@ typedef struct mbedtls_oid_descriptor_t * \return Length of the string written (excluding final NULL) or * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error */ -int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid ); +int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); /** * \brief Translate an X.509 extension OID into local values @@ -466,7 +465,7 @@ int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_b * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ); +int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type); /** * \brief Translate an X.509 attribute type OID into the short name @@ -477,7 +476,7 @@ int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type ); * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name ); +int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name); /** * \brief Translate PublicKeyAlgorithm OID into pk_type @@ -487,7 +486,7 @@ int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **s * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg ); +int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg); /** * \brief Translate pk_type into PublicKeyAlgorithm OID @@ -498,8 +497,8 @@ int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_a * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg, - const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, + const char **oid, size_t *olen); #if defined(MBEDTLS_ECP_C) /** @@ -510,7 +509,7 @@ int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id ); +int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id); /** * \brief Translate EC group identifier into NamedCurve OID @@ -521,8 +520,8 @@ int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *g * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id, - const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id, + const char **oid, size_t *olen); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_MD_C) @@ -535,8 +534,8 @@ int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg ); +int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg); /** * \brief Translate SignatureAlgorithm OID into description @@ -546,7 +545,7 @@ int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid, * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc ); +int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type and pk_type into SignatureAlgorithm OID @@ -558,8 +557,8 @@ int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const char **oid, size_t *olen); /** * \brief Translate hash algorithm OID into md_type @@ -569,7 +568,7 @@ int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg ); +int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg); /** * \brief Translate hmac algorithm OID into md_type @@ -579,7 +578,7 @@ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_a * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); +int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac); #endif /* MBEDTLS_MD_C */ /** @@ -590,7 +589,7 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc ); +int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate certificate policies OID into description @@ -600,7 +599,7 @@ int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc ); +int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc); /** * \brief Translate md_type into hash algorithm OID @@ -611,7 +610,7 @@ int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const cha * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen ); +int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg, const char **oid, size_t *olen); #if defined(MBEDTLS_CIPHER_C) /** @@ -622,7 +621,7 @@ int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_ * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg ); +int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_PKCS12_C) @@ -636,8 +635,8 @@ int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type * * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ -int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, - mbedtls_cipher_type_t *cipher_alg ); +int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg, + mbedtls_cipher_type_t *cipher_alg); #endif /* MBEDTLS_PKCS12_C */ #ifdef __cplusplus diff --git a/common/mbedtls/padlock.c b/common/mbedtls/padlock.c index 837337413..f45f36cb5 100644 --- a/common/mbedtls/padlock.c +++ b/common/mbedtls/padlock.c @@ -40,42 +40,39 @@ /* * PadLock detection routine */ -int mbedtls_padlock_has_support( int feature ) -{ +int mbedtls_padlock_has_support(int feature) { static int flags = -1; int ebx = 0, edx = 0; - if( flags == -1 ) - { - asm( "movl %%ebx, %0 \n\t" - "movl $0xC0000000, %%eax \n\t" - "cpuid \n\t" - "cmpl $0xC0000001, %%eax \n\t" - "movl $0, %%edx \n\t" - "jb 1f \n\t" - "movl $0xC0000001, %%eax \n\t" - "cpuid \n\t" - "1: \n\t" - "movl %%edx, %1 \n\t" - "movl %2, %%ebx \n\t" - : "=m" (ebx), "=m" (edx) - : "m" (ebx) - : "eax", "ecx", "edx" ); + if (flags == -1) { + asm("movl %%ebx, %0 \n\t" + "movl $0xC0000000, %%eax \n\t" + "cpuid \n\t" + "cmpl $0xC0000001, %%eax \n\t" + "movl $0, %%edx \n\t" + "jb 1f \n\t" + "movl $0xC0000001, %%eax \n\t" + "cpuid \n\t" + "1: \n\t" + "movl %%edx, %1 \n\t" + "movl %2, %%ebx \n\t" + : "=m"(ebx), "=m"(edx) + : "m"(ebx) + : "eax", "ecx", "edx"); flags = edx; } - return( flags & feature ); + return (flags & feature); } /* * PadLock AES-ECB block en(de)cryption */ -int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ) -{ +int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) { int ebx = 0; uint32_t *rk; uint32_t *blk; @@ -83,41 +80,40 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, unsigned char buf[256]; rk = ctx->rk; - blk = MBEDTLS_PADLOCK_ALIGN16( buf ); - memcpy( blk, input, 16 ); + blk = MBEDTLS_PADLOCK_ALIGN16(buf); + memcpy(blk, input, 16); - ctrl = blk + 4; - *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 ); + ctrl = blk + 4; + *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9); - asm( "pushfl \n\t" - "popfl \n\t" - "movl %%ebx, %0 \n\t" - "movl $1, %%ecx \n\t" - "movl %2, %%edx \n\t" - "movl %3, %%ebx \n\t" - "movl %4, %%esi \n\t" - "movl %4, %%edi \n\t" - ".byte 0xf3,0x0f,0xa7,0xc8 \n\t" - "movl %1, %%ebx \n\t" - : "=m" (ebx) - : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) - : "memory", "ecx", "edx", "esi", "edi" ); + asm("pushfl \n\t" + "popfl \n\t" + "movl %%ebx, %0 \n\t" + "movl $1, %%ecx \n\t" + "movl %2, %%edx \n\t" + "movl %3, %%ebx \n\t" + "movl %4, %%esi \n\t" + "movl %4, %%edi \n\t" + ".byte 0xf3,0x0f,0xa7,0xc8 \n\t" + "movl %1, %%ebx \n\t" + : "=m"(ebx) + : "m"(ebx), "m"(ctrl), "m"(rk), "m"(blk) + : "memory", "ecx", "edx", "esi", "edi"); - memcpy( output, blk, 16 ); + memcpy(output, blk, 16); - return( 0 ); + return (0); } /* * PadLock AES-CBC buffer en(de)cryption */ -int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output) { int ebx = 0; size_t count; uint32_t *rk; @@ -125,38 +121,38 @@ int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, uint32_t *ctrl; unsigned char buf[256]; - if( ( (long) input & 15 ) != 0 || - ( (long) output & 15 ) != 0 ) - return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED ); + if (((long) input & 15) != 0 || + ((long) output & 15) != 0) + return (MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED); rk = ctx->rk; - iw = MBEDTLS_PADLOCK_ALIGN16( buf ); - memcpy( iw, iv, 16 ); + iw = MBEDTLS_PADLOCK_ALIGN16(buf); + memcpy(iw, iv, 16); - ctrl = iw + 4; - *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 ); + ctrl = iw + 4; + *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9); - count = ( length + 15 ) >> 4; + count = (length + 15) >> 4; - asm( "pushfl \n\t" - "popfl \n\t" - "movl %%ebx, %0 \n\t" - "movl %2, %%ecx \n\t" - "movl %3, %%edx \n\t" - "movl %4, %%ebx \n\t" - "movl %5, %%esi \n\t" - "movl %6, %%edi \n\t" - "movl %7, %%eax \n\t" - ".byte 0xf3,0x0f,0xa7,0xd0 \n\t" - "movl %1, %%ebx \n\t" - : "=m" (ebx) - : "m" (ebx), "m" (count), "m" (ctrl), - "m" (rk), "m" (input), "m" (output), "m" (iw) - : "memory", "eax", "ecx", "edx", "esi", "edi" ); + asm("pushfl \n\t" + "popfl \n\t" + "movl %%ebx, %0 \n\t" + "movl %2, %%ecx \n\t" + "movl %3, %%edx \n\t" + "movl %4, %%ebx \n\t" + "movl %5, %%esi \n\t" + "movl %6, %%edi \n\t" + "movl %7, %%eax \n\t" + ".byte 0xf3,0x0f,0xa7,0xd0 \n\t" + "movl %1, %%ebx \n\t" + : "=m"(ebx) + : "m"(ebx), "m"(count), "m"(ctrl), + "m"(rk), "m"(input), "m"(output), "m"(iw) + : "memory", "eax", "ecx", "edx", "esi", "edi"); - memcpy( iv, iw, 16 ); + memcpy(iv, iw, 16); - return( 0 ); + return (0); } #endif /* MBEDTLS_HAVE_X86 */ diff --git a/common/mbedtls/padlock.h b/common/mbedtls/padlock.h index 78dbeb60d..751980e79 100644 --- a/common/mbedtls/padlock.h +++ b/common/mbedtls/padlock.h @@ -73,7 +73,7 @@ extern "C" { * * \return 1 if CPU has support for the feature, 0 otherwise */ -int mbedtls_padlock_has_support( int feature ); +int mbedtls_padlock_has_support(int feature); /** * \brief Internal PadLock AES-ECB block en(de)cryption @@ -88,10 +88,10 @@ int mbedtls_padlock_has_support( int feature ); * * \return 0 if success, 1 if operation failed */ -int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); /** * \brief Internal PadLock AES-CBC buffer en(de)cryption @@ -108,12 +108,12 @@ int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx, * * \return 0 if success, 1 if operation failed */ -int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output ); +int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, + int mode, + size_t length, + unsigned char iv[16], + const unsigned char *input, + unsigned char *output); #ifdef __cplusplus } diff --git a/common/mbedtls/pem.c b/common/mbedtls/pem.c index 969d492e3..8d90beee7 100644 --- a/common/mbedtls/pem.c +++ b/common/mbedtls/pem.c @@ -41,9 +41,8 @@ #endif #if defined(MBEDTLS_PEM_PARSE_C) -void mbedtls_pem_init( mbedtls_pem_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_pem_context ) ); +void mbedtls_pem_init(mbedtls_pem_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_pem_context)); } #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ @@ -51,141 +50,136 @@ void mbedtls_pem_init( mbedtls_pem_context *ctx ) /* * Read a 16-byte hex string and convert it to binary */ -static int pem_get_iv( const unsigned char *s, unsigned char *iv, - size_t iv_len ) -{ +static int pem_get_iv(const unsigned char *s, unsigned char *iv, + size_t iv_len) { size_t i, j, k; - memset( iv, 0, iv_len ); + memset(iv, 0, iv_len); - for( i = 0; i < iv_len * 2; i++, s++ ) - { - if( *s >= '0' && *s <= '9' ) j = *s - '0'; else - if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else - if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + for (i = 0; i < iv_len * 2; i++, s++) { + if (*s >= '0' && *s <= '9') j = *s - '0'; + else if (*s >= 'A' && *s <= 'F') j = *s - '7'; + else if (*s >= 'a' && *s <= 'f') j = *s - 'W'; + else + return (MBEDTLS_ERR_PEM_INVALID_ENC_IV); - k = ( ( i & 1 ) != 0 ) ? j : j << 4; + k = ((i & 1) != 0) ? j : j << 4; - iv[i >> 1] = (unsigned char)( iv[i >> 1] | k ); + iv[i >> 1] = (unsigned char)(iv[i >> 1] | k); } - return( 0 ); + return (0); } -static int pem_pbkdf1( unsigned char *key, size_t keylen, - unsigned char *iv, - const unsigned char *pwd, size_t pwdlen ) -{ +static int pem_pbkdf1(unsigned char *key, size_t keylen, + unsigned char *iv, + const unsigned char *pwd, size_t pwdlen) { mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md5_init( &md5_ctx ); + mbedtls_md5_init(&md5_ctx); /* * key[ 0..15] = MD5(pwd || IV) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, 8)) != 0) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) + if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0) goto exit; - if( keylen <= 16 ) - { - memcpy( key, md5sum, keylen ); + if (keylen <= 16) { + memcpy(key, md5sum, keylen); goto exit; } - memcpy( key, md5sum, 16 ); + memcpy(key, md5sum, 16); /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&md5_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5_ctx, md5sum, 16)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5_ctx, pwd, pwdlen)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5_ctx, iv, 8)) != 0) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) + if ((ret = mbedtls_md5_finish_ret(&md5_ctx, md5sum)) != 0) goto exit; use_len = 16; - if( keylen < 32 ) + if (keylen < 32) use_len = keylen - 16; - memcpy( key + 16, md5sum, use_len ); + memcpy(key + 16, md5sum, use_len); exit: - mbedtls_md5_free( &md5_ctx ); - mbedtls_platform_zeroize( md5sum, 16 ); + mbedtls_md5_free(&md5_ctx); + mbedtls_platform_zeroize(md5sum, 16); - return( ret ); + return (ret); } #if defined(MBEDTLS_DES_C) /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static int pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) -{ +static int pem_des_decrypt(unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen) { mbedtls_des_context des_ctx; unsigned char des_key[8]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_des_init( &des_ctx ); + mbedtls_des_init(&des_ctx); - if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 ) + if ((ret = pem_pbkdf1(des_key, 8, des_iv, pwd, pwdlen)) != 0) goto exit; - if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 ) + if ((ret = mbedtls_des_setkey_dec(&des_ctx, des_key)) != 0) goto exit; - ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, - des_iv, buf, buf ); + ret = mbedtls_des_crypt_cbc(&des_ctx, MBEDTLS_DES_DECRYPT, buflen, + des_iv, buf, buf); exit: - mbedtls_des_free( &des_ctx ); - mbedtls_platform_zeroize( des_key, 8 ); + mbedtls_des_free(&des_ctx); + mbedtls_platform_zeroize(des_key, 8); - return( ret ); + return (ret); } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static int pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) -{ +static int pem_des3_decrypt(unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen) { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_des3_init( &des3_ctx ); + mbedtls_des3_init(&des3_ctx); - if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 ) + if ((ret = pem_pbkdf1(des3_key, 24, des3_iv, pwd, pwdlen)) != 0) goto exit; - if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 ) + if ((ret = mbedtls_des3_set3key_dec(&des3_ctx, des3_key)) != 0) goto exit; - ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, - des3_iv, buf, buf ); + ret = mbedtls_des3_crypt_cbc(&des3_ctx, MBEDTLS_DES_DECRYPT, buflen, + des3_iv, buf, buf); exit: - mbedtls_des3_free( &des3_ctx ); - mbedtls_platform_zeroize( des3_key, 24 ); + mbedtls_des3_free(&des3_ctx); + mbedtls_platform_zeroize(des3_key, 24); - return( ret ); + return (ret); } #endif /* MBEDTLS_DES_C */ @@ -193,39 +187,37 @@ exit: /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) -{ +static int pem_aes_decrypt(unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen) { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_aes_init( &aes_ctx ); + mbedtls_aes_init(&aes_ctx); - if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 ) + if ((ret = pem_pbkdf1(aes_key, keylen, aes_iv, pwd, pwdlen)) != 0) goto exit; - if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 ) + if ((ret = mbedtls_aes_setkey_dec(&aes_ctx, aes_key, keylen * 8)) != 0) goto exit; - ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, - aes_iv, buf, buf ); + ret = mbedtls_aes_crypt_cbc(&aes_ctx, MBEDTLS_AES_DECRYPT, buflen, + aes_iv, buf, buf); exit: - mbedtls_aes_free( &aes_ctx ); - mbedtls_platform_zeroize( aes_key, keylen ); + mbedtls_aes_free(&aes_ctx); + mbedtls_platform_zeroize(aes_key, keylen); - return( ret ); + return (ret); } #endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ -int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, - const unsigned char *data, const unsigned char *pwd, - size_t pwdlen, size_t *use_len ) -{ +int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, + const unsigned char *data, const unsigned char *pwd, + size_t pwdlen, size_t *use_len) { int ret, enc; size_t len; unsigned char *buf; @@ -240,154 +232,145 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ - if( ctx == NULL ) - return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA ); + if (ctx == NULL) + return (MBEDTLS_ERR_PEM_BAD_INPUT_DATA); - s1 = (unsigned char *) strstr( (const char *) data, header ); + s1 = (unsigned char *) strstr((const char *) data, header); - if( s1 == NULL ) - return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); + if (s1 == NULL) + return (MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT); - s2 = (unsigned char *) strstr( (const char *) data, footer ); + s2 = (unsigned char *) strstr((const char *) data, footer); - if( s2 == NULL || s2 <= s1 ) - return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); + if (s2 == NULL || s2 <= s1) + return (MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT); - s1 += strlen( header ); - if( *s1 == ' ' ) s1++; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); + s1 += strlen(header); + if (*s1 == ' ') s1++; + if (*s1 == '\r') s1++; + if (*s1 == '\n') s1++; + else return (MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT); end = s2; - end += strlen( footer ); - if( *end == ' ' ) end++; - if( *end == '\r' ) end++; - if( *end == '\n' ) end++; + end += strlen(footer); + if (*end == ' ') end++; + if (*end == '\r') end++; + if (*end == '\n') end++; *use_len = end - data; enc = 0; - if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) - { + if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) enc++; s1 += 22; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( MBEDTLS_ERR_PEM_INVALID_DATA ); + if (*s1 == '\r') s1++; + if (*s1 == '\n') s1++; + else return (MBEDTLS_ERR_PEM_INVALID_DATA); #if defined(MBEDTLS_DES_C) - if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) - { + if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; s1 += 23; - if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) + return (MBEDTLS_ERR_PEM_INVALID_ENC_IV); s1 += 16; - } - else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) - { + } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) { enc_alg = MBEDTLS_CIPHER_DES_CBC; s1 += 18; - if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) + return (MBEDTLS_ERR_PEM_INVALID_ENC_IV); s1 += 16; } #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) - { - if( s2 - s1 < 22 ) - return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); - else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) { + if (s2 - s1 < 22) + return (MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG); + else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) enc_alg = MBEDTLS_CIPHER_AES_128_CBC; - else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) + else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) enc_alg = MBEDTLS_CIPHER_AES_192_CBC; - else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 ) + else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) enc_alg = MBEDTLS_CIPHER_AES_256_CBC; else - return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + return (MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG); s1 += 22; - if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) - return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); + if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) + return (MBEDTLS_ERR_PEM_INVALID_ENC_IV); s1 += 32; } #endif /* MBEDTLS_AES_C */ - if( enc_alg == MBEDTLS_CIPHER_NONE ) - return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); + if (enc_alg == MBEDTLS_CIPHER_NONE) + return (MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG); - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( MBEDTLS_ERR_PEM_INVALID_DATA ); + if (*s1 == '\r') s1++; + if (*s1 == '\n') s1++; + else return (MBEDTLS_ERR_PEM_INVALID_DATA); #else - return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 >= s2 ) - return( MBEDTLS_ERR_PEM_INVALID_DATA ); + if (s1 >= s2) + return (MBEDTLS_ERR_PEM_INVALID_DATA); - ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); + ret = mbedtls_base64_decode(NULL, 0, &len, s1, s2 - s1); - if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) - return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); + if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) + return (MBEDTLS_ERR_PEM_INVALID_DATA + ret); - if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) - return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); + if ((buf = mbedtls_calloc(1, len)) == NULL) + return (MBEDTLS_ERR_PEM_ALLOC_FAILED); - if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) - { - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); + if ((ret = mbedtls_base64_decode(buf, len, &len, s1, s2 - s1)) != 0) { + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return (MBEDTLS_ERR_PEM_INVALID_DATA + ret); } - if( enc != 0 ) - { + if (enc != 0) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) - if( pwd == NULL ) - { - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); + if (pwd == NULL) { + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return (MBEDTLS_ERR_PEM_PASSWORD_REQUIRED); } ret = 0; #if defined(MBEDTLS_DES_C) - if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) - ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); - else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) - ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) + ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen); + else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) + ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) - if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) - ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); - else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC ) - ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); - else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) - ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) + ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen); + else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) + ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen); + else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) + ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen); #endif /* MBEDTLS_AES_C */ - if( ret != 0 ) - { - mbedtls_free( buf ); - return( ret ); + if (ret != 0) { + mbedtls_free(buf); + return (ret); } /* @@ -396,16 +379,15 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const * * Use that as a heuristic to try to detect password mismatches. */ - if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 ) - { - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ); + if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) { + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return (MBEDTLS_ERR_PEM_PASSWORD_MISMATCH); } #else - mbedtls_platform_zeroize( buf, len ); - mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE ); + mbedtls_platform_zeroize(buf, len); + mbedtls_free(buf); + return (MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } @@ -413,76 +395,70 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ctx->buf = buf; ctx->buflen = len; - return( 0 ); + return (0); } -void mbedtls_pem_free( mbedtls_pem_context *ctx ) -{ - if ( ctx->buf != NULL ) - { - mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); - mbedtls_free( ctx->buf ); +void mbedtls_pem_free(mbedtls_pem_context *ctx) { + if (ctx->buf != NULL) { + mbedtls_platform_zeroize(ctx->buf, ctx->buflen); + mbedtls_free(ctx->buf); } - mbedtls_free( ctx->info ); + mbedtls_free(ctx->info); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context)); } #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_pem_write_buffer( const char *header, const char *footer, - const unsigned char *der_data, size_t der_len, - unsigned char *buf, size_t buf_len, size_t *olen ) -{ +int mbedtls_pem_write_buffer(const char *header, const char *footer, + const unsigned char *der_data, size_t der_len, + unsigned char *buf, size_t buf_len, size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0; - mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len ); - add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1; + mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len); + add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1; - if( use_len + add_len > buf_len ) - { + if (use_len + add_len > buf_len) { *olen = use_len + add_len; - return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL); } - if( use_len != 0 && - ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) ) - return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); + if (use_len != 0 && + ((encode_buf = mbedtls_calloc(1, use_len)) == NULL)) + return (MBEDTLS_ERR_PEM_ALLOC_FAILED); - if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, - der_len ) ) != 0 ) - { - mbedtls_free( encode_buf ); - return( ret ); + if ((ret = mbedtls_base64_encode(encode_buf, use_len, &use_len, der_data, + der_len)) != 0) { + mbedtls_free(encode_buf); + return (ret); } - memcpy( p, header, strlen( header ) ); - p += strlen( header ); + memcpy(p, header, strlen(header)); + p += strlen(header); c = encode_buf; - while( use_len ) - { - len = ( use_len > 64 ) ? 64 : use_len; - memcpy( p, c, len ); + while (use_len) { + len = (use_len > 64) ? 64 : use_len; + memcpy(p, c, len); use_len -= len; p += len; c += len; *p++ = '\n'; } - memcpy( p, footer, strlen( footer ) ); - p += strlen( footer ); + memcpy(p, footer, strlen(footer)); + p += strlen(footer); *p++ = '\0'; *olen = p - buf; - /* Clean any remaining data previously written to the buffer */ - memset( buf + *olen, 0, buf_len - *olen ); + /* Clean any remaining data previously written to the buffer */ + memset(buf + *olen, 0, buf_len - *olen); - mbedtls_free( encode_buf ); - return( 0 ); + mbedtls_free(encode_buf); + return (0); } #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ diff --git a/common/mbedtls/pem.h b/common/mbedtls/pem.h index 4769bec5f..f8024fdd1 100644 --- a/common/mbedtls/pem.h +++ b/common/mbedtls/pem.h @@ -55,8 +55,7 @@ extern "C" { /** * \brief PEM context structure */ -typedef struct mbedtls_pem_context -{ +typedef struct mbedtls_pem_context { unsigned char *buf; /*!< buffer for decoded data */ size_t buflen; /*!< length of the buffer */ unsigned char *info; /*!< buffer for extra header information */ @@ -68,7 +67,7 @@ mbedtls_pem_context; * * \param ctx context to be initialized */ -void mbedtls_pem_init( mbedtls_pem_context *ctx ); +void mbedtls_pem_init(mbedtls_pem_context *ctx); /** * \brief Read a buffer for PEM information and store the resulting @@ -92,17 +91,17 @@ void mbedtls_pem_init( mbedtls_pem_context *ctx ); * * \return 0 on success, or a specific PEM error code */ -int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer, - const unsigned char *data, - const unsigned char *pwd, - size_t pwdlen, size_t *use_len ); +int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, + const unsigned char *data, + const unsigned char *pwd, + size_t pwdlen, size_t *use_len); /** * \brief PEM context memory freeing * * \param ctx context to be freed */ -void mbedtls_pem_free( mbedtls_pem_context *ctx ); +void mbedtls_pem_free(mbedtls_pem_context *ctx); #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_PEM_WRITE_C) @@ -132,9 +131,9 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx ); * the required minimum size of \p buf. * \return Another PEM or BASE64 error code on other kinds of failure. */ -int mbedtls_pem_write_buffer( const char *header, const char *footer, - const unsigned char *der_data, size_t der_len, - unsigned char *buf, size_t buf_len, size_t *olen ); +int mbedtls_pem_write_buffer(const char *header, const char *footer, + const unsigned char *der_data, size_t der_len, + unsigned char *buf, size_t buf_len, size_t *olen); #endif /* MBEDTLS_PEM_WRITE_C */ #ifdef __cplusplus diff --git a/common/mbedtls/pk.c b/common/mbedtls/pk.c index ecf002d45..7c89572ba 100644 --- a/common/mbedtls/pk.c +++ b/common/mbedtls/pk.c @@ -52,9 +52,8 @@ /* * Initialise a mbedtls_pk_context */ -void mbedtls_pk_init( mbedtls_pk_context *ctx ) -{ - PK_VALIDATE( ctx != NULL ); +void mbedtls_pk_init(mbedtls_pk_context *ctx) { + PK_VALIDATE(ctx != NULL); ctx->pk_info = NULL; ctx->pk_ctx = NULL; @@ -63,24 +62,22 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ) /* * Free (the components of) a mbedtls_pk_context */ -void mbedtls_pk_free( mbedtls_pk_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_pk_free(mbedtls_pk_context *ctx) { + if (ctx == NULL) return; - if ( ctx->pk_info != NULL ) - ctx->pk_info->ctx_free_func( ctx->pk_ctx ); + if (ctx->pk_info != NULL) + ctx->pk_info->ctx_free_func(ctx->pk_ctx); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context)); } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ -void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) -{ - PK_VALIDATE( ctx != NULL ); +void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx) { + PK_VALIDATE(ctx != NULL); ctx->pk_info = NULL; ctx->rs_ctx = NULL; } @@ -88,15 +85,13 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) /* * Free the components of a restart context */ -void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) -{ - if( ctx == NULL || ctx->pk_info == NULL || - ctx->pk_info->rs_free_func == NULL ) - { +void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx) { + if (ctx == NULL || ctx->pk_info == NULL || + ctx->pk_info->rs_free_func == NULL) { return; } - ctx->pk_info->rs_free_func( ctx->rs_ctx ); + ctx->pk_info->rs_free_func(ctx->rs_ctx); ctx->pk_info = NULL; ctx->rs_ctx = NULL; @@ -106,79 +101,76 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) /* * Get pk_info structure from type */ -const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) -{ - switch( pk_type ) { +const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) { + switch (pk_type) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: - return( &mbedtls_rsa_info ); + return (&mbedtls_rsa_info); #endif #if defined(MBEDTLS_ECP_C) case MBEDTLS_PK_ECKEY: - return( &mbedtls_eckey_info ); + return (&mbedtls_eckey_info); case MBEDTLS_PK_ECKEY_DH: - return( &mbedtls_eckeydh_info ); + return (&mbedtls_eckeydh_info); #endif #if defined(MBEDTLS_ECDSA_C) case MBEDTLS_PK_ECDSA: - return( &mbedtls_ecdsa_info ); + return (&mbedtls_ecdsa_info); #endif /* MBEDTLS_PK_RSA_ALT omitted on purpose */ default: - return( NULL ); + return (NULL); } } /* * Initialise context */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) -{ - PK_VALIDATE_RET( ctx != NULL ); - if( info == NULL || ctx->pk_info != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) { + PK_VALIDATE_RET(ctx != NULL); + if (info == NULL || ctx->pk_info != NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) + return (MBEDTLS_ERR_PK_ALLOC_FAILED); ctx->pk_info = info; - return( 0 ); + return (0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* * Initialise a PSA-wrapping context */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, - const psa_key_id_t key ) -{ - const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; +int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, + const psa_key_id_t key) { + const mbedtls_pk_info_t *const info = &mbedtls_pk_opaque_info; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_id_t *pk_ctx; psa_key_type_t type; - if( ctx == NULL || ctx->pk_info != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->pk_info != NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - type = psa_get_key_type( &attributes ); - psa_reset_key_attributes( &attributes ); + if (PSA_SUCCESS != psa_get_key_attributes(key, &attributes)) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); + type = psa_get_key_type(&attributes); + psa_reset_key_attributes(&attributes); /* Current implementation of can_do() relies on this. */ - if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; + if (! PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; - if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) + return (MBEDTLS_ERR_PK_ALLOC_FAILED); ctx->pk_info = info; pk_ctx = (psa_key_id_t *) ctx->pk_ctx; *pk_ctx = key; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -186,20 +178,19 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, /* * Initialize an RSA-alt context */ -int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, - mbedtls_pk_rsa_alt_decrypt_func decrypt_func, - mbedtls_pk_rsa_alt_sign_func sign_func, - mbedtls_pk_rsa_alt_key_len_func key_len_func ) -{ +int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key, + mbedtls_pk_rsa_alt_decrypt_func decrypt_func, + mbedtls_pk_rsa_alt_sign_func sign_func, + mbedtls_pk_rsa_alt_key_len_func key_len_func) { mbedtls_rsa_alt_context *rsa_alt; const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; - PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + PK_VALIDATE_RET(ctx != NULL); + if (ctx->pk_info != NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) + return (MBEDTLS_ERR_PK_ALLOC_FAILED); ctx->pk_info = info; @@ -210,374 +201,352 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, rsa_alt->sign_func = sign_func; rsa_alt->key_len_func = key_len_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ /* * Tell if a PK can do the operations of the given type */ -int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) -{ +int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type) { /* A context with null pk_info is not set up yet and can't do anything. * For backward compatibility, also accept NULL instead of a context * pointer. */ - if( ctx == NULL || ctx->pk_info == NULL ) - return( 0 ); + if (ctx == NULL || ctx->pk_info == NULL) + return (0); - return( ctx->pk_info->can_do( type ) ); + return (ctx->pk_info->can_do(type)); } /* * Helper for mbedtls_pk_sign and mbedtls_pk_verify */ -static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) -{ +static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len) { const mbedtls_md_info_t *md_info; - if( *hash_len != 0 ) - return( 0 ); + if (*hash_len != 0) + return (0); - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( -1 ); + if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) + return (-1); - *hash_len = mbedtls_md_get_size( md_info ); - return( 0 ); + *hash_len = mbedtls_md_get_size(md_info); + return (0); } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Helper to set up a restart context if needed */ -static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, - const mbedtls_pk_info_t *info ) -{ +static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx, + const mbedtls_pk_info_t *info) { /* Don't do anything if already set up or invalid */ - if( ctx == NULL || ctx->pk_info != NULL ) - return( 0 ); + if (ctx == NULL || ctx->pk_info != NULL) + return (0); /* Should never happen when we're called */ - if( info->rs_alloc_func == NULL || info->rs_free_func == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (info->rs_alloc_func == NULL || info->rs_free_func == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((ctx->rs_ctx = info->rs_alloc_func()) == NULL) + return (MBEDTLS_ERR_PK_ALLOC_FAILED); ctx->pk_info = info; - return( 0 ); + return (0); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* * Verify a signature (restartable) */ -int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - mbedtls_pk_restart_ctx *rs_ctx ) -{ - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); +int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + mbedtls_pk_restart_ctx *rs_ctx) { + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) || + hash != NULL); + PK_VALIDATE_RET(sig != NULL); - if( ctx->pk_info == NULL || - pk_hashlen_helper( md_alg, &hash_len ) != 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL || + pk_hashlen_helper(md_alg, &hash_len) != 0) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ - if( rs_ctx != NULL && - mbedtls_ecp_restart_is_enabled() && - ctx->pk_info->verify_rs_func != NULL ) - { + if (rs_ctx != NULL && + mbedtls_ecp_restart_is_enabled() && + ctx->pk_info->verify_rs_func != NULL) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) - return( ret ); + if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) + return (ret); - ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx, - md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx ); + ret = ctx->pk_info->verify_rs_func(ctx->pk_ctx, + md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx); - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - mbedtls_pk_restart_free( rs_ctx ); + if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) + mbedtls_pk_restart_free(rs_ctx); - return( ret ); + return (ret); } #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ctx->pk_info->verify_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->verify_func == NULL) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, - sig, sig_len ) ); + return (ctx->pk_info->verify_func(ctx->pk_ctx, md_alg, hash, hash_len, + sig, sig_len)); } /* * Verify a signature */ -int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) -{ - return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len, - sig, sig_len, NULL ) ); +int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { + return (mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len, + sig, sig_len, NULL)); } /* * Verify a signature with options */ -int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) -{ - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); +int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, + mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) || + hash != NULL); + PK_VALIDATE_RET(sig != NULL); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ! mbedtls_pk_can_do( ctx, type ) ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (! mbedtls_pk_can_do(ctx, type)) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - if( type == MBEDTLS_PK_RSASSA_PSS ) - { + if (type == MBEDTLS_PK_RSASSA_PSS) { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_rsassa_pss_options *pss_opts; #if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); #endif /* SIZE_MAX > UINT_MAX */ - if( options == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (options == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; - if( sig_len < mbedtls_pk_get_len( ctx ) ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if (sig_len < mbedtls_pk_get_len(ctx)) + return (MBEDTLS_ERR_RSA_VERIFY_FAILED); - ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), - NULL, NULL, MBEDTLS_RSA_PUBLIC, - md_alg, (unsigned int) hash_len, hash, - pss_opts->mgf1_hash_id, - pss_opts->expected_salt_len, - sig ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx), + NULL, NULL, MBEDTLS_RSA_PUBLIC, + md_alg, (unsigned int) hash_len, hash, + pss_opts->mgf1_hash_id, + pss_opts->expected_salt_len, + sig); + if (ret != 0) + return (ret); - if( sig_len > mbedtls_pk_get_len( ctx ) ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (sig_len > mbedtls_pk_get_len(ctx)) + return (MBEDTLS_ERR_PK_SIG_LEN_MISMATCH); - return( 0 ); + return (0); #else - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ } /* General case: no options */ - if( options != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (options != NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); + return (mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len)); } /* * Make a signature (restartable) */ -int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_pk_restart_ctx *rs_ctx ) -{ - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); +int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_pk_restart_ctx *rs_ctx) { + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) || + hash != NULL); + PK_VALIDATE_RET(sig != NULL); - if( ctx->pk_info == NULL || - pk_hashlen_helper( md_alg, &hash_len ) != 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL || + pk_hashlen_helper(md_alg, &hash_len) != 0) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ - if( rs_ctx != NULL && - mbedtls_ecp_restart_is_enabled() && - ctx->pk_info->sign_rs_func != NULL ) - { + if (rs_ctx != NULL && + mbedtls_ecp_restart_is_enabled() && + ctx->pk_info->sign_rs_func != NULL) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) - return( ret ); + if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) + return (ret); - ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, - hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); + ret = ctx->pk_info->sign_rs_func(ctx->pk_ctx, md_alg, + hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx); - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - mbedtls_pk_restart_free( rs_ctx ); + if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) + mbedtls_pk_restart_free(rs_ctx); - return( ret ); + return (ret); } #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ctx->pk_info->sign_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->sign_func == NULL) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, - sig, sig_len, f_rng, p_rng ) ); + return (ctx->pk_info->sign_func(ctx->pk_ctx, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng)); } /* * Make a signature */ -int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, - sig, sig_len, f_rng, p_rng, NULL ) ); +int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + return (mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len, + sig, sig_len, f_rng, p_rng, NULL)); } /* * Decrypt message */ -int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); +int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(input != NULL || ilen == 0); + PK_VALIDATE_RET(output != NULL || osize == 0); + PK_VALIDATE_RET(olen != NULL); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ctx->pk_info->decrypt_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->decrypt_func == NULL) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, - output, olen, osize, f_rng, p_rng ) ); + return (ctx->pk_info->decrypt_func(ctx->pk_ctx, input, ilen, + output, olen, osize, f_rng, p_rng)); } /* * Encrypt message */ -int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); +int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(input != NULL || ilen == 0); + PK_VALIDATE_RET(output != NULL || osize == 0); + PK_VALIDATE_RET(olen != NULL); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (ctx->pk_info == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ctx->pk_info->encrypt_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->encrypt_func == NULL) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, - output, olen, osize, f_rng, p_rng ) ); + return (ctx->pk_info->encrypt_func(ctx->pk_ctx, input, ilen, + output, olen, osize, f_rng, p_rng)); } /* * Check public-private key pair */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) -{ - PK_VALIDATE_RET( pub != NULL ); - PK_VALIDATE_RET( prv != NULL ); +int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv) { + PK_VALIDATE_RET(pub != NULL); + PK_VALIDATE_RET(prv != NULL); - if( pub->pk_info == NULL || - prv->pk_info == NULL ) - { - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (pub->pk_info == NULL || + prv->pk_info == NULL) { + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); } - if( prv->pk_info->check_pair_func == NULL ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + if (prv->pk_info->check_pair_func == NULL) + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); - if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) - { - if( pub->pk_info->type != MBEDTLS_PK_RSA ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - } - else - { - if( pub->pk_info != prv->pk_info ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) { + if (pub->pk_info->type != MBEDTLS_PK_RSA) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); + } else { + if (pub->pk_info != prv->pk_info) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); } - return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); + return (prv->pk_info->check_pair_func(pub->pk_ctx, prv->pk_ctx)); } /* * Get key size in bits */ -size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) -{ +size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx) { /* For backward compatibility, accept NULL or a context that * isn't set up yet, and return a fake value that should be safe. */ - if( ctx == NULL || ctx->pk_info == NULL ) - return( 0 ); + if (ctx == NULL || ctx->pk_info == NULL) + return (0); - return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); + return (ctx->pk_info->get_bitlen(ctx->pk_ctx)); } /* * Export debug information */ -int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) -{ - PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items) { + PK_VALIDATE_RET(ctx != NULL); + if (ctx->pk_info == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - if( ctx->pk_info->debug_func == NULL ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (ctx->pk_info->debug_func == NULL) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - ctx->pk_info->debug_func( ctx->pk_ctx, items ); - return( 0 ); + ctx->pk_info->debug_func(ctx->pk_ctx, items); + return (0); } /* * Access the PK type name */ -const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) -{ - if( ctx == NULL || ctx->pk_info == NULL ) - return( "invalid PK" ); +const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx) { + if (ctx == NULL || ctx->pk_info == NULL) + return ("invalid PK"); - return( ctx->pk_info->name ); + return (ctx->pk_info->name); } /* * Access the PK type */ -mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) -{ - if( ctx == NULL || ctx->pk_info == NULL ) - return( MBEDTLS_PK_NONE ); +mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx) { + if (ctx == NULL || ctx->pk_info == NULL) + return (MBEDTLS_PK_NONE); - return( ctx->pk_info->type ); + return (ctx->pk_info->type); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -587,15 +556,14 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) * * Currently only works for EC private keys. */ -int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_id_t *key, - psa_algorithm_t hash_alg ) -{ +int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, + psa_key_id_t *key, + psa_algorithm_t hash_alg) { #if !defined(MBEDTLS_ECP_C) ((void) pk); ((void) key); ((void) hash_alg); - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); #else const mbedtls_ecp_keypair *ec; unsigned char d[MBEDTLS_ECP_MAX_BYTES]; @@ -607,32 +575,32 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* export the private key material in the format PSA wants */ - if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) - return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY) + return (MBEDTLS_ERR_PK_TYPE_MISMATCH); - ec = mbedtls_pk_ec( *pk ); - d_len = ( ec->grp.nbits + 7 ) / 8; - if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) - return( ret ); + ec = mbedtls_pk_ec(*pk); + d_len = (ec->grp.nbits + 7) / 8; + if ((ret = mbedtls_mpi_write_binary(&ec->d, d, d_len)) != 0) + return (ret); - curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); - key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); + curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); + key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id); /* prepare the key attributes */ - psa_set_key_type( &attributes, key_type ); - psa_set_key_bits( &attributes, bits ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); + psa_set_key_type(&attributes, key_type); + psa_set_key_bits(&attributes, bits); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(hash_alg)); /* import private key into PSA */ - if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) ) - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + if (PSA_SUCCESS != psa_import_key(&attributes, d, d_len, key)) + return (MBEDTLS_ERR_PK_HW_ACCEL_FAILED); /* make PK context wrap the key slot */ - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); - return( mbedtls_pk_setup_opaque( pk, *key ) ); + return (mbedtls_pk_setup_opaque(pk, *key)); #endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/common/mbedtls/pk.h b/common/mbedtls/pk.h index 7d0f977d5..c00a5c10c 100644 --- a/common/mbedtls/pk.h +++ b/common/mbedtls/pk.h @@ -78,7 +78,7 @@ extern "C" { * \brief Public key types */ typedef enum { - MBEDTLS_PK_NONE=0, + MBEDTLS_PK_NONE = 0, MBEDTLS_PK_RSA, MBEDTLS_PK_ECKEY, MBEDTLS_PK_ECKEY_DH, @@ -92,8 +92,7 @@ typedef enum { * \brief Options for RSASSA-PSS signature verification. * See \c mbedtls_rsa_rsassa_pss_verify_ext() */ -typedef struct mbedtls_pk_rsassa_pss_options -{ +typedef struct mbedtls_pk_rsassa_pss_options { mbedtls_md_type_t mgf1_hash_id; int expected_salt_len; @@ -154,8 +153,7 @@ typedef struct mbedtls_pk_rsassa_pss_options /** * \brief Types for interfacing with the debug module */ -typedef enum -{ +typedef enum { MBEDTLS_PK_DEBUG_NONE = 0, MBEDTLS_PK_DEBUG_MPI, MBEDTLS_PK_DEBUG_ECP, @@ -164,8 +162,7 @@ typedef enum /** * \brief Item to send to the debug module */ -typedef struct mbedtls_pk_debug_item -{ +typedef struct mbedtls_pk_debug_item { mbedtls_pk_debug_type type; const char *name; void *value; @@ -182,20 +179,18 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; /** * \brief Public key container */ -typedef struct mbedtls_pk_context -{ - const mbedtls_pk_info_t * pk_info; /**< Public key information */ - void * pk_ctx; /**< Underlying public key context */ +typedef struct mbedtls_pk_context { + const mbedtls_pk_info_t *pk_info; /**< Public key information */ + void *pk_ctx; /**< Underlying public key context */ } mbedtls_pk_context; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Context for resuming operations */ -typedef struct -{ - const mbedtls_pk_info_t * pk_info; /**< Public key information */ - void * rs_ctx; /**< Underlying restart context */ +typedef struct { + const mbedtls_pk_info_t *pk_info; /**< Public key information */ + void *rs_ctx; /**< Underlying restart context */ } mbedtls_pk_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* Now we can declare functions that take a pointer to that */ @@ -209,9 +204,8 @@ typedef void mbedtls_pk_restart_ctx; * \warning You must make sure the PK context actually holds an RSA context * before using this function! */ -static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) -{ - return( (mbedtls_rsa_context *) (pk).pk_ctx ); +static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) { + return ((mbedtls_rsa_context *)(pk).pk_ctx); } #endif /* MBEDTLS_RSA_C */ @@ -222,9 +216,8 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) * \warning You must make sure the PK context actually holds an EC context * before using this function! */ -static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) -{ - return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); +static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) { + return ((mbedtls_ecp_keypair *)(pk).pk_ctx); } #endif /* MBEDTLS_ECP_C */ @@ -232,14 +225,14 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) /** * \brief Types for RSA-alt abstraction */ -typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len ); -typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig ); -typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); +typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len); +typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig); +typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ /** @@ -249,7 +242,7 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); * * \return The PK info associated with the type or NULL if not found. */ -const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); +const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type); /** * \brief Initialize a #mbedtls_pk_context (as NONE). @@ -257,7 +250,7 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); * \param ctx The context to initialize. * This must not be \c NULL. */ -void mbedtls_pk_init( mbedtls_pk_context *ctx ); +void mbedtls_pk_init(mbedtls_pk_context *ctx); /** * \brief Free the components of a #mbedtls_pk_context. @@ -270,7 +263,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ); * PSA key and you still need to call psa_destroy_key() * independently if you want to destroy that key. */ -void mbedtls_pk_free( mbedtls_pk_context *ctx ); +void mbedtls_pk_free(mbedtls_pk_context *ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** @@ -279,7 +272,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ); * \param ctx The context to initialize. * This must not be \c NULL. */ -void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); +void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx); /** * \brief Free the components of a restart context @@ -287,7 +280,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ); * \param ctx The context to clear. It must have been initialized. * If this is \c NULL, this function does nothing. */ -void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); +void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** @@ -305,7 +298,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); * \note For contexts holding an RSA-alt key, use * \c mbedtls_pk_setup_rsa_alt() instead. */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); +int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -336,8 +329,8 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); * ECC key pair. * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ -int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, - const psa_key_id_t key ); +int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, + const psa_key_id_t key); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) @@ -356,10 +349,10 @@ int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, * * \note This function replaces \c mbedtls_pk_setup() for RSA-alt. */ -int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, - mbedtls_pk_rsa_alt_decrypt_func decrypt_func, - mbedtls_pk_rsa_alt_sign_func sign_func, - mbedtls_pk_rsa_alt_key_len_func key_len_func ); +int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key, + mbedtls_pk_rsa_alt_decrypt_func decrypt_func, + mbedtls_pk_rsa_alt_sign_func sign_func, + mbedtls_pk_rsa_alt_key_len_func key_len_func); #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ /** @@ -369,7 +362,7 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, * * \return Key size in bits, or 0 on error */ -size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); +size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx); /** * \brief Get the length in bytes of the underlying key @@ -378,9 +371,8 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ); * * \return Key length in bytes, or 0 on error */ -static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) -{ - return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ); +static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx) { + return ((mbedtls_pk_get_bitlen(ctx) + 7) / 8); } /** @@ -395,7 +387,7 @@ static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx ) * been initialized but not set up, or that has been * cleared with mbedtls_pk_free(). */ -int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); +int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type); /** * \brief Verify signature (including padding if relevant). @@ -421,9 +413,9 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ); * * \note md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0 */ -int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); +int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); /** * \brief Restartable version of \c mbedtls_pk_verify() @@ -445,11 +437,11 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ -int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - mbedtls_pk_restart_ctx *rs_ctx ); +int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + mbedtls_pk_restart_ctx *rs_ctx); /** * \brief Verify signature, with options. @@ -480,10 +472,10 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, * to a mbedtls_pk_rsassa_pss_options structure, * otherwise it must be NULL. */ -int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); +int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, + mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); /** * \brief Make signature, including padding if relevant. @@ -515,10 +507,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ -int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief Restartable version of \c mbedtls_pk_sign() @@ -548,12 +540,12 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ -int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_pk_restart_ctx *rs_ctx ); +int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_pk_restart_ctx *rs_ctx); /** * \brief Decrypt message (including padding if relevant). @@ -572,10 +564,10 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, * * \return 0 on success, or a specific error code. */ -int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief Encrypt message (including padding if relevant). @@ -593,10 +585,10 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, * * \return 0 on success, or a specific error code. */ -int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); /** * \brief Check if a public-private pair of keys matches. @@ -610,7 +602,7 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid. * \return Another non-zero value if the keys do not match. */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ); +int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv); /** * \brief Export debug information @@ -620,7 +612,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte * * \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA */ -int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ); +int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items); /** * \brief Access the type name @@ -629,7 +621,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item * * \return Type name on success, or "invalid PK" */ -const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); +const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx); /** * \brief Get the key type @@ -639,7 +631,7 @@ const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx ); * \return Type on success. * \return #MBEDTLS_PK_NONE for a context that has not been set up. */ -mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); +mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx); #if defined(MBEDTLS_PK_PARSE_C) /** \ingroup pk_module */ @@ -671,9 +663,9 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ); +int mbedtls_pk_parse_key(mbedtls_pk_context *ctx, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen); /** \ingroup pk_module */ /** @@ -697,8 +689,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen ); +int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, + const unsigned char *key, size_t keylen); #if defined(MBEDTLS_FS_IO) /** \ingroup pk_module */ @@ -722,8 +714,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *password ); +int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, + const char *path, const char *password); /** \ingroup pk_module */ /** @@ -742,7 +734,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, * * \return 0 if successful, or a specific PK or PEM error code */ -int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ); +int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_PK_PARSE_C */ @@ -760,7 +752,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) * \return length of data written if successful, or a specific * error code */ -int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_key_der(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); /** * \brief Write a public key to a SubjectPublicKeyInfo DER structure @@ -775,7 +767,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_ * \return length of data written if successful, or a specific * error code */ -int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -788,7 +780,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, si * * \return 0 if successful, or a specific error code */ -int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); /** * \brief Write a private key to a PKCS#1 or SEC1 PEM string @@ -800,7 +792,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si * * \return 0 if successful, or a specific error code */ -int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size ); +int mbedtls_pk_write_key_pem(mbedtls_pk_context *ctx, unsigned char *buf, size_t size); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PK_WRITE_C */ @@ -820,8 +812,8 @@ int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_ * * \return 0 if successful, or a specific PK error code */ -int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk ); +int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, + mbedtls_pk_context *pk); #endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PK_WRITE_C) @@ -835,8 +827,8 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, * * \return the length written or a negative error code */ -int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ); +int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *key); #endif /* MBEDTLS_PK_WRITE_C */ /* @@ -844,7 +836,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, * know you do. */ #if defined(MBEDTLS_FS_IO) -int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); +int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n); #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -868,9 +860,9 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ); * \return \c 0 if successful. * \return An Mbed TLS error code otherwise. */ -int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, - psa_key_id_t *key, - psa_algorithm_t hash_alg ); +int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, + psa_key_id_t *key, + psa_algorithm_t hash_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ #ifdef __cplusplus diff --git a/common/mbedtls/pk_internal.h b/common/mbedtls/pk_internal.h index 47f776770..7c13c8020 100644 --- a/common/mbedtls/pk_internal.h +++ b/common/mbedtls/pk_internal.h @@ -31,8 +31,7 @@ #include "mbedtls/pk.h" -struct mbedtls_pk_info_t -{ +struct mbedtls_pk_info_t { /** Public key type */ mbedtls_pk_type_t type; @@ -40,75 +39,74 @@ struct mbedtls_pk_info_t const char *name; /** Get key size in bits */ - size_t (*get_bitlen)( const void * ); + size_t (*get_bitlen)(const void *); /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */ - int (*can_do)( mbedtls_pk_type_t type ); + int (*can_do)(mbedtls_pk_type_t type); /** Verify signature */ - int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); + int (*verify_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); /** Make signature */ - int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + int (*sign_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** Verify signature (restartable) */ - int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ); + int (*verify_rs_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx); /** Make signature (restartable) */ - int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, void *rs_ctx ); + int (*sign_rs_func)(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, void *rs_ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** Decrypt message */ - int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + int (*decrypt_func)(void *ctx, const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** Encrypt message */ - int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + int (*encrypt_func)(void *ctx, const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** Check public-private key pair */ - int (*check_pair_func)( const void *pub, const void *prv ); + int (*check_pair_func)(const void *pub, const void *prv); /** Allocate a new context */ - void * (*ctx_alloc_func)( void ); + void *(*ctx_alloc_func)(void); /** Free the given context */ - void (*ctx_free_func)( void *ctx ); + void (*ctx_free_func)(void *ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** Allocate the restart context */ - void * (*rs_alloc_func)( void ); + void *(*rs_alloc_func)(void); /** Free the restart context */ - void (*rs_free_func)( void *rs_ctx ); + void (*rs_free_func)(void *rs_ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /** Interface with the debug module */ - void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items ); + void (*debug_func)(const void *ctx, mbedtls_pk_debug_item *items); }; #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Container for RSA-alt */ -typedef struct -{ +typedef struct { void *key; mbedtls_pk_rsa_alt_decrypt_func decrypt_func; mbedtls_pk_rsa_alt_sign_func sign_func; diff --git a/common/mbedtls/pk_wrap.c b/common/mbedtls/pk_wrap.c index 107e912ac..b2057037e 100644 --- a/common/mbedtls/pk_wrap.c +++ b/common/mbedtls/pk_wrap.c @@ -62,130 +62,120 @@ #include #if defined(MBEDTLS_RSA_C) -static int rsa_can_do( mbedtls_pk_type_t type ) -{ - return( type == MBEDTLS_PK_RSA || - type == MBEDTLS_PK_RSASSA_PSS ); +static int rsa_can_do(mbedtls_pk_type_t type) { + return (type == MBEDTLS_PK_RSA || + type == MBEDTLS_PK_RSASSA_PSS); } -static size_t rsa_get_bitlen( const void *ctx ) -{ - const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; - return( 8 * mbedtls_rsa_get_len( rsa ) ); +static size_t rsa_get_bitlen(const void *ctx) { + const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx; + return (8 * mbedtls_rsa_get_len(rsa)); } -static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) -{ +static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; - size_t rsa_len = mbedtls_rsa_get_len( rsa ); + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; + size_t rsa_len = mbedtls_rsa_get_len(rsa); #if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); #endif /* SIZE_MAX > UINT_MAX */ - if( sig_len < rsa_len ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if (sig_len < rsa_len) + return (MBEDTLS_ERR_RSA_VERIFY_FAILED); - if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, - MBEDTLS_RSA_PUBLIC, md_alg, - (unsigned int) hash_len, hash, sig ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL, + MBEDTLS_RSA_PUBLIC, md_alg, + (unsigned int) hash_len, hash, sig)) != 0) + return (ret); /* The buffer contains a valid signature followed by extra data. * We have a special error code for that so that so that callers can * use mbedtls_pk_verify() to check "Does the buffer start with a * valid signature?" and not just "Does the buffer contain a valid * signature?". */ - if( sig_len > rsa_len ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (sig_len > rsa_len) + return (MBEDTLS_ERR_PK_SIG_LEN_MISMATCH); - return( 0 ); + return (0); } -static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; +static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; #if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); #endif /* SIZE_MAX > UINT_MAX */ - *sig_len = mbedtls_rsa_get_len( rsa ); + *sig_len = mbedtls_rsa_get_len(rsa); - return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return (mbedtls_rsa_pkcs1_sign(rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, (unsigned int) hash_len, hash, sig)); } -static int rsa_decrypt_wrap( void *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; +static int rsa_decrypt_wrap(void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; - if( ilen != mbedtls_rsa_get_len( rsa ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen != mbedtls_rsa_get_len(rsa)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + return (mbedtls_rsa_pkcs1_decrypt(rsa, f_rng, p_rng, + MBEDTLS_RSA_PRIVATE, olen, input, output, osize)); } -static int rsa_encrypt_wrap( void *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; - *olen = mbedtls_rsa_get_len( rsa ); +static int rsa_encrypt_wrap(void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx; + *olen = mbedtls_rsa_get_len(rsa); - if( *olen > osize ) - return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + if (*olen > osize) + return (MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE); - return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, - ilen, input, output ) ); + return (mbedtls_rsa_pkcs1_encrypt(rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + ilen, input, output)); } -static int rsa_check_pair_wrap( const void *pub, const void *prv ) -{ - return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, - (const mbedtls_rsa_context *) prv ) ); +static int rsa_check_pair_wrap(const void *pub, const void *prv) { + return (mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub, + (const mbedtls_rsa_context *) prv)); } -static void *rsa_alloc_wrap( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); +static void *rsa_alloc_wrap(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); - if( ctx != NULL ) - mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); + if (ctx != NULL) + mbedtls_rsa_init((mbedtls_rsa_context *) ctx, 0, 0); - return( ctx ); + return (ctx); } -static void rsa_free_wrap( void *ctx ) -{ - mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); - mbedtls_free( ctx ); +static void rsa_free_wrap(void *ctx) { + mbedtls_rsa_free((mbedtls_rsa_context *) ctx); + mbedtls_free(ctx); } -static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) -{ +static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items) { items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.N"; - items->value = &( ((mbedtls_rsa_context *) ctx)->N ); + items->value = &(((mbedtls_rsa_context *) ctx)->N); items++; items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.E"; - items->value = &( ((mbedtls_rsa_context *) ctx)->E ); + items->value = &(((mbedtls_rsa_context *) ctx)->E); } const mbedtls_pk_info_t mbedtls_rsa_info = { @@ -216,77 +206,73 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { /* * Generic EC key */ -static int eckey_can_do( mbedtls_pk_type_t type ) -{ - return( type == MBEDTLS_PK_ECKEY || +static int eckey_can_do(mbedtls_pk_type_t type) { + return (type == MBEDTLS_PK_ECKEY || type == MBEDTLS_PK_ECKEY_DH || - type == MBEDTLS_PK_ECDSA ); + type == MBEDTLS_PK_ECDSA); } -static size_t eckey_get_bitlen( const void *ctx ) -{ - return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); +static size_t eckey_get_bitlen(const void *ctx) { + return (((mbedtls_ecp_keypair *) ctx)->grp.pbits); } #if defined(MBEDTLS_ECDSA_C) /* Forward declarations */ -static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ); +static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len); -static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); -static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) -{ +static int eckey_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecdsa_context ecdsa; - mbedtls_ecdsa_init( &ecdsa ); + mbedtls_ecdsa_init(&ecdsa); - if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) - ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); + if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) + ret = ecdsa_verify_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len); - mbedtls_ecdsa_free( &ecdsa ); + mbedtls_ecdsa_free(&ecdsa); - return( ret ); + return (ret); } -static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int eckey_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecdsa_context ecdsa; - mbedtls_ecdsa_init( &ecdsa ); + mbedtls_ecdsa_init(&ecdsa); - if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) - ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, - f_rng, p_rng ); + if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) + ret = ecdsa_sign_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len, + f_rng, p_rng); - mbedtls_ecdsa_free( &ecdsa ); + mbedtls_ecdsa_free(&ecdsa); - return( ret ); + return (ret); } #if defined(MBEDTLS_ECP_RESTARTABLE) /* Forward declarations */ -static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ); +static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx); -static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ); +static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx); /* * Restart context for ECDSA operations with ECKEY context @@ -294,120 +280,110 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, * We need to store an actual ECDSA context, as we need to pass the same to * the underlying ecdsa function, so we can't create it on the fly every time. */ -typedef struct -{ +typedef struct { mbedtls_ecdsa_restart_ctx ecdsa_rs; mbedtls_ecdsa_context ecdsa_ctx; } eckey_restart_ctx; -static void *eckey_rs_alloc( void ) -{ +static void *eckey_rs_alloc(void) { eckey_restart_ctx *rs_ctx; - void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) ); + void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx)); - if( ctx != NULL ) - { + if (ctx != NULL) { rs_ctx = ctx; - mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs ); - mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx ); + mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs); + mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx); } - return( ctx ); + return (ctx); } -static void eckey_rs_free( void *ctx ) -{ +static void eckey_rs_free(void *ctx) { eckey_restart_ctx *rs_ctx; - if( ctx == NULL) + if (ctx == NULL) return; rs_ctx = ctx; - mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs ); - mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx ); + mbedtls_ecdsa_restart_free(&rs_ctx->ecdsa_rs); + mbedtls_ecdsa_free(&rs_ctx->ecdsa_ctx); - mbedtls_free( ctx ); + mbedtls_free(ctx); } -static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ) -{ +static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; eckey_restart_ctx *rs = rs_ctx; /* Should never happen */ - if( rs == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (rs == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); /* set up our own sub-context if needed (that is, on first run) */ - if( rs->ecdsa_ctx.grp.pbits == 0 ) - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); + if (rs->ecdsa_ctx.grp.pbits == 0) + MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx)); - MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx, - md_alg, hash, hash_len, - sig, sig_len, &rs->ecdsa_rs ) ); + MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(&rs->ecdsa_ctx, + md_alg, hash, hash_len, + sig, sig_len, &rs->ecdsa_rs)); cleanup: - return( ret ); + return (ret); } -static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ) -{ +static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; eckey_restart_ctx *rs = rs_ctx; /* Should never happen */ - if( rs == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (rs == NULL) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); /* set up our own sub-context if needed (that is, on first run) */ - if( rs->ecdsa_ctx.grp.pbits == 0 ) - MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); + if (rs->ecdsa_ctx.grp.pbits == 0) + MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx)); - MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg, - hash, hash_len, sig, sig_len, - f_rng, p_rng, &rs->ecdsa_rs ) ); + MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(&rs->ecdsa_ctx, md_alg, + hash, hash_len, sig, sig_len, + f_rng, p_rng, &rs->ecdsa_rs)); cleanup: - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDSA_C */ -static int eckey_check_pair( const void *pub, const void *prv ) -{ - return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, - (const mbedtls_ecp_keypair *) prv ) ); +static int eckey_check_pair(const void *pub, const void *prv) { + return (mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub, + (const mbedtls_ecp_keypair *) prv)); } -static void *eckey_alloc_wrap( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); +static void *eckey_alloc_wrap(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); - if( ctx != NULL ) - mbedtls_ecp_keypair_init( ctx ); + if (ctx != NULL) + mbedtls_ecp_keypair_init(ctx); - return( ctx ); + return (ctx); } -static void eckey_free_wrap( void *ctx ) -{ - mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); - mbedtls_free( ctx ); +static void eckey_free_wrap(void *ctx) { + mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx); + mbedtls_free(ctx); } -static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) -{ +static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items) { items->type = MBEDTLS_PK_DEBUG_ECP; items->name = "eckey.Q"; - items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); + items->value = &(((mbedtls_ecp_keypair *) ctx)->Q); } const mbedtls_pk_info_t mbedtls_eckey_info = { @@ -441,10 +417,9 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { /* * EC key restricted to ECDH */ -static int eckeydh_can_do( mbedtls_pk_type_t type ) -{ - return( type == MBEDTLS_PK_ECKEY || - type == MBEDTLS_PK_ECKEY_DH ); +static int eckeydh_can_do(mbedtls_pk_type_t type) { + return (type == MBEDTLS_PK_ECKEY || + type == MBEDTLS_PK_ECKEY_DH); } const mbedtls_pk_info_t mbedtls_eckeydh_info = { @@ -472,9 +447,8 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_ECDSA_C) -static int ecdsa_can_do( mbedtls_pk_type_t type ) -{ - return( type == MBEDTLS_PK_ECDSA ); +static int ecdsa_can_do(mbedtls_pk_type_t type) { + return (type == MBEDTLS_PK_ECDSA); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -482,33 +456,30 @@ static int ecdsa_can_do( mbedtls_pk_type_t type ) * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of * those integers and convert it to the fixed-length encoding expected by PSA. */ -static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end, - unsigned char *to, size_t to_len ) -{ +static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end, + unsigned char *to, size_t to_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t unpadded_len, padding_len; - if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len, - MBEDTLS_ASN1_INTEGER ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len, + MBEDTLS_ASN1_INTEGER)) != 0) { + return (ret); } - while( unpadded_len > 0 && **from == 0x00 ) - { - ( *from )++; + while (unpadded_len > 0 && **from == 0x00) { + (*from)++; unpadded_len--; } - if( unpadded_len > to_len || unpadded_len == 0 ) - return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (unpadded_len > to_len || unpadded_len == 0) + return (MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); padding_len = to_len - unpadded_len; - memset( to, 0x00, padding_len ); - memcpy( to + padding_len, *from, unpadded_len ); - ( *from ) += unpadded_len; + memset(to, 0x00, padding_len); + memcpy(to + padding_len, *from, unpadded_len); + (*from) += unpadded_len; - return( 0 ); + return (0); } /* @@ -516,30 +487,28 @@ static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end * to a raw {r,s} buffer. Note: the provided sig buffer must be at least * twice as big as int_size. */ -static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end, - unsigned char *sig, size_t int_size ) -{ +static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end, + unsigned char *sig, size_t int_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t tmp_size; - if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (ret); /* Extract r */ - if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 ) - return( ret ); + if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) + return (ret); /* Extract s */ - if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 ) - return( ret ); + if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) + return (ret); - return( 0 ); + return (0); } -static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) -{ +static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { mbedtls_ecdsa_context *ctx = ctx_arg; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -554,162 +523,149 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; psa_ecc_family_t curve = - mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); - const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8; + mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); + const size_t signature_part_size = (ctx->grp.nbits + 7) / 8; ((void) md_alg); - if( curve == 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (curve == 0) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); /* mbedtls_pk_write_pubkey() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; key.pk_ctx = ctx; - p = buf + sizeof( buf ); - key_len = mbedtls_pk_write_pubkey( &p, buf, &key ); - if( key_len <= 0 ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + p = buf + sizeof(buf); + key_len = mbedtls_pk_write_pubkey(&p, buf, &key); + if (key_len <= 0) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); - psa_set_key_algorithm( &attributes, psa_sig_md ); + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, psa_sig_md); - status = psa_import_key( &attributes, - buf + sizeof( buf ) - key_len, key_len, - &key_id ); - if( status != PSA_SUCCESS ) - { - ret = mbedtls_psa_err_translate_pk( status ); + status = psa_import_key(&attributes, + buf + sizeof(buf) - key_len, key_len, + &key_id); + if (status != PSA_SUCCESS) { + ret = mbedtls_psa_err_translate_pk(status); goto cleanup; } /* We don't need the exported key anymore and can * reuse its buffer for signature extraction. */ - if( 2 * signature_part_size > sizeof( buf ) ) - { + if (2 * signature_part_size > sizeof(buf)) { ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; goto cleanup; } - p = (unsigned char*) sig; - if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf, - signature_part_size ) ) != 0 ) - { + p = (unsigned char *) sig; + if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf, + signature_part_size)) != 0) { goto cleanup; } - if( psa_verify_hash( key_id, psa_sig_md, - hash, hash_len, - buf, 2 * signature_part_size ) - != PSA_SUCCESS ) - { - ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; - goto cleanup; + if (psa_verify_hash(key_id, psa_sig_md, + hash, hash_len, + buf, 2 * signature_part_size) + != PSA_SUCCESS) { + ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + goto cleanup; } - if( p != sig + sig_len ) - { + if (p != sig + sig_len) { ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; goto cleanup; } ret = 0; cleanup: - psa_destroy_key( key_id ); - return( ret ); + psa_destroy_key(key_id); + return (ret); } #else /* MBEDTLS_USE_PSA_CRYPTO */ -static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len ) -{ +static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) md_alg); - ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, - hash, hash_len, sig, sig_len ); + ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) ctx, + hash, hash_len, sig, sig_len); - if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) + return (MBEDTLS_ERR_PK_SIG_LEN_MISMATCH); - return( ret ); + return (ret); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, - md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); +static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { + return (mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx, + md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng)); } #if defined(MBEDTLS_ECP_RESTARTABLE) -static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ) -{ +static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ((void) md_alg); ret = mbedtls_ecdsa_read_signature_restartable( - (mbedtls_ecdsa_context *) ctx, - hash, hash_len, sig, sig_len, - (mbedtls_ecdsa_restart_ctx *) rs_ctx ); + (mbedtls_ecdsa_context *) ctx, + hash, hash_len, sig, sig_len, + (mbedtls_ecdsa_restart_ctx *) rs_ctx); - if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) - return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); + if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) + return (MBEDTLS_ERR_PK_SIG_LEN_MISMATCH); - return( ret ); + return (ret); } -static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ) -{ - return( mbedtls_ecdsa_write_signature_restartable( +static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx) { + return (mbedtls_ecdsa_write_signature_restartable( (mbedtls_ecdsa_context *) ctx, md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, - (mbedtls_ecdsa_restart_ctx *) rs_ctx ) ); + (mbedtls_ecdsa_restart_ctx *) rs_ctx)); } #endif /* MBEDTLS_ECP_RESTARTABLE */ -static void *ecdsa_alloc_wrap( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); +static void *ecdsa_alloc_wrap(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_context)); - if( ctx != NULL ) - mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); + if (ctx != NULL) + mbedtls_ecdsa_init((mbedtls_ecdsa_context *) ctx); - return( ctx ); + return (ctx); } -static void ecdsa_free_wrap( void *ctx ) -{ - mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); - mbedtls_free( ctx ); +static void ecdsa_free_wrap(void *ctx) { + mbedtls_ecdsa_free((mbedtls_ecdsa_context *) ctx); + mbedtls_free(ctx); } #if defined(MBEDTLS_ECP_RESTARTABLE) -static void *ecdsa_rs_alloc( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); +static void *ecdsa_rs_alloc(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx)); - if( ctx != NULL ) - mbedtls_ecdsa_restart_init( ctx ); + if (ctx != NULL) + mbedtls_ecdsa_restart_init(ctx); - return( ctx ); + return (ctx); } -static void ecdsa_rs_free( void *ctx ) -{ - mbedtls_ecdsa_restart_free( ctx ); - mbedtls_free( ctx ); +static void ecdsa_rs_free(void *ctx) { + mbedtls_ecdsa_restart_free(ctx); + mbedtls_free(ctx); } #endif /* MBEDTLS_ECP_RESTARTABLE */ @@ -742,99 +698,90 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { * Support for alternative RSA-private implementations */ -static int rsa_alt_can_do( mbedtls_pk_type_t type ) -{ - return( type == MBEDTLS_PK_RSA ); +static int rsa_alt_can_do(mbedtls_pk_type_t type) { + return (type == MBEDTLS_PK_RSA); } -static size_t rsa_alt_get_bitlen( const void *ctx ) -{ +static size_t rsa_alt_get_bitlen(const void *ctx) { const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; - return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); + return (8 * rsa_alt->key_len_func(rsa_alt->key)); } -static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; #if SIZE_MAX > UINT_MAX - if( UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (UINT_MAX < hash_len) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); #endif /* SIZE_MAX > UINT_MAX */ - *sig_len = rsa_alt->key_len_func( rsa_alt->key ); - if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + *sig_len = rsa_alt->key_len_func(rsa_alt->key); + if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, (unsigned int) hash_len, hash, sig ) ); + return (rsa_alt->sign_func(rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + md_alg, (unsigned int) hash_len, hash, sig)); } -static int rsa_alt_decrypt_wrap( void *ctx, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int rsa_alt_decrypt_wrap(void *ctx, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, size_t osize, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; ((void) f_rng); ((void) p_rng); - if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen != rsa_alt->key_len_func(rsa_alt->key)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - return( rsa_alt->decrypt_func( rsa_alt->key, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + return (rsa_alt->decrypt_func(rsa_alt->key, + MBEDTLS_RSA_PRIVATE, olen, input, output, osize)); } #if defined(MBEDTLS_RSA_C) -static int rsa_alt_check_pair( const void *pub, const void *prv ) -{ +static int rsa_alt_check_pair(const void *pub, const void *prv) { unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char hash[32]; size_t sig_len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (rsa_alt_get_bitlen(prv) != rsa_get_bitlen(pub)) + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); - memset( hash, 0x2a, sizeof( hash ) ); + memset(hash, 0x2a, sizeof(hash)); - if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, - hash, sizeof( hash ), - sig, &sig_len, NULL, NULL ) ) != 0 ) - { - return( ret ); + if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE, + hash, sizeof(hash), + sig, &sig_len, NULL, NULL)) != 0) { + return (ret); } - if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, - hash, sizeof( hash ), sig, sig_len ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE, + hash, sizeof(hash), sig, sig_len) != 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } - return( 0 ); + return (0); } #endif /* MBEDTLS_RSA_C */ -static void *rsa_alt_alloc_wrap( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); +static void *rsa_alt_alloc_wrap(void) { + void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context)); - if( ctx != NULL ) - memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); + if (ctx != NULL) + memset(ctx, 0, sizeof(mbedtls_rsa_alt_context)); - return( ctx ); + return (ctx); } -static void rsa_alt_free_wrap( void *ctx ) -{ - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); - mbedtls_free( ctx ); +static void rsa_alt_free_wrap(void *ctx) { + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context)); + mbedtls_free(ctx); } const mbedtls_pk_info_t mbedtls_rsa_alt_info = { @@ -868,42 +815,38 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #if defined(MBEDTLS_USE_PSA_CRYPTO) -static void *pk_opaque_alloc_wrap( void ) -{ - void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) ); +static void *pk_opaque_alloc_wrap(void) { + void *ctx = mbedtls_calloc(1, sizeof(psa_key_id_t)); /* no _init() function to call, an calloc() already zeroized */ - return( ctx ); + return (ctx); } -static void pk_opaque_free_wrap( void *ctx ) -{ - mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) ); - mbedtls_free( ctx ); +static void pk_opaque_free_wrap(void *ctx) { + mbedtls_platform_zeroize(ctx, sizeof(psa_key_id_t)); + mbedtls_free(ctx); } -static size_t pk_opaque_get_bitlen( const void *ctx ) -{ +static size_t pk_opaque_get_bitlen(const void *ctx) { const psa_key_id_t *key = (const psa_key_id_t *) ctx; size_t bits; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) ) - return( 0 ); + if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) + return (0); - bits = psa_get_key_bits( &attributes ); - psa_reset_key_attributes( &attributes ); - return( bits ); + bits = psa_get_key_bits(&attributes); + psa_reset_key_attributes(&attributes); + return (bits); } -static int pk_opaque_can_do( mbedtls_pk_type_t type ) -{ +static int pk_opaque_can_do(mbedtls_pk_type_t type) { /* For now opaque PSA keys can only wrap ECC keypairs, * as checked by setup_psa(). * Also, ECKEY_DH does not really make sense with the current API. */ - return( type == MBEDTLS_PK_ECKEY || - type == MBEDTLS_PK_ECDSA ); + return (type == MBEDTLS_PK_ECKEY || + type == MBEDTLS_PK_ECDSA); } #if defined(MBEDTLS_ECDSA_C) @@ -917,48 +860,45 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type ) * start: start of the output buffer, and also of the mpi to write at the end * n_len: length of the mpi to read from start */ -static int asn1_write_mpibuf( unsigned char **p, unsigned char *start, - size_t n_len ) -{ +static int asn1_write_mpibuf(unsigned char **p, unsigned char *start, + size_t n_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( (size_t)( *p - start ) < n_len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if ((size_t)(*p - start) < n_len) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); len = n_len; *p -= len; - memmove( *p, start, len ); + memmove(*p, start, len); /* ASN.1 DER encoding requires minimal length, so skip leading 0s. * Neither r nor s should be 0, but as a failsafe measure, still detect * that rather than overflowing the buffer in case of a PSA error. */ - while( len > 0 && **p == 0x00 ) - { + while (len > 0 && **p == 0x00) { ++(*p); --len; } /* this is only reached if the signature was invalid */ - if( len == 0 ) - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + if (len == 0) + return (MBEDTLS_ERR_PK_HW_ACCEL_FAILED); /* if the msb is 1, ASN.1 requires that we prepend a 0. * Neither r nor s can be 0, so we can assume len > 0 at all times. */ - if( **p & 0x80 ) - { - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (**p & 0x80) { + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_INTEGER ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_INTEGER)); - return( (int) len ); + return ((int) len); } /* Transcode signature from PSA format to ASN.1 sequence. @@ -969,34 +909,32 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start, * [in/out] sig_len: signature length pre- and post-transcoding * [int] buf_len: the available size the in/out buffer */ -static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len, - size_t buf_len ) -{ +static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len, + size_t buf_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const size_t rs_len = *sig_len / 2; unsigned char *p = sig + buf_len; - MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len)); + MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - memmove( sig, p, len ); + memmove(sig, p, len); *sig_len = len; - return( 0 ); + return (0); } #endif /* MBEDTLS_ECDSA_C */ -static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if !defined(MBEDTLS_ECDSA_C) ((void) ctx); ((void) md_alg); @@ -1006,11 +944,11 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) sig_len); ((void) f_rng); ((void) p_rng); - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); #else /* !MBEDTLS_ECDSA_C */ const psa_key_id_t *key = (const psa_key_id_t *) ctx; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + psa_algorithm_t alg = PSA_ALG_ECDSA(mbedtls_psa_translate_md(md_alg)); size_t buf_len; psa_status_t status; @@ -1022,22 +960,22 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, * that information. Assume that the buffer is large enough for a * maximal-length signature with that key (otherwise the application is * buggy anyway). */ - status = psa_get_key_attributes( *key, &attributes ); - if( status != PSA_SUCCESS ) - return( mbedtls_psa_err_translate_pk( status ) ); - buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) ); - psa_reset_key_attributes( &attributes ); - if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + status = psa_get_key_attributes(*key, &attributes); + if (status != PSA_SUCCESS) + return (mbedtls_psa_err_translate_pk(status)); + buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN(psa_get_key_bits(&attributes)); + psa_reset_key_attributes(&attributes); + if (buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); /* make the signature */ - status = psa_sign_hash( *key, alg, hash, hash_len, - sig, buf_len, sig_len ); - if( status != PSA_SUCCESS ) - return( mbedtls_psa_err_translate_pk( status ) ); + status = psa_sign_hash(*key, alg, hash, hash_len, + sig, buf_len, sig_len); + if (status != PSA_SUCCESS) + return (mbedtls_psa_err_translate_pk(status)); /* transcode it to ASN.1 sequence */ - return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) ); + return (pk_ecdsa_sig_asn1_from_psa(sig, sig_len, buf_len)); #endif /* !MBEDTLS_ECDSA_C */ } diff --git a/common/mbedtls/pkcs11.c b/common/mbedtls/pkcs11.c index 4deccf3f6..297ec8720 100644 --- a/common/mbedtls/pkcs11.c +++ b/common/mbedtls/pkcs11.c @@ -39,46 +39,39 @@ #include -void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) ); +void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_pkcs11_context)); } -int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert ) -{ +int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert) { int ret = 1; unsigned char *cert_blob = NULL; size_t cert_blob_size = 0; - if( cert == NULL ) - { + if (cert == NULL) { ret = 2; goto cleanup; } - if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL, - &cert_blob_size ) != CKR_OK ) - { + if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, NULL, + &cert_blob_size) != CKR_OK) { ret = 3; goto cleanup; } - cert_blob = mbedtls_calloc( 1, cert_blob_size ); - if( NULL == cert_blob ) - { + cert_blob = mbedtls_calloc(1, cert_blob_size); + if (NULL == cert_blob) { ret = 4; goto cleanup; } - if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob, - &cert_blob_size ) != CKR_OK ) - { + if (pkcs11h_certificate_getCertificateBlob(pkcs11_cert, cert_blob, + &cert_blob_size) != CKR_OK) { ret = 5; goto cleanup; } - if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) ) - { + if (0 != mbedtls_x509_crt_parse(cert, cert_blob, cert_blob_size)) { ret = 6; goto cleanup; } @@ -86,121 +79,112 @@ int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t ret = 0; cleanup: - if( NULL != cert_blob ) - mbedtls_free( cert_blob ); + if (NULL != cert_blob) + mbedtls_free(cert_blob); - return( ret ); + return (ret); } -int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, - pkcs11h_certificate_t pkcs11_cert ) -{ +int mbedtls_pkcs11_priv_key_bind(mbedtls_pkcs11_context *priv_key, + pkcs11h_certificate_t pkcs11_cert) { int ret = 1; mbedtls_x509_crt cert; - mbedtls_x509_crt_init( &cert ); + mbedtls_x509_crt_init(&cert); - if( priv_key == NULL ) + if (priv_key == NULL) goto cleanup; - if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) ) + if (0 != mbedtls_pkcs11_x509_cert_bind(&cert, pkcs11_cert)) goto cleanup; - priv_key->len = mbedtls_pk_get_len( &cert.pk ); + priv_key->len = mbedtls_pk_get_len(&cert.pk); priv_key->pkcs11h_cert = pkcs11_cert; ret = 0; cleanup: - mbedtls_x509_crt_free( &cert ); + mbedtls_x509_crt_free(&cert); - return( ret ); + return (ret); } -void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ) -{ - if( NULL != priv_key ) - pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert ); +void mbedtls_pkcs11_priv_key_free(mbedtls_pkcs11_context *priv_key) { + if (NULL != priv_key) + pkcs11h_certificate_freeCertificate(priv_key->pkcs11h_cert); } -int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ) -{ +int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { size_t input_len, output_len; - if( NULL == ctx ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (NULL == ctx) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( MBEDTLS_RSA_PRIVATE != mode ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (MBEDTLS_RSA_PRIVATE != mode) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); output_len = input_len = ctx->len; - if( input_len < 16 || input_len > output_max_len ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (input_len < 16 || input_len > output_max_len) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* Determine size of output buffer */ - if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, - input_len, NULL, &output_len ) != CKR_OK ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input, + input_len, NULL, &output_len) != CKR_OK) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } - if( output_len > output_max_len ) - return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); + if (output_len > output_max_len) + return (MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE); - if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input, - input_len, output, &output_len ) != CKR_OK ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (pkcs11h_certificate_decryptAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, input, + input_len, output, &output_len) != CKR_OK) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } *olen = output_len; - return( 0 ); + return (0); } -int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) -{ +int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { size_t sig_len = 0, asn_len = 0, oid_size = 0; unsigned char *p = sig; const char *oid; - if( NULL == ctx ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (NULL == ctx) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( MBEDTLS_RSA_PRIVATE != mode ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (MBEDTLS_RSA_PRIVATE != mode) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( md_alg != MBEDTLS_MD_NONE ) - { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (md_alg != MBEDTLS_MD_NONE) { + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); asn_len = 10 + oid_size; } sig_len = ctx->len; - if( hashlen > sig_len || asn_len > sig_len || - hashlen + asn_len > sig_len ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (hashlen > sig_len || asn_len > sig_len || + hashlen + asn_len > sig_len) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } - if( md_alg != MBEDTLS_MD_NONE ) - { + if (md_alg != MBEDTLS_MD_NONE) { /* * DigestInfo ::= SEQUENCE { * digestAlgorithm DigestAlgorithmIdentifier, @@ -211,12 +195,12 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, * Digest ::= OCTET STRING */ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x08 + oid_size + hashlen ); + *p++ = (unsigned char)(0x08 + oid_size + hashlen); *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x04 + oid_size ); + *p++ = (unsigned char)(0x04 + oid_size); *p++ = MBEDTLS_ASN1_OID; *p++ = oid_size & 0xFF; - memcpy( p, oid, oid_size ); + memcpy(p, oid, oid_size); p += oid_size; *p++ = MBEDTLS_ASN1_NULL; *p++ = 0x00; @@ -224,15 +208,14 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, *p++ = hashlen; } - memcpy( p, hash, hashlen ); + memcpy(p, hash, hashlen); - if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig, - asn_len + hashlen, sig, &sig_len ) != CKR_OK ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (pkcs11h_certificate_signAny(ctx->pkcs11h_cert, CKM_RSA_PKCS, sig, + asn_len + hashlen, sig, &sig_len) != CKR_OK) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } - return( 0 ); + return (0); } #endif /* defined(MBEDTLS_PKCS11_C) */ diff --git a/common/mbedtls/pkcs11.h b/common/mbedtls/pkcs11.h index 3530ee168..1f864a515 100644 --- a/common/mbedtls/pkcs11.h +++ b/common/mbedtls/pkcs11.h @@ -50,10 +50,9 @@ extern "C" { /** * Context for PKCS #11 private keys. */ -typedef struct mbedtls_pkcs11_context -{ - pkcs11h_certificate_t pkcs11h_cert; - int len; +typedef struct mbedtls_pkcs11_context { + pkcs11h_certificate_t pkcs11h_cert; + int len; } mbedtls_pkcs11_context; #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -69,7 +68,7 @@ typedef struct mbedtls_pkcs11_context * \deprecated This function is deprecated and will be removed in a * future version of the library. */ -MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx); /** * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. @@ -82,8 +81,8 @@ MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); * * \return 0 on success. */ -MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, - pkcs11h_certificate_t pkcs11h_cert ); +MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind(mbedtls_x509_crt *cert, + pkcs11h_certificate_t pkcs11h_cert); /** * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the @@ -99,8 +98,8 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, * \return 0 on success */ MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind( - mbedtls_pkcs11_context *priv_key, - pkcs11h_certificate_t pkcs11_cert ); + mbedtls_pkcs11_context *priv_key, + pkcs11h_certificate_t pkcs11_cert); /** * Free the contents of the given private key context. Note that the structure @@ -112,7 +111,7 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind( * \param priv_key Private key structure to cleanup */ MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free( - mbedtls_pkcs11_context *priv_key ); + mbedtls_pkcs11_context *priv_key); /** * \brief Do an RSA private key decrypt, then remove the message @@ -134,11 +133,11 @@ MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free( * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise * an error is thrown. */ -MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt(mbedtls_pkcs11_context *ctx, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief Do a private RSA to sign a message digest @@ -159,12 +158,12 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, * \note The "sig" buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ -MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign(mbedtls_pkcs11_context *ctx, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * SSL/TLS wrappers for PKCS#11 functions @@ -172,13 +171,12 @@ MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, * \deprecated This function is deprecated and will be removed in a future * version of the library. */ -MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, - int mode, size_t *olen, - const unsigned char *input, unsigned char *output, - size_t output_max_len ) -{ - return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output, - output_max_len ); +MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt(void *ctx, + int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len) { + return mbedtls_pkcs11_decrypt((mbedtls_pkcs11_context *) ctx, mode, olen, input, output, + output_max_len); } /** @@ -207,15 +205,14 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, * ctx->N. For example, 128 bytes if RSA-1024 is * used. */ -MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, - const unsigned char *hash, unsigned char *sig ) -{ +MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign(void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig) { ((void) f_rng); ((void) p_rng); - return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_pkcs11_sign((mbedtls_pkcs11_context *) ctx, mode, md_alg, + hashlen, hash, sig); } /** @@ -228,9 +225,8 @@ MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx, * * \return The length of the private key. */ -MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx ) -{ - return ( (mbedtls_pkcs11_context *) ctx )->len; +MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len(void *ctx) { + return ((mbedtls_pkcs11_context *) ctx)->len; } #undef MBEDTLS_DEPRECATED diff --git a/common/mbedtls/pkcs12.c b/common/mbedtls/pkcs12.c index 4bdeb6835..78523b83e 100644 --- a/common/mbedtls/pkcs12.c +++ b/common/mbedtls/pkcs12.c @@ -45,9 +45,8 @@ #if defined(MBEDTLS_ASN1_PARSE_C) -static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, - mbedtls_asn1_buf *salt, int *iterations ) -{ +static int pkcs12_parse_pbe_params(mbedtls_asn1_buf *params, + mbedtls_asn1_buf *salt, int *iterations) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char **p = ¶ms->p; const unsigned char *end = params->p + params->len; @@ -59,77 +58,73 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, * } * */ - if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) + return (MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret); salt->p = *p; *p += salt->len; - if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(p, end, iterations)) != 0) + return (MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret); - if( *p != end ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } #define PKCS12_MAX_PWDLEN 128 -static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - unsigned char *key, size_t keylen, - unsigned char *iv, size_t ivlen ) -{ +static int pkcs12_pbe_derive_key_iv(mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + unsigned char *key, size_t keylen, + unsigned char *iv, size_t ivlen) { int ret, iterations = 0; mbedtls_asn1_buf salt; size_t i; unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2]; - if( pwdlen > PKCS12_MAX_PWDLEN ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (pwdlen > PKCS12_MAX_PWDLEN) + return (MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA); - memset( &salt, 0, sizeof(mbedtls_asn1_buf) ); - memset( &unipwd, 0, sizeof(unipwd) ); + memset(&salt, 0, sizeof(mbedtls_asn1_buf)); + memset(&unipwd, 0, sizeof(unipwd)); - if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt, - &iterations ) ) != 0 ) - return( ret ); + if ((ret = pkcs12_parse_pbe_params(pbe_params, &salt, + &iterations)) != 0) + return (ret); - for( i = 0; i < pwdlen; i++ ) + for (i = 0; i < pwdlen; i++) unipwd[i * 2 + 1] = pwd[i]; - if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2, - salt.p, salt.len, md_type, - MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pkcs12_derivation(key, keylen, unipwd, pwdlen * 2 + 2, + salt.p, salt.len, md_type, + MBEDTLS_PKCS12_DERIVE_KEY, iterations)) != 0) { + return (ret); } - if( iv == NULL || ivlen == 0 ) - return( 0 ); + if (iv == NULL || ivlen == 0) + return (0); - if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2, - salt.p, salt.len, md_type, - MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pkcs12_derivation(iv, ivlen, unipwd, pwdlen * 2 + 2, + salt.p, salt.len, md_type, + MBEDTLS_PKCS12_DERIVE_IV, iterations)) != 0) { + return (ret); } - return( 0 ); + return (0); } #undef PKCS12_MAX_PWDLEN -int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) -{ +int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output) { #if !defined(MBEDTLS_ARC4_C) ((void) pbe_params); ((void) mode); @@ -138,40 +133,38 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, ((void) data); ((void) len); ((void) output); - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[16]; mbedtls_arc4_context ctx; ((void) mode); - mbedtls_arc4_init( &ctx ); + mbedtls_arc4_init(&ctx); - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1, - pwd, pwdlen, - key, 16, NULL, 0 ) ) != 0 ) - { - return( ret ); + if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, MBEDTLS_MD_SHA1, + pwd, pwdlen, + key, 16, NULL, 0)) != 0) { + return (ret); } - mbedtls_arc4_setup( &ctx, key, 16 ); - if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 ) + mbedtls_arc4_setup(&ctx, key, 16); + if ((ret = mbedtls_arc4_crypt(&ctx, len, data, output)) != 0) goto exit; exit: - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_arc4_free( &ctx ); + mbedtls_platform_zeroize(key, sizeof(key)); + mbedtls_arc4_free(&ctx); - return( ret ); + return (ret); #endif /* MBEDTLS_ARC4_C */ } -int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, - mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) -{ +int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t len, + unsigned char *output) { int ret, keylen = 0; unsigned char key[32]; unsigned char iv[16]; @@ -179,72 +172,67 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_context_t cipher_ctx; size_t olen = 0; - cipher_info = mbedtls_cipher_info_from_type( cipher_type ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); + cipher_info = mbedtls_cipher_info_from_type(cipher_type); + if (cipher_info == NULL) + return (MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE); keylen = cipher_info->key_bitlen / 8; - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen, - key, keylen, - iv, cipher_info->iv_size ) ) != 0 ) - { - return( ret ); + if ((ret = pkcs12_pbe_derive_key_iv(pbe_params, md_type, pwd, pwdlen, + key, keylen, + iv, cipher_info->iv_size)) != 0) { + return (ret); } - mbedtls_cipher_init( &cipher_ctx ); + mbedtls_cipher_init(&cipher_ctx); - if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 ) + if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) goto exit; - if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 ) + if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode)) != 0) goto exit; - if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 ) + if ((ret = mbedtls_cipher_set_iv(&cipher_ctx, iv, cipher_info->iv_size)) != 0) goto exit; - if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 ) + if ((ret = mbedtls_cipher_reset(&cipher_ctx)) != 0) goto exit; - if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len, - output, &olen ) ) != 0 ) - { + if ((ret = mbedtls_cipher_update(&cipher_ctx, data, len, + output, &olen)) != 0) { goto exit; } - if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 ) + if ((ret = mbedtls_cipher_finish(&cipher_ctx, output + olen, &olen)) != 0) ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH; exit: - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_platform_zeroize( iv, sizeof( iv ) ); - mbedtls_cipher_free( &cipher_ctx ); + mbedtls_platform_zeroize(key, sizeof(key)); + mbedtls_platform_zeroize(iv, sizeof(iv)); + mbedtls_cipher_free(&cipher_ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_ASN1_PARSE_C */ -static void pkcs12_fill_buffer( unsigned char *data, size_t data_len, - const unsigned char *filler, size_t fill_len ) -{ +static void pkcs12_fill_buffer(unsigned char *data, size_t data_len, + const unsigned char *filler, size_t fill_len) { unsigned char *p = data; size_t use_len; - while( data_len > 0 ) - { - use_len = ( data_len > fill_len ) ? fill_len : data_len; - memcpy( p, filler, use_len ); + while (data_len > 0) { + use_len = (data_len > fill_len) ? fill_len : data_len; + memcpy(p, filler, use_len); p += use_len; data_len -= use_len; } } -int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *salt, size_t saltlen, - mbedtls_md_type_t md_type, int id, int iterations ) -{ +int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *salt, size_t saltlen, + mbedtls_md_type_t md_type, int id, int iterations) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int j; @@ -260,86 +248,82 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, mbedtls_md_context_t md_ctx; // This version only allows max of 64 bytes of password or salt - if( datalen > 128 || pwdlen > 64 || saltlen > 64 ) - return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA ); + if (datalen > 128 || pwdlen > 64 || saltlen > 64) + return (MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA); - md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); + md_info = mbedtls_md_info_from_type(md_type); + if (md_info == NULL) + return (MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE); - mbedtls_md_init( &md_ctx ); + mbedtls_md_init(&md_ctx); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - return( ret ); - hlen = mbedtls_md_get_size( md_info ); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) + return (ret); + hlen = mbedtls_md_get_size(md_info); - if( hlen <= 32 ) + if (hlen <= 32) v = 64; else v = 128; - memset( diversifier, (unsigned char) id, v ); + memset(diversifier, (unsigned char) id, v); - pkcs12_fill_buffer( salt_block, v, salt, saltlen ); - pkcs12_fill_buffer( pwd_block, v, pwd, pwdlen ); + pkcs12_fill_buffer(salt_block, v, salt, saltlen); + pkcs12_fill_buffer(pwd_block, v, pwd, pwdlen); p = data; - while( datalen > 0 ) - { + while (datalen > 0) { // Calculate hash( diversifier || salt_block || pwd_block ) - if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(&md_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, diversifier, v)) != 0) goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, salt_block, v)) != 0) goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, pwd_block, v)) != 0) goto exit; - if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 ) + if ((ret = mbedtls_md_finish(&md_ctx, hash_output)) != 0) goto exit; // Perform remaining ( iterations - 1 ) recursive hash calculations - for( i = 1; i < (size_t) iterations; i++ ) - { - if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 ) + for (i = 1; i < (size_t) iterations; i++) { + if ((ret = mbedtls_md(md_info, hash_output, hlen, hash_output)) != 0) goto exit; } - use_len = ( datalen > hlen ) ? hlen : datalen; - memcpy( p, hash_output, use_len ); + use_len = (datalen > hlen) ? hlen : datalen; + memcpy(p, hash_output, use_len); datalen -= use_len; p += use_len; - if( datalen == 0 ) + if (datalen == 0) break; // Concatenating copies of hash_output into hash_block (B) - pkcs12_fill_buffer( hash_block, v, hash_output, hlen ); + pkcs12_fill_buffer(hash_block, v, hash_output, hlen); // B += 1 - for( i = v; i > 0; i-- ) - if( ++hash_block[i - 1] != 0 ) + for (i = v; i > 0; i--) + if (++hash_block[i - 1] != 0) break; // salt_block += B c = 0; - for( i = v; i > 0; i-- ) - { + for (i = v; i > 0; i--) { j = salt_block[i - 1] + hash_block[i - 1] + c; - c = (unsigned char) (j >> 8); + c = (unsigned char)(j >> 8); salt_block[i - 1] = j & 0xFF; } // pwd_block += B c = 0; - for( i = v; i > 0; i-- ) - { + for (i = v; i > 0; i--) { j = pwd_block[i - 1] + hash_block[i - 1] + c; - c = (unsigned char) (j >> 8); + c = (unsigned char)(j >> 8); pwd_block[i - 1] = j & 0xFF; } } @@ -347,14 +331,14 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, ret = 0; exit: - mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) ); - mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) ); - mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) ); - mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) ); + mbedtls_platform_zeroize(salt_block, sizeof(salt_block)); + mbedtls_platform_zeroize(pwd_block, sizeof(pwd_block)); + mbedtls_platform_zeroize(hash_block, sizeof(hash_block)); + mbedtls_platform_zeroize(hash_output, sizeof(hash_output)); - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_PKCS12_C */ diff --git a/common/mbedtls/pkcs12.h b/common/mbedtls/pkcs12.h index 4b8ce7ed0..448410e71 100644 --- a/common/mbedtls/pkcs12.h +++ b/common/mbedtls/pkcs12.h @@ -66,10 +66,10 @@ extern "C" { * * \return 0 if successful, or a MBEDTLS_ERR_XXX code */ -int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); +int mbedtls_pkcs12_pbe_sha1_rc4_128(mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output); /** * \brief PKCS12 Password Based function (encryption / decryption) @@ -87,11 +87,11 @@ int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, * * \return 0 if successful, or a MBEDTLS_ERR_XXX code */ -int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, - mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); +int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, + mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *input, size_t len, + unsigned char *output); #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -116,10 +116,10 @@ int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, * * \return 0 if successful, or a MD, BIGNUM type error. */ -int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *salt, size_t saltlen, - mbedtls_md_type_t mbedtls_md, int id, int iterations ); +int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *salt, size_t saltlen, + mbedtls_md_type_t mbedtls_md, int id, int iterations); #ifdef __cplusplus } diff --git a/common/mbedtls/pkcs5.c b/common/mbedtls/pkcs5.c index e9e743fa9..72d06d05d 100644 --- a/common/mbedtls/pkcs5.c +++ b/common/mbedtls/pkcs5.c @@ -50,18 +50,17 @@ #endif #if defined(MBEDTLS_ASN1_PARSE_C) -static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, - mbedtls_asn1_buf *salt, int *iterations, - int *keylen, mbedtls_md_type_t *md_type ) -{ +static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, + mbedtls_asn1_buf *salt, int *iterations, + int *keylen, mbedtls_md_type_t *md_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf prf_alg_oid; unsigned char *p = params->p; const unsigned char *end = params->p + params->len; - if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); /* * PBKDF2-params ::= SEQUENCE { * salt OCTET STRING, @@ -71,46 +70,44 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, * } * */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &salt->len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret); salt->p = p; p += salt->len; - if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end, iterations)) != 0) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret); - if( p == end ) - return( 0 ); + if (p == end) + return (0); - if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 ) - { - if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) { + if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret); } - if( p == end ) - return( 0 ); + if (p == end) + return (0); - if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_alg_null(&p, end, &prf_alg_oid)) != 0) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret); - if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + if (mbedtls_oid_get_md_hmac(&prf_alg_oid, md_type) != 0) + return (MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE); - if( p != end ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ) -{ +int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output) { int ret, iterations = 0, keylen = 0; unsigned char *p, *end; mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params; @@ -133,42 +130,40 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } */ - if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (pbe_params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); - if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, - &kdf_alg_params ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_alg(&p, end, &kdf_alg_oid, + &kdf_alg_params)) != 0) + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret); // Only PBKDF2 supported at the moment // - if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid) != 0) + return (MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE); - if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params, - &salt, &iterations, &keylen, - &md_type ) ) != 0 ) - { - return( ret ); + if ((ret = pkcs5_parse_pbkdf2_params(&kdf_alg_params, + &salt, &iterations, &keylen, + &md_type)) != 0) { + return (ret); } - md_info = mbedtls_md_info_from_type( md_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + md_info = mbedtls_md_info_from_type(md_type); + if (md_info == NULL) + return (MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE); - if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, - &enc_scheme_params ) ) != 0 ) - { - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_alg(&p, end, &enc_scheme_oid, + &enc_scheme_params)) != 0) { + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret); } - if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + if (mbedtls_oid_get_cipher_alg(&enc_scheme_oid, &cipher_alg) != 0) + return (MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE); - cipher_info = mbedtls_cipher_info_from_type( cipher_alg ); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); + cipher_info = mbedtls_cipher_info_from_type(cipher_alg); + if (cipher_info == NULL) + return (MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE); /* * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored @@ -176,146 +171,139 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, */ keylen = cipher_info->key_bitlen / 8; - if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING || - enc_scheme_params.len != cipher_info->iv_size ) - { - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT ); + if (enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING || + enc_scheme_params.len != cipher_info->iv_size) { + return (MBEDTLS_ERR_PKCS5_INVALID_FORMAT); } - mbedtls_md_init( &md_ctx ); - mbedtls_cipher_init( &cipher_ctx ); + mbedtls_md_init(&md_ctx); + mbedtls_cipher_init(&cipher_ctx); - memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); + memcpy(iv, enc_scheme_params.p, enc_scheme_params.len); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) goto exit; - if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, - iterations, keylen, key ) ) != 0 ) - { + if ((ret = mbedtls_pkcs5_pbkdf2_hmac(&md_ctx, pwd, pwdlen, salt.p, salt.len, + iterations, keylen, key)) != 0) { goto exit; } - if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 ) + if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) goto exit; - if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, - (mbedtls_operation_t) mode ) ) != 0 ) + if ((ret = mbedtls_cipher_setkey(&cipher_ctx, key, 8 * keylen, + (mbedtls_operation_t) mode)) != 0) goto exit; - if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len, - data, datalen, output, &olen ) ) != 0 ) + if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len, + data, datalen, output, &olen)) != 0) ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH; exit: - mbedtls_md_free( &md_ctx ); - mbedtls_cipher_free( &cipher_ctx ); + mbedtls_md_free(&md_ctx); + mbedtls_cipher_free(&cipher_ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_ASN1_PARSE_C */ -int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, - const unsigned char *password, - size_t plen, const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ) -{ +int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, + const unsigned char *password, + size_t plen, const unsigned char *salt, size_t slen, + unsigned int iteration_count, + uint32_t key_length, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int j; unsigned int i; unsigned char md1[MBEDTLS_MD_MAX_SIZE]; unsigned char work[MBEDTLS_MD_MAX_SIZE]; - unsigned char md_size = mbedtls_md_get_size( ctx->md_info ); + unsigned char md_size = mbedtls_md_get_size(ctx->md_info); size_t use_len; unsigned char *out_p = output; unsigned char counter[4]; - memset( counter, 0, 4 ); + memset(counter, 0, 4); counter[3] = 1; #if UINT_MAX > 0xFFFFFFFF - if( iteration_count > 0xFFFFFFFF ) - return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA ); + if (iteration_count > 0xFFFFFFFF) + return (MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA); #endif - if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 ) - return( ret ); - while( key_length ) - { + if ((ret = mbedtls_md_hmac_starts(ctx, password, plen)) != 0) + return (ret); + while (key_length) { // U1 ends up in work // - if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(ctx, salt, slen)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(ctx, counter, 4)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(ctx, work)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) goto cleanup; - memcpy( md1, work, md_size ); + memcpy(md1, work, md_size); - for( i = 1; i < iteration_count; i++ ) - { + for (i = 1; i < iteration_count; i++) { // U2 ends up in md1 // - if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 ) + if ((ret = mbedtls_md_hmac_update(ctx, md1, md_size)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 ) + if ((ret = mbedtls_md_hmac_finish(ctx, md1)) != 0) goto cleanup; - if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 ) + if ((ret = mbedtls_md_hmac_reset(ctx)) != 0) goto cleanup; // U1 xor U2 // - for( j = 0; j < md_size; j++ ) + for (j = 0; j < md_size; j++) work[j] ^= md1[j]; } - use_len = ( key_length < md_size ) ? key_length : md_size; - memcpy( out_p, work, use_len ); + use_len = (key_length < md_size) ? key_length : md_size; + memcpy(out_p, work, use_len); key_length -= (uint32_t) use_len; out_p += use_len; - for( i = 4; i > 0; i-- ) - if( ++counter[i - 1] != 0 ) + for (i = 4; i > 0; i--) + if (++counter[i - 1] != 0) break; } cleanup: /* Zeroise buffers to clear sensitive data from memory. */ - mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE ); - mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE ); + mbedtls_platform_zeroize(work, MBEDTLS_MD_MAX_SIZE); + mbedtls_platform_zeroize(md1, MBEDTLS_MD_MAX_SIZE); - return( ret ); + return (ret); } #if defined(MBEDTLS_SELF_TEST) #if !defined(MBEDTLS_SHA1_C) -int mbedtls_pkcs5_self_test( int verbose ) -{ - if( verbose != 0 ) - mbedtls_printf( " PBKDF2 (SHA1): skipped\n\n" ); +int mbedtls_pkcs5_self_test(int verbose) { + if (verbose != 0) + mbedtls_printf(" PBKDF2 (SHA1): skipped\n\n"); - return( 0 ); + return (0); } #else #define MAX_TESTS 6 static const size_t plen_test_data[MAX_TESTS] = - { 8, 8, 8, 24, 9 }; +{ 8, 8, 8, 24, 9 }; -static const unsigned char password_test_data[MAX_TESTS][32] = -{ +static const unsigned char password_test_data[MAX_TESTS][32] = { "password", "password", "password", @@ -324,10 +312,9 @@ static const unsigned char password_test_data[MAX_TESTS][32] = }; static const size_t slen_test_data[MAX_TESTS] = - { 4, 4, 4, 36, 5 }; +{ 4, 4, 4, 36, 5 }; -static const unsigned char salt_test_data[MAX_TESTS][40] = -{ +static const unsigned char salt_test_data[MAX_TESTS][40] = { "salt", "salt", "salt", @@ -336,82 +323,86 @@ static const unsigned char salt_test_data[MAX_TESTS][40] = }; static const uint32_t it_cnt_test_data[MAX_TESTS] = - { 1, 2, 4096, 4096, 4096 }; +{ 1, 2, 4096, 4096, 4096 }; static const uint32_t key_len_test_data[MAX_TESTS] = - { 20, 20, 20, 25, 16 }; +{ 20, 20, 20, 25, 16 }; -static const unsigned char result_key_test_data[MAX_TESTS][32] = -{ - { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, - 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, - 0x2f, 0xe0, 0x37, 0xa6 }, - { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, - 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, - 0xd8, 0xde, 0x89, 0x57 }, - { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, - 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, - 0x65, 0xa4, 0x29, 0xc1 }, - { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, - 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, - 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, - 0x38 }, - { 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, - 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 }, +static const unsigned char result_key_test_data[MAX_TESTS][32] = { + { + 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71, + 0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06, + 0x2f, 0xe0, 0x37, 0xa6 + }, + { + 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c, + 0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0, + 0xd8, 0xde, 0x89, 0x57 + }, + { + 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a, + 0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0, + 0x65, 0xa4, 0x29, 0xc1 + }, + { + 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, + 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a, + 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, + 0x38 + }, + { + 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d, + 0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 + }, }; -int mbedtls_pkcs5_self_test( int verbose ) -{ +int mbedtls_pkcs5_self_test(int verbose) { mbedtls_md_context_t sha1_ctx; const mbedtls_md_info_t *info_sha1; int ret, i; unsigned char key[64]; - mbedtls_md_init( &sha1_ctx ); + mbedtls_md_init(&sha1_ctx); - info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ); - if( info_sha1 == NULL ) - { + info_sha1 = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + if (info_sha1 == NULL) { ret = 1; goto exit; } - if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&sha1_ctx, info_sha1, 1)) != 0) { ret = 1; goto exit; } - for( i = 0; i < MAX_TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " PBKDF2 (SHA1) #%d: ", i ); + for (i = 0; i < MAX_TESTS; i++) { + if (verbose != 0) + mbedtls_printf(" PBKDF2 (SHA1) #%d: ", i); - ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i], - plen_test_data[i], salt_test_data[i], - slen_test_data[i], it_cnt_test_data[i], - key_len_test_data[i], key ); - if( ret != 0 || - memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_pkcs5_pbkdf2_hmac(&sha1_ctx, password_test_data[i], + plen_test_data[i], salt_test_data[i], + slen_test_data[i], it_cnt_test_data[i], + key_len_test_data[i], key); + if (ret != 0 || + memcmp(result_key_test_data[i], key, key_len_test_data[i]) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); exit: - mbedtls_md_free( &sha1_ctx ); + mbedtls_md_free(&sha1_ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_SHA1_C */ diff --git a/common/mbedtls/pkcs5.h b/common/mbedtls/pkcs5.h index 8f348ce52..db9f501dd 100644 --- a/common/mbedtls/pkcs5.h +++ b/common/mbedtls/pkcs5.h @@ -63,10 +63,10 @@ extern "C" { * * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. */ -int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t datalen, - unsigned char *output ); +int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, + const unsigned char *pwd, size_t pwdlen, + const unsigned char *data, size_t datalen, + unsigned char *output); #endif /* MBEDTLS_ASN1_PARSE_C */ @@ -84,10 +84,10 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, * * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. */ -int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, - size_t plen, const unsigned char *salt, size_t slen, - unsigned int iteration_count, - uint32_t key_length, unsigned char *output ); +int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, const unsigned char *password, + size_t plen, const unsigned char *salt, size_t slen, + unsigned int iteration_count, + uint32_t key_length, unsigned char *output); #if defined(MBEDTLS_SELF_TEST) @@ -96,7 +96,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *p * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_pkcs5_self_test( int verbose ); +int mbedtls_pkcs5_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/pkparse.c b/common/mbedtls/pkparse.c index 0590f2b05..75222ffd7 100644 --- a/common/mbedtls/pkparse.c +++ b/common/mbedtls/pkparse.c @@ -70,104 +70,98 @@ * A terminating null byte is always appended. It is included in the announced * length only if the data looks like it is PEM encoded. */ -int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) -{ +int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n) { FILE *f; long size; - PK_VALIDATE_RET( path != NULL ); - PK_VALIDATE_RET( buf != NULL ); - PK_VALIDATE_RET( n != NULL ); + PK_VALIDATE_RET(path != NULL); + PK_VALIDATE_RET(buf != NULL); + PK_VALIDATE_RET(n != NULL); - if( ( f = fopen( path, "rb" ) ) == NULL ) - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + if ((f = fopen(path, "rb")) == NULL) + return (MBEDTLS_ERR_PK_FILE_IO_ERROR); - fseek( f, 0, SEEK_END ); - if( ( size = ftell( f ) ) == -1 ) - { - fclose( f ); - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return (MBEDTLS_ERR_PK_FILE_IO_ERROR); } - fseek( f, 0, SEEK_SET ); + fseek(f, 0, SEEK_SET); *n = (size_t) size; - if( *n + 1 == 0 || - ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL ) - { - fclose( f ); - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if (*n + 1 == 0 || + (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { + fclose(f); + return (MBEDTLS_ERR_PK_ALLOC_FAILED); } - if( fread( *buf, 1, *n, f ) != *n ) - { - fclose( f ); + if (fread(*buf, 1, *n, f) != *n) { + fclose(f); - mbedtls_platform_zeroize( *buf, *n ); - mbedtls_free( *buf ); + mbedtls_platform_zeroize(*buf, *n); + mbedtls_free(*buf); - return( MBEDTLS_ERR_PK_FILE_IO_ERROR ); + return (MBEDTLS_ERR_PK_FILE_IO_ERROR); } - fclose( f ); + fclose(f); (*buf)[*n] = '\0'; - if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL ) + if (strstr((const char *) *buf, "-----BEGIN ") != NULL) ++*n; - return( 0 ); + return (0); } /* * Load and parse a private key */ -int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *pwd ) -{ +int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, + const char *path, const char *pwd) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( path != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(path != NULL); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) + return (ret); - if( pwd == NULL ) - ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); + if (pwd == NULL) + ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0); else - ret = mbedtls_pk_parse_key( ctx, buf, n, - (const unsigned char *) pwd, strlen( pwd ) ); + ret = mbedtls_pk_parse_key(ctx, buf, n, + (const unsigned char *) pwd, strlen(pwd)); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return (ret); } /* * Load and parse a public key */ -int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) -{ +int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( path != NULL ); + PK_VALIDATE_RET(ctx != NULL); + PK_VALIDATE_RET(path != NULL); - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) + return (ret); - ret = mbedtls_pk_parse_public_key( ctx, buf, n ); + ret = mbedtls_pk_parse_public_key(ctx, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ @@ -180,40 +174,37 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) * -- implicitCurve NULL * } */ -static int pk_get_ecparams( unsigned char **p, const unsigned char *end, - mbedtls_asn1_buf *params ) -{ +static int pk_get_ecparams(unsigned char **p, const unsigned char *end, + mbedtls_asn1_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if ( end - *p < 1 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (end - *p < 1) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); /* Tag may be either OID or SEQUENCE */ params->tag = **p; - if( params->tag != MBEDTLS_ASN1_OID + if (params->tag != MBEDTLS_ASN1_OID #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) + && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) #endif - ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + ) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } - if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } params->p = *p; *p += params->len; - if( *p != end ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) @@ -236,21 +227,20 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, * * We only support prime-field as field type, and ignore hash and cofactor. */ -static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) -{ +static int pk_group_from_specified(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = params->p; - const unsigned char * const end = params->p + params->len; + const unsigned char *const end = params->p + params->len; const unsigned char *end_field, *end_curve; size_t len; int ver; /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ - if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end, &ver)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( ver < 1 || ver > 3 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (ver < 1 || ver > 3) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); /* * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field @@ -258,9 +248,9 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * parameters FIELD-ID.&Type({IOSet}{@fieldType}) * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (ret); end_field = p + len; @@ -272,26 +262,25 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * } * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end_field, &len, MBEDTLS_ASN1_OID)) != 0) + return (ret); - if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) || - memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) - { - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + if (len != MBEDTLS_OID_SIZE(MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD) || + memcmp(p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len) != 0) { + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); } p += len; /* Prime-p ::= INTEGER -- Field of size p. */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_mpi(&p, end_field, &grp->P)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + grp->pbits = mbedtls_mpi_bitlen(&grp->P); - if( p != end_field ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end_field) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* * Curve ::= SEQUENCE { @@ -302,9 +291,9 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * -- with version equal to ecdpVer2 or ecdpVer3 * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (ret); end_curve = p + len; @@ -312,51 +301,47 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * FieldElement ::= OCTET STRING * containing an integer in the case of a prime field */ - if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 || + (ret = mbedtls_mpi_read_binary(&grp->A, p, len)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } p += len; - if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0 || + (ret = mbedtls_mpi_read_binary(&grp->B, p, len)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } p += len; /* Ignore seed BIT STRING OPTIONAL */ - if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 ) + if ((ret = mbedtls_asn1_get_tag(&p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING)) == 0) p += len; - if( p != end_curve ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end_curve) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* * ECPoint ::= OCTET STRING */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, - ( const unsigned char *) p, len ) ) != 0 ) - { + if ((ret = mbedtls_ecp_point_read_binary(grp, &grp->G, + (const unsigned char *) p, len)) != 0) { /* * If we can't read the point because it's compressed, cheat by * reading only the X coordinate and the parity bit of Y. */ - if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || - ( p[0] != 0x02 && p[0] != 0x03 ) || - len != mbedtls_mpi_size( &grp->P ) + 1 || - mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 || - mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 || - mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE || + (p[0] != 0x02 && p[0] != 0x03) || + len != mbedtls_mpi_size(&grp->P) + 1 || + mbedtls_mpi_read_binary(&grp->G.X, p + 1, len - 1) != 0 || + mbedtls_mpi_lset(&grp->G.Y, p[0] - 2) != 0 || + mbedtls_mpi_lset(&grp->G.Z, 1) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); } } @@ -365,83 +350,79 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ /* * order INTEGER */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_mpi(&p, end, &grp->N)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - grp->nbits = mbedtls_mpi_bitlen( &grp->N ); + grp->nbits = mbedtls_mpi_bitlen(&grp->N); /* * Allow optional elements by purposefully not enforcing p == end here. */ - return( 0 ); + return (0); } /* * Find the group id associated with an (almost filled) group as generated by * pk_group_from_specified(), or return an error if unknown. */ -static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id ) -{ +static int pk_group_id_from_group(const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id) { int ret = 0; mbedtls_ecp_group ref; const mbedtls_ecp_group_id *id; - mbedtls_ecp_group_init( &ref ); + mbedtls_ecp_group_init(&ref); - for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ ) - { + for (id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++) { /* Load the group associated to that id */ - mbedtls_ecp_group_free( &ref ); - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) ); + mbedtls_ecp_group_free(&ref); + MBEDTLS_MPI_CHK(mbedtls_ecp_group_load(&ref, *id)); /* Compare to the group we were given, starting with easy tests */ - if( grp->pbits == ref.pbits && grp->nbits == ref.nbits && - mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 && - mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 && - /* For Y we may only know the parity bit, so compare only that */ - mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) ) - { + if (grp->pbits == ref.pbits && grp->nbits == ref.nbits && + mbedtls_mpi_cmp_mpi(&grp->P, &ref.P) == 0 && + mbedtls_mpi_cmp_mpi(&grp->A, &ref.A) == 0 && + mbedtls_mpi_cmp_mpi(&grp->B, &ref.B) == 0 && + mbedtls_mpi_cmp_mpi(&grp->N, &ref.N) == 0 && + mbedtls_mpi_cmp_mpi(&grp->G.X, &ref.G.X) == 0 && + mbedtls_mpi_cmp_mpi(&grp->G.Z, &ref.G.Z) == 0 && + /* For Y we may only know the parity bit, so compare only that */ + mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) { break; } } cleanup: - mbedtls_ecp_group_free( &ref ); + mbedtls_ecp_group_free(&ref); *grp_id = *id; - if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE ) + if (ret == 0 && *id == MBEDTLS_ECP_DP_NONE) ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - return( ret ); + return (ret); } /* * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID */ -static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, - mbedtls_ecp_group_id *grp_id ) -{ +static int pk_group_id_from_specified(const mbedtls_asn1_buf *params, + mbedtls_ecp_group_id *grp_id) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; - mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_group_init(&grp); - if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 ) + if ((ret = pk_group_from_specified(params, &grp)) != 0) goto cleanup; - ret = pk_group_id_from_group( &grp, grp_id ); + ret = pk_group_id_from_group(&grp, grp_id); cleanup: - mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_group_free(&grp); - return( ret ); + return (ret); } #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ @@ -453,36 +434,32 @@ cleanup: * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } * -- implicitCurve NULL */ -static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) -{ +static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group_id grp_id; - if( params->tag == MBEDTLS_ASN1_OID ) - { - if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 ) - return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE ); - } - else - { + if (params->tag == MBEDTLS_ASN1_OID) { + if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) + return (MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE); + } else { #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 ) - return( ret ); + if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0) + return (ret); #else - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); #endif } /* * grp may already be initilialized; if so, make sure IDs match */ - if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); - if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ecp_group_load(grp, grp_id)) != 0) + return (ret); - return( 0 ); + return (0); } /* @@ -492,15 +469,13 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. */ -static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, - mbedtls_ecp_keypair *key ) -{ +static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, + mbedtls_ecp_keypair *key) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, - (const unsigned char *) *p, end - *p ) ) == 0 ) - { - ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q ); + if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q, + (const unsigned char *) *p, end - *p)) == 0) { + ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q); } /* @@ -508,7 +483,7 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, */ *p = (unsigned char *) end; - return( ret ); + return (ret); } #endif /* MBEDTLS_ECP_C */ @@ -519,52 +494,50 @@ static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, * publicExponent INTEGER -- e * } */ -static int pk_get_rsapubkey( unsigned char **p, - const unsigned char *end, - mbedtls_rsa_context *rsa ) -{ +static int pk_get_rsapubkey(unsigned char **p, + const unsigned char *end, + mbedtls_rsa_context *rsa) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + ret); - if( *p + len != end ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p + len != end) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* Import N */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + ret); - if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, - NULL, 0, NULL, 0 ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0)) != 0) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY); *p += len; /* Import E */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + ret); - if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, *p, len ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, *p, len)) != 0) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY); *p += len; - if( mbedtls_rsa_complete( rsa ) != 0 || - mbedtls_rsa_check_pubkey( rsa ) != 0 ) - { - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if (mbedtls_rsa_complete(rsa) != 0 || + mbedtls_rsa_check_pubkey(rsa) != 0) { + return (MBEDTLS_ERR_PK_INVALID_PUBKEY); } - if( *p != end ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } #endif /* MBEDTLS_RSA_C */ @@ -574,32 +547,30 @@ static int pk_get_rsapubkey( unsigned char **p, * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } */ -static int pk_get_pk_alg( unsigned char **p, - const unsigned char *end, - mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) -{ +static int pk_get_pk_alg(unsigned char **p, + const unsigned char *end, + mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf alg_oid; - memset( params, 0, sizeof(mbedtls_asn1_buf) ); + memset(params, 0, sizeof(mbedtls_asn1_buf)); - if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) + return (MBEDTLS_ERR_PK_INVALID_ALG + ret); - if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if (mbedtls_oid_get_pk_alg(&alg_oid, pk_alg) != 0) + return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG); /* * No parameters with RSA (only for EC) */ - if( *pk_alg == MBEDTLS_PK_RSA && - ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) || - params->len != 0 ) ) - { - return( MBEDTLS_ERR_PK_INVALID_ALG ); + if (*pk_alg == MBEDTLS_PK_RSA && + ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) || + params->len != 0)) { + return (MBEDTLS_ERR_PK_INVALID_ALG); } - return( 0 ); + return (0); } /* @@ -607,68 +578,64 @@ static int pk_get_pk_alg( unsigned char **p, * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ -int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk ) -{ +int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, + mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; mbedtls_asn1_buf alg_params; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; - PK_VALIDATE_RET( p != NULL ); - PK_VALIDATE_RET( *p != NULL ); - PK_VALIDATE_RET( end != NULL ); - PK_VALIDATE_RET( pk != NULL ); + PK_VALIDATE_RET(p != NULL); + PK_VALIDATE_RET(*p != NULL); + PK_VALIDATE_RET(end != NULL); + PK_VALIDATE_RET(pk != NULL); - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } end = *p + len; - if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) - return( ret ); + if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params)) != 0) + return (ret); - if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + ret); - if( *p + len != end ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p + len != end) + return (MBEDTLS_ERR_PK_INVALID_PUBKEY + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) + return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) + return (ret); #if defined(MBEDTLS_RSA_C) - if( pk_alg == MBEDTLS_PK_RSA ) - { - ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) ); + if (pk_alg == MBEDTLS_PK_RSA) { + ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY ) - { - ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp ); - if( ret == 0 ) - ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) ); - } else + if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { + ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp); + if (ret == 0) + ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk)); + } else #endif /* MBEDTLS_ECP_C */ - ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; + ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; - if( ret == 0 && *p != end ) + if (ret == 0 && *p != end) ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - if( ret != 0 ) - mbedtls_pk_free( pk ); + if (ret != 0) + mbedtls_pk_free(pk); - return( ret ); + return (ret); } #if defined(MBEDTLS_RSA_C) @@ -682,35 +649,33 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, * Since values can't be omitted in PKCS#1, passing a zero value to * rsa_complete() would be incorrect, so reject zero values early. */ -static int asn1_get_nonzero_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ) -{ +static int asn1_get_nonzero_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) { int ret; - ret = mbedtls_asn1_get_mpi( p, end, X ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_asn1_get_mpi(p, end, X); + if (ret != 0) + return (ret); - if( mbedtls_mpi_cmp_int( X, 0 ) == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (mbedtls_mpi_cmp_int(X, 0) == 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); - return( 0 ); + return (0); } /* * Parse a PKCS#1 encoded private RSA key */ -static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, - const unsigned char *key, - size_t keylen ) -{ +static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa, + const unsigned char *key, + size_t keylen) { int ret, version; size_t len; unsigned char *p, *end; mbedtls_mpi T; - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); p = (unsigned char *) key; end = p + keylen; @@ -731,52 +696,49 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } - if( version != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + if (version != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_VERSION); } /* Import N */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL, - NULL, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, + NULL, NULL)) != 0) goto cleanup; /* Import E */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL, - NULL, &T ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + NULL, &T)) != 0) goto cleanup; /* Import D */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL, - &T, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + &T, NULL)) != 0) goto cleanup; /* Import P */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL, - NULL, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, + NULL, NULL)) != 0) goto cleanup; /* Import Q */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T, - NULL, NULL ) ) != 0 ) + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, + NULL, NULL)) != 0) goto cleanup; #if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) @@ -792,26 +754,26 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, */ /* Import DP */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) + goto cleanup; /* Import DQ */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) + goto cleanup; /* Import QP */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) + goto cleanup; #else /* Verify existance of the CRT params */ - if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || - ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ) - goto cleanup; + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) + goto cleanup; #endif /* rsa_complete() doesn't complete anything with the default @@ -823,34 +785,31 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, * Furthermore, we also check the public part for consistency with * mbedtls_pk_parse_pubkey(), as it includes size minima for example. */ - if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 || - ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) - { + if ((ret = mbedtls_rsa_complete(rsa)) != 0 || + (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { goto cleanup; } - if( p != end ) - { + if (p != end) { ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; } cleanup: - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - if( ret != 0 ) - { + if (ret != 0) { /* Wrap error code if it's coming from a lower level */ - if( ( ret & 0xff80 ) == 0 ) + if ((ret & 0xff80) == 0) ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; else ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - mbedtls_rsa_free( rsa ); + mbedtls_rsa_free(rsa); } - return( ret ); + return (ret); } #endif /* MBEDTLS_RSA_C */ @@ -858,10 +817,9 @@ cleanup: /* * Parse a SEC1 encoded private EC key */ -static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, - const unsigned char *key, - size_t keylen ) -{ +static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck, + const unsigned char *key, + size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int version, pubkey_done; size_t len; @@ -880,106 +838,92 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, * publicKey [1] BIT STRING OPTIONAL * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( version != 1 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); + if (version != 1) + return (MBEDTLS_ERR_PK_KEY_INVALID_VERSION); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { + mbedtls_ecp_keypair_free(eck); + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } p += len; pubkey_done = 0; - if( p != end ) - { + if (p != end) { /* * Is 'parameters' present? */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) - { - if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || - ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)) == 0) { + if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 || + (ret = pk_use_ecparams(¶ms, &eck->grp)) != 0) { + mbedtls_ecp_keypair_free(eck); + return (ret); } - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + mbedtls_ecp_keypair_free(eck); + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } } - if( p != end ) - { + if (p != end) { /* * Is 'publickey' present? If not, or if we can't read it (eg because it * is compressed), create it from the private key. */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)) == 0) { end2 = p + len; - if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_bitstring_null(&p, end2, &len)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( p + len != end2 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p + len != end2) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) + if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0) pubkey_done = 1; - else - { + else { /* * The only acceptable failure mode of pk_get_ecpubkey() above * is if the point format is not recognized. */ - if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); } - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + mbedtls_ecp_keypair_free(eck); + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } } - if( ! pubkey_done && - ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, - NULL, NULL ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if (! pubkey_done && + (ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, + NULL, NULL)) != 0) { + mbedtls_ecp_keypair_free(eck); + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } - if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) - { - mbedtls_ecp_keypair_free( eck ); - return( ret ); + if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { + mbedtls_ecp_keypair_free(eck); + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_ECP_C */ @@ -997,10 +941,9 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, * */ static int pk_parse_key_pkcs8_unencrypted_der( - mbedtls_pk_context *pk, - const unsigned char* key, - size_t keylen ) -{ + mbedtls_pk_context *pk, + const unsigned char *key, + size_t keylen) { int ret, version; size_t len; mbedtls_asn1_buf params; @@ -1025,60 +968,55 @@ static int pk_parse_key_pkcs8_unencrypted_der( * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( version != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); + if (version != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret); - if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = pk_get_pk_alg(&p, end, &pk_alg, ¶ms)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( len < 1 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (len < 1) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); - if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) + return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) + return (ret); #if defined(MBEDTLS_RSA_C) - if( pk_alg == MBEDTLS_PK_RSA ) - { - if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 ) - { - mbedtls_pk_free( pk ); - return( ret ); + if (pk_alg == MBEDTLS_PK_RSA) { + if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) { + mbedtls_pk_free(pk); + return (ret); } } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) - { - if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) - { - mbedtls_pk_free( pk ); - return( ret ); - } - } else + if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { + if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 || + (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len)) != 0) { + mbedtls_pk_free(pk); + return (ret); + } + } else #endif /* MBEDTLS_ECP_C */ - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG); - return( 0 ); + return (0); } /* @@ -1092,10 +1030,9 @@ static int pk_parse_key_pkcs8_unencrypted_der( */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( - mbedtls_pk_context *pk, - unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) -{ + mbedtls_pk_context *pk, + unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen) { int ret, decrypted = 0; size_t len; unsigned char *buf; @@ -1109,8 +1046,8 @@ static int pk_parse_key_pkcs8_encrypted_der( p = key; end = p + keylen; - if( pwdlen == 0 ) - return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); + if (pwdlen == 0) + return (MBEDTLS_ERR_PK_PASSWORD_REQUIRED); /* * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) @@ -1127,19 +1064,18 @@ static int pk_parse_key_pkcs8_encrypted_der( * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo * */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); } end = p + len; - if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_alg(&p, end, &pbe_alg_oid, &pbe_params)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret); buf = p; @@ -1147,74 +1083,64 @@ static int pk_parse_key_pkcs8_encrypted_der( * Decrypt EncryptedData with appropriate PBE */ #if defined(MBEDTLS_PKCS12_C) - if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) - { - if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, - cipher_alg, md_alg, - pwd, pwdlen, p, len, buf ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); + if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) { + if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, + cipher_alg, md_alg, + pwd, pwdlen, p, len, buf)) != 0) { + if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) + return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH); - return( ret ); + return (ret); } decrypted = 1; - } - else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) - { - if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, - MBEDTLS_PKCS12_PBE_DECRYPT, - pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - return( ret ); + } else if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid) == 0) { + if ((ret = mbedtls_pkcs12_pbe_sha1_rc4_128(&pbe_params, + MBEDTLS_PKCS12_PBE_DECRYPT, + pwd, pwdlen, + p, len, buf)) != 0) { + return (ret); } // Best guess for password mismatch when using RC4. If first tag is // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE // - if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); + if (*buf != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) + return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH); decrypted = 1; - } - else + } else #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) - if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 ) - { - if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid) == 0) { + if ((ret = mbedtls_pkcs5_pbes2(&pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen, + p, len, buf)) != 0) { + if (ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH) + return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH); - return( ret ); + return (ret); + } + + decrypted = 1; + } else +#endif /* MBEDTLS_PKCS5_C */ + { + ((void) pwd); } - decrypted = 1; - } - else -#endif /* MBEDTLS_PKCS5_C */ - { - ((void) pwd); - } + if (decrypted == 0) + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); - if( decrypted == 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - - return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); + return (pk_parse_key_pkcs8_unencrypted_der(pk, buf, len)); } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ /* * Parse a private key */ -int mbedtls_pk_parse_key( mbedtls_pk_context *pk, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) -{ +int mbedtls_pk_parse_key(mbedtls_pk_context *pk, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_info_t *pk_info; #if defined(MBEDTLS_PEM_PARSE_C) @@ -1222,121 +1148,109 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, mbedtls_pem_context pem; #endif - PK_VALIDATE_RET( pk != NULL ); - if( keylen == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET(pk != NULL); + if (keylen == 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); + PK_VALIDATE_RET(key != NULL); #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN RSA PRIVATE KEY-----", - "-----END RSA PRIVATE KEY-----", - key, pwd, pwdlen, &len ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN RSA PRIVATE KEY-----", + "-----END RSA PRIVATE KEY-----", + key, pwd, pwdlen, &len); - if( ret == 0 ) - { - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + if (ret == 0) { + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || + (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), + pem.buf, pem.buflen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); - } - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) - return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); + mbedtls_pem_free(&pem); + return (ret); + } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) + return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH); + else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) + return (MBEDTLS_ERR_PK_PASSWORD_REQUIRED); + else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) + return (ret); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN EC PRIVATE KEY-----", - "-----END EC PRIVATE KEY-----", - key, pwd, pwdlen, &len ); - if( ret == 0 ) - { - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN EC PRIVATE KEY-----", + "-----END EC PRIVATE KEY-----", + key, pwd, pwdlen, &len); + if (ret == 0) { + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || + (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), + pem.buf, pem.buflen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); - } - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); - else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ) - return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); + mbedtls_pem_free(&pem); + return (ret); + } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) + return (MBEDTLS_ERR_PK_PASSWORD_MISMATCH); + else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) + return (MBEDTLS_ERR_PK_PASSWORD_REQUIRED); + else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) + return (ret); #endif /* MBEDTLS_ECP_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN PRIVATE KEY-----", - "-----END PRIVATE KEY-----", - key, NULL, 0, &len ); - if( ret == 0 ) - { - if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN PRIVATE KEY-----", + "-----END PRIVATE KEY-----", + key, NULL, 0, &len); + if (ret == 0) { + if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk, + pem.buf, pem.buflen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); + mbedtls_pem_free(&pem); + return (ret); + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) + return (ret); #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN ENCRYPTED PRIVATE KEY-----", - "-----END ENCRYPTED PRIVATE KEY-----", - key, NULL, 0, &len ); - if( ret == 0 ) - { - if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, - pem.buf, pem.buflen, - pwd, pwdlen ) ) != 0 ) - { - mbedtls_pk_free( pk ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN ENCRYPTED PRIVATE KEY-----", + "-----END ENCRYPTED PRIVATE KEY-----", + key, NULL, 0, &len); + if (ret == 0) { + if ((ret = pk_parse_key_pkcs8_encrypted_der(pk, + pem.buf, pem.buflen, + pwd, pwdlen)) != 0) { + mbedtls_pk_free(pk); } - mbedtls_pem_free( &pem ); - return( ret ); - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); + mbedtls_pem_free(&pem); + return (ret); + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) + return (ret); #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #else ((void) pwd); @@ -1354,58 +1268,55 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, { unsigned char *key_copy; - if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + if ((key_copy = mbedtls_calloc(1, keylen)) == NULL) + return (MBEDTLS_ERR_PK_ALLOC_FAILED); - memcpy( key_copy, key, keylen ); + memcpy(key_copy, key, keylen); - ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, - pwd, pwdlen ); + ret = pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen, + pwd, pwdlen); - mbedtls_platform_zeroize( key_copy, keylen ); - mbedtls_free( key_copy ); + mbedtls_platform_zeroize(key_copy, keylen); + mbedtls_free(key_copy); } - if( ret == 0 ) - return( 0 ); + if (ret == 0) + return (0); - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); - if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) - { - return( ret ); + if (ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH) { + return (ret); } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ - if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) - return( 0 ); + if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk, key, keylen)) == 0) + return (0); - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); #if defined(MBEDTLS_RSA_C) - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); - if( mbedtls_pk_setup( pk, pk_info ) == 0 && - pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 ) - { - return( 0 ); + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); + if (mbedtls_pk_setup(pk, pk_info) == 0 && + pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) { + return (0); } - mbedtls_pk_free( pk ); - mbedtls_pk_init( pk ); + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); - if( mbedtls_pk_setup( pk, pk_info ) == 0 && - pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - key, keylen ) == 0 ) - { - return( 0 ); + pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); + if (mbedtls_pk_setup(pk, pk_info) == 0 && + pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), + key, keylen) == 0) { + return (0); } - mbedtls_pk_free( pk ); + mbedtls_pk_free(pk); #endif /* MBEDTLS_ECP_C */ /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't, @@ -1418,15 +1329,14 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, * also ok and in line with the mbedtls_pk_free() calls * on failed PEM parsing attempts. */ - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); } /* * Parse a public key */ -int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen ) -{ +int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, + const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; #if defined(MBEDTLS_RSA_C) @@ -1437,97 +1347,89 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, mbedtls_pem_context pem; #endif - PK_VALIDATE_RET( ctx != NULL ); - if( keylen == 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); - PK_VALIDATE_RET( key != NULL || keylen == 0 ); + PK_VALIDATE_RET(ctx != NULL); + if (keylen == 0) + return (MBEDTLS_ERR_PK_KEY_INVALID_FORMAT); + PK_VALIDATE_RET(key != NULL || keylen == 0); #if defined(MBEDTLS_PEM_PARSE_C) - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); #if defined(MBEDTLS_RSA_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN RSA PUBLIC KEY-----", - "-----END RSA PUBLIC KEY-----", - key, NULL, 0, &len ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN RSA PUBLIC KEY-----", + "-----END RSA PUBLIC KEY-----", + key, NULL, 0, &len); - if( ret == 0 ) - { + if (ret == 0) { p = pem.buf; - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) + return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG); - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) + return (ret); - if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 ) - mbedtls_pk_free( ctx ); + if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) + mbedtls_pk_free(ctx); - mbedtls_pem_free( &pem ); - return( ret ); - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - mbedtls_pem_free( &pem ); - return( ret ); + mbedtls_pem_free(&pem); + return (ret); + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + mbedtls_pem_free(&pem); + return (ret); } #endif /* MBEDTLS_RSA_C */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( key[keylen - 1] != '\0' ) + if (key[keylen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN PUBLIC KEY-----", - "-----END PUBLIC KEY-----", - key, NULL, 0, &len ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN PUBLIC KEY-----", + "-----END PUBLIC KEY-----", + key, NULL, 0, &len); - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded */ p = pem.buf; - ret = mbedtls_pk_parse_subpubkey( &p, p + pem.buflen, ctx ); - mbedtls_pem_free( &pem ); - return( ret ); + ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx); + mbedtls_pem_free(&pem); + return (ret); + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + mbedtls_pem_free(&pem); + return (ret); } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - mbedtls_pem_free( &pem ); - return( ret ); - } - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_RSA_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + if ((pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == NULL) + return (MBEDTLS_ERR_PK_UNKNOWN_PK_ALG); - if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_setup(ctx, pk_info)) != 0) + return (ret); p = (unsigned char *)key; - ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) ); - if( ret == 0 ) - { - return( ret ); + ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx)); + if (ret == 0) { + return (ret); } - mbedtls_pk_free( ctx ); - if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) - { - return( ret ); + mbedtls_pk_free(ctx); + if (ret != (MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { + return (ret); } #endif /* MBEDTLS_RSA_C */ p = (unsigned char *) key; - ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx ); + ret = mbedtls_pk_parse_subpubkey(&p, p + keylen, ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_PK_PARSE_C */ diff --git a/common/mbedtls/pkwrite.c b/common/mbedtls/pkwrite.c index 566153dd9..216c98542 100644 --- a/common/mbedtls/pkwrite.c +++ b/common/mbedtls/pkwrite.c @@ -69,38 +69,37 @@ * publicExponent INTEGER -- e * } */ -static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, - mbedtls_rsa_context *rsa ) -{ +static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start, + mbedtls_rsa_context *rsa) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_mpi T; - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); /* Export E */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) goto end_of_export; len += ret; /* Export N */ - if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) goto end_of_export; len += ret; end_of_export: - mbedtls_mpi_free( &T ); - if( ret < 0 ) - return( ret ); + mbedtls_mpi_free(&T); + if (ret < 0) + return (ret); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return ((int) len); } #endif /* MBEDTLS_RSA_C */ @@ -108,27 +107,25 @@ end_of_export: /* * EC public key is an EC point */ -static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) -{ +static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; - if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof( buf ) ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf))) != 0) { + return (ret); } - if( *p < start || (size_t)( *p - start ) < len ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t)(*p - start) < len) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *p -= len; - memcpy( *p, buf, len ); + memcpy(*p, buf, len); - return( (int) len ); + return ((int) len); } /* @@ -136,111 +133,102 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, * namedCurve OBJECT IDENTIFIER * } */ -static int pk_write_ec_param( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) -{ +static int pk_write_ec_param(unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; const char *oid; size_t oid_len; - if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_ec_grp(ec->grp.id, &oid, &oid_len)) != 0) + return (ret); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - return( (int) len ); + return ((int) len); } /* * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ -static int pk_write_ec_private( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) -{ +static int pk_write_ec_private(unsigned char **p, unsigned char *start, + mbedtls_ecp_keypair *ec) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t byte_length = ( ec->grp.pbits + 7 ) / 8; + size_t byte_length = (ec->grp.pbits + 7) / 8; unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; - ret = mbedtls_ecp_write_key( ec, tmp, byte_length ); - if( ret != 0 ) + ret = mbedtls_ecp_write_key(ec, tmp, byte_length); + if (ret != 0) goto exit; - ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length ); + ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); exit: - mbedtls_platform_zeroize( tmp, byte_length ); - return( ret ); + mbedtls_platform_zeroize(tmp, byte_length); + return (ret); } #endif /* MBEDTLS_ECP_C */ -int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ) -{ +int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *key) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - PK_VALIDATE_RET( p != NULL ); - PK_VALIDATE_RET( *p != NULL ); - PK_VALIDATE_RET( start != NULL ); - PK_VALIDATE_RET( key != NULL ); + PK_VALIDATE_RET(p != NULL); + PK_VALIDATE_RET(*p != NULL); + PK_VALIDATE_RET(start != NULL); + PK_VALIDATE_RET(key != NULL); #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) - MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) ); + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) + MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key))); else #endif #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) - MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) ); - else + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key))); + else #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE ) - { - size_t buffer_size; - psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx; + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { + size_t buffer_size; + psa_key_id_t *key_id = (psa_key_id_t *) key->pk_ctx; - if ( *p < start ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if (*p < start) + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); - buffer_size = (size_t)( *p - start ); - if ( psa_export_public_key( *key_id, start, buffer_size, &len ) - != PSA_SUCCESS ) - { - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - } - else - { - *p -= len; - memmove( *p, start, len ); - } - } - else + buffer_size = (size_t)(*p - start); + if (psa_export_public_key(*key_id, start, buffer_size, &len) + != PSA_SUCCESS) { + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); + } else { + *p -= len; + memmove(*p, start, len); + } + } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); - return( (int) len ); + return ((int) len); } -int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) -{ +int mbedtls_pk_write_pubkey_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0, par_len = 0, oid_len; mbedtls_pk_type_t pk_type; const char *oid; - PK_VALIDATE_RET( key != NULL ); - if( size == 0 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - PK_VALIDATE_RET( buf != NULL ); + PK_VALIDATE_RET(key != NULL); + if (size == 0) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); + PK_VALIDATE_RET(buf != NULL); c = buf + size; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_pk_write_pubkey(&c, buf, key)); - if( c - buf < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (c - buf < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); /* * SubjectPublicKeyInfo ::= SEQUENCE { @@ -250,214 +238,206 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si *--c = 0; len += 1; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - pk_type = mbedtls_pk_get_type( key ); + pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_C) - if( pk_type == MBEDTLS_PK_ECKEY ) - { - MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) ); + if (pk_type == MBEDTLS_PK_ECKEY) { + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key))); } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( pk_type == MBEDTLS_PK_OPAQUE ) - { + if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; psa_key_id_t key_id; psa_ecc_family_t curve; size_t bits; - key_id = *((psa_key_id_t*) key->pk_ctx ); - if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) ) - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); - key_type = psa_get_key_type( &attributes ); - bits = psa_get_key_bits( &attributes ); - psa_reset_key_attributes( &attributes ); + key_id = *((psa_key_id_t *) key->pk_ctx); + if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes)) + return (MBEDTLS_ERR_PK_HW_ACCEL_FAILED); + key_type = psa_get_key_type(&attributes); + bits = psa_get_key_bits(&attributes); + psa_reset_key_attributes(&attributes); - curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); - if( curve == 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type); + if (curve == 0) + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); - ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len ); - if( ret != 0 ) - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + ret = mbedtls_psa_get_ecc_oid_from_id(curve, bits, &oid, &oid_len); + if (ret != 0) + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); /* Write EC algorithm parameters; that's akin * to pk_write_ec_param() above. */ - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf, - oid, oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_oid(&c, buf, + oid, oid_len)); /* The rest of the function works as for legacy EC contexts. */ pk_type = MBEDTLS_PK_ECKEY; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid, - &oid_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, + &oid_len)) != 0) { + return (ret); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len, - par_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(&c, buf, oid, oid_len, + par_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return ((int) len); } -int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) -{ +int mbedtls_pk_write_key_der(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0; - PK_VALIDATE_RET( key != NULL ); - if( size == 0 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - PK_VALIDATE_RET( buf != NULL ); + PK_VALIDATE_RET(key != NULL); + if (size == 0) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); + PK_VALIDATE_RET(buf != NULL); c = buf + size; #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) - { + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key ); + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key); /* * Export the parameters one after another to avoid simultaneous copies. */ - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); /* Export QP */ - if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export DQ */ - if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export DP */ - if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export Q */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, - &T, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export P */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, - NULL, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, + NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export D */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, - NULL, &T, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export E */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, - NULL, NULL, &T ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, + NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; /* Export N */ - if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, - NULL, NULL, NULL ) ) != 0 || - ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, + NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) goto end_of_export; len += ret; - end_of_export: +end_of_export: - mbedtls_mpi_free( &T ); - if( ret < 0 ) - return( ret ); + mbedtls_mpi_free(&T); + if (ret < 0) + return (ret); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, - buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - } - else + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, + buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) - { - mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key ); - size_t pub_len = 0, par_len = 0; + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key); + size_t pub_len = 0, par_len = 0; - /* - * RFC 5915, or SEC1 Appendix C.4 - * - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL - * } - */ + /* + * RFC 5915, or SEC1 Appendix C.4 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ - /* publicKey */ - MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) ); + /* publicKey */ + MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec)); - if( c - buf < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--c = 0; - pub_len += 1; + if (c - buf < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); + *--c = 0; + pub_len += 1; - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) ); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) ); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ); - len += pub_len; + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)); + len += pub_len; - /* parameters */ - MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) ); + /* parameters */ + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec)); - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) ); - MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); - len += par_len; + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)); + len += par_len; - /* privateKey */ - MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) ); + /* privateKey */ + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec)); - /* version */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) ); + /* version */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - } - else + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + } else #endif /* MBEDTLS_ECP_C */ - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); - return( (int) len ); + return ((int) len); } #if defined(MBEDTLS_PEM_WRITE_C) @@ -553,70 +533,61 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ #define PRV_DER_MAX_BYTES ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \ RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES ) -int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) -{ +int mbedtls_pk_write_pubkey_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output_buf[PUB_DER_MAX_BYTES]; size_t olen = 0; - PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); + PK_VALIDATE_RET(key != NULL); + PK_VALIDATE_RET(buf != NULL || size == 0); - if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf, - sizeof(output_buf) ) ) < 0 ) - { - return( ret ); + if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, + sizeof(output_buf))) < 0) { + return (ret); } - if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, - output_buf + sizeof(output_buf) - ret, - ret, buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, + output_buf + sizeof(output_buf) - ret, + ret, buf, size, &olen)) != 0) { + return (ret); } - return( 0 ); + return (0); } -int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) -{ +int mbedtls_pk_write_key_pem(mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; - PK_VALIDATE_RET( key != NULL ); - PK_VALIDATE_RET( buf != NULL || size == 0 ); + PK_VALIDATE_RET(key != NULL); + PK_VALIDATE_RET(buf != NULL || size == 0); - if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 ) - return( ret ); + if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) + return (ret); #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) - { + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { begin = PEM_BEGIN_PRIVATE_KEY_RSA; end = PEM_END_PRIVATE_KEY_RSA; - } - else + } else #endif #if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY ) - { - begin = PEM_BEGIN_PRIVATE_KEY_EC; - end = PEM_END_PRIVATE_KEY_EC; - } - else + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { + begin = PEM_BEGIN_PRIVATE_KEY_EC; + end = PEM_END_PRIVATE_KEY_EC; + } else #endif - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); - if( ( ret = mbedtls_pem_write_buffer( begin, end, - output_buf + sizeof(output_buf) - ret, - ret, buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(begin, end, + output_buf + sizeof(output_buf) - ret, + ret, buf, size, &olen)) != 0) { + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_PEM_WRITE_C */ diff --git a/common/mbedtls/platform.c b/common/mbedtls/platform.c index e742fde7c..15a18eb91 100644 --- a/common/mbedtls/platform.c +++ b/common/mbedtls/platform.c @@ -34,44 +34,39 @@ defined(MBEDTLS_PLATFORM_FREE_MACRO) ) #if !defined(MBEDTLS_PLATFORM_STD_CALLOC) -static void *platform_calloc_uninit( size_t n, size_t size ) -{ +static void *platform_calloc_uninit(size_t n, size_t size) { ((void) n); ((void) size); - return( NULL ); + return (NULL); } #define MBEDTLS_PLATFORM_STD_CALLOC platform_calloc_uninit #endif /* !MBEDTLS_PLATFORM_STD_CALLOC */ #if !defined(MBEDTLS_PLATFORM_STD_FREE) -static void platform_free_uninit( void *ptr ) -{ +static void platform_free_uninit(void *ptr) { ((void) ptr); } #define MBEDTLS_PLATFORM_STD_FREE platform_free_uninit #endif /* !MBEDTLS_PLATFORM_STD_FREE */ -static void * (*mbedtls_calloc_func)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC; -static void (*mbedtls_free_func)( void * ) = MBEDTLS_PLATFORM_STD_FREE; +static void *(*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC; +static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE; -void * mbedtls_calloc( size_t nmemb, size_t size ) -{ - return (*mbedtls_calloc_func)( nmemb, size ); +void *mbedtls_calloc(size_t nmemb, size_t size) { + return (*mbedtls_calloc_func)(nmemb, size); } -void mbedtls_free( void * ptr ) -{ - (*mbedtls_free_func)( ptr ); +void mbedtls_free(void *ptr) { + (*mbedtls_free_func)(ptr); } -int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), - void (*free_func)( void * ) ) -{ +int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t), + void (*free_func)(void *)) { mbedtls_calloc_func = calloc_func; mbedtls_free_func = free_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_MEMORY && !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && @@ -79,16 +74,15 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) #include -int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) -{ +int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; va_list argp; - va_start( argp, fmt ); - ret = mbedtls_vsnprintf( s, n, fmt, argp ); - va_end( argp ); + va_start(argp, fmt); + ret = mbedtls_vsnprintf(s, n, fmt, argp); + va_end(argp); - return( ret ); + return (ret); } #endif @@ -97,53 +91,49 @@ int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_snprintf_uninit( char * s, size_t n, - const char * format, ... ) -{ +static int platform_snprintf_uninit(char *s, size_t n, + const char *format, ...) { ((void) s); ((void) n); ((void) format); - return( 0 ); + return (0); } #define MBEDTLS_PLATFORM_STD_SNPRINTF platform_snprintf_uninit #endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */ -int (*mbedtls_snprintf)( char * s, size_t n, - const char * format, - ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF; +int (*mbedtls_snprintf)(char *s, size_t n, + const char *format, + ...) = MBEDTLS_PLATFORM_STD_SNPRINTF; -int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, - const char * format, - ... ) ) -{ +int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n, + const char *format, + ...)) { mbedtls_snprintf = snprintf_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) #include -int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ) -{ +int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Avoid calling the invalid parameter handler by checking ourselves */ - if( s == NULL || n == 0 || fmt == NULL ) - return( -1 ); + if (s == NULL || n == 0 || fmt == NULL) + return (-1); #if defined(_TRUNCATE) - ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg ); + ret = vsnprintf_s(s, n, _TRUNCATE, fmt, arg); #else - ret = vsnprintf( s, n, fmt, arg ); - if( ret < 0 || (size_t) ret == n ) - { - s[n-1] = '\0'; + ret = vsnprintf(s, n, fmt, arg); + if (ret < 0 || (size_t) ret == n) { + s[n - 1] = '\0'; ret = -1; } #endif - return( ret ); + return (ret); } #endif @@ -152,29 +142,27 @@ int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_lis /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_vsnprintf_uninit( char * s, size_t n, - const char * format, va_list arg ) -{ +static int platform_vsnprintf_uninit(char *s, size_t n, + const char *format, va_list arg) { ((void) s); ((void) n); ((void) format); ((void) arg); - return( -1 ); + return (-1); } #define MBEDTLS_PLATFORM_STD_VSNPRINTF platform_vsnprintf_uninit #endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */ -int (*mbedtls_vsnprintf)( char * s, size_t n, - const char * format, - va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF; +int (*mbedtls_vsnprintf)(char *s, size_t n, + const char *format, + va_list arg) = MBEDTLS_PLATFORM_STD_VSNPRINTF; -int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, - const char * format, - va_list arg ) ) -{ +int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n, + const char *format, + va_list arg)) { mbedtls_vsnprintf = vsnprintf_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ @@ -183,21 +171,19 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_printf_uninit( const char *format, ... ) -{ +static int platform_printf_uninit(const char *format, ...) { ((void) format); - return( 0 ); + return (0); } #define MBEDTLS_PLATFORM_STD_PRINTF platform_printf_uninit #endif /* !MBEDTLS_PLATFORM_STD_PRINTF */ -int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF; +int (*mbedtls_printf)(const char *, ...) = MBEDTLS_PLATFORM_STD_PRINTF; -int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ) -{ +int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...)) { mbedtls_printf = printf_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_PRINTF_ALT */ @@ -206,23 +192,21 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_fprintf_uninit( FILE *stream, const char *format, ... ) -{ +static int platform_fprintf_uninit(FILE *stream, const char *format, ...) { ((void) stream); ((void) format); - return( 0 ); + return (0); } #define MBEDTLS_PLATFORM_STD_FPRINTF platform_fprintf_uninit #endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */ -int (*mbedtls_fprintf)( FILE *, const char *, ... ) = - MBEDTLS_PLATFORM_STD_FPRINTF; +int (*mbedtls_fprintf)(FILE *, const char *, ...) = + MBEDTLS_PLATFORM_STD_FPRINTF; -int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) ) -{ +int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *, const char *, ...)) { mbedtls_fprintf = fprintf_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ @@ -231,20 +215,18 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... /* * Make dummy function to prevent NULL pointer dereferences */ -static void platform_exit_uninit( int status ) -{ +static void platform_exit_uninit(int status) { ((void) status); } #define MBEDTLS_PLATFORM_STD_EXIT platform_exit_uninit #endif /* !MBEDTLS_PLATFORM_STD_EXIT */ -void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT; +void (*mbedtls_exit)(int status) = MBEDTLS_PLATFORM_STD_EXIT; -int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) -{ +int mbedtls_platform_set_exit(void (*exit_func)(int status)) { mbedtls_exit = exit_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_EXIT_ALT */ @@ -255,21 +237,19 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ) /* * Make dummy function to prevent NULL pointer dereferences */ -static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer ) -{ +static mbedtls_time_t platform_time_uninit(mbedtls_time_t *timer) { ((void) timer); - return( 0 ); + return (0); } #define MBEDTLS_PLATFORM_STD_TIME platform_time_uninit #endif /* !MBEDTLS_PLATFORM_STD_TIME */ -mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME; +mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *timer) = MBEDTLS_PLATFORM_STD_TIME; -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) ) -{ +int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *timer)) { mbedtls_time = time_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_TIME_ALT */ @@ -280,41 +260,37 @@ int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time /* Default implementations for the platform independent seed functions use * standard libc file functions to read from and write to a pre-defined filename */ -int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ) -{ +int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len) { FILE *file; size_t n; - if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL ) - return( -1 ); + if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb")) == NULL) + return (-1); - if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len ) - { - fclose( file ); - mbedtls_platform_zeroize( buf, buf_len ); - return( -1 ); + if ((n = fread(buf, 1, buf_len, file)) != buf_len) { + fclose(file); + mbedtls_platform_zeroize(buf, buf_len); + return (-1); } - fclose( file ); - return( (int)n ); + fclose(file); + return ((int)n); } -int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) -{ +int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len) { FILE *file; size_t n; - if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL ) + if ((file = fopen(MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w")) == NULL) return -1; - if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len ) - { - fclose( file ); + if ((n = fwrite(buf, 1, buf_len, file)) != buf_len) { + fclose(file); return -1; } - fclose( file ); - return( (int)n ); + fclose(file); + return ((int)n); } #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ @@ -323,11 +299,10 @@ int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len ) -{ +static int platform_nv_seed_read_uninit(unsigned char *buf, size_t buf_len) { ((void) buf); ((void) buf_len); - return( -1 ); + return (-1); } #define MBEDTLS_PLATFORM_STD_NV_SEED_READ platform_nv_seed_read_uninit @@ -337,28 +312,26 @@ static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len ) /* * Make dummy function to prevent NULL pointer dereferences */ -static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len ) -{ +static int platform_nv_seed_write_uninit(unsigned char *buf, size_t buf_len) { ((void) buf); ((void) buf_len); - return( -1 ); + return (-1); } #define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE platform_nv_seed_write_uninit #endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */ -int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) = - MBEDTLS_PLATFORM_STD_NV_SEED_READ; -int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) = - MBEDTLS_PLATFORM_STD_NV_SEED_WRITE; +int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len) = + MBEDTLS_PLATFORM_STD_NV_SEED_READ; +int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len) = + MBEDTLS_PLATFORM_STD_NV_SEED_WRITE; int mbedtls_platform_set_nv_seed( - int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), - int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) ) -{ + int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len), + int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)) { mbedtls_nv_seed_read = nv_seed_read_func; mbedtls_nv_seed_write = nv_seed_write_func; - return( 0 ); + return (0); } #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ @@ -367,18 +340,16 @@ int mbedtls_platform_set_nv_seed( /* * Placeholder platform setup that does nothing by default */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ +int mbedtls_platform_setup(mbedtls_platform_context *ctx) { (void)ctx; - return( 0 ); + return (0); } /* * Placeholder platform teardown that does nothing by default */ -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ +void mbedtls_platform_teardown(mbedtls_platform_context *ctx) { (void)ctx; } #endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ diff --git a/common/mbedtls/platform.h b/common/mbedtls/platform.h index fde5ee8c8..9497289ff 100644 --- a/common/mbedtls/platform.h +++ b/common/mbedtls/platform.h @@ -138,8 +138,8 @@ extern "C" { #else /* For size_t */ #include -extern void *mbedtls_calloc( size_t n, size_t size ); -extern void mbedtls_free( void *ptr ); +extern void *mbedtls_calloc(size_t n, size_t size); +extern void mbedtls_free(void *ptr); /** * \brief This function dynamically sets the memory-management @@ -150,8 +150,8 @@ extern void mbedtls_free( void *ptr ); * * \return \c 0. */ -int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), - void (*free_func)( void * ) ); +int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t), + void (*free_func)(void *)); #endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */ #else /* !MBEDTLS_PLATFORM_MEMORY */ #define mbedtls_free free @@ -164,7 +164,7 @@ int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ), #if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) /* We need FILE * */ #include -extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); +extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...); /** * \brief This function dynamically configures the fprintf @@ -175,8 +175,8 @@ extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... ); * * \return \c 0. */ -int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *, - ... ) ); +int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *, + ...)); #else #if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) #define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO @@ -189,7 +189,7 @@ int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char * The function pointers for printf */ #if defined(MBEDTLS_PLATFORM_PRINTF_ALT) -extern int (*mbedtls_printf)( const char *format, ... ); +extern int (*mbedtls_printf)(const char *format, ...); /** * \brief This function dynamically configures the snprintf @@ -200,7 +200,7 @@ extern int (*mbedtls_printf)( const char *format, ... ); * * \return \c 0 on success. */ -int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); +int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...)); #else /* !MBEDTLS_PLATFORM_PRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) #define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO @@ -220,11 +220,11 @@ int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) ); */ #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF) /* For Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... ); +int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...); #endif #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) -extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); +extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...); /** * \brief This function allows configuring a custom @@ -234,8 +234,8 @@ extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... ); * * \return \c 0 on success. */ -int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, - const char * format, ... ) ); +int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n, + const char *format, ...)); #else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) #define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO @@ -256,12 +256,12 @@ int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n, #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF) #include /* For Older Windows (inc. MSYS2), we provide our own fixed implementation */ -int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg ); +int mbedtls_platform_win32_vsnprintf(char *s, size_t n, const char *fmt, va_list arg); #endif #if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) #include -extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg ); +extern int (*mbedtls_vsnprintf)(char *s, size_t n, const char *format, va_list arg); /** * \brief Set your own snprintf function pointer @@ -270,8 +270,8 @@ extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_lis * * \return \c 0 */ -int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, - const char * format, va_list arg ) ); +int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n, + const char *format, va_list arg)); #else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ #if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) #define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO @@ -284,7 +284,7 @@ int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n, * The function pointers for exit */ #if defined(MBEDTLS_PLATFORM_EXIT_ALT) -extern void (*mbedtls_exit)( int status ); +extern void (*mbedtls_exit)(int status); /** * \brief This function dynamically configures the exit @@ -295,7 +295,7 @@ extern void (*mbedtls_exit)( int status ); * * \return \c 0 on success. */ -int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); +int mbedtls_platform_set_exit(void (*exit_func)(int status)); #else #if defined(MBEDTLS_PLATFORM_EXIT_MACRO) #define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO @@ -327,13 +327,13 @@ int mbedtls_platform_set_exit( void (*exit_func)( int status ) ); #if defined(MBEDTLS_ENTROPY_NV_SEED) #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO) /* Internal standard platform definitions */ -int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len ); -int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len ); +int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len); +int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len); #endif #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) -extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ); -extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); +extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len); +extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len); /** * \brief This function allows configuring custom seed file writing and @@ -345,9 +345,9 @@ extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ); * \return \c 0 on success. */ int mbedtls_platform_set_nv_seed( - int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ), - int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) - ); + int (*nv_seed_read_func)(unsigned char *buf, size_t buf_len), + int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len) +); #else #if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \ defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) @@ -368,8 +368,7 @@ int mbedtls_platform_set_nv_seed( * \note This structure may be used to assist platform-specific * setup or teardown operations. */ -typedef struct mbedtls_platform_context -{ +typedef struct mbedtls_platform_context { char dummy; /**< A placeholder member, as empty structs are not portable. */ } mbedtls_platform_context; @@ -393,7 +392,7 @@ mbedtls_platform_context; * * \return \c 0 on success. */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +int mbedtls_platform_setup(mbedtls_platform_context *ctx); /** * \brief This function performs any platform teardown operations. * @@ -408,7 +407,7 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * \param ctx The platform context. * */ -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); +void mbedtls_platform_teardown(mbedtls_platform_context *ctx); #ifdef __cplusplus } diff --git a/common/mbedtls/platform_time.h b/common/mbedtls/platform_time.h index 7e7daab69..623f7e45d 100644 --- a/common/mbedtls/platform_time.h +++ b/common/mbedtls/platform_time.h @@ -55,7 +55,7 @@ typedef time_t mbedtls_time_t; * The function pointers for time */ #if defined(MBEDTLS_PLATFORM_TIME_ALT) -extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); +extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time); /** * \brief Set your own time function pointer @@ -64,7 +64,7 @@ extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time ); * * \return 0 */ -int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) ); +int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time)); #else #if defined(MBEDTLS_PLATFORM_TIME_MACRO) #define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO diff --git a/common/mbedtls/platform_util.c b/common/mbedtls/platform_util.c index 98fe5deb2..ed9c75734 100644 --- a/common/mbedtls/platform_util.c +++ b/common/mbedtls/platform_util.c @@ -62,14 +62,13 @@ * mbedtls_platform_zeroize() to use a suitable implementation for their * platform and needs. */ -static void * (* const volatile memset_func)( void *, int, size_t ) = memset; +static void *(* const volatile memset_func)(void *, int, size_t) = memset; -void mbedtls_platform_zeroize( void *buf, size_t len ) -{ - MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL ); +void mbedtls_platform_zeroize(void *buf, size_t len) { + MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL); - if( len > 0 ) - memset_func( buf, 0, len ); + if (len > 0) + memset_func(buf, 0, len); } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ @@ -100,34 +99,32 @@ void mbedtls_platform_zeroize( void *buf, size_t len ) ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) && \ _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */ -struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, - struct tm *tm_buf ) -{ +struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, + struct tm *tm_buf) { #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) - return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL ); + return ((gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL); #elif !defined(PLATFORM_UTIL_USE_GMTIME) - return( gmtime_r( tt, tm_buf ) ); + return (gmtime_r(tt, tm_buf)); #else struct tm *lt; #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( NULL ); + if (mbedtls_mutex_lock(&mbedtls_threading_gmtime_mutex) != 0) + return (NULL); #endif /* MBEDTLS_THREADING_C */ - lt = gmtime( tt ); + lt = gmtime(tt); - if( lt != NULL ) - { - memcpy( tm_buf, lt, sizeof( struct tm ) ); + if (lt != NULL) { + memcpy(tm_buf, lt, sizeof(struct tm)); } #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 ) - return( NULL ); + if (mbedtls_mutex_unlock(&mbedtls_threading_gmtime_mutex) != 0) + return (NULL); #endif /* MBEDTLS_THREADING_C */ - return( ( lt == NULL ) ? NULL : tm_buf ); + return ((lt == NULL) ? NULL : tm_buf); #endif /* _WIN32 && !EFIX64 && !EFI32 */ } #endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */ diff --git a/common/mbedtls/platform_util.h b/common/mbedtls/platform_util.h index fbc2a0d1c..b59846fa7 100644 --- a/common/mbedtls/platform_util.h +++ b/common/mbedtls/platform_util.h @@ -78,9 +78,9 @@ extern "C" { * \param file The file where the assertion failed. * \param line The line in the file where the assertion failed. */ -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ); +void mbedtls_param_failed(const char *failure_condition, + const char *file, + int line); #endif /* MBEDTLS_PARAM_FAILED */ /* Internal macro meant to be called only from within the library. */ @@ -119,7 +119,7 @@ void mbedtls_param_failed( const char *failure_condition, * it, too. We might want to move all these definitions here at * some point for uniformity. */ #define MBEDTLS_DEPRECATED __attribute__((deprecated)) -MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; +MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t; #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; @@ -154,7 +154,7 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * \param len Length of the buffer in bytes * */ -void mbedtls_platform_zeroize( void *buf, size_t len ); +void mbedtls_platform_zeroize(void *buf, size_t len); #if defined(MBEDTLS_HAVE_TIME_DATE) /** @@ -183,8 +183,8 @@ void mbedtls_platform_zeroize( void *buf, size_t len ); * \return Pointer to an object of type struct tm on success, otherwise * NULL */ -struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt, - struct tm *tm_buf ); +struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt, + struct tm *tm_buf); #endif /* MBEDTLS_HAVE_TIME_DATE */ #ifdef __cplusplus diff --git a/common/mbedtls/poly1305.c b/common/mbedtls/poly1305.c index 492d1457d..b6982b593 100644 --- a/common/mbedtls/poly1305.c +++ b/common/mbedtls/poly1305.c @@ -64,8 +64,7 @@ * However we provided an alternative for platforms without such a multiplier. */ #if defined(MBEDTLS_NO_64BIT_MULTIPLICATION) -static uint64_t mul64( uint32_t a, uint32_t b ) -{ +static uint64_t mul64(uint32_t a, uint32_t b) { /* a = al + 2**16 ah, b = bl + 2**16 bh */ const uint16_t al = (uint16_t) a; const uint16_t bl = (uint16_t) b; @@ -74,15 +73,14 @@ static uint64_t mul64( uint32_t a, uint32_t b ) /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */ const uint32_t lo = (uint32_t) al * bl; - const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh; + const uint64_t me = (uint64_t)((uint32_t) ah * bl) + (uint32_t) al * bh; const uint32_t hi = (uint32_t) ah * bh; - return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) ); + return (lo + (me << 16) + ((uint64_t) hi << 32)); } #else -static inline uint64_t mul64( uint32_t a, uint32_t b ) -{ - return( (uint64_t) a * b ); +static inline uint64_t mul64(uint32_t a, uint32_t b) { + return ((uint64_t) a * b); } #endif @@ -98,11 +96,10 @@ static inline uint64_t mul64( uint32_t a, uint32_t b ) * applied to the input data before calling this * function. Otherwise, set this parameter to 1. */ -static void poly1305_process( mbedtls_poly1305_context *ctx, - size_t nblocks, - const unsigned char *input, - uint32_t needs_padding ) -{ +static void poly1305_process(mbedtls_poly1305_context *ctx, + size_t nblocks, + const unsigned char *input, + uint32_t needs_padding) { uint64_t d0, d1, d2, d3; uint32_t acc0, acc1, acc2, acc3, acc4; uint32_t r0, r1, r2, r3; @@ -115,9 +112,9 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, r2 = ctx->r[2]; r3 = ctx->r[3]; - rs1 = r1 + ( r1 >> 2U ); - rs2 = r2 + ( r2 >> 2U ); - rs3 = r3 + ( r3 >> 2U ); + rs1 = r1 + (r1 >> 2U); + rs2 = r2 + (r2 >> 2U); + rs3 = r3 + (r3 >> 2U); acc0 = ctx->acc[0]; acc1 = ctx->acc[1]; @@ -126,67 +123,66 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, acc4 = ctx->acc[4]; /* Process full blocks */ - for( i = 0U; i < nblocks; i++ ) - { + for (i = 0U; i < nblocks; i++) { /* The input block is treated as a 128-bit little-endian integer */ - d0 = BYTES_TO_U32_LE( input, offset + 0 ); - d1 = BYTES_TO_U32_LE( input, offset + 4 ); - d2 = BYTES_TO_U32_LE( input, offset + 8 ); - d3 = BYTES_TO_U32_LE( input, offset + 12 ); + d0 = BYTES_TO_U32_LE(input, offset + 0); + d1 = BYTES_TO_U32_LE(input, offset + 4); + d2 = BYTES_TO_U32_LE(input, offset + 8); + d3 = BYTES_TO_U32_LE(input, offset + 12); /* Compute: acc += (padded) block as a 130-bit integer */ d0 += (uint64_t) acc0; - d1 += (uint64_t) acc1 + ( d0 >> 32U ); - d2 += (uint64_t) acc2 + ( d1 >> 32U ); - d3 += (uint64_t) acc3 + ( d2 >> 32U ); + d1 += (uint64_t) acc1 + (d0 >> 32U); + d2 += (uint64_t) acc2 + (d1 >> 32U); + d3 += (uint64_t) acc3 + (d2 >> 32U); acc0 = (uint32_t) d0; acc1 = (uint32_t) d1; acc2 = (uint32_t) d2; acc3 = (uint32_t) d3; - acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding; + acc4 += (uint32_t)(d3 >> 32U) + needs_padding; /* Compute: acc *= r */ - d0 = mul64( acc0, r0 ) + - mul64( acc1, rs3 ) + - mul64( acc2, rs2 ) + - mul64( acc3, rs1 ); - d1 = mul64( acc0, r1 ) + - mul64( acc1, r0 ) + - mul64( acc2, rs3 ) + - mul64( acc3, rs2 ) + - mul64( acc4, rs1 ); - d2 = mul64( acc0, r2 ) + - mul64( acc1, r1 ) + - mul64( acc2, r0 ) + - mul64( acc3, rs3 ) + - mul64( acc4, rs2 ); - d3 = mul64( acc0, r3 ) + - mul64( acc1, r2 ) + - mul64( acc2, r1 ) + - mul64( acc3, r0 ) + - mul64( acc4, rs3 ); + d0 = mul64(acc0, r0) + + mul64(acc1, rs3) + + mul64(acc2, rs2) + + mul64(acc3, rs1); + d1 = mul64(acc0, r1) + + mul64(acc1, r0) + + mul64(acc2, rs3) + + mul64(acc3, rs2) + + mul64(acc4, rs1); + d2 = mul64(acc0, r2) + + mul64(acc1, r1) + + mul64(acc2, r0) + + mul64(acc3, rs3) + + mul64(acc4, rs2); + d3 = mul64(acc0, r3) + + mul64(acc1, r2) + + mul64(acc2, r1) + + mul64(acc3, r0) + + mul64(acc4, rs3); acc4 *= r0; /* Compute: acc %= (2^130 - 5) (partial remainder) */ - d1 += ( d0 >> 32 ); - d2 += ( d1 >> 32 ); - d3 += ( d2 >> 32 ); + d1 += (d0 >> 32); + d2 += (d1 >> 32); + d3 += (d2 >> 32); acc0 = (uint32_t) d0; acc1 = (uint32_t) d1; acc2 = (uint32_t) d2; acc3 = (uint32_t) d3; - acc4 = (uint32_t) ( d3 >> 32 ) + acc4; + acc4 = (uint32_t)(d3 >> 32) + acc4; - d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU ); + d0 = (uint64_t) acc0 + (acc4 >> 2) + (acc4 & 0xFFFFFFFCU); acc4 &= 3U; acc0 = (uint32_t) d0; - d0 = (uint64_t) acc1 + ( d0 >> 32U ); + d0 = (uint64_t) acc1 + (d0 >> 32U); acc1 = (uint32_t) d0; - d0 = (uint64_t) acc2 + ( d0 >> 32U ); + d0 = (uint64_t) acc2 + (d0 >> 32U); acc2 = (uint32_t) d0; - d0 = (uint64_t) acc3 + ( d0 >> 32U ); + d0 = (uint64_t) acc3 + (d0 >> 32U); acc3 = (uint32_t) d0; - d0 = (uint64_t) acc4 + ( d0 >> 32U ); + d0 = (uint64_t) acc4 + (d0 >> 32U); acc4 = (uint32_t) d0; offset += POLY1305_BLOCK_SIZE_BYTES; @@ -206,9 +202,8 @@ static void poly1305_process( mbedtls_poly1305_context *ctx, * \param mac The buffer to where the MAC is written. Must be * big enough to contain the 16-byte MAC. */ -static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, - unsigned char mac[16] ) -{ +static void poly1305_compute_mac(const mbedtls_poly1305_context *ctx, + unsigned char mac[16]) { uint64_t d; uint32_t g0, g1, g2, g3, g4; uint32_t acc0, acc1, acc2, acc3, acc4; @@ -227,85 +222,82 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, */ /* Calculate acc + -(2^130 - 5) */ - d = ( (uint64_t) acc0 + 5U ); + d = ((uint64_t) acc0 + 5U); g0 = (uint32_t) d; - d = ( (uint64_t) acc1 + ( d >> 32 ) ); + d = ((uint64_t) acc1 + (d >> 32)); g1 = (uint32_t) d; - d = ( (uint64_t) acc2 + ( d >> 32 ) ); + d = ((uint64_t) acc2 + (d >> 32)); g2 = (uint32_t) d; - d = ( (uint64_t) acc3 + ( d >> 32 ) ); + d = ((uint64_t) acc3 + (d >> 32)); g3 = (uint32_t) d; - g4 = acc4 + (uint32_t) ( d >> 32U ); + g4 = acc4 + (uint32_t)(d >> 32U); /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */ - mask = (uint32_t) 0U - ( g4 >> 2U ); + mask = (uint32_t) 0U - (g4 >> 2U); mask_inv = ~mask; /* If 131st bit is set then acc=g, otherwise, acc is unmodified */ - acc0 = ( acc0 & mask_inv ) | ( g0 & mask ); - acc1 = ( acc1 & mask_inv ) | ( g1 & mask ); - acc2 = ( acc2 & mask_inv ) | ( g2 & mask ); - acc3 = ( acc3 & mask_inv ) | ( g3 & mask ); + acc0 = (acc0 & mask_inv) | (g0 & mask); + acc1 = (acc1 & mask_inv) | (g1 & mask); + acc2 = (acc2 & mask_inv) | (g2 & mask); + acc3 = (acc3 & mask_inv) | (g3 & mask); /* Add 's' */ d = (uint64_t) acc0 + ctx->s[0]; acc0 = (uint32_t) d; - d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U ); + d = (uint64_t) acc1 + ctx->s[1] + (d >> 32U); acc1 = (uint32_t) d; - d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U ); + d = (uint64_t) acc2 + ctx->s[2] + (d >> 32U); acc2 = (uint32_t) d; - acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); + acc3 += ctx->s[3] + (uint32_t)(d >> 32U); /* Compute MAC (128 least significant bits of the accumulator) */ - mac[ 0] = (unsigned char)( acc0 ); - mac[ 1] = (unsigned char)( acc0 >> 8 ); - mac[ 2] = (unsigned char)( acc0 >> 16 ); - mac[ 3] = (unsigned char)( acc0 >> 24 ); - mac[ 4] = (unsigned char)( acc1 ); - mac[ 5] = (unsigned char)( acc1 >> 8 ); - mac[ 6] = (unsigned char)( acc1 >> 16 ); - mac[ 7] = (unsigned char)( acc1 >> 24 ); - mac[ 8] = (unsigned char)( acc2 ); - mac[ 9] = (unsigned char)( acc2 >> 8 ); - mac[10] = (unsigned char)( acc2 >> 16 ); - mac[11] = (unsigned char)( acc2 >> 24 ); - mac[12] = (unsigned char)( acc3 ); - mac[13] = (unsigned char)( acc3 >> 8 ); - mac[14] = (unsigned char)( acc3 >> 16 ); - mac[15] = (unsigned char)( acc3 >> 24 ); + mac[ 0] = (unsigned char)(acc0); + mac[ 1] = (unsigned char)(acc0 >> 8); + mac[ 2] = (unsigned char)(acc0 >> 16); + mac[ 3] = (unsigned char)(acc0 >> 24); + mac[ 4] = (unsigned char)(acc1); + mac[ 5] = (unsigned char)(acc1 >> 8); + mac[ 6] = (unsigned char)(acc1 >> 16); + mac[ 7] = (unsigned char)(acc1 >> 24); + mac[ 8] = (unsigned char)(acc2); + mac[ 9] = (unsigned char)(acc2 >> 8); + mac[10] = (unsigned char)(acc2 >> 16); + mac[11] = (unsigned char)(acc2 >> 24); + mac[12] = (unsigned char)(acc3); + mac[13] = (unsigned char)(acc3 >> 8); + mac[14] = (unsigned char)(acc3 >> 16); + mac[15] = (unsigned char)(acc3 >> 24); } -void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) -{ - POLY1305_VALIDATE( ctx != NULL ); +void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx) { + POLY1305_VALIDATE(ctx != NULL); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context)); } -void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context)); } -int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, - const unsigned char key[32] ) -{ - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( key != NULL ); +int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx, + const unsigned char key[32]) { + POLY1305_VALIDATE_RET(ctx != NULL); + POLY1305_VALIDATE_RET(key != NULL); /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ - ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU; - ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU; - ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU; - ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU; + ctx->r[0] = BYTES_TO_U32_LE(key, 0) & 0x0FFFFFFFU; + ctx->r[1] = BYTES_TO_U32_LE(key, 4) & 0x0FFFFFFCU; + ctx->r[2] = BYTES_TO_U32_LE(key, 8) & 0x0FFFFFFCU; + ctx->r[3] = BYTES_TO_U32_LE(key, 12) & 0x0FFFFFFCU; - ctx->s[0] = BYTES_TO_U32_LE( key, 16 ); - ctx->s[1] = BYTES_TO_U32_LE( key, 20 ); - ctx->s[2] = BYTES_TO_U32_LE( key, 24 ); - ctx->s[3] = BYTES_TO_U32_LE( key, 28 ); + ctx->s[0] = BYTES_TO_U32_LE(key, 16); + ctx->s[1] = BYTES_TO_U32_LE(key, 20); + ctx->s[2] = BYTES_TO_U32_LE(key, 24); + ctx->s[3] = BYTES_TO_U32_LE(key, 28); /* Initial accumulator state */ ctx->acc[0] = 0U; @@ -315,137 +307,126 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, ctx->acc[4] = 0U; /* Queue initially empty */ - mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) ); + mbedtls_platform_zeroize(ctx->queue, sizeof(ctx->queue)); ctx->queue_len = 0U; - return( 0 ); + return (0); } -int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx, + const unsigned char *input, + size_t ilen) { size_t offset = 0U; size_t remaining = ilen; size_t queue_free_len; size_t nblocks; - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); + POLY1305_VALIDATE_RET(ctx != NULL); + POLY1305_VALIDATE_RET(ilen == 0 || input != NULL); - if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) ) - { - queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); + if ((remaining > 0U) && (ctx->queue_len > 0U)) { + queue_free_len = (POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len); - if( ilen < queue_free_len ) - { + if (ilen < queue_free_len) { /* Not enough data to complete the block. * Store this data with the other leftovers. */ - memcpy( &ctx->queue[ctx->queue_len], - input, - ilen ); + memcpy(&ctx->queue[ctx->queue_len], + input, + ilen); ctx->queue_len += ilen; remaining = 0U; - } - else - { + } else { /* Enough data to produce a complete block */ - memcpy( &ctx->queue[ctx->queue_len], - input, - queue_free_len ); + memcpy(&ctx->queue[ctx->queue_len], + input, + queue_free_len); ctx->queue_len = 0U; - poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */ + poly1305_process(ctx, 1U, ctx->queue, 1U); /* add padding bit */ offset += queue_free_len; remaining -= queue_free_len; } } - if( remaining >= POLY1305_BLOCK_SIZE_BYTES ) - { + if (remaining >= POLY1305_BLOCK_SIZE_BYTES) { nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES; - poly1305_process( ctx, nblocks, &input[offset], 1U ); + poly1305_process(ctx, nblocks, &input[offset], 1U); offset += nblocks * POLY1305_BLOCK_SIZE_BYTES; remaining %= POLY1305_BLOCK_SIZE_BYTES; } - if( remaining > 0U ) - { + if (remaining > 0U) { /* Store partial block */ ctx->queue_len = remaining; - memcpy( ctx->queue, &input[offset], remaining ); + memcpy(ctx->queue, &input[offset], remaining); } - return( 0 ); + return (0); } -int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, - unsigned char mac[16] ) -{ - POLY1305_VALIDATE_RET( ctx != NULL ); - POLY1305_VALIDATE_RET( mac != NULL ); +int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx, + unsigned char mac[16]) { + POLY1305_VALIDATE_RET(ctx != NULL); + POLY1305_VALIDATE_RET(mac != NULL); /* Process any leftover data */ - if( ctx->queue_len > 0U ) - { + if (ctx->queue_len > 0U) { /* Add padding bit */ ctx->queue[ctx->queue_len] = 1U; ctx->queue_len++; /* Pad with zeroes */ - memset( &ctx->queue[ctx->queue_len], - 0, - POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); + memset(&ctx->queue[ctx->queue_len], + 0, + POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len); - poly1305_process( ctx, 1U, /* Process 1 block */ - ctx->queue, 0U ); /* Already padded above */ + poly1305_process(ctx, 1U, /* Process 1 block */ + ctx->queue, 0U); /* Already padded above */ } - poly1305_compute_mac( ctx, mac ); + poly1305_compute_mac(ctx, mac); - return( 0 ); + return (0); } -int mbedtls_poly1305_mac( const unsigned char key[32], - const unsigned char *input, - size_t ilen, - unsigned char mac[16] ) -{ +int mbedtls_poly1305_mac(const unsigned char key[32], + const unsigned char *input, + size_t ilen, + unsigned char mac[16]) { mbedtls_poly1305_context ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - POLY1305_VALIDATE_RET( key != NULL ); - POLY1305_VALIDATE_RET( mac != NULL ); - POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); + POLY1305_VALIDATE_RET(key != NULL); + POLY1305_VALIDATE_RET(mac != NULL); + POLY1305_VALIDATE_RET(ilen == 0 || input != NULL); - mbedtls_poly1305_init( &ctx ); + mbedtls_poly1305_init(&ctx); - ret = mbedtls_poly1305_starts( &ctx, key ); - if( ret != 0 ) + ret = mbedtls_poly1305_starts(&ctx, key); + if (ret != 0) goto cleanup; - ret = mbedtls_poly1305_update( &ctx, input, ilen ); - if( ret != 0 ) + ret = mbedtls_poly1305_update(&ctx, input, ilen); + if (ret != 0) goto cleanup; - ret = mbedtls_poly1305_finish( &ctx, mac ); + ret = mbedtls_poly1305_finish(&ctx, mac); cleanup: - mbedtls_poly1305_free( &ctx ); - return( ret ); + mbedtls_poly1305_free(&ctx); + return (ret); } #endif /* MBEDTLS_POLY1305_ALT */ #if defined(MBEDTLS_SELF_TEST) -static const unsigned char test_keys[2][32] = -{ +static const unsigned char test_keys[2][32] = { { 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, @@ -460,8 +441,7 @@ static const unsigned char test_keys[2][32] = } }; -static const unsigned char test_data[2][127] = -{ +static const unsigned char test_data[2][127] = { { 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f, @@ -489,14 +469,12 @@ static const unsigned char test_data[2][127] = } }; -static const size_t test_data_len[2] = -{ +static const size_t test_data_len[2] = { 34U, 127U }; -static const unsigned char test_mac[2][16] = -{ +static const unsigned char test_mac[2][16] = { { 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9 @@ -523,33 +501,31 @@ static const unsigned char test_mac[2][16] = } \ while( 0 ) -int mbedtls_poly1305_self_test( int verbose ) -{ +int mbedtls_poly1305_self_test(int verbose) { unsigned char mac[16]; unsigned i; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - for( i = 0U; i < 2U; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " Poly1305 test %u ", i ); + for (i = 0U; i < 2U; i++) { + if (verbose != 0) + mbedtls_printf(" Poly1305 test %u ", i); - ret = mbedtls_poly1305_mac( test_keys[i], - test_data[i], - test_data_len[i], - mac ); - ASSERT( 0 == ret, ( "error code: %i\n", ret ) ); + ret = mbedtls_poly1305_mac(test_keys[i], + test_data[i], + test_data_len[i], + mac); + ASSERT(0 == ret, ("error code: %i\n", ret)); - ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) ); + ASSERT(0 == memcmp(mac, test_mac[i], 16U), ("failed (mac)\n")); - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/poly1305.h b/common/mbedtls/poly1305.h index 905c145a3..7382d382d 100644 --- a/common/mbedtls/poly1305.h +++ b/common/mbedtls/poly1305.h @@ -57,8 +57,7 @@ extern "C" { #if !defined(MBEDTLS_POLY1305_ALT) -typedef struct mbedtls_poly1305_context -{ +typedef struct mbedtls_poly1305_context { uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ uint32_t acc[5]; /** The accumulator number. */ @@ -86,7 +85,7 @@ mbedtls_poly1305_context; * \param ctx The Poly1305 context to initialize. This must * not be \c NULL. */ -void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); +void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx); /** * \brief This function releases and clears the specified @@ -96,7 +95,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ); * case this function is a no-op. If it is not \c NULL, it must * point to an initialized Poly1305 context. */ -void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); +void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx); /** * \brief This function sets the one-time authentication key. @@ -111,8 +110,8 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, - const unsigned char key[32] ); +int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx, + const unsigned char key[32]); /** * \brief This functions feeds an input buffer into an ongoing @@ -132,9 +131,9 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function generates the Poly1305 Message @@ -148,8 +147,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, - unsigned char mac[16] ); +int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx, + unsigned char mac[16]); /** * \brief This function calculates the Poly1305 MAC of the input @@ -169,10 +168,10 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_poly1305_mac( const unsigned char key[32], - const unsigned char *input, - size_t ilen, - unsigned char mac[16] ); +int mbedtls_poly1305_mac(const unsigned char key[32], + const unsigned char *input, + size_t ilen, + unsigned char mac[16]); #if defined(MBEDTLS_SELF_TEST) /** @@ -181,7 +180,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32], * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_poly1305_self_test( int verbose ); +int mbedtls_poly1305_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/common/mbedtls/psa_crypto.c b/common/mbedtls/psa_crypto.c index 62252721f..d5905dc4b 100644 --- a/common/mbedtls/psa_crypto.c +++ b/common/mbedtls/psa_crypto.c @@ -91,15 +91,14 @@ #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) /* constant-time buffer comparison */ -static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) -{ +static inline int safer_memcmp(const uint8_t *a, const uint8_t *b, size_t n) { size_t i; unsigned char diff = 0; - for( i = 0; i < n; i++ ) + for (i = 0; i < n; i++) diff |= a[i] ^ b[i]; - return( diff ); + return (diff); } @@ -108,9 +107,8 @@ static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) /* Global data, support functions and library management */ /****************************************************************/ -static int key_type_is_raw_bytes( psa_key_type_t type ) -{ - return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) ); +static int key_type_is_raw_bytes(psa_key_type_t type) { + return (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)); } /* Values for psa_global_data_t::rng_state */ @@ -118,8 +116,7 @@ static int key_type_is_raw_bytes( psa_key_type_t type ) #define RNG_INITIALIZED 1 #define RNG_SEEDED 2 -typedef struct -{ +typedef struct { mbedtls_psa_random_context_t rng; unsigned initialized : 1; unsigned rng_state : 2; @@ -136,37 +133,35 @@ mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state = if( global_data.initialized == 0 ) \ return( PSA_ERROR_BAD_STATE ); -psa_status_t mbedtls_to_psa_error( int ret ) -{ +psa_status_t mbedtls_to_psa_error(int ret) { /* Mbed TLS error codes can combine a high-level error code and a * low-level error code. The low-level error usually reflects the * root cause better, so dispatch on that preferably. */ - int low_level_ret = - ( -ret & 0x007f ); - switch( low_level_ret != 0 ? low_level_ret : ret ) - { + int low_level_ret = - (-ret & 0x007f); + switch (low_level_ret != 0 ? low_level_ret : ret) { case 0: - return( PSA_SUCCESS ); + return (PSA_SUCCESS); case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_AES_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_ASN1_OUT_OF_DATA: case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: case MBEDTLS_ERR_ASN1_INVALID_LENGTH: case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH: case MBEDTLS_ERR_ASN1_INVALID_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_ASN1_ALLOC_FAILED: - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + return (PSA_ERROR_INSUFFICIENT_MEMORY); case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: - return( PSA_ERROR_BUFFER_TOO_SMALL ); + return (PSA_ERROR_BUFFER_TOO_SMALL); #if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA: @@ -174,9 +169,9 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH: #endif case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); #if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA: @@ -184,209 +179,209 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH: #endif case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_CCM_BAD_INPUT: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_CCM_AUTH_FAILED: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_CIPHER_ALLOC_FAILED: - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + return (PSA_ERROR_INSUFFICIENT_MEMORY); case MBEDTLS_ERR_CIPHER_INVALID_PADDING: - return( PSA_ERROR_INVALID_PADDING ); + return (PSA_ERROR_INVALID_PADDING); case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_CIPHER_AUTH_FAILED: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: - return( PSA_ERROR_CORRUPTION_DETECTED ); + return (PSA_ERROR_CORRUPTION_DETECTED); case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); #if !( defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) ) /* Only check CTR_DRBG error codes if underlying mbedtls_xxx * functions are passed a CTR_DRBG instance. */ case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG: case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); #endif case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_DES_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); case MBEDTLS_ERR_GCM_AUTH_FAILED: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_GCM_BAD_INPUT: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) /* Only check HMAC_DRBG error codes if underlying mbedtls_xxx * functions are passed a HMAC_DRBG instance. */ case MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); case MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG: case MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); #endif case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED: case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED: case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_MD_BAD_INPUT_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_MD_ALLOC_FAILED: - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + return (PSA_ERROR_INSUFFICIENT_MEMORY); case MBEDTLS_ERR_MD_FILE_IO_ERROR: - return( PSA_ERROR_STORAGE_FAILURE ); + return (PSA_ERROR_STORAGE_FAILURE); case MBEDTLS_ERR_MD_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_MPI_FILE_IO_ERROR: - return( PSA_ERROR_STORAGE_FAILURE ); + return (PSA_ERROR_STORAGE_FAILURE); case MBEDTLS_ERR_MPI_BAD_INPUT_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_MPI_INVALID_CHARACTER: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL: - return( PSA_ERROR_BUFFER_TOO_SMALL ); + return (PSA_ERROR_BUFFER_TOO_SMALL); case MBEDTLS_ERR_MPI_NEGATIVE_VALUE: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_MPI_DIVISION_BY_ZERO: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_MPI_ALLOC_FAILED: - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + return (PSA_ERROR_INSUFFICIENT_MEMORY); case MBEDTLS_ERR_PK_ALLOC_FAILED: - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + return (PSA_ERROR_INSUFFICIENT_MEMORY); case MBEDTLS_ERR_PK_TYPE_MISMATCH: case MBEDTLS_ERR_PK_BAD_INPUT_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_PK_FILE_IO_ERROR: - return( PSA_ERROR_STORAGE_FAILURE ); + return (PSA_ERROR_STORAGE_FAILURE); case MBEDTLS_ERR_PK_KEY_INVALID_VERSION: case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_PK_PASSWORD_REQUIRED: case MBEDTLS_ERR_PK_PASSWORD_MISMATCH: - return( PSA_ERROR_NOT_PERMITTED ); + return (PSA_ERROR_NOT_PERMITTED); case MBEDTLS_ERR_PK_INVALID_PUBKEY: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_PK_INVALID_ALG: case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE: case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_PK_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_RSA_BAD_INPUT_DATA: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_RSA_INVALID_PADDING: - return( PSA_ERROR_INVALID_PADDING ); + return (PSA_ERROR_INVALID_PADDING); case MBEDTLS_ERR_RSA_KEY_GEN_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_RSA_PUBLIC_FAILED: case MBEDTLS_ERR_RSA_PRIVATE_FAILED: - return( PSA_ERROR_CORRUPTION_DETECTED ); + return (PSA_ERROR_CORRUPTION_DETECTED); case MBEDTLS_ERR_RSA_VERIFY_FAILED: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE: - return( PSA_ERROR_BUFFER_TOO_SMALL ); + return (PSA_ERROR_BUFFER_TOO_SMALL); case MBEDTLS_ERR_RSA_RNG_FAILED: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED: case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED: case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_ECP_BAD_INPUT_DATA: case MBEDTLS_ERR_ECP_INVALID_KEY: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL: - return( PSA_ERROR_BUFFER_TOO_SMALL ); + return (PSA_ERROR_BUFFER_TOO_SMALL); case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH: case MBEDTLS_ERR_ECP_VERIFY_FAILED: - return( PSA_ERROR_INVALID_SIGNATURE ); + return (PSA_ERROR_INVALID_SIGNATURE); case MBEDTLS_ERR_ECP_ALLOC_FAILED: - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + return (PSA_ERROR_INSUFFICIENT_MEMORY); case MBEDTLS_ERR_ECP_RANDOM_FAILED: - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); + return (PSA_ERROR_INSUFFICIENT_ENTROPY); case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED: - return( PSA_ERROR_HARDWARE_FAILURE ); + return (PSA_ERROR_HARDWARE_FAILURE); case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: - return( PSA_ERROR_CORRUPTION_DETECTED ); + return (PSA_ERROR_CORRUPTION_DETECTED); default: - return( PSA_ERROR_GENERIC_ERROR ); + return (PSA_ERROR_GENERIC_ERROR); } } @@ -398,9 +393,8 @@ psa_status_t mbedtls_to_psa_error( int ret ) /****************************************************************/ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) -{ - return( psa_key_lifetime_is_external( slot->attr.lifetime ) ); +static inline int psa_key_slot_is_external(const psa_key_slot_t *slot) { + return (psa_key_lifetime_is_external(slot->attr.lifetime)); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -413,125 +407,117 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, - size_t bits, - int bits_is_sloppy ) -{ - switch( curve ) - { +mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, + size_t bits, + int bits_is_sloppy) { + switch (curve) { case PSA_ECC_FAMILY_SECP_R1: - switch( bits ) - { + switch (bits) { case 192: - return( MBEDTLS_ECP_DP_SECP192R1 ); + return (MBEDTLS_ECP_DP_SECP192R1); case 224: - return( MBEDTLS_ECP_DP_SECP224R1 ); + return (MBEDTLS_ECP_DP_SECP224R1); case 256: - return( MBEDTLS_ECP_DP_SECP256R1 ); + return (MBEDTLS_ECP_DP_SECP256R1); case 384: - return( MBEDTLS_ECP_DP_SECP384R1 ); + return (MBEDTLS_ECP_DP_SECP384R1); case 521: - return( MBEDTLS_ECP_DP_SECP521R1 ); + return (MBEDTLS_ECP_DP_SECP521R1); case 528: - if( bits_is_sloppy ) - return( MBEDTLS_ECP_DP_SECP521R1 ); + if (bits_is_sloppy) + return (MBEDTLS_ECP_DP_SECP521R1); break; } break; case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch( bits ) - { + switch (bits) { case 256: - return( MBEDTLS_ECP_DP_BP256R1 ); + return (MBEDTLS_ECP_DP_BP256R1); case 384: - return( MBEDTLS_ECP_DP_BP384R1 ); + return (MBEDTLS_ECP_DP_BP384R1); case 512: - return( MBEDTLS_ECP_DP_BP512R1 ); + return (MBEDTLS_ECP_DP_BP512R1); } break; case PSA_ECC_FAMILY_MONTGOMERY: - switch( bits ) - { + switch (bits) { case 255: - return( MBEDTLS_ECP_DP_CURVE25519 ); + return (MBEDTLS_ECP_DP_CURVE25519); case 256: - if( bits_is_sloppy ) - return( MBEDTLS_ECP_DP_CURVE25519 ); + if (bits_is_sloppy) + return (MBEDTLS_ECP_DP_CURVE25519); break; case 448: - return( MBEDTLS_ECP_DP_CURVE448 ); + return (MBEDTLS_ECP_DP_CURVE448); } break; case PSA_ECC_FAMILY_SECP_K1: - switch( bits ) - { + switch (bits) { case 192: - return( MBEDTLS_ECP_DP_SECP192K1 ); + return (MBEDTLS_ECP_DP_SECP192K1); case 224: - return( MBEDTLS_ECP_DP_SECP224K1 ); + return (MBEDTLS_ECP_DP_SECP224K1); case 256: - return( MBEDTLS_ECP_DP_SECP256K1 ); + return (MBEDTLS_ECP_DP_SECP256K1); } break; } - return( MBEDTLS_ECP_DP_NONE ); + return (MBEDTLS_ECP_DP_NONE); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */ -static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, - size_t bits ) -{ +static psa_status_t validate_unstructured_key_bit_size(psa_key_type_t type, + size_t bits) { /* Check that the bit size is acceptable for the key type */ - switch( type ) - { + switch (type) { case PSA_KEY_TYPE_RAW_DATA: case PSA_KEY_TYPE_HMAC: case PSA_KEY_TYPE_DERIVE: break; #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES) case PSA_KEY_TYPE_AES: - if( bits != 128 && bits != 192 && bits != 256 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (bits != 128 && bits != 192 && bits != 256) + return (PSA_ERROR_INVALID_ARGUMENT); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA) case PSA_KEY_TYPE_CAMELLIA: - if( bits != 128 && bits != 192 && bits != 256 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (bits != 128 && bits != 192 && bits != 256) + return (PSA_ERROR_INVALID_ARGUMENT); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) case PSA_KEY_TYPE_DES: - if( bits != 64 && bits != 128 && bits != 192 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (bits != 64 && bits != 128 && bits != 192) + return (PSA_ERROR_INVALID_ARGUMENT); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4) case PSA_KEY_TYPE_ARC4: - if( bits < 8 || bits > 2048 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (bits < 8 || bits > 2048) + return (PSA_ERROR_INVALID_ARGUMENT); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) case PSA_KEY_TYPE_CHACHA20: - if( bits != 256 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (bits != 256) + return (PSA_ERROR_INVALID_ARGUMENT); break; #endif default: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } - if( bits % 8 != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (bits % 8 != 0) + return (PSA_ERROR_INVALID_ARGUMENT); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Return the size of the key in the given slot, in bits. @@ -540,9 +526,8 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, * * \return The key size in bits, read from the metadata in the slot. */ -static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot ) -{ - return( slot->attr.bits ); +static inline size_t psa_get_key_slot_bits(const psa_key_slot_t *slot) { + return (slot->attr.bits); } /** Check whether a given key type is valid for use with a given MAC algorithm @@ -561,29 +546,25 @@ static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot ) */ MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do( psa_algorithm_t algorithm, - psa_key_type_t key_type ) -{ - if( PSA_ALG_IS_HMAC( algorithm ) ) - { - if( key_type == PSA_KEY_TYPE_HMAC ) - return( PSA_SUCCESS ); + psa_key_type_t key_type) { + if (PSA_ALG_IS_HMAC(algorithm)) { + if (key_type == PSA_KEY_TYPE_HMAC) + return (PSA_SUCCESS); } - if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) ) - { + if (PSA_ALG_IS_BLOCK_CIPHER_MAC(algorithm)) { /* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher * key. */ - if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == - PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) - { + if ((key_type & PSA_KEY_TYPE_CATEGORY_MASK) == + PSA_KEY_TYPE_CATEGORY_SYMMETRIC) { /* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and * the block length (larger than 1) for block ciphers. */ - if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 ) - return( PSA_SUCCESS ); + if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1) + return (PSA_SUCCESS); } } - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } /** Try to allocate a buffer to an empty key slot. @@ -598,99 +579,91 @@ MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do( * \retval #PSA_ERROR_ALREADY_EXISTS * Trying to allocate a buffer to a non-empty key slot. */ -static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot, - size_t buffer_length ) -{ - if( slot->key.data != NULL ) - return( PSA_ERROR_ALREADY_EXISTS ); +static psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, + size_t buffer_length) { + if (slot->key.data != NULL) + return (PSA_ERROR_ALREADY_EXISTS); - slot->key.data = mbedtls_calloc( 1, buffer_length ); - if( slot->key.data == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + slot->key.data = mbedtls_calloc(1, buffer_length); + if (slot->key.data == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); slot->key.bytes = buffer_length; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, - const uint8_t* data, - size_t data_length ) -{ - psa_status_t status = psa_allocate_buffer_to_slot( slot, - data_length ); - if( status != PSA_SUCCESS ) - return( status ); +psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot, + const uint8_t *data, + size_t data_length) { + psa_status_t status = psa_allocate_buffer_to_slot(slot, + data_length); + if (status != PSA_SUCCESS) + return (status); - memcpy( slot->key.data, data, data_length ); - return( PSA_SUCCESS ); + memcpy(slot->key.data, data, data_length); + return (PSA_SUCCESS); } psa_status_t psa_import_key_into_slot( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ + size_t *key_buffer_length, size_t *bits) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = attributes->core.type; /* zero-length keys are never supported. */ - if( data_length == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (data_length == 0) + return (PSA_ERROR_NOT_SUPPORTED); - if( key_type_is_raw_bytes( type ) ) - { - *bits = PSA_BYTES_TO_BITS( data_length ); + if (key_type_is_raw_bytes(type)) { + *bits = PSA_BYTES_TO_BITS(data_length); /* Ensure that the bytes-to-bits conversion hasn't overflown. */ - if( data_length > SIZE_MAX / 8 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (data_length > SIZE_MAX / 8) + return (PSA_ERROR_NOT_SUPPORTED); /* Enforce a size limit, and in particular ensure that the bit * size fits in its representation type. */ - if( ( *bits ) > PSA_MAX_KEY_BITS ) - return( PSA_ERROR_NOT_SUPPORTED ); + if ((*bits) > PSA_MAX_KEY_BITS) + return (PSA_ERROR_NOT_SUPPORTED); - status = validate_unstructured_key_bit_size( type, *bits ); - if( status != PSA_SUCCESS ) - return( status ); + status = validate_unstructured_key_bit_size(type, *bits); + if (status != PSA_SUCCESS) + return (status); /* Copy the key material. */ - memcpy( key_buffer, data, data_length ); + memcpy(key_buffer, data, data_length); *key_buffer_length = data_length; (void)key_buffer_size; - return( PSA_SUCCESS ); - } - else if( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) ) - { + return (PSA_SUCCESS); + } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_ECC( type ) ) - { - return( mbedtls_psa_ecp_import_key( attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, - bits ) ); + if (PSA_KEY_TYPE_IS_ECC(type)) { + return (mbedtls_psa_ecp_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, + bits)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( type ) ) - { - return( mbedtls_psa_rsa_import_key( attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, - bits ) ); + if (PSA_KEY_TYPE_IS_RSA(type)) { + return (mbedtls_psa_rsa_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, + bits)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ } - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } /** Calculate the intersection of two algorithm usage policies. @@ -700,63 +673,56 @@ psa_status_t psa_import_key_into_slot( static psa_algorithm_t psa_key_policy_algorithm_intersection( psa_key_type_t key_type, psa_algorithm_t alg1, - psa_algorithm_t alg2 ) -{ + psa_algorithm_t alg2) { /* Common case: both sides actually specify the same policy. */ - if( alg1 == alg2 ) - return( alg1 ); + if (alg1 == alg2) + return (alg1); /* If the policies are from the same hash-and-sign family, check * if one is a wildcard. If so the other has the specific algorithm. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg1 ) && - PSA_ALG_IS_HASH_AND_SIGN( alg2 ) && - ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) ) - { - if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH ) - return( alg2 ); - if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH ) - return( alg1 ); + if (PSA_ALG_IS_HASH_AND_SIGN(alg1) && + PSA_ALG_IS_HASH_AND_SIGN(alg2) && + (alg1 & ~PSA_ALG_HASH_MASK) == (alg2 & ~PSA_ALG_HASH_MASK)) { + if (PSA_ALG_SIGN_GET_HASH(alg1) == PSA_ALG_ANY_HASH) + return (alg2); + if (PSA_ALG_SIGN_GET_HASH(alg2) == PSA_ALG_ANY_HASH) + return (alg1); } /* If the policies are from the same AEAD family, check whether * one of them is a minimum-tag-length wildcard. Calculate the most * restrictive tag length. */ - if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) && - ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) == - PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) ) - { - size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 ); - size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 ); + if (PSA_ALG_IS_AEAD(alg1) && PSA_ALG_IS_AEAD(alg2) && + (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg1, 0) == + PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg2, 0))) { + size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg1); + size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg2); size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len; /* If both are wildcards, return most restrictive wildcard */ - if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && - ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) - { - return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( - alg1, restricted_len ) ); + if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) && + ((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) { + return (PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( + alg1, restricted_len)); } /* If only one is a wildcard, return specific algorithm if compatible. */ - if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && - ( alg1_len <= alg2_len ) ) - { - return( alg2 ); + if (((alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) && + (alg1_len <= alg2_len)) { + return (alg2); } - if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && - ( alg2_len <= alg1_len ) ) - { - return( alg1 ); + if (((alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0) && + (alg2_len <= alg1_len)) { + return (alg1); } } /* If the policies are from the same MAC family, check whether one * of them is a minimum-MAC-length policy. Calculate the most * restrictive tag length. */ - if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) && - ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) == - PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) ) - { + if (PSA_ALG_IS_MAC(alg1) && PSA_ALG_IS_MAC(alg2) && + (PSA_ALG_FULL_LENGTH_MAC(alg1) == + PSA_ALG_FULL_LENGTH_MAC(alg2))) { /* Validate the combination of key type and algorithm. Since the base * algorithm of alg1 and alg2 are the same, we only need this once. */ - if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) ) - return( 0 ); + if (PSA_SUCCESS != psa_mac_key_can_do(alg1, key_type)) + return (0); /* Get the (exact or at-least) output lengths for both sides of the * requested intersection. None of the currently supported algorithms @@ -766,79 +732,72 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection( * Note that for at-least-this-length wildcard algorithms, the output * length is set to the shortest allowed length, which allows us to * calculate the most restrictive tag length for the intersection. */ - size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 ); - size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 ); + size_t alg1_len = PSA_MAC_LENGTH(key_type, 0, alg1); + size_t alg2_len = PSA_MAC_LENGTH(key_type, 0, alg2); size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len; /* If both are wildcards, return most restrictive wildcard */ - if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && - ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) - { - return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) ); + if (((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) && + ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0)) { + return (PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(alg1, restricted_len)); } /* If only one is an at-least-this-length policy, the intersection would * be the other (fixed-length) policy as long as said fixed length is * equal to or larger than the shortest allowed length. */ - if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) - { - return( ( alg1_len <= alg2_len ) ? alg2 : 0 ); + if ((alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) { + return ((alg1_len <= alg2_len) ? alg2 : 0); } - if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) - { - return( ( alg2_len <= alg1_len ) ? alg1 : 0 ); + if ((alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) { + return ((alg2_len <= alg1_len) ? alg1 : 0); } /* If none of them are wildcards, check whether they define the same tag * length. This is still possible here when one is default-length and * the other specific-length. Ensure to always return the * specific-length version for the intersection. */ - if( alg1_len == alg2_len ) - return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) ); + if (alg1_len == alg2_len) + return (PSA_ALG_TRUNCATED_MAC(alg1, alg1_len)); } /* If the policies are incompatible, allow nothing. */ - return( 0 ); + return (0); } -static int psa_key_algorithm_permits( psa_key_type_t key_type, - psa_algorithm_t policy_alg, - psa_algorithm_t requested_alg ) -{ +static int psa_key_algorithm_permits(psa_key_type_t key_type, + psa_algorithm_t policy_alg, + psa_algorithm_t requested_alg) { /* Common case: the policy only allows requested_alg. */ - if( requested_alg == policy_alg ) - return( 1 ); + if (requested_alg == policy_alg) + return (1); /* If policy_alg is a hash-and-sign with a wildcard for the hash, * and requested_alg is the same hash-and-sign family with any hash, * then requested_alg is compliant with policy_alg. */ - if( PSA_ALG_IS_HASH_AND_SIGN( requested_alg ) && - PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH ) - { - return( ( policy_alg & ~PSA_ALG_HASH_MASK ) == - ( requested_alg & ~PSA_ALG_HASH_MASK ) ); + if (PSA_ALG_IS_HASH_AND_SIGN(requested_alg) && + PSA_ALG_SIGN_GET_HASH(policy_alg) == PSA_ALG_ANY_HASH) { + return ((policy_alg & ~PSA_ALG_HASH_MASK) == + (requested_alg & ~PSA_ALG_HASH_MASK)); } /* If policy_alg is a wildcard AEAD algorithm of the same base as * the requested algorithm, check the requested tag length to be * equal-length or longer than the wildcard-specified length. */ - if( PSA_ALG_IS_AEAD( policy_alg ) && - PSA_ALG_IS_AEAD( requested_alg ) && - ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) == - PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) && - ( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) - { - return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <= - PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) ); + if (PSA_ALG_IS_AEAD(policy_alg) && + PSA_ALG_IS_AEAD(requested_alg) && + (PSA_ALG_AEAD_WITH_SHORTENED_TAG(policy_alg, 0) == + PSA_ALG_AEAD_WITH_SHORTENED_TAG(requested_alg, 0)) && + ((policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0)) { + return (PSA_ALG_AEAD_GET_TAG_LENGTH(policy_alg) <= + PSA_ALG_AEAD_GET_TAG_LENGTH(requested_alg)); } /* If policy_alg is a MAC algorithm of the same base as the requested * algorithm, check whether their MAC lengths are compatible. */ - if( PSA_ALG_IS_MAC( policy_alg ) && - PSA_ALG_IS_MAC( requested_alg ) && - ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) == - PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) ) - { + if (PSA_ALG_IS_MAC(policy_alg) && + PSA_ALG_IS_MAC(requested_alg) && + (PSA_ALG_FULL_LENGTH_MAC(policy_alg) == + PSA_ALG_FULL_LENGTH_MAC(requested_alg))) { /* Validate the combination of key type and algorithm. Since the policy * and requested algorithms are the same, we only need this once. */ - if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) ) - return( 0 ); + if (PSA_SUCCESS != psa_mac_key_can_do(policy_alg, key_type)) + return (0); /* Get both the requested output length for the algorithm which is to be * verified, and the default output length for the base algorithm. @@ -846,44 +805,41 @@ static int psa_key_algorithm_permits( psa_key_type_t key_type, * length dependent on actual key size, so setting it to a bogus value * of 0 is currently OK. */ size_t requested_output_length = PSA_MAC_LENGTH( - key_type, 0, requested_alg ); + key_type, 0, requested_alg); size_t default_output_length = PSA_MAC_LENGTH( - key_type, 0, - PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ); + key_type, 0, + PSA_ALG_FULL_LENGTH_MAC(requested_alg)); /* If the policy is default-length, only allow an algorithm with * a declared exact-length matching the default. */ - if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 ) - return( requested_output_length == default_output_length ); + if (PSA_MAC_TRUNCATED_LENGTH(policy_alg) == 0) + return (requested_output_length == default_output_length); /* If the requested algorithm is default-length, allow it if the policy * length exactly matches the default length. */ - if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 && - PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length ) - { - return( 1 ); + if (PSA_MAC_TRUNCATED_LENGTH(requested_alg) == 0 && + PSA_MAC_TRUNCATED_LENGTH(policy_alg) == default_output_length) { + return (1); } /* If policy_alg is an at-least-this-length wildcard MAC algorithm, * check for the requested MAC length to be equal to or longer than the * minimum allowed length. */ - if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) - { - return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <= - requested_output_length ); + if ((policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0) { + return (PSA_MAC_TRUNCATED_LENGTH(policy_alg) <= + requested_output_length); } } /* If policy_alg is a generic key agreement operation, then using it for * a key derivation with that key agreement should also be allowed. This * behaviour is expected to be defined in a future specification version. */ - if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) && - PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) ) - { - return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) == - policy_alg ); + if (PSA_ALG_IS_RAW_KEY_AGREEMENT(policy_alg) && + PSA_ALG_IS_KEY_AGREEMENT(requested_alg)) { + return (PSA_ALG_KEY_AGREEMENT_GET_BASE(requested_alg) == + policy_alg); } /* If it isn't explicitly permitted, it's forbidden. */ - return( 0 ); + return (0); } /** Test whether a policy permits an algorithm. @@ -901,23 +857,22 @@ static int psa_key_algorithm_permits( psa_key_type_t key_type, * \retval PSA_ERROR_NOT_PERMITTED When \p alg is a specific algorithm, but * the \p policy does not allow it. */ -static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy, - psa_key_type_t key_type, - psa_algorithm_t alg ) -{ +static psa_status_t psa_key_policy_permits(const psa_key_policy_t *policy, + psa_key_type_t key_type, + psa_algorithm_t alg) { /* '0' is not a valid algorithm */ - if( alg == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (alg == 0) + return (PSA_ERROR_INVALID_ARGUMENT); /* A requested algorithm cannot be a wildcard. */ - if( PSA_ALG_IS_WILDCARD( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (PSA_ALG_IS_WILDCARD(alg)) + return (PSA_ERROR_INVALID_ARGUMENT); - if( psa_key_algorithm_permits( key_type, policy->alg, alg ) || - psa_key_algorithm_permits( key_type, policy->alg2, alg ) ) - return( PSA_SUCCESS ); + if (psa_key_algorithm_permits(key_type, policy->alg, alg) || + psa_key_algorithm_permits(key_type, policy->alg2, alg)) + return (PSA_SUCCESS); else - return( PSA_ERROR_NOT_PERMITTED ); + return (PSA_ERROR_NOT_PERMITTED); } /** Restrict a key policy based on a constraint. @@ -941,22 +896,21 @@ static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy, static psa_status_t psa_restrict_key_policy( psa_key_type_t key_type, psa_key_policy_t *policy, - const psa_key_policy_t *constraint ) -{ + const psa_key_policy_t *constraint) { psa_algorithm_t intersection_alg = - psa_key_policy_algorithm_intersection( key_type, policy->alg, - constraint->alg ); + psa_key_policy_algorithm_intersection(key_type, policy->alg, + constraint->alg); psa_algorithm_t intersection_alg2 = - psa_key_policy_algorithm_intersection( key_type, policy->alg2, - constraint->alg2 ); - if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + psa_key_policy_algorithm_intersection(key_type, policy->alg2, + constraint->alg2); + if (intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0) + return (PSA_ERROR_INVALID_ARGUMENT); + if (intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0) + return (PSA_ERROR_INVALID_ARGUMENT); policy->usage &= constraint->usage; policy->alg = intersection_alg; policy->alg2 = intersection_alg2; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Get the description of a key given its identifier and policy constraints @@ -976,46 +930,43 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, - psa_algorithm_t alg ) -{ + psa_algorithm_t alg) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_and_lock_key_slot( key, p_slot ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot(key, p_slot); + if (status != PSA_SUCCESS) + return (status); slot = *p_slot; /* Enforce that usage policy for the key slot contains all the flags * required by the usage parameter. There is one exception: public * keys can always be exported, so we treat public key objects as * if they had the export flag. */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ) + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) usage &= ~PSA_KEY_USAGE_EXPORT; - if( ( slot->attr.policy.usage & usage ) != usage ) - { + if ((slot->attr.policy.usage & usage) != usage) { status = PSA_ERROR_NOT_PERMITTED; goto error; } /* Enforce that the usage policy permits the requested algortihm. */ - if( alg != 0 ) - { - status = psa_key_policy_permits( &slot->attr.policy, - slot->attr.type, - alg ); - if( status != PSA_SUCCESS ) + if (alg != 0) { + status = psa_key_policy_permits(&slot->attr.policy, + slot->attr.type, + alg); + if (status != PSA_SUCCESS) goto error; } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); error: *p_slot = NULL; - psa_unlock_key_slot( slot ); + psa_unlock_key_slot(slot); - return( status ); + return (status); } /** Get a key slot containing a transparent key and lock it. @@ -1035,21 +986,19 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, - psa_algorithm_t alg ) -{ - psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot, - usage, alg ); - if( status != PSA_SUCCESS ) - return( status ); + psa_algorithm_t alg) { + psa_status_t status = psa_get_and_lock_key_slot_with_policy(key, p_slot, + usage, alg); + if (status != PSA_SUCCESS) + return (status); - if( psa_key_slot_is_external( *p_slot ) ) - { - psa_unlock_key_slot( *p_slot ); + if (psa_key_slot_is_external(*p_slot)) { + psa_unlock_key_slot(*p_slot); *p_slot = NULL; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #else /* MBEDTLS_PSA_CRYPTO_SE_C */ /* With no secure element support, all keys are transparent. */ @@ -1058,25 +1007,23 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ /** Wipe key data from a slot. Preserve metadata such as the policy. */ -static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot ) -{ +static psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { /* Data pointer will always be either a valid pointer or NULL in an * initialized slot, so we can just free it. */ - if( slot->key.data != NULL ) - mbedtls_platform_zeroize( slot->key.data, slot->key.bytes); + if (slot->key.data != NULL) + mbedtls_platform_zeroize(slot->key.data, slot->key.bytes); - mbedtls_free( slot->key.data ); + mbedtls_free(slot->key.data); slot->key.data = NULL; slot->key.bytes = 0; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Completely wipe a slot in memory, including its policy. * Persistent storage is not affected. */ -psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) -{ - psa_status_t status = psa_remove_key_data_from_memory( slot ); +psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot) { + psa_status_t status = psa_remove_key_data_from_memory(slot); /* * As the return error code may not be handled in case of multiple errors, @@ -1085,10 +1032,9 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) * part of the execution of a test suite this will stop the test suite * execution). */ - if( slot->lock_count != 1 ) - { + if (slot->lock_count != 1) { #ifdef MBEDTLS_CHECK_PARAMS - MBEDTLS_PARAM_FAILED( slot->lock_count == 1 ); + MBEDTLS_PARAM_FAILED(slot->lock_count == 1); #endif status = PSA_ERROR_CORRUPTION_DETECTED; } @@ -1101,12 +1047,11 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) /* At this point, key material and other type-specific content has * been wiped. Clear remaining metadata. We can call memset and not * zeroize because the metadata is not particularly sensitive. */ - memset( slot, 0, sizeof( *slot ) ); - return( status ); + memset(slot, 0, sizeof(*slot)); + return (status); } -psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) -{ +psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) { psa_key_slot_t *slot; psa_status_t status; /* status of the last operation */ psa_status_t overall_status = PSA_SUCCESS; @@ -1114,8 +1059,8 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) psa_se_drv_table_entry_t *driver; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( mbedtls_svc_key_id_is_null( key ) ) - return( PSA_SUCCESS ); + if (mbedtls_svc_key_id_is_null(key)) + return (PSA_SUCCESS); /* * Get the description of the key in a key slot. In case of a persistent @@ -1124,9 +1069,9 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) * the key is operated by an SE or not and this information is needed by * the current implementation. */ - status = psa_get_and_lock_key_slot( key, &slot ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot(key, &slot); + if (status != PSA_SUCCESS) + return (status); /* * If the key slot containing the key description is under access by the @@ -1135,29 +1080,26 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) * implemented), the key should be destroyed when all accesses have * stopped. */ - if( slot->lock_count > 1 ) - { - psa_unlock_key_slot( slot ); - return( PSA_ERROR_GENERIC_ERROR ); + if (slot->lock_count > 1) { + psa_unlock_key_slot(slot); + return (PSA_ERROR_GENERIC_ERROR); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - driver = psa_get_se_driver_entry( slot->attr.lifetime ); - if( driver != NULL ) - { + driver = psa_get_se_driver_entry(slot->attr.lifetime); + if (driver != NULL) { /* For a key in a secure element, we need to do three things: * remove the key file in internal storage, destroy the * key inside the secure element, and update the driver's * persistent data. Start a transaction that will encompass these * three actions. */ - psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY ); + psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_DESTROY_KEY); psa_crypto_transaction.key.lifetime = slot->attr.lifetime; - psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number( slot ); + psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number(slot); psa_crypto_transaction.key.id = slot->attr.id; - status = psa_crypto_save_transaction( ); - if( status != PSA_SUCCESS ) - { - (void) psa_crypto_stop_transaction( ); + status = psa_crypto_save_transaction(); + if (status != PSA_SUCCESS) { + (void) psa_crypto_stop_transaction(); /* We should still try to destroy the key in the secure * element and the key metadata in storage. This is especially * important if the error is that the storage is full. @@ -1169,18 +1111,17 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) goto exit; } - status = psa_destroy_se_key( driver, - psa_key_slot_get_slot_number( slot ) ); - if( overall_status == PSA_SUCCESS ) + status = psa_destroy_se_key(driver, + psa_key_slot_get_slot_number(slot)); + if (overall_status == PSA_SUCCESS) overall_status = status; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) - { - status = psa_destroy_persistent_key( slot->attr.id ); - if( overall_status == PSA_SUCCESS ) + if (! PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { + status = psa_destroy_persistent_key(slot->attr.id); + if (overall_status == PSA_SUCCESS) overall_status = status; /* TODO: other slots may have a copy of the same key. We should @@ -1191,13 +1132,12 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { - status = psa_save_se_persistent_data( driver ); - if( overall_status == PSA_SUCCESS ) + if (driver != NULL) { + status = psa_save_se_persistent_data(driver); + if (overall_status == PSA_SUCCESS) overall_status = status; - status = psa_crypto_stop_transaction( ); - if( overall_status == PSA_SUCCESS ) + status = psa_crypto_stop_transaction(); + if (overall_status == PSA_SUCCESS) overall_status = status; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -1205,84 +1145,79 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) #if defined(MBEDTLS_PSA_CRYPTO_SE_C) exit: #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_wipe_key_slot( slot ); + status = psa_wipe_key_slot(slot); /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */ - if( overall_status == PSA_SUCCESS ) + if (overall_status == PSA_SUCCESS) overall_status = status; - return( overall_status ); + return (overall_status); } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) static psa_status_t psa_get_rsa_public_exponent( const mbedtls_rsa_context *rsa, - psa_key_attributes_t *attributes ) -{ + psa_key_attributes_t *attributes) { mbedtls_mpi mpi; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint8_t *buffer = NULL; size_t buflen; - mbedtls_mpi_init( &mpi ); + mbedtls_mpi_init(&mpi); - ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi ); - if( ret != 0 ) + ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &mpi); + if (ret != 0) goto exit; - if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 ) - { + if (mbedtls_mpi_cmp_int(&mpi, 65537) == 0) { /* It's the default value, which is reported as an empty string, * so there's nothing to do. */ goto exit; } - buflen = mbedtls_mpi_size( &mpi ); - buffer = mbedtls_calloc( 1, buflen ); - if( buffer == NULL ) - { + buflen = mbedtls_mpi_size(&mpi); + buffer = mbedtls_calloc(1, buflen); + if (buffer == NULL) { ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; goto exit; } - ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen ); - if( ret != 0 ) + ret = mbedtls_mpi_write_binary(&mpi, buffer, buflen); + if (ret != 0) goto exit; attributes->domain_parameters = buffer; attributes->domain_parameters_size = buflen; exit: - mbedtls_mpi_free( &mpi ); - if( ret != 0 ) - mbedtls_free( buffer ); - return( mbedtls_to_psa_error( ret ) ); + mbedtls_mpi_free(&mpi); + if (ret != 0) + mbedtls_free(buffer); + return (mbedtls_to_psa_error(ret)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. */ -psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, - psa_key_attributes_t *attributes ) -{ +psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, + psa_key_attributes_t *attributes) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_reset_key_attributes( attributes ); + psa_reset_key_attributes(attributes); - status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0); + if (status != PSA_SUCCESS) + return (status); attributes->core = slot->attr; - attributes->core.flags &= ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | - MBEDTLS_PSA_KA_MASK_DUAL_USE ); + attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | + MBEDTLS_PSA_KA_MASK_DUAL_USE); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_key_slot_is_external( slot ) ) - psa_set_key_slot_number( attributes, - psa_key_slot_get_slot_number( slot ) ); + if (psa_key_slot_is_external(slot)) + psa_set_key_slot_number(attributes, + psa_key_slot_get_slot_number(slot)); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - switch( slot->attr.type ) - { + switch (slot->attr.type) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) case PSA_KEY_TYPE_RSA_KEY_PAIR: @@ -1292,7 +1227,7 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, * is not yet implemented. * https://github.com/ARMmbed/mbed-crypto/issues/216 */ - if( psa_key_slot_is_external( slot ) ) + if (psa_key_slot_is_external(slot)) break; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ { @@ -1302,14 +1237,14 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, slot->attr.type, slot->key.data, slot->key.bytes, - &rsa ); - if( status != PSA_SUCCESS ) + &rsa); + if (status != PSA_SUCCESS) break; - status = psa_get_rsa_public_exponent( rsa, - attributes ); - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + status = psa_get_rsa_public_exponent(rsa, + attributes); + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); } break; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || @@ -1319,73 +1254,64 @@ psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, break; } - if( status != PSA_SUCCESS ) - psa_reset_key_attributes( attributes ); + if (status != PSA_SUCCESS) + psa_reset_key_attributes(attributes); - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) psa_status_t psa_get_key_slot_number( const psa_key_attributes_t *attributes, - psa_key_slot_number_t *slot_number ) -{ - if( attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER ) - { + psa_key_slot_number_t *slot_number) { + if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) { *slot_number = attributes->slot_number; - return( PSA_SUCCESS ); - } - else - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_SUCCESS); + } else + return (PSA_ERROR_INVALID_ARGUMENT); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -static psa_status_t psa_export_key_buffer_internal( const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *data, - size_t data_size, - size_t *data_length ) -{ - if( key_buffer_size > data_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( data, key_buffer, key_buffer_size ); - memset( data + key_buffer_size, 0, - data_size - key_buffer_size ); +static psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *data, + size_t data_size, + size_t *data_length) { + if (key_buffer_size > data_size) + return (PSA_ERROR_BUFFER_TOO_SMALL); + memcpy(data, key_buffer, key_buffer_size); + memset(data + key_buffer_size, 0, + data_size - key_buffer_size); *data_length = key_buffer_size; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } psa_status_t psa_export_key_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ + uint8_t *data, size_t data_size, size_t *data_length) { psa_key_type_t type = attributes->core.type; - if( key_type_is_raw_bytes( type ) || - PSA_KEY_TYPE_IS_RSA( type ) || - PSA_KEY_TYPE_IS_ECC( type ) ) - { - return( psa_export_key_buffer_internal( + if (key_type_is_raw_bytes(type) || + PSA_KEY_TYPE_IS_RSA(type) || + PSA_KEY_TYPE_IS_ECC(type)) { + return (psa_export_key_buffer_internal( key_buffer, key_buffer_size, - data, data_size, data_length ) ); - } - else - { + data, data_size, data_length)); + } else { /* This shouldn't happen in the reference implementation, but it is valid for a special-purpose implementation to omit support for exporting certain key types. */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } } -psa_status_t psa_export_key( mbedtls_svc_key_id_t key, - uint8_t *data, - size_t data_size, - size_t *data_length ) -{ +psa_status_t psa_export_key(mbedtls_svc_key_id_t key, + uint8_t *data, + size_t data_size, + size_t *data_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; @@ -1393,8 +1319,8 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, /* Reject a zero-length output buffer now, since this can never be a * valid key representation. This way we know that data must be a valid * pointer and we can do things like memset(data, ..., data_size). */ - if( data_size == 0 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (data_size == 0) + return (PSA_ERROR_BUFFER_TOO_SMALL); /* Set the key to empty now, so that even when there are errors, we always * set data_length to a value between 0 and data_size. On error, setting @@ -1406,21 +1332,21 @@ psa_status_t psa_export_key( mbedtls_svc_key_id_t key, * which don't require any flag, but * psa_get_and_lock_key_slot_with_policy() takes care of this. */ - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_EXPORT, 0 ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot_with_policy(key, &slot, + PSA_KEY_USAGE_EXPORT, 0); + if (status != PSA_SUCCESS) + return (status); psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_driver_wrapper_export_key( &attributes, - slot->key.data, slot->key.bytes, - data, data_size, data_length ); + status = psa_driver_wrapper_export_key(&attributes, + slot->key.data, slot->key.bytes, + data, data_size, data_length); - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } psa_status_t psa_export_public_key_internal( @@ -1429,67 +1355,58 @@ psa_status_t psa_export_public_key_internal( size_t key_buffer_size, uint8_t *data, size_t data_size, - size_t *data_length ) -{ + size_t *data_length) { psa_key_type_t type = attributes->core.type; - if( PSA_KEY_TYPE_IS_RSA( type ) || PSA_KEY_TYPE_IS_ECC( type ) ) - { - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) - { + if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { /* Exporting public -> public */ - return( psa_export_key_buffer_internal( + return (psa_export_key_buffer_internal( key_buffer, key_buffer_size, - data, data_size, data_length ) ); + data, data_size, data_length)); } - if( PSA_KEY_TYPE_IS_RSA( type ) ) - { + if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - return( mbedtls_psa_rsa_export_public_key( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ) ); + return (mbedtls_psa_rsa_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length)); #else /* We don't know how to convert a private RSA key to public. */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ - } - else - { + } else { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) - return( mbedtls_psa_ecp_export_public_key( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ) ); + return (mbedtls_psa_ecp_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length)); #else /* We don't know how to convert a private ECC key to public */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } - } - else - { + } else { /* This shouldn't happen in the reference implementation, but it is valid for a special-purpose implementation to omit support for exporting certain key types. */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } } -psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, - uint8_t *data, - size_t data_size, - size_t *data_length ) -{ +psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, + uint8_t *data, + size_t data_size, + size_t *data_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; @@ -1497,8 +1414,8 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, /* Reject a zero-length output buffer now, since this can never be a * valid key representation. This way we know that data must be a valid * pointer and we can do things like memset(data, ..., data_size). */ - if( data_size == 0 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (data_size == 0) + return (PSA_ERROR_BUFFER_TOO_SMALL); /* Set the key to empty now, so that even when there are errors, we always * set data_length to a value between 0 and data_size. On error, setting @@ -1507,36 +1424,35 @@ psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key, *data_length = 0; /* Exporting a public key doesn't require a usage flag. */ - status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot_with_policy(key, &slot, 0, 0); + if (status != PSA_SUCCESS) + return (status); - if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; + if (! PSA_KEY_TYPE_IS_ASYMMETRIC(slot->attr.type)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } psa_key_attributes_t attributes = { .core = slot->attr }; status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length ); + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); exit: - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } #if defined(static_assert) -static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0, - "One or more key attribute flag is listed as both external-only and dual-use" ); -static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0, - "One or more key attribute flag is listed as both internal-only and dual-use" ); -static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0, - "One or more key attribute flag is listed as both internal-only and external-only" ); +static_assert((MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY &MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0, + "One or more key attribute flag is listed as both external-only and dual-use"); +static_assert((PSA_KA_MASK_INTERNAL_ONLY &MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0, + "One or more key attribute flag is listed as both internal-only and dual-use"); +static_assert((PSA_KA_MASK_INTERNAL_ONLY &MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0, + "One or more key attribute flag is listed as both internal-only and external-only"); #endif /** Validate that a key policy is internally well-formed. @@ -1545,18 +1461,17 @@ static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) * consistency of the policy with respect to other attributes of the key * such as the key type. */ -static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy ) -{ - if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_COPY | - PSA_KEY_USAGE_ENCRYPT | - PSA_KEY_USAGE_DECRYPT | - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_VERIFY_HASH | - PSA_KEY_USAGE_DERIVE ) ) != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); +static psa_status_t psa_validate_key_policy(const psa_key_policy_t *policy) { + if ((policy->usage & ~(PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_COPY | + PSA_KEY_USAGE_ENCRYPT | + PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_DERIVE)) != 0) + return (PSA_ERROR_INVALID_ARGUMENT); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Validate the internal consistency of key attributes. @@ -1574,49 +1489,45 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy ) */ static psa_status_t psa_validate_key_attributes( const psa_key_attributes_t *attributes, - psa_se_drv_table_entry_t **p_drv ) -{ + psa_se_drv_table_entry_t **p_drv) { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); - mbedtls_svc_key_id_t key = psa_get_key_id( attributes ); + psa_key_lifetime_t lifetime = psa_get_key_lifetime(attributes); + mbedtls_svc_key_id_t key = psa_get_key_id(attributes); - status = psa_validate_key_location( lifetime, p_drv ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_validate_key_location(lifetime, p_drv); + if (status != PSA_SUCCESS) + return (status); - status = psa_validate_key_persistence( lifetime ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_validate_key_persistence(lifetime); + if (status != PSA_SUCCESS) + return (status); - if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) - { - if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - } - else - { - status = psa_validate_key_id( psa_get_key_id( attributes ), 0 ); - if( status != PSA_SUCCESS ) - return( status ); + if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { + if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key) != 0) + return (PSA_ERROR_INVALID_ARGUMENT); + } else { + status = psa_validate_key_id(psa_get_key_id(attributes), 0); + if (status != PSA_SUCCESS) + return (status); } - status = psa_validate_key_policy( &attributes->core.policy ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_validate_key_policy(&attributes->core.policy); + if (status != PSA_SUCCESS) + return (status); /* Refuse to create overly large keys. * Note that this doesn't trigger on import if the attributes don't * explicitly specify a size (so psa_get_key_bits returns 0), so * psa_import_key() needs its own checks. */ - if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (psa_get_key_bits(attributes) > PSA_MAX_KEY_BITS) + return (PSA_ERROR_NOT_SUPPORTED); /* Reject invalid flags. These should not be reachable through the API. */ - if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | - MBEDTLS_PSA_KA_MASK_DUAL_USE ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | + MBEDTLS_PSA_KA_MASK_DUAL_USE)) + return (PSA_ERROR_INVALID_ARGUMENT); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Prepare a key slot to receive key material. @@ -1652,8 +1563,7 @@ static psa_status_t psa_start_key_creation( psa_key_creation_method_t method, const psa_key_attributes_t *attributes, psa_key_slot_t **p_slot, - psa_se_drv_table_entry_t **p_drv ) -{ + psa_se_drv_table_entry_t **p_drv) { psa_status_t status; psa_key_id_t volatile_key_id; psa_key_slot_t *slot; @@ -1661,13 +1571,13 @@ static psa_status_t psa_start_key_creation( (void) method; *p_drv = NULL; - status = psa_validate_key_attributes( attributes, p_drv ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_validate_key_attributes(attributes, p_drv); + if (status != PSA_SUCCESS) + return (status); - status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_empty_key_slot(&volatile_key_id, p_slot); + if (status != PSA_SUCCESS) + return (status); slot = *p_slot; /* We're storing the declared bit-size of the key. It's up to each @@ -1679,8 +1589,7 @@ static psa_status_t psa_start_key_creation( * definition. */ slot->attr = attributes->core; - if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) - { + if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) slot->attr.id = volatile_key_id; #else @@ -1713,40 +1622,36 @@ static psa_status_t psa_start_key_creation( * secure element driver updates its persistent state, but we do not yet * save the driver's persistent state, so that if the power fails, * we can roll back to a state where the key doesn't exist. */ - if( *p_drv != NULL ) - { + if (*p_drv != NULL) { psa_key_slot_number_t slot_number; - status = psa_find_se_slot_for_key( attributes, method, *p_drv, - &slot_number ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_find_se_slot_for_key(attributes, method, *p_drv, + &slot_number); + if (status != PSA_SUCCESS) + return (status); - if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) ) - { - psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY ); + if (! PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) { + psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY); psa_crypto_transaction.key.lifetime = slot->attr.lifetime; psa_crypto_transaction.key.slot = slot_number; psa_crypto_transaction.key.id = slot->attr.id; - status = psa_crypto_save_transaction( ); - if( status != PSA_SUCCESS ) - { - (void) psa_crypto_stop_transaction( ); - return( status ); + status = psa_crypto_save_transaction(); + if (status != PSA_SUCCESS) { + (void) psa_crypto_stop_transaction(); + return (status); } } status = psa_copy_key_material_into_slot( - slot, (uint8_t *)( &slot_number ), sizeof( slot_number ) ); + slot, (uint8_t *)(&slot_number), sizeof(slot_number)); } - if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER ) - { + if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) { /* Key registration only makes sense with a secure element. */ - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Finalize the creation of a key once its key material has been set. @@ -1782,40 +1687,36 @@ static psa_status_t psa_start_key_creation( static psa_status_t psa_finish_key_creation( psa_key_slot_t *slot, psa_se_drv_table_entry_t *driver, - mbedtls_svc_key_id_t *key) -{ + mbedtls_svc_key_id_t *key) { psa_status_t status = PSA_SUCCESS; (void) slot; (void) driver; #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) - { + if (! PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { + if (driver != NULL) { psa_se_key_data_storage_t data; psa_key_slot_number_t slot_number = - psa_key_slot_get_slot_number( slot ) ; + psa_key_slot_get_slot_number(slot) ; #if defined(static_assert) - static_assert( sizeof( slot_number ) == - sizeof( data.slot_number ), - "Slot number size does not match psa_se_key_data_storage_t" ); + static_assert(sizeof(slot_number) == + sizeof(data.slot_number), + "Slot number size does not match psa_se_key_data_storage_t"); #endif - memcpy( &data.slot_number, &slot_number, sizeof( slot_number ) ); - status = psa_save_persistent_key( &slot->attr, - (uint8_t*) &data, - sizeof( data ) ); - } - else + memcpy(&data.slot_number, &slot_number, sizeof(slot_number)); + status = psa_save_persistent_key(&slot->attr, + (uint8_t *) &data, + sizeof(data)); + } else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ { /* Key material is saved in export representation in the slot, so * just pass the slot buffer for storage. */ - status = psa_save_persistent_key( &slot->attr, - slot->key.data, - slot->key.bytes ); + status = psa_save_persistent_key(&slot->attr, + slot->key.data, + slot->key.bytes); } } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -1826,28 +1727,25 @@ static psa_status_t psa_finish_key_creation( * by checking whether a transaction is in progress (actual * creation of a persistent key in a secure element requires a transaction, * but registration or volatile key creation doesn't use one). */ - if( driver != NULL && - psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY ) - { - status = psa_save_se_persistent_data( driver ); - if( status != PSA_SUCCESS ) - { - psa_destroy_persistent_key( slot->attr.id ); - return( status ); + if (driver != NULL && + psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY) { + status = psa_save_se_persistent_data(driver); + if (status != PSA_SUCCESS) { + psa_destroy_persistent_key(slot->attr.id); + return (status); } - status = psa_crypto_stop_transaction( ); + status = psa_crypto_stop_transaction(); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( status == PSA_SUCCESS ) - { + if (status == PSA_SUCCESS) { *key = slot->attr.id; - status = psa_unlock_key_slot( slot ); - if( status != PSA_SUCCESS ) + status = psa_unlock_key_slot(slot); + if (status != PSA_SUCCESS) *key = MBEDTLS_SVC_KEY_ID_INIT; } - return( status ); + return (status); } /** Abort the creation of a key. @@ -1862,12 +1760,11 @@ static psa_status_t psa_finish_key_creation( * \param[in] driver The secure element driver for the key, * or NULL for a transparent key. */ -static void psa_fail_key_creation( psa_key_slot_t *slot, - psa_se_drv_table_entry_t *driver ) -{ +static void psa_fail_key_creation(psa_key_slot_t *slot, + psa_se_drv_table_entry_t *driver) { (void) driver; - if( slot == NULL ) + if (slot == NULL) return; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1884,10 +1781,10 @@ static void psa_fail_key_creation( psa_key_slot_t *slot, * Earlier functions must already have done what it takes to undo any * partial creation. All that's left is to update the transaction data * itself. */ - (void) psa_crypto_stop_transaction( ); + (void) psa_crypto_stop_transaction(); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - psa_wipe_key_slot( slot ); + psa_wipe_key_slot(slot); } /** Validate optional attributes during key creation. @@ -1901,20 +1798,16 @@ static void psa_fail_key_creation( psa_key_slot_t *slot, */ static psa_status_t psa_validate_optional_attributes( const psa_key_slot_t *slot, - const psa_key_attributes_t *attributes ) -{ - if( attributes->core.type != 0 ) - { - if( attributes->core.type != slot->attr.type ) - return( PSA_ERROR_INVALID_ARGUMENT ); + const psa_key_attributes_t *attributes) { + if (attributes->core.type != 0) { + if (attributes->core.type != slot->attr.type) + return (PSA_ERROR_INVALID_ARGUMENT); } - if( attributes->domain_parameters_size != 0 ) - { + if (attributes->domain_parameters_size != 0) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { + if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) { mbedtls_rsa_context *rsa = NULL; mbedtls_mpi actual, required; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1923,53 +1816,50 @@ static psa_status_t psa_validate_optional_attributes( slot->attr.type, slot->key.data, slot->key.bytes, - &rsa ); - if( status != PSA_SUCCESS ) - return( status ); + &rsa); + if (status != PSA_SUCCESS) + return (status); - mbedtls_mpi_init( &actual ); - mbedtls_mpi_init( &required ); - ret = mbedtls_rsa_export( rsa, - NULL, NULL, NULL, NULL, &actual ); - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - if( ret != 0 ) + mbedtls_mpi_init(&actual); + mbedtls_mpi_init(&required); + ret = mbedtls_rsa_export(rsa, + NULL, NULL, NULL, NULL, &actual); + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); + if (ret != 0) goto rsa_exit; - ret = mbedtls_mpi_read_binary( &required, - attributes->domain_parameters, - attributes->domain_parameters_size ); - if( ret != 0 ) + ret = mbedtls_mpi_read_binary(&required, + attributes->domain_parameters, + attributes->domain_parameters_size); + if (ret != 0) goto rsa_exit; - if( mbedtls_mpi_cmp_mpi( &actual, &required ) != 0 ) + if (mbedtls_mpi_cmp_mpi(&actual, &required) != 0) ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - rsa_exit: - mbedtls_mpi_free( &actual ); - mbedtls_mpi_free( &required ); - if( ret != 0) - return( mbedtls_to_psa_error( ret ) ); - } - else +rsa_exit: + mbedtls_mpi_free(&actual); + mbedtls_mpi_free(&required); + if (ret != 0) + return (mbedtls_to_psa_error(ret)); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } } - if( attributes->core.bits != 0 ) - { - if( attributes->core.bits != slot->attr.bits ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (attributes->core.bits != 0) { + if (attributes->core.bits != slot->attr.bits) + return (PSA_ERROR_INVALID_ARGUMENT); } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_import_key( const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - mbedtls_svc_key_id_t *key ) -{ +psa_status_t psa_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; @@ -1980,58 +1870,55 @@ psa_status_t psa_import_key( const psa_key_attributes_t *attributes, /* Reject zero-length symmetric keys (including raw data key objects). * This also rejects any key which might be encoded as an empty string, * which is never valid. */ - if( data_length == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (data_length == 0) + return (PSA_ERROR_INVALID_ARGUMENT); - status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes, - &slot, &driver ); - if( status != PSA_SUCCESS ) + status = psa_start_key_creation(PSA_KEY_CREATION_IMPORT, attributes, + &slot, &driver); + if (status != PSA_SUCCESS) goto exit; /* In the case of a transparent key or an opaque key stored in local * storage (thus not in the case of generating a key in a secure element * or cryptoprocessor with storage), we have to allocate a buffer to * hold the generated key material. */ - if( slot->key.data == NULL ) - { - status = psa_allocate_buffer_to_slot( slot, data_length ); - if( status != PSA_SUCCESS ) + if (slot->key.data == NULL) { + status = psa_allocate_buffer_to_slot(slot, data_length); + if (status != PSA_SUCCESS) goto exit; } bits = slot->attr.bits; - status = psa_driver_wrapper_import_key( attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits ); - if( status != PSA_SUCCESS ) + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + if (status != PSA_SUCCESS) goto exit; - if( slot->attr.bits == 0 ) + if (slot->attr.bits == 0) slot->attr.bits = (psa_key_bits_t) bits; - else if( bits != slot->attr.bits ) - { + else if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - status = psa_validate_optional_attributes( slot, attributes ); - if( status != PSA_SUCCESS ) + status = psa_validate_optional_attributes(slot, attributes); + if (status != PSA_SUCCESS) goto exit; - status = psa_finish_key_creation( slot, driver, key ); + status = psa_finish_key_creation(slot, driver, key); exit: - if( status != PSA_SUCCESS ) - psa_fail_key_creation( slot, driver ); + if (status != PSA_SUCCESS) + psa_fail_key_creation(slot, driver); - return( status ); + return (status); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) psa_status_t mbedtls_psa_register_se_key( - const psa_key_attributes_t *attributes ) -{ + const psa_key_attributes_t *attributes) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; @@ -2041,47 +1928,45 @@ psa_status_t mbedtls_psa_register_se_key( * It could make sense to query the key type and size from the * secure element, but not all secure elements support this * and the driver HAL doesn't currently support it. */ - if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_NONE ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( psa_get_key_bits( attributes ) == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (psa_get_key_type(attributes) == PSA_KEY_TYPE_NONE) + return (PSA_ERROR_NOT_SUPPORTED); + if (psa_get_key_bits(attributes) == 0) + return (PSA_ERROR_NOT_SUPPORTED); - status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes, - &slot, &driver ); - if( status != PSA_SUCCESS ) + status = psa_start_key_creation(PSA_KEY_CREATION_REGISTER, attributes, + &slot, &driver); + if (status != PSA_SUCCESS) goto exit; - status = psa_finish_key_creation( slot, driver, &key ); + status = psa_finish_key_creation(slot, driver, &key); exit: - if( status != PSA_SUCCESS ) - psa_fail_key_creation( slot, driver ); + if (status != PSA_SUCCESS) + psa_fail_key_creation(slot, driver); /* Registration doesn't keep the key in RAM. */ - psa_close_key( key ); - return( status ); + psa_close_key(key); + return (status); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -static psa_status_t psa_copy_key_material( const psa_key_slot_t *source, - psa_key_slot_t *target ) -{ - psa_status_t status = psa_copy_key_material_into_slot( target, - source->key.data, - source->key.bytes ); - if( status != PSA_SUCCESS ) - return( status ); +static psa_status_t psa_copy_key_material(const psa_key_slot_t *source, + psa_key_slot_t *target) { + psa_status_t status = psa_copy_key_material_into_slot(target, + source->key.data, + source->key.bytes); + if (status != PSA_SUCCESS) + return (status); target->attr.type = source->attr.type; target->attr.bits = source->attr.bits; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, - const psa_key_attributes_t *specified_attributes, - mbedtls_svc_key_id_t *target_key ) -{ +psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, + const psa_key_attributes_t *specified_attributes, + mbedtls_svc_key_id_t *target_key) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *source_slot = NULL; @@ -2092,47 +1977,46 @@ psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key, *target_key = MBEDTLS_SVC_KEY_ID_INIT; status = psa_get_and_lock_transparent_key_slot_with_policy( - source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 ); - if( status != PSA_SUCCESS ) + source_key, &source_slot, PSA_KEY_USAGE_COPY, 0); + if (status != PSA_SUCCESS) goto exit; - status = psa_validate_optional_attributes( source_slot, - specified_attributes ); - if( status != PSA_SUCCESS ) + status = psa_validate_optional_attributes(source_slot, + specified_attributes); + if (status != PSA_SUCCESS) goto exit; - status = psa_restrict_key_policy( source_slot->attr.type, - &actual_attributes.core.policy, - &source_slot->attr.policy ); - if( status != PSA_SUCCESS ) + status = psa_restrict_key_policy(source_slot->attr.type, + &actual_attributes.core.policy, + &source_slot->attr.policy); + if (status != PSA_SUCCESS) goto exit; - status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes, - &target_slot, &driver ); - if( status != PSA_SUCCESS ) + status = psa_start_key_creation(PSA_KEY_CREATION_COPY, &actual_attributes, + &target_slot, &driver); + if (status != PSA_SUCCESS) goto exit; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { + if (driver != NULL) { /* Copying to a secure element is not implemented yet. */ status = PSA_ERROR_NOT_SUPPORTED; goto exit; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_copy_key_material( source_slot, target_slot ); - if( status != PSA_SUCCESS ) + status = psa_copy_key_material(source_slot, target_slot); + if (status != PSA_SUCCESS) goto exit; - status = psa_finish_key_creation( target_slot, driver, target_key ); + status = psa_finish_key_creation(target_slot, driver, target_key); exit: - if( status != PSA_SUCCESS ) - psa_fail_key_creation( target_slot, driver ); + if (status != PSA_SUCCESS) + psa_fail_key_creation(target_slot, driver); - unlock_status = psa_unlock_key_slot( source_slot ); + unlock_status = psa_unlock_key_slot(source_slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } @@ -2145,48 +2029,46 @@ exit: defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) -{ - switch( alg ) - { +const mbedtls_md_info_t *mbedtls_md_info_from_psa(psa_algorithm_t alg) { + switch (alg) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: - return( &mbedtls_md2_info ); + return (&mbedtls_md2_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: - return( &mbedtls_md4_info ); + return (&mbedtls_md4_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: - return( &mbedtls_md5_info ); + return (&mbedtls_md5_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - return( &mbedtls_ripemd160_info ); + return (&mbedtls_ripemd160_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - return( &mbedtls_sha1_info ); + return (&mbedtls_sha1_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - return( &mbedtls_sha224_info ); + return (&mbedtls_sha224_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - return( &mbedtls_sha256_info ); + return (&mbedtls_sha256_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - return( &mbedtls_sha384_info ); + return (&mbedtls_sha384_info); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - return( &mbedtls_sha512_info ); + return (&mbedtls_sha512_info); #endif default: - return( NULL ); + return (NULL); } } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || @@ -2194,10 +2076,8 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) -{ - switch( operation->alg ) - { +psa_status_t psa_hash_abort(psa_hash_operation_t *operation) { + switch (operation->alg) { case 0: /* The object has (apparently) been initialized but it is not * in use. It's ok to call abort on such an object, and there's @@ -2205,220 +2085,214 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) break; #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: - mbedtls_md2_free( &operation->ctx.md2 ); + mbedtls_md2_free(&operation->ctx.md2); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: - mbedtls_md4_free( &operation->ctx.md4 ); + mbedtls_md4_free(&operation->ctx.md4); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: - mbedtls_md5_free( &operation->ctx.md5 ); + mbedtls_md5_free(&operation->ctx.md5); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - mbedtls_ripemd160_free( &operation->ctx.ripemd160 ); + mbedtls_ripemd160_free(&operation->ctx.ripemd160); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - mbedtls_sha1_free( &operation->ctx.sha1 ); + mbedtls_sha1_free(&operation->ctx.sha1); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - mbedtls_sha256_free( &operation->ctx.sha256 ); + mbedtls_sha256_free(&operation->ctx.sha256); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - mbedtls_sha256_free( &operation->ctx.sha256 ); + mbedtls_sha256_free(&operation->ctx.sha256); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - mbedtls_sha512_free( &operation->ctx.sha512 ); + mbedtls_sha512_free(&operation->ctx.sha512); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - mbedtls_sha512_free( &operation->ctx.sha512 ); + mbedtls_sha512_free(&operation->ctx.sha512); break; #endif default: - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } operation->alg = 0; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_hash_setup( psa_hash_operation_t *operation, - psa_algorithm_t alg ) -{ +psa_status_t psa_hash_setup(psa_hash_operation_t *operation, + psa_algorithm_t alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->alg != 0) { + return (PSA_ERROR_BAD_STATE); } - switch( alg ) - { + switch (alg) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: - mbedtls_md2_init( &operation->ctx.md2 ); - ret = mbedtls_md2_starts_ret( &operation->ctx.md2 ); + mbedtls_md2_init(&operation->ctx.md2); + ret = mbedtls_md2_starts_ret(&operation->ctx.md2); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: - mbedtls_md4_init( &operation->ctx.md4 ); - ret = mbedtls_md4_starts_ret( &operation->ctx.md4 ); + mbedtls_md4_init(&operation->ctx.md4); + ret = mbedtls_md4_starts_ret(&operation->ctx.md4); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: - mbedtls_md5_init( &operation->ctx.md5 ); - ret = mbedtls_md5_starts_ret( &operation->ctx.md5 ); + mbedtls_md5_init(&operation->ctx.md5); + ret = mbedtls_md5_starts_ret(&operation->ctx.md5); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - mbedtls_ripemd160_init( &operation->ctx.ripemd160 ); - ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 ); + mbedtls_ripemd160_init(&operation->ctx.ripemd160); + ret = mbedtls_ripemd160_starts_ret(&operation->ctx.ripemd160); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - mbedtls_sha1_init( &operation->ctx.sha1 ); - ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 ); + mbedtls_sha1_init(&operation->ctx.sha1); + ret = mbedtls_sha1_starts_ret(&operation->ctx.sha1); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - mbedtls_sha256_init( &operation->ctx.sha256 ); - ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 ); + mbedtls_sha256_init(&operation->ctx.sha256); + ret = mbedtls_sha256_starts_ret(&operation->ctx.sha256, 1); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - mbedtls_sha256_init( &operation->ctx.sha256 ); - ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 ); + mbedtls_sha256_init(&operation->ctx.sha256); + ret = mbedtls_sha256_starts_ret(&operation->ctx.sha256, 0); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - mbedtls_sha512_init( &operation->ctx.sha512 ); - ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 ); + mbedtls_sha512_init(&operation->ctx.sha512); + ret = mbedtls_sha512_starts_ret(&operation->ctx.sha512, 1); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - mbedtls_sha512_init( &operation->ctx.sha512 ); - ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 ); + mbedtls_sha512_init(&operation->ctx.sha512); + ret = mbedtls_sha512_starts_ret(&operation->ctx.sha512, 0); break; #endif default: - return( PSA_ALG_IS_HASH( alg ) ? + return (PSA_ALG_IS_HASH(alg) ? PSA_ERROR_NOT_SUPPORTED : - PSA_ERROR_INVALID_ARGUMENT ); + PSA_ERROR_INVALID_ARGUMENT); } - if( ret == 0 ) + if (ret == 0) operation->alg = alg; else - psa_hash_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); + psa_hash_abort(operation); + return (mbedtls_to_psa_error(ret)); } -psa_status_t psa_hash_update( psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ +psa_status_t psa_hash_update(psa_hash_operation_t *operation, + const uint8_t *input, + size_t input_length) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Don't require hash implementations to behave correctly on a * zero-length input, which may have an invalid pointer. */ - if( input_length == 0 ) - return( PSA_SUCCESS ); + if (input_length == 0) + return (PSA_SUCCESS); - switch( operation->alg ) - { + switch (operation->alg) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: - ret = mbedtls_md2_update_ret( &operation->ctx.md2, - input, input_length ); + ret = mbedtls_md2_update_ret(&operation->ctx.md2, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: - ret = mbedtls_md4_update_ret( &operation->ctx.md4, - input, input_length ); + ret = mbedtls_md4_update_ret(&operation->ctx.md4, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: - ret = mbedtls_md5_update_ret( &operation->ctx.md5, - input, input_length ); + ret = mbedtls_md5_update_ret(&operation->ctx.md5, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160, - input, input_length ); + ret = mbedtls_ripemd160_update_ret(&operation->ctx.ripemd160, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - ret = mbedtls_sha1_update_ret( &operation->ctx.sha1, - input, input_length ); + ret = mbedtls_sha1_update_ret(&operation->ctx.sha1, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - ret = mbedtls_sha256_update_ret( &operation->ctx.sha256, - input, input_length ); + ret = mbedtls_sha256_update_ret(&operation->ctx.sha256, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - ret = mbedtls_sha256_update_ret( &operation->ctx.sha256, - input, input_length ); + ret = mbedtls_sha256_update_ret(&operation->ctx.sha256, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - ret = mbedtls_sha512_update_ret( &operation->ctx.sha512, - input, input_length ); + ret = mbedtls_sha512_update_ret(&operation->ctx.sha512, + input, input_length); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - ret = mbedtls_sha512_update_ret( &operation->ctx.sha512, - input, input_length ); + ret = mbedtls_sha512_update_ret(&operation->ctx.sha512, + input, input_length); break; #endif default: (void)input; - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } - if( ret != 0 ) - psa_hash_abort( operation ); - return( mbedtls_to_psa_error( ret ) ); + if (ret != 0) + psa_hash_abort(operation); + return (mbedtls_to_psa_error(ret)); } -psa_status_t psa_hash_finish( psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length ) -{ +psa_status_t psa_hash_finish(psa_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t actual_hash_length = PSA_HASH_LENGTH( operation->alg ); + size_t actual_hash_length = PSA_HASH_LENGTH(operation->alg); /* Fill the output buffer with something that isn't a valid hash * (barring an attack on the hash and deliberately-crafted input), @@ -2426,220 +2300,210 @@ psa_status_t psa_hash_finish( psa_hash_operation_t *operation, *hash_length = hash_size; /* If hash_size is 0 then hash may be NULL and then the * call to memset would have undefined behavior. */ - if( hash_size != 0 ) - memset( hash, '!', hash_size ); + if (hash_size != 0) + memset(hash, '!', hash_size); - if( hash_size < actual_hash_length ) - { + if (hash_size < actual_hash_length) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } - switch( operation->alg ) - { + switch (operation->alg) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: - ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash ); + ret = mbedtls_md2_finish_ret(&operation->ctx.md2, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: - ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash ); + ret = mbedtls_md4_finish_ret(&operation->ctx.md4, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: - ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash ); + ret = mbedtls_md5_finish_ret(&operation->ctx.md5, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash ); + ret = mbedtls_ripemd160_finish_ret(&operation->ctx.ripemd160, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash ); + ret = mbedtls_sha1_finish_ret(&operation->ctx.sha1, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash ); + ret = mbedtls_sha256_finish_ret(&operation->ctx.sha256, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash ); + ret = mbedtls_sha256_finish_ret(&operation->ctx.sha256, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash ); + ret = mbedtls_sha512_finish_ret(&operation->ctx.sha512, hash); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash ); + ret = mbedtls_sha512_finish_ret(&operation->ctx.sha512, hash); break; #endif default: - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } - status = mbedtls_to_psa_error( ret ); + status = mbedtls_to_psa_error(ret); exit: - if( status == PSA_SUCCESS ) - { + if (status == PSA_SUCCESS) { *hash_length = actual_hash_length; - return( psa_hash_abort( operation ) ); - } - else - { - psa_hash_abort( operation ); - return( status ); + return (psa_hash_abort(operation)); + } else { + psa_hash_abort(operation); + return (status); } } -psa_status_t psa_hash_verify( psa_hash_operation_t *operation, - const uint8_t *hash, - size_t hash_length ) -{ +psa_status_t psa_hash_verify(psa_hash_operation_t *operation, + const uint8_t *hash, + size_t hash_length) { uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE]; size_t actual_hash_length; - psa_status_t status = psa_hash_finish( operation, - actual_hash, sizeof( actual_hash ), - &actual_hash_length ); - if( status != PSA_SUCCESS ) - return( status ); - if( actual_hash_length != hash_length ) - return( PSA_ERROR_INVALID_SIGNATURE ); - if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) - return( PSA_ERROR_INVALID_SIGNATURE ); - return( PSA_SUCCESS ); + psa_status_t status = psa_hash_finish(operation, + actual_hash, sizeof(actual_hash), + &actual_hash_length); + if (status != PSA_SUCCESS) + return (status); + if (actual_hash_length != hash_length) + return (PSA_ERROR_INVALID_SIGNATURE); + if (safer_memcmp(hash, actual_hash, actual_hash_length) != 0) + return (PSA_ERROR_INVALID_SIGNATURE); + return (PSA_SUCCESS); } -psa_status_t psa_hash_compute( psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - uint8_t *hash, size_t hash_size, - size_t *hash_length ) -{ +psa_status_t psa_hash_compute(psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *hash, size_t hash_size, + size_t *hash_length) { psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *hash_length = hash_size; - status = psa_hash_setup( &operation, alg ); - if( status != PSA_SUCCESS ) + status = psa_hash_setup(&operation, alg); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_update( &operation, input, input_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&operation, input, input_length); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_finish( &operation, hash, hash_size, hash_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_finish(&operation, hash, hash_size, hash_length); + if (status != PSA_SUCCESS) goto exit; exit: - if( status == PSA_SUCCESS ) - status = psa_hash_abort( &operation ); + if (status == PSA_SUCCESS) + status = psa_hash_abort(&operation); else - psa_hash_abort( &operation ); - return( status ); + psa_hash_abort(&operation); + return (status); } -psa_status_t psa_hash_compare( psa_algorithm_t alg, - const uint8_t *input, size_t input_length, - const uint8_t *hash, size_t hash_length ) -{ +psa_status_t psa_hash_compare(psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + const uint8_t *hash, size_t hash_length) { psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - status = psa_hash_setup( &operation, alg ); - if( status != PSA_SUCCESS ) + status = psa_hash_setup(&operation, alg); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_update( &operation, input, input_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&operation, input, input_length); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_verify( &operation, hash, hash_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_verify(&operation, hash, hash_length); + if (status != PSA_SUCCESS) goto exit; exit: - if( status == PSA_SUCCESS ) - status = psa_hash_abort( &operation ); + if (status == PSA_SUCCESS) + status = psa_hash_abort(&operation); else - psa_hash_abort( &operation ); - return( status ); + psa_hash_abort(&operation); + return (status); } -psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation ) -{ - if( target_operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); +psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, + psa_hash_operation_t *target_operation) { + if (target_operation->alg != 0) + return (PSA_ERROR_BAD_STATE); - switch( source_operation->alg ) - { + switch (source_operation->alg) { case 0: - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) case PSA_ALG_MD2: - mbedtls_md2_clone( &target_operation->ctx.md2, - &source_operation->ctx.md2 ); + mbedtls_md2_clone(&target_operation->ctx.md2, + &source_operation->ctx.md2); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) case PSA_ALG_MD4: - mbedtls_md4_clone( &target_operation->ctx.md4, - &source_operation->ctx.md4 ); + mbedtls_md4_clone(&target_operation->ctx.md4, + &source_operation->ctx.md4); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) case PSA_ALG_MD5: - mbedtls_md5_clone( &target_operation->ctx.md5, - &source_operation->ctx.md5 ); + mbedtls_md5_clone(&target_operation->ctx.md5, + &source_operation->ctx.md5); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160, - &source_operation->ctx.ripemd160 ); + mbedtls_ripemd160_clone(&target_operation->ctx.ripemd160, + &source_operation->ctx.ripemd160); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - mbedtls_sha1_clone( &target_operation->ctx.sha1, - &source_operation->ctx.sha1 ); + mbedtls_sha1_clone(&target_operation->ctx.sha1, + &source_operation->ctx.sha1); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - mbedtls_sha256_clone( &target_operation->ctx.sha256, - &source_operation->ctx.sha256 ); + mbedtls_sha256_clone(&target_operation->ctx.sha256, + &source_operation->ctx.sha256); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - mbedtls_sha256_clone( &target_operation->ctx.sha256, - &source_operation->ctx.sha256 ); + mbedtls_sha256_clone(&target_operation->ctx.sha256, + &source_operation->ctx.sha256); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - mbedtls_sha512_clone( &target_operation->ctx.sha512, - &source_operation->ctx.sha512 ); + mbedtls_sha512_clone(&target_operation->ctx.sha512, + &source_operation->ctx.sha512); break; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - mbedtls_sha512_clone( &target_operation->ctx.sha512, - &source_operation->ctx.sha512 ); + mbedtls_sha512_clone(&target_operation->ctx.sha512, + &source_operation->ctx.sha512); break; #endif default: - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } target_operation->alg = source_operation->alg; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } @@ -2651,18 +2515,15 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits, - mbedtls_cipher_id_t* cipher_id ) -{ + mbedtls_cipher_id_t *cipher_id) { mbedtls_cipher_mode_t mode; mbedtls_cipher_id_t cipher_id_tmp; - if( PSA_ALG_IS_AEAD( alg ) ) - alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ); + if (PSA_ALG_IS_AEAD(alg)) + alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0); - if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ) - { - switch( alg ) - { + if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg)) { + switch (alg) { case PSA_ALG_STREAM_CIPHER: mode = MBEDTLS_MODE_STREAM; break; @@ -2684,40 +2545,38 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_CBC_PKCS7: mode = MBEDTLS_MODE_CBC; break; - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): + case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0): mode = MBEDTLS_MODE_CCM; break; - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): + case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0): mode = MBEDTLS_MODE_GCM; break; - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): + case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0): mode = MBEDTLS_MODE_CHACHAPOLY; break; default: - return( NULL ); + return (NULL); } - } - else if( alg == PSA_ALG_CMAC ) + } else if (alg == PSA_ALG_CMAC) mode = MBEDTLS_MODE_ECB; else - return( NULL ); + return (NULL); - switch( key_type ) - { + switch (key_type) { case PSA_KEY_TYPE_AES: cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; break; case PSA_KEY_TYPE_DES: /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, * and 192 for three-key Triple-DES. */ - if( key_bits == 64 ) + if (key_bits == 64) cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; else cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; /* mbedtls doesn't recognize two-key Triple-DES as an algorithm, * but two-key Triple-DES is functionally three-key Triple-DES * with K1=K3, so that's how we present it to mbedtls. */ - if( key_bits == 128 ) + if (key_bits == 128) key_bits = 192; break; case PSA_KEY_TYPE_CAMELLIA: @@ -2730,52 +2589,49 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; break; default: - return( NULL ); + return (NULL); } - if( cipher_id != NULL ) + if (cipher_id != NULL) *cipher_id = cipher_id_tmp; - return( mbedtls_cipher_info_from_values( cipher_id_tmp, - (int) key_bits, mode ) ); + return (mbedtls_cipher_info_from_values(cipher_id_tmp, + (int) key_bits, mode)); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static size_t psa_get_hash_block_size( psa_algorithm_t alg ) -{ - switch( alg ) - { +static size_t psa_get_hash_block_size(psa_algorithm_t alg) { + switch (alg) { case PSA_ALG_MD2: - return( 16 ); + return (16); case PSA_ALG_MD4: - return( 64 ); + return (64); case PSA_ALG_MD5: - return( 64 ); + return (64); case PSA_ALG_RIPEMD160: - return( 64 ); + return (64); case PSA_ALG_SHA_1: - return( 64 ); + return (64); case PSA_ALG_SHA_224: - return( 64 ); + return (64); case PSA_ALG_SHA_256: - return( 64 ); + return (64); case PSA_ALG_SHA_384: - return( 128 ); + return (128); case PSA_ALG_SHA_512: - return( 128 ); + return (128); default: - return( 0 ); + return (0); } } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) */ /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ -static psa_status_t psa_mac_init( psa_mac_operation_t *operation, - psa_algorithm_t alg ) -{ +static psa_status_t psa_mac_init(psa_mac_operation_t *operation, + psa_algorithm_t alg) { psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); + operation->alg = PSA_ALG_FULL_LENGTH_MAC(alg); operation->key_set = 0; operation->iv_set = 0; operation->iv_required = 0; @@ -2783,70 +2639,58 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation, operation->is_sign = 0; #if defined(MBEDTLS_CMAC_C) - if( operation->alg == PSA_ALG_CMAC ) - { + if (operation->alg == PSA_ALG_CMAC) { operation->iv_required = 0; - mbedtls_cipher_init( &operation->ctx.cmac ); + mbedtls_cipher_init(&operation->ctx.cmac); status = PSA_SUCCESS; - } - else + } else #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - /* We'll set up the hash operation later in psa_hmac_setup_internal. */ - operation->ctx.hmac.hash_ctx.alg = 0; - status = PSA_SUCCESS; - } - else + if (PSA_ALG_IS_HMAC(operation->alg)) { + /* We'll set up the hash operation later in psa_hmac_setup_internal. */ + operation->ctx.hmac.hash_ctx.alg = 0; + status = PSA_SUCCESS; + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - if( ! PSA_ALG_IS_MAC( alg ) ) - status = PSA_ERROR_INVALID_ARGUMENT; - } + { + if (! PSA_ALG_IS_MAC(alg)) + status = PSA_ERROR_INVALID_ARGUMENT; + } - if( status != PSA_SUCCESS ) - memset( operation, 0, sizeof( *operation ) ); - return( status ); + if (status != PSA_SUCCESS) + memset(operation, 0, sizeof(*operation)); + return (status); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) -{ - mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); - return( psa_hash_abort( &hmac->hash_ctx ) ); +static psa_status_t psa_hmac_abort_internal(psa_hmac_internal_data *hmac) { + mbedtls_platform_zeroize(hmac->opad, sizeof(hmac->opad)); + return (psa_hash_abort(&hmac->hash_ctx)); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) -{ - if( operation->alg == 0 ) - { +psa_status_t psa_mac_abort(psa_mac_operation_t *operation) { + if (operation->alg == 0) { /* The object has (apparently) been initialized but it is not * in use. It's ok to call abort on such an object, and there's * nothing to do. */ - return( PSA_SUCCESS ); - } - else + return (PSA_SUCCESS); + } else #if defined(MBEDTLS_CMAC_C) - if( operation->alg == PSA_ALG_CMAC ) - { - mbedtls_cipher_free( &operation->ctx.cmac ); - } - else + if (operation->alg == PSA_ALG_CMAC) { + mbedtls_cipher_free(&operation->ctx.cmac); + } else #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - psa_hmac_abort_internal( &operation->ctx.hmac ); - } - else + if (PSA_ALG_IS_HMAC(operation->alg)) { + psa_hmac_abort_internal(&operation->ctx.hmac); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* Sanity check (shouldn't happen: operation->alg should - * always have been initialized to a valid value). */ - goto bad_state; - } + { + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + goto bad_state; + } operation->alg = 0; operation->key_set = 0; @@ -2855,51 +2699,49 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) operation->has_input = 0; operation->is_sign = 0; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); bad_state: /* If abort is called on an uninitialized object, we can't trust * anything. Wipe the object in case it contains confidential data. * This may result in a memory leak if a pointer gets overwritten, * but it's too late to do anything about this. */ - memset( operation, 0, sizeof( *operation ) ); - return( PSA_ERROR_BAD_STATE ); + memset(operation, 0, sizeof(*operation)); + return (PSA_ERROR_BAD_STATE); } #if defined(MBEDTLS_CMAC_C) -static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation, - psa_key_slot_t *slot ) -{ +static psa_status_t psa_cmac_setup(psa_mac_operation_t *operation, + psa_key_slot_t *slot) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info = - mbedtls_cipher_info_from_psa( PSA_ALG_CMAC, - slot->attr.type, slot->attr.bits, - NULL ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_cipher_info_from_psa(PSA_ALG_CMAC, + slot->attr.type, slot->attr.bits, + NULL); + if (cipher_info == NULL) + return (PSA_ERROR_NOT_SUPPORTED); - ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); - if( ret != 0 ) + ret = mbedtls_cipher_setup(&operation->ctx.cmac, cipher_info); + if (ret != 0) goto exit; - ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, - slot->key.data, - slot->attr.bits ); + ret = mbedtls_cipher_cmac_starts(&operation->ctx.cmac, + slot->key.data, + slot->attr.bits); exit: - return( mbedtls_to_psa_error( ret ) ); + return (mbedtls_to_psa_error(ret)); } #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, - const uint8_t *key, - size_t key_length, - psa_algorithm_t hash_alg ) -{ +static psa_status_t psa_hmac_setup_internal(psa_hmac_internal_data *hmac, + const uint8_t *key, + size_t key_length, + psa_algorithm_t hash_alg) { uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; size_t i; - size_t hash_size = PSA_HASH_LENGTH( hash_alg ); - size_t block_size = psa_get_hash_block_size( hash_alg ); + size_t hash_size = PSA_HASH_LENGTH(hash_alg); + size_t block_size = psa_get_hash_block_size(hash_alg); psa_status_t status; /* Sanity checks on block_size, to guarantee that there won't be a buffer @@ -2908,57 +2750,55 @@ static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, /* The size checks against the ipad and opad buffers cannot be written * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )` * because that triggers -Wlogical-op on GCC 7.3. */ - if( block_size > sizeof( ipad ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( block_size > sizeof( hmac->opad ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( block_size < hash_size ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (block_size > sizeof(ipad)) + return (PSA_ERROR_NOT_SUPPORTED); + if (block_size > sizeof(hmac->opad)) + return (PSA_ERROR_NOT_SUPPORTED); + if (block_size < hash_size) + return (PSA_ERROR_NOT_SUPPORTED); - if( key_length > block_size ) - { - status = psa_hash_compute( hash_alg, key, key_length, - ipad, sizeof( ipad ), &key_length ); - if( status != PSA_SUCCESS ) + if (key_length > block_size) { + status = psa_hash_compute(hash_alg, key, key_length, + ipad, sizeof(ipad), &key_length); + if (status != PSA_SUCCESS) goto cleanup; } /* A 0-length key is not commonly used in HMAC when used as a MAC, * but it is permitted. It is common when HMAC is used in HKDF, for * example. Don't call `memcpy` in the 0-length because `key` could be * an invalid pointer which would make the behavior undefined. */ - else if( key_length != 0 ) - memcpy( ipad, key, key_length ); + else if (key_length != 0) + memcpy(ipad, key, key_length); /* ipad contains the key followed by garbage. Xor and fill with 0x36 * to create the ipad value. */ - for( i = 0; i < key_length; i++ ) + for (i = 0; i < key_length; i++) ipad[i] ^= 0x36; - memset( ipad + key_length, 0x36, block_size - key_length ); + memset(ipad + key_length, 0x36, block_size - key_length); /* Copy the key material from ipad to opad, flipping the requisite bits, * and filling the rest of opad with the requisite constant. */ - for( i = 0; i < key_length; i++ ) + for (i = 0; i < key_length; i++) hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C; - memset( hmac->opad + key_length, 0x5C, block_size - key_length ); + memset(hmac->opad + key_length, 0x5C, block_size - key_length); - status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); - if( status != PSA_SUCCESS ) + status = psa_hash_setup(&hmac->hash_ctx, hash_alg); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hash_update( &hmac->hash_ctx, ipad, block_size ); + status = psa_hash_update(&hmac->hash_ctx, ipad, block_size); cleanup: - mbedtls_platform_zeroize( ipad, sizeof( ipad ) ); + mbedtls_platform_zeroize(ipad, sizeof(ipad)); - return( status ); + return (status); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - int is_sign ) -{ +static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + int is_sign) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; @@ -2966,34 +2806,32 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->alg != 0) { + return (PSA_ERROR_BAD_STATE); } - status = psa_mac_init( operation, alg ); - if( status != PSA_SUCCESS ) - return( status ); - if( is_sign ) + status = psa_mac_init(operation, alg); + if (status != PSA_SUCCESS) + return (status); + if (is_sign) operation->is_sign = 1; status = psa_get_and_lock_transparent_key_slot_with_policy( - key, &slot, usage, alg ); - if( status != PSA_SUCCESS ) + key, &slot, usage, alg); + if (status != PSA_SUCCESS) goto exit; /* Validate the combination of key type and algorithm */ - status = psa_mac_key_can_do( alg, slot->attr.type ); - if( status != PSA_SUCCESS ) + status = psa_mac_key_can_do(alg, slot->attr.type); + if (status != PSA_SUCCESS) goto exit; /* Get the output length for the algorithm and key combination. None of the * currently supported algorithms have an output length dependent on actual * key size, so setting it to a bogus value is currently OK. */ - operation->mac_size = PSA_MAC_LENGTH( slot->attr.type, 0, alg ); + operation->mac_size = PSA_MAC_LENGTH(slot->attr.type, 0, alg); - if( operation->mac_size < 4 ) - { + if (operation->mac_size < 4) { /* A very short MAC is too short for security since it can be * brute-forced. Ancient protocols with 32-bit MACs do exist, * so we make this our minimum, even though 32 bits is still @@ -3002,9 +2840,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, goto exit; } - if( operation->mac_size > - PSA_MAC_LENGTH( slot->attr.type, 0, PSA_ALG_FULL_LENGTH_MAC( alg ) ) ) - { + if (operation->mac_size > + PSA_MAC_LENGTH(slot->attr.type, 0, PSA_ALG_FULL_LENGTH_MAC(alg))) { /* It's impossible to "truncate" to a larger length than the full length * of the algorithm. */ status = PSA_ERROR_INVALID_ARGUMENT; @@ -3012,196 +2849,172 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, } #if defined(MBEDTLS_CMAC_C) - if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) - { - status = psa_cmac_setup( operation, slot ); - } - else + if (PSA_ALG_FULL_LENGTH_MAC(alg) == PSA_ALG_CMAC) { + status = psa_cmac_setup(operation, slot); + } else #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( alg ) ) - { - /* Sanity check. This shouldn't fail on a valid configuration. */ - if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) ) + if (PSA_ALG_IS_HMAC(alg)) { + /* Sanity check. This shouldn't fail on a valid configuration. */ + if (operation->mac_size > sizeof(operation->ctx.hmac.opad)) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + + if (slot->attr.type != PSA_KEY_TYPE_HMAC) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + status = psa_hmac_setup_internal(&operation->ctx.hmac, + slot->key.data, + slot->key.bytes, + PSA_ALG_HMAC_GET_HASH(alg)); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ { status = PSA_ERROR_NOT_SUPPORTED; - goto exit; } - if( slot->attr.type != PSA_KEY_TYPE_HMAC ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - status = psa_hmac_setup_internal( &operation->ctx.hmac, - slot->key.data, - slot->key.bytes, - PSA_ALG_HMAC_GET_HASH( alg ) ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - status = PSA_ERROR_NOT_SUPPORTED; - } - exit: - if( status != PSA_SUCCESS ) - { - psa_mac_abort( operation ); - } - else - { + if (status != PSA_SUCCESS) { + psa_mac_abort(operation); + } else { operation->key_set = 1; } - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } -psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg ) -{ - return( psa_mac_setup( operation, key, alg, 1 ) ); +psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg) { + return (psa_mac_setup(operation, key, alg, 1)); } -psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg ) -{ - return( psa_mac_setup( operation, key, alg, 0 ) ); +psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg) { + return (psa_mac_setup(operation, key, alg, 0)); } -psa_status_t psa_mac_update( psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length ) -{ +psa_status_t psa_mac_update(psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length) { psa_status_t status = PSA_ERROR_BAD_STATE; - if( ! operation->key_set ) - return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); + if (! operation->key_set) + return (PSA_ERROR_BAD_STATE); + if (operation->iv_required && ! operation->iv_set) + return (PSA_ERROR_BAD_STATE); operation->has_input = 1; #if defined(MBEDTLS_CMAC_C) - if( operation->alg == PSA_ALG_CMAC ) - { - int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac, - input, input_length ); - status = mbedtls_to_psa_error( ret ); - } - else + if (operation->alg == PSA_ALG_CMAC) { + int ret = mbedtls_cipher_cmac_update(&operation->ctx.cmac, + input, input_length); + status = mbedtls_to_psa_error(ret); + } else #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input, - input_length ); - } - else + if (PSA_ALG_IS_HMAC(operation->alg)) { + status = psa_hash_update(&operation->ctx.hmac.hash_ctx, input, + input_length); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* This shouldn't happen if `operation` was initialized by - * a setup function. */ - return( PSA_ERROR_BAD_STATE ); - } + { + /* This shouldn't happen if `operation` was initialized by + * a setup function. */ + return (PSA_ERROR_BAD_STATE); + } - if( status != PSA_SUCCESS ) - psa_mac_abort( operation ); - return( status ); + if (status != PSA_SUCCESS) + psa_mac_abort(operation); + return (status); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, - uint8_t *mac, - size_t mac_size ) -{ +static psa_status_t psa_hmac_finish_internal(psa_hmac_internal_data *hmac, + uint8_t *mac, + size_t mac_size) { uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; psa_algorithm_t hash_alg = hmac->hash_ctx.alg; size_t hash_size = 0; - size_t block_size = psa_get_hash_block_size( hash_alg ); + size_t block_size = psa_get_hash_block_size(hash_alg); psa_status_t status; - status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_hash_finish(&hmac->hash_ctx, tmp, sizeof(tmp), &hash_size); + if (status != PSA_SUCCESS) + return (status); /* From here on, tmp needs to be wiped. */ - status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); - if( status != PSA_SUCCESS ) + status = psa_hash_setup(&hmac->hash_ctx, hash_alg); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&hmac->hash_ctx, hmac->opad, block_size); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&hmac->hash_ctx, tmp, hash_size); + if (status != PSA_SUCCESS) goto exit; - status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); - if( status != PSA_SUCCESS ) + status = psa_hash_finish(&hmac->hash_ctx, tmp, sizeof(tmp), &hash_size); + if (status != PSA_SUCCESS) goto exit; - memcpy( mac, tmp, mac_size ); + memcpy(mac, tmp, mac_size); exit: - mbedtls_platform_zeroize( tmp, hash_size ); - return( status ); + mbedtls_platform_zeroize(tmp, hash_size); + return (status); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size ) -{ - if( ! operation->key_set ) - return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); +static psa_status_t psa_mac_finish_internal(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size) { + if (! operation->key_set) + return (PSA_ERROR_BAD_STATE); + if (operation->iv_required && ! operation->iv_set) + return (PSA_ERROR_BAD_STATE); - if( mac_size < operation->mac_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (mac_size < operation->mac_size) + return (PSA_ERROR_BUFFER_TOO_SMALL); #if defined(MBEDTLS_CMAC_C) - if( operation->alg == PSA_ALG_CMAC ) - { + if (operation->alg == PSA_ALG_CMAC) { uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE]; - int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp ); - if( ret == 0 ) - memcpy( mac, tmp, operation->mac_size ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - return( mbedtls_to_psa_error( ret ) ); - } - else + int ret = mbedtls_cipher_cmac_finish(&operation->ctx.cmac, tmp); + if (ret == 0) + memcpy(mac, tmp, operation->mac_size); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return (mbedtls_to_psa_error(ret)); + } else #endif /* MBEDTLS_CMAC_C */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - return( psa_hmac_finish_internal( &operation->ctx.hmac, - mac, operation->mac_size ) ); - } - else + if (PSA_ALG_IS_HMAC(operation->alg)) { + return (psa_hmac_finish_internal(&operation->ctx.hmac, + mac, operation->mac_size)); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* This shouldn't happen if `operation` was initialized by - * a setup function. */ - return( PSA_ERROR_BAD_STATE ); - } + { + /* This shouldn't happen if `operation` was initialized by + * a setup function. */ + return (PSA_ERROR_BAD_STATE); + } } -psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length ) -{ +psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length) { psa_status_t status; - if( operation->alg == 0 ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->alg == 0) { + return (PSA_ERROR_BAD_STATE); } /* Fill the output buffer with something that isn't a valid mac @@ -3210,68 +3023,61 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, *mac_length = mac_size; /* If mac_size is 0 then mac may be NULL and then the * call to memset would have undefined behavior. */ - if( mac_size != 0 ) - memset( mac, '!', mac_size ); + if (mac_size != 0) + memset(mac, '!', mac_size); - if( ! operation->is_sign ) - { - return( PSA_ERROR_BAD_STATE ); + if (! operation->is_sign) { + return (PSA_ERROR_BAD_STATE); } - status = psa_mac_finish_internal( operation, mac, mac_size ); + status = psa_mac_finish_internal(operation, mac, mac_size); - if( status == PSA_SUCCESS ) - { - status = psa_mac_abort( operation ); - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) { + status = psa_mac_abort(operation); + if (status == PSA_SUCCESS) *mac_length = operation->mac_size; else - memset( mac, '!', mac_size ); - } - else - psa_mac_abort( operation ); - return( status ); + memset(mac, '!', mac_size); + } else + psa_mac_abort(operation); + return (status); } -psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length ) -{ +psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length) { uint8_t actual_mac[PSA_MAC_MAX_SIZE]; psa_status_t status; - if( operation->alg == 0 ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->alg == 0) { + return (PSA_ERROR_BAD_STATE); } - if( operation->is_sign ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->is_sign) { + return (PSA_ERROR_BAD_STATE); } - if( operation->mac_size != mac_length ) - { + if (operation->mac_size != mac_length) { status = PSA_ERROR_INVALID_SIGNATURE; goto cleanup; } - status = psa_mac_finish_internal( operation, - actual_mac, sizeof( actual_mac ) ); - if( status != PSA_SUCCESS ) + status = psa_mac_finish_internal(operation, + actual_mac, sizeof(actual_mac)); + if (status != PSA_SUCCESS) goto cleanup; - if( safer_memcmp( mac, actual_mac, mac_length ) != 0 ) + if (safer_memcmp(mac, actual_mac, mac_length) != 0) status = PSA_ERROR_INVALID_SIGNATURE; cleanup: - if( status == PSA_SUCCESS ) - status = psa_mac_abort( operation ); + if (status == PSA_SUCCESS) + status = psa_mac_abort(operation); else - psa_mac_abort( operation ); + psa_mac_abort(operation); - mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) ); + mbedtls_platform_zeroize(actual_mac, sizeof(actual_mac)); - return( status ); + return (status); } @@ -3284,64 +3090,55 @@ psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { - return( mbedtls_psa_rsa_sign_hash( + if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + return (mbedtls_psa_rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_size, signature_length ) ); - } - else + signature, signature_size, signature_length)); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { - if( PSA_ALG_IS_ECDSA( alg ) ) - { - return( mbedtls_psa_ecdsa_sign_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); - } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - } - else + if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (PSA_ALG_IS_ECDSA(alg)) { + return (mbedtls_psa_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length)); + } else { + return (PSA_ERROR_INVALID_ARGUMENT); + } + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - { - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; + { + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); - } + return (PSA_ERROR_NOT_SUPPORTED); + } } -psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) -{ +psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; @@ -3351,151 +3148,139 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, * that signature must be a valid pointer. (On the other hand, the hash * buffer can in principle be empty since it doesn't actually have * to be a hash.) */ - if( signature_size == 0 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (signature_size == 0) + return (PSA_ERROR_BUFFER_TOO_SMALL); - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_SIGN_HASH, - alg ); - if( status != PSA_SUCCESS ) + status = psa_get_and_lock_key_slot_with_policy(key, &slot, + PSA_KEY_USAGE_SIGN_HASH, + alg); + if (status != PSA_SUCCESS) goto exit; - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - { + if (! PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; status = psa_driver_wrapper_sign_hash( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_size, signature_length ); + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length); exit: /* Fill the unused part of the output buffer (the whole buffer on error, * the trailing part on success) with something that isn't a valid mac * (barring an attack on the mac and deliberately-crafted input), * in case the caller doesn't check the return status properly. */ - if( status == PSA_SUCCESS ) - memset( signature + *signature_length, '!', - signature_size - *signature_length ); + if (status == PSA_SUCCESS) + memset(signature + *signature_length, '!', + signature_size - *signature_length); else - memset( signature, '!', signature_size ); + memset(signature, '!', signature_size); /* If signature_size is 0 then we have nothing to do. We must not call * memset because signature may be NULL in this case. */ - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } psa_status_t psa_verify_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ + const uint8_t *signature, size_t signature_length) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) - { - return( mbedtls_psa_rsa_verify_hash( + if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { + return (mbedtls_psa_rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_length ) ); - } - else + signature, signature_length)); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { + if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( PSA_ALG_IS_ECDSA( alg ) ) - { - return( mbedtls_psa_ecdsa_verify_hash( - attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); - } - else + if (PSA_ALG_IS_ECDSA(alg)) { + return (mbedtls_psa_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length)); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - } - else - { - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; + { + return (PSA_ERROR_INVALID_ARGUMENT); + } + } else { + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); - } + return (PSA_ERROR_NOT_SUPPORTED); + } } -psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) -{ +psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_VERIFY_HASH, - alg ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot_with_policy(key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, + alg); + if (status != PSA_SUCCESS) + return (status); psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; status = psa_driver_wrapper_verify_hash( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_length ); + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length); - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) -static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, - mbedtls_rsa_context *rsa ) -{ - psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); +static void psa_rsa_oaep_set_padding_mode(psa_algorithm_t alg, + mbedtls_rsa_context *rsa) { + psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_get_type(md_info); + mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ -psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ +psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; @@ -3508,79 +3293,71 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, *output_length = 0; - if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (! PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) + return (PSA_ERROR_INVALID_ARGUMENT); status = psa_get_and_lock_transparent_key_slot_with_policy( - key, &slot, PSA_KEY_USAGE_ENCRYPT, alg ); - if( status != PSA_SUCCESS ) - return( status ); - if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) || - PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) ) - { + key, &slot, PSA_KEY_USAGE_ENCRYPT, alg); + if (status != PSA_SUCCESS) + return (status); + if (!(PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) || + PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type))) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) - if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) - { + if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) { mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation( slot->attr.type, - slot->key.data, - slot->key.bytes, - &rsa ); - if( status != PSA_SUCCESS ) + status = mbedtls_psa_rsa_load_representation(slot->attr.type, + slot->key.data, + slot->key.bytes, + &rsa); + if (status != PSA_SUCCESS) goto rsa_exit; - if( output_size < mbedtls_rsa_get_len( rsa ) ) - { + if (output_size < mbedtls_rsa_get_len(rsa)) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto rsa_exit; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) - if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) - { + if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { status = mbedtls_to_psa_error( - mbedtls_rsa_pkcs1_encrypt( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - input_length, - input, - output ) ); - } - else + mbedtls_rsa_pkcs1_encrypt(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + input_length, + input, + output)); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) - if( PSA_ALG_IS_RSA_OAEP( alg ) ) - { - psa_rsa_oaep_set_padding_mode( alg, rsa ); - status = mbedtls_to_psa_error( - mbedtls_rsa_rsaes_oaep_encrypt( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - salt, salt_length, - input_length, - input, - output ) ); - } - else + if (PSA_ALG_IS_RSA_OAEP(alg)) { + psa_rsa_oaep_set_padding_mode(alg, rsa); + status = mbedtls_to_psa_error( + mbedtls_rsa_rsaes_oaep_encrypt(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + salt, salt_length, + input_length, + input, + output)); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto rsa_exit; - } + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto rsa_exit; + } rsa_exit: - if( status == PSA_SUCCESS ) - *output_length = mbedtls_rsa_get_len( rsa ); + if (status == PSA_SUCCESS) + *output_length = mbedtls_rsa_get_len(rsa); - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - } - else + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ { @@ -3588,21 +3365,20 @@ rsa_exit: } exit: - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } -psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ +psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; @@ -3615,78 +3391,70 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, *output_length = 0; - if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (! PSA_ALG_IS_RSA_OAEP(alg) && salt_length != 0) + return (PSA_ERROR_INVALID_ARGUMENT); status = psa_get_and_lock_transparent_key_slot_with_policy( - key, &slot, PSA_KEY_USAGE_DECRYPT, alg ); - if( status != PSA_SUCCESS ) - return( status ); - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - { + key, &slot, PSA_KEY_USAGE_DECRYPT, alg); + if (status != PSA_SUCCESS) + return (status); + if (! PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) - if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { + if (slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation( slot->attr.type, - slot->key.data, - slot->key.bytes, - &rsa ); - if( status != PSA_SUCCESS ) + status = mbedtls_psa_rsa_load_representation(slot->attr.type, + slot->key.data, + slot->key.bytes, + &rsa); + if (status != PSA_SUCCESS) goto exit; - if( input_length != mbedtls_rsa_get_len( rsa ) ) - { + if (input_length != mbedtls_rsa_get_len(rsa)) { status = PSA_ERROR_INVALID_ARGUMENT; goto rsa_exit; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) - if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT ) - { + if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { status = mbedtls_to_psa_error( - mbedtls_rsa_pkcs1_decrypt( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - output_length, - input, - output, - output_size ) ); - } - else + mbedtls_rsa_pkcs1_decrypt(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + output_length, + input, + output, + output_size)); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) - if( PSA_ALG_IS_RSA_OAEP( alg ) ) - { - psa_rsa_oaep_set_padding_mode( alg, rsa ); - status = mbedtls_to_psa_error( - mbedtls_rsa_rsaes_oaep_decrypt( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - salt, salt_length, - output_length, - input, - output, - output_size ) ); - } - else + if (PSA_ALG_IS_RSA_OAEP(alg)) { + psa_rsa_oaep_set_padding_mode(alg, rsa); + status = mbedtls_to_psa_error( + mbedtls_rsa_rsaes_oaep_decrypt(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + salt, salt_length, + output_length, + input, + output, + output_size)); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - } + { + status = PSA_ERROR_INVALID_ARGUMENT; + } rsa_exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - } - else + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ { @@ -3694,9 +3462,9 @@ rsa_exit: } exit: - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } @@ -3705,32 +3473,31 @@ exit: /* Symmetric cryptography */ /****************************************************************/ -static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - mbedtls_operation_t cipher_operation ) -{ +static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + mbedtls_operation_t cipher_operation) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; int ret = 0; psa_key_slot_t *slot; size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; - psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ? - PSA_KEY_USAGE_ENCRYPT : - PSA_KEY_USAGE_DECRYPT ); + psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ? + PSA_KEY_USAGE_ENCRYPT : + PSA_KEY_USAGE_DECRYPT); /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); + if (operation->alg != 0) + return (PSA_ERROR_BAD_STATE); /* The requested algorithm must be one that can be processed by cipher. */ - if( ! PSA_ALG_IS_CIPHER( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (! PSA_ALG_IS_CIPHER(alg)) + return (PSA_ERROR_INVALID_ARGUMENT); /* Fetch key material from key storage. */ - status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg ); - if( status != PSA_SUCCESS ) + status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg); + if (status != PSA_SUCCESS) goto exit; /* Initialize the operation struct members, except for alg. The alg member @@ -3741,35 +3508,34 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->mbedtls_in_use = 0; operation->iv_size = 0; operation->block_size = 0; - if( alg == PSA_ALG_ECB_NO_PADDING ) + if (alg == PSA_ALG_ECB_NO_PADDING) operation->iv_required = 0; else operation->iv_required = 1; /* Try doing the operation through a driver before using software fallback. */ - if( cipher_operation == MBEDTLS_ENCRYPT ) - status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, - slot, - alg ); + if (cipher_operation == MBEDTLS_ENCRYPT) + status = psa_driver_wrapper_cipher_encrypt_setup(&operation->ctx.driver, + slot, + alg); else - status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, - slot, - alg ); + status = psa_driver_wrapper_cipher_decrypt_setup(&operation->ctx.driver, + slot, + alg); - if( status == PSA_SUCCESS ) - { + if (status == PSA_SUCCESS) { /* Once the driver context is initialised, it needs to be freed using * psa_cipher_abort. Indicate this through setting alg. */ operation->alg = alg; } - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) + if (status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external(slot->attr.lifetime)) goto exit; /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ - mbedtls_cipher_init( &operation->ctx.cipher ); + mbedtls_cipher_init(&operation->ctx.cipher); /* Once the cipher context is initialised, it needs to be freed using * psa_cipher_abort. Indicate there is something to be freed through setting @@ -3778,182 +3544,163 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->alg = alg; operation->mbedtls_in_use = 1; - key_bits = psa_get_key_slot_bits( slot ); - cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL ); - if( cipher_info == NULL ) - { + key_bits = psa_get_key_slot_bits(slot); + cipher_info = mbedtls_cipher_info_from_psa(alg, slot->attr.type, key_bits, NULL); + if (cipher_info == NULL) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } - ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); - if( ret != 0 ) + ret = mbedtls_cipher_setup(&operation->ctx.cipher, cipher_info); + if (ret != 0) goto exit; #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) - if( slot->attr.type == PSA_KEY_TYPE_DES && key_bits == 128 ) - { + if (slot->attr.type == PSA_KEY_TYPE_DES && key_bits == 128) { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ uint8_t keys[24]; - memcpy( keys, slot->key.data, 16 ); - memcpy( keys + 16, slot->key.data, 8 ); - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, - keys, - 192, cipher_operation ); - } - else + memcpy(keys, slot->key.data, 16); + memcpy(keys + 16, slot->key.data, 8); + ret = mbedtls_cipher_setkey(&operation->ctx.cipher, + keys, + 192, cipher_operation); + } else #endif { - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, - slot->key.data, - (int) key_bits, cipher_operation ); + ret = mbedtls_cipher_setkey(&operation->ctx.cipher, + slot->key.data, + (int) key_bits, cipher_operation); } - if( ret != 0 ) + if (ret != 0) goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) - switch( alg ) - { + switch (alg) { case PSA_ALG_CBC_NO_PADDING: - ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, - MBEDTLS_PADDING_NONE ); + ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher, + MBEDTLS_PADDING_NONE); break; case PSA_ALG_CBC_PKCS7: - ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, - MBEDTLS_PADDING_PKCS7 ); + ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher, + MBEDTLS_PADDING_PKCS7); break; default: /* The algorithm doesn't involve padding. */ ret = 0; break; } - if( ret != 0 ) + if (ret != 0) goto exit; #endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ - operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : - PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) ); - if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && - alg != PSA_ALG_ECB_NO_PADDING ) - { - operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ); + operation->block_size = (PSA_ALG_IS_STREAM_CIPHER(alg) ? 1 : + PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)); + if ((alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG) != 0 && + alg != PSA_ALG_ECB_NO_PADDING) { + operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type); } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) - else - if( alg == PSA_ALG_STREAM_CIPHER && slot->attr.type == PSA_KEY_TYPE_CHACHA20 ) + else if (alg == PSA_ALG_STREAM_CIPHER && slot->attr.type == PSA_KEY_TYPE_CHACHA20) operation->iv_size = 12; #endif status = PSA_SUCCESS; exit: - if( ret != 0 ) - status = mbedtls_to_psa_error( ret ); - if( status == PSA_SUCCESS ) - { + if (ret != 0) + status = mbedtls_to_psa_error(ret); + if (status == PSA_SUCCESS) { /* Update operation flags for both driver and software implementations */ operation->key_set = 1; - } - else - psa_cipher_abort( operation ); + } else + psa_cipher_abort(operation); - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } -psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg ) -{ - return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) ); +psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg) { + return (psa_cipher_setup(operation, key, alg, MBEDTLS_ENCRYPT)); } -psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg ) -{ - return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) ); +psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg) { + return (psa_cipher_setup(operation, key, alg, MBEDTLS_DECRYPT)); } -psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length ) -{ +psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length) { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( operation->iv_set || ! operation->iv_required ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->iv_set || ! operation->iv_required) { + return (PSA_ERROR_BAD_STATE); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_generate_iv( &operation->ctx.driver, - iv, - iv_size, - iv_length ); + if (operation->mbedtls_in_use == 0) { + status = psa_driver_wrapper_cipher_generate_iv(&operation->ctx.driver, + iv, + iv_size, + iv_length); goto exit; } - if( iv_size < operation->iv_size ) - { + if (iv_size < operation->iv_size) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } - ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, - iv, operation->iv_size ); - if( ret != 0 ) - { - status = mbedtls_to_psa_error( ret ); + ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, + iv, operation->iv_size); + if (ret != 0) { + status = mbedtls_to_psa_error(ret); goto exit; } *iv_length = operation->iv_size; - status = psa_cipher_set_iv( operation, iv, *iv_length ); + status = psa_cipher_set_iv(operation, iv, *iv_length); exit: - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) operation->iv_set = 1; else - psa_cipher_abort( operation ); - return( status ); + psa_cipher_abort(operation); + return (status); } -psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length ) -{ +psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length) { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( operation->iv_set || ! operation->iv_required ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->iv_set || ! operation->iv_required) { + return (PSA_ERROR_BAD_STATE); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, - iv, - iv_length ); + if (operation->mbedtls_in_use == 0) { + status = psa_driver_wrapper_cipher_set_iv(&operation->ctx.driver, + iv, + iv_length); goto exit; } - if( iv_length != operation->iv_size ) - { + if (iv_length != operation->iv_size) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); - status = mbedtls_to_psa_error( ret ); + ret = mbedtls_cipher_set_iv(&operation->ctx.cipher, iv, iv_length); + status = mbedtls_to_psa_error(ret); exit: - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) operation->iv_set = 1; else - psa_cipher_abort( operation ); - return( status ); + psa_cipher_abort(operation); + return (status); } /* Process input for which the algorithm is set to ECB mode. This requires @@ -3966,42 +3713,38 @@ static psa_status_t psa_cipher_update_ecb_internal( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ) -{ + size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t block_size = ctx->cipher_info->block_size; size_t internal_output_length = 0; *output_length = 0; - if( input_length == 0 ) - { + if (input_length == 0) { status = PSA_SUCCESS; goto exit; } - if( ctx->unprocessed_len > 0 ) - { + if (ctx->unprocessed_len > 0) { /* Fill up to block size, and run the block if there's a full one. */ size_t bytes_to_copy = block_size - ctx->unprocessed_len; - if( input_length < bytes_to_copy ) + if (input_length < bytes_to_copy) bytes_to_copy = input_length; - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), - input, bytes_to_copy ); + memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), + input, bytes_to_copy); input_length -= bytes_to_copy; input += bytes_to_copy; ctx->unprocessed_len += bytes_to_copy; - if( ctx->unprocessed_len == block_size ) - { + if (ctx->unprocessed_len == block_size) { status = mbedtls_to_psa_error( - mbedtls_cipher_update( ctx, - ctx->unprocessed_data, - block_size, - output, &internal_output_length ) ); + mbedtls_cipher_update(ctx, + ctx->unprocessed_data, + block_size, + output, &internal_output_length)); - if( status != PSA_SUCCESS ) + if (status != PSA_SUCCESS) goto exit; output += internal_output_length; @@ -4011,15 +3754,14 @@ static psa_status_t psa_cipher_update_ecb_internal( } } - while( input_length >= block_size ) - { + while (input_length >= block_size) { /* Run all full blocks we have, one by one */ status = mbedtls_to_psa_error( - mbedtls_cipher_update( ctx, input, - block_size, - output, &internal_output_length ) ); + mbedtls_cipher_update(ctx, input, + block_size, + output, &internal_output_length)); - if( status != PSA_SUCCESS ) + if (status != PSA_SUCCESS) goto exit; input_length -= block_size; @@ -4030,177 +3772,156 @@ static psa_status_t psa_cipher_update_ecb_internal( *output_length += internal_output_length; } - if( input_length > 0 ) - { + if (input_length > 0) { /* Save unprocessed bytes for later processing */ - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), - input, input_length ); + memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), + input, input_length); ctx->unprocessed_len += input_length; } status = PSA_SUCCESS; exit: - return( status ); + return (status); } -psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ +psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; - if( operation->alg == 0 ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->alg == 0) { + return (PSA_ERROR_BAD_STATE); } - if( operation->iv_required && ! operation->iv_set ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->iv_required && ! operation->iv_set) { + return (PSA_ERROR_BAD_STATE); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_update( &operation->ctx.driver, - input, - input_length, - output, - output_size, - output_length ); + if (operation->mbedtls_in_use == 0) { + status = psa_driver_wrapper_cipher_update(&operation->ctx.driver, + input, + input_length, + output, + output_size, + output_length); goto exit; } - if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) - { + if (! PSA_ALG_IS_STREAM_CIPHER(operation->alg)) { /* Take the unprocessed partial block left over from previous * update calls, if any, plus the input to this call. Remove * the last partial block, if any. You get the data that will be * output in this call. */ expected_output_size = - ( operation->ctx.cipher.unprocessed_len + input_length ) + (operation->ctx.cipher.unprocessed_len + input_length) / operation->block_size * operation->block_size; - } - else - { + } else { expected_output_size = input_length; } - if( output_size < expected_output_size ) - { + if (output_size < expected_output_size) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } - if( operation->alg == PSA_ALG_ECB_NO_PADDING ) - { + if (operation->alg == PSA_ALG_ECB_NO_PADDING) { /* mbedtls_cipher_update has an API inconsistency: it will only * process a single block at a time in ECB mode. Abstract away that * inconsistency here to match the PSA API behaviour. */ - status = psa_cipher_update_ecb_internal( &operation->ctx.cipher, - input, - input_length, - output, - output_size, - output_length ); - } - else - { + status = psa_cipher_update_ecb_internal(&operation->ctx.cipher, + input, + input_length, + output, + output_size, + output_length); + } else { status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, input, - input_length, output, output_length ) ); + mbedtls_cipher_update(&operation->ctx.cipher, input, + input_length, output, output_length)); } exit: - if( status != PSA_SUCCESS ) - psa_cipher_abort( operation ); - return( status ); + if (status != PSA_SUCCESS) + psa_cipher_abort(operation); + return (status); } -psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ +psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - if( operation->alg == 0 ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->alg == 0) { + return (PSA_ERROR_BAD_STATE); } - if( operation->iv_required && ! operation->iv_set ) - { - return( PSA_ERROR_BAD_STATE ); + if (operation->iv_required && ! operation->iv_set) { + return (PSA_ERROR_BAD_STATE); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_finish( &operation->ctx.driver, - output, - output_size, - output_length ); + if (operation->mbedtls_in_use == 0) { + status = psa_driver_wrapper_cipher_finish(&operation->ctx.driver, + output, + output_size, + output_length); goto exit; } - if( operation->ctx.cipher.unprocessed_len != 0 ) - { - if( operation->alg == PSA_ALG_ECB_NO_PADDING || - operation->alg == PSA_ALG_CBC_NO_PADDING ) - { + if (operation->ctx.cipher.unprocessed_len != 0) { + if (operation->alg == PSA_ALG_ECB_NO_PADDING || + operation->alg == PSA_ALG_CBC_NO_PADDING) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } } status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &operation->ctx.cipher, - temp_output_buffer, - output_length ) ); - if( status != PSA_SUCCESS ) + mbedtls_cipher_finish(&operation->ctx.cipher, + temp_output_buffer, + output_length)); + if (status != PSA_SUCCESS) goto exit; - if( *output_length == 0 ) + if (*output_length == 0) ; /* Nothing to copy. Note that output may be NULL in this case. */ - else if( output_size >= *output_length ) - memcpy( output, temp_output_buffer, *output_length ); + else if (output_size >= *output_length) + memcpy(output, temp_output_buffer, *output_length); else status = PSA_ERROR_BUFFER_TOO_SMALL; exit: - if( operation->mbedtls_in_use == 1 ) - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); + if (operation->mbedtls_in_use == 1) + mbedtls_platform_zeroize(temp_output_buffer, sizeof(temp_output_buffer)); - if( status == PSA_SUCCESS ) - return( psa_cipher_abort( operation ) ); - else - { + if (status == PSA_SUCCESS) + return (psa_cipher_abort(operation)); + else { *output_length = 0; - (void) psa_cipher_abort( operation ); + (void) psa_cipher_abort(operation); - return( status ); + return (status); } } -psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) -{ - if( operation->alg == 0 ) - { +psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) { + if (operation->alg == 0) { /* The object has (apparently) been initialized but it is not (yet) * in use. It's ok to call abort on such an object, and there's * nothing to do. */ - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ - if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) - return( PSA_ERROR_BAD_STATE ); + if (! PSA_ALG_IS_CIPHER(operation->alg)) + return (PSA_ERROR_BAD_STATE); - if( operation->mbedtls_in_use == 0 ) - psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); + if (operation->mbedtls_in_use == 0) + psa_driver_wrapper_cipher_abort(&operation->ctx.driver); else - mbedtls_cipher_free( &operation->ctx.cipher ); + mbedtls_cipher_free(&operation->ctx.cipher); operation->alg = 0; operation->key_set = 0; @@ -4210,7 +3931,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) operation->block_size = 0; operation->iv_required = 0; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } @@ -4220,12 +3941,10 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) /* AEAD */ /****************************************************************/ -typedef struct -{ +typedef struct { psa_key_slot_t *slot; const mbedtls_cipher_info_t *cipher_info; - union - { + union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_CCM_C) mbedtls_ccm_context ccm; @@ -4244,111 +3963,103 @@ typedef struct #define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0} -static void psa_aead_abort_internal( aead_operation_t *operation ) -{ - switch( operation->core_alg ) - { +static void psa_aead_abort_internal(aead_operation_t *operation) { + switch (operation->core_alg) { #if defined(MBEDTLS_CCM_C) case PSA_ALG_CCM: - mbedtls_ccm_free( &operation->ctx.ccm ); + mbedtls_ccm_free(&operation->ctx.ccm); break; #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_GCM_C) case PSA_ALG_GCM: - mbedtls_gcm_free( &operation->ctx.gcm ); + mbedtls_gcm_free(&operation->ctx.gcm); break; #endif /* MBEDTLS_GCM_C */ } - psa_unlock_key_slot( operation->slot ); + psa_unlock_key_slot(operation->slot); } -static psa_status_t psa_aead_setup( aead_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_key_usage_t usage, - psa_algorithm_t alg ) -{ +static psa_status_t psa_aead_setup(aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_key_usage_t usage, + psa_algorithm_t alg) { psa_status_t status; size_t key_bits; mbedtls_cipher_id_t cipher_id; status = psa_get_and_lock_transparent_key_slot_with_policy( - key, &operation->slot, usage, alg ); - if( status != PSA_SUCCESS ) - return( status ); + key, &operation->slot, usage, alg); + if (status != PSA_SUCCESS) + return (status); - key_bits = psa_get_key_slot_bits( operation->slot ); + key_bits = psa_get_key_slot_bits(operation->slot); operation->cipher_info = - mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits, - &cipher_id ); - if( operation->cipher_info == NULL ) - { + mbedtls_cipher_info_from_psa(alg, operation->slot->attr.type, key_bits, + &cipher_id); + if (operation->cipher_info == NULL) { status = PSA_ERROR_NOT_SUPPORTED; goto cleanup; } - switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ) - { + switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) { #if defined(MBEDTLS_CCM_C) - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): + case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0): operation->core_alg = PSA_ALG_CCM; operation->full_tag_length = 16; /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. * The call to mbedtls_ccm_encrypt_and_tag or * mbedtls_ccm_auth_decrypt will validate the tag length. */ - if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 ) - { + if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(operation->slot->attr.type) != 16) { status = PSA_ERROR_INVALID_ARGUMENT; goto cleanup; } - mbedtls_ccm_init( &operation->ctx.ccm ); + mbedtls_ccm_init(&operation->ctx.ccm); status = mbedtls_to_psa_error( - mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id, - operation->slot->key.data, - (unsigned int) key_bits ) ); - if( status != 0 ) + mbedtls_ccm_setkey(&operation->ctx.ccm, cipher_id, + operation->slot->key.data, + (unsigned int) key_bits)); + if (status != 0) goto cleanup; break; #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_GCM_C) - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): + case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0): operation->core_alg = PSA_ALG_GCM; operation->full_tag_length = 16; /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. * The call to mbedtls_gcm_crypt_and_tag or * mbedtls_gcm_auth_decrypt will validate the tag length. */ - if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 ) - { + if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(operation->slot->attr.type) != 16) { status = PSA_ERROR_INVALID_ARGUMENT; goto cleanup; } - mbedtls_gcm_init( &operation->ctx.gcm ); + mbedtls_gcm_init(&operation->ctx.gcm); status = mbedtls_to_psa_error( - mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id, - operation->slot->key.data, - (unsigned int) key_bits ) ); - if( status != 0 ) + mbedtls_gcm_setkey(&operation->ctx.gcm, cipher_id, + operation->slot->key.data, + (unsigned int) key_bits)); + if (status != 0) goto cleanup; break; #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): + case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0): operation->core_alg = PSA_ALG_CHACHA20_POLY1305; operation->full_tag_length = 16; /* We only support the default tag length. */ - if( alg != PSA_ALG_CHACHA20_POLY1305 ) - { + if (alg != PSA_ALG_CHACHA20_POLY1305) { status = PSA_ERROR_NOT_SUPPORTED; goto cleanup; } - mbedtls_chachapoly_init( &operation->ctx.chachapoly ); + mbedtls_chachapoly_init(&operation->ctx.chachapoly); status = mbedtls_to_psa_error( - mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, - operation->slot->key.data ) ); - if( status != 0 ) + mbedtls_chachapoly_setkey(&operation->ctx.chachapoly, + operation->slot->key.data)); + if (status != 0) goto cleanup; break; #endif /* MBEDTLS_CHACHAPOLY_C */ @@ -4358,112 +4069,102 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, goto cleanup; } - if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length ) - { + if (PSA_AEAD_TAG_LENGTH(alg) > operation->full_tag_length) { status = PSA_ERROR_INVALID_ARGUMENT; goto cleanup; } - operation->tag_length = PSA_AEAD_TAG_LENGTH( alg ); + operation->tag_length = PSA_AEAD_TAG_LENGTH(alg); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); cleanup: - psa_aead_abort_internal( operation ); - return( status ); + psa_aead_abort_internal(operation); + return (status); } -psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, - size_t nonce_length, - const uint8_t *additional_data, - size_t additional_data_length, - const uint8_t *plaintext, - size_t plaintext_length, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length ) -{ +psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *plaintext, + size_t plaintext_length, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length) { psa_status_t status; aead_operation_t operation = AEAD_OPERATION_INIT; uint8_t *tag; *ciphertext_length = 0; - status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_ENCRYPT, alg ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_aead_setup(&operation, key, PSA_KEY_USAGE_ENCRYPT, alg); + if (status != PSA_SUCCESS) + return (status); /* For all currently supported modes, the tag is at the end of the * ciphertext. */ - if( ciphertext_size < ( plaintext_length + operation.tag_length ) ) - { + if (ciphertext_size < (plaintext_length + operation.tag_length)) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } tag = ciphertext + plaintext_length; #if defined(MBEDTLS_GCM_C) - if( operation.core_alg == PSA_ALG_GCM ) - { + if (operation.core_alg == PSA_ALG_GCM) { status = mbedtls_to_psa_error( - mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm, - MBEDTLS_GCM_ENCRYPT, - plaintext_length, - nonce, nonce_length, - additional_data, additional_data_length, - plaintext, ciphertext, - operation.tag_length, tag ) ); - } - else + mbedtls_gcm_crypt_and_tag(&operation.ctx.gcm, + MBEDTLS_GCM_ENCRYPT, + plaintext_length, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, ciphertext, + operation.tag_length, tag)); + } else #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) - if( operation.core_alg == PSA_ALG_CCM ) - { - status = mbedtls_to_psa_error( - mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm, - plaintext_length, - nonce, nonce_length, - additional_data, - additional_data_length, - plaintext, ciphertext, - tag, operation.tag_length ) ); - } - else + if (operation.core_alg == PSA_ALG_CCM) { + status = mbedtls_to_psa_error( + mbedtls_ccm_encrypt_and_tag(&operation.ctx.ccm, + plaintext_length, + nonce, nonce_length, + additional_data, + additional_data_length, + plaintext, ciphertext, + tag, operation.tag_length)); + } else #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) - { - if( nonce_length != 12 || operation.tag_length != 16 ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = mbedtls_to_psa_error( - mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly, - plaintext_length, - nonce, - additional_data, - additional_data_length, - plaintext, - ciphertext, - tag ) ); - } - else + if (operation.core_alg == PSA_ALG_CHACHA20_POLY1305) { + if (nonce_length != 12 || operation.tag_length != 16) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( + mbedtls_chachapoly_encrypt_and_tag(&operation.ctx.chachapoly, + plaintext_length, + nonce, + additional_data, + additional_data_length, + plaintext, + ciphertext, + tag)); + } else #endif /* MBEDTLS_CHACHAPOLY_C */ - { - (void) tag; - return( PSA_ERROR_NOT_SUPPORTED ); - } + { + (void) tag; + return (PSA_ERROR_NOT_SUPPORTED); + } - if( status != PSA_SUCCESS && ciphertext_size != 0 ) - memset( ciphertext, 0, ciphertext_size ); + if (status != PSA_SUCCESS && ciphertext_size != 0) + memset(ciphertext, 0, ciphertext_size); exit: - psa_aead_abort_internal( &operation ); - if( status == PSA_SUCCESS ) + psa_aead_abort_internal(&operation); + if (status == PSA_SUCCESS) *ciphertext_length = plaintext_length + operation.tag_length; - return( status ); + return (status); } /* Locate the tag in a ciphertext buffer containing the encrypted data @@ -4471,110 +4172,101 @@ exit: * *plaintext_length. This is the size of the plaintext in modes where * the encrypted data has the same size as the plaintext, such as * CCM and GCM. */ -static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, - const uint8_t *ciphertext, - size_t ciphertext_length, - size_t plaintext_size, - const uint8_t **p_tag ) -{ +static psa_status_t psa_aead_unpadded_locate_tag(size_t tag_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + size_t plaintext_size, + const uint8_t **p_tag) { size_t payload_length; - if( tag_length > ciphertext_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (tag_length > ciphertext_length) + return (PSA_ERROR_INVALID_ARGUMENT); payload_length = ciphertext_length - tag_length; - if( payload_length > plaintext_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + if (payload_length > plaintext_size) + return (PSA_ERROR_BUFFER_TOO_SMALL); *p_tag = ciphertext + payload_length; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *nonce, - size_t nonce_length, - const uint8_t *additional_data, - size_t additional_data_length, - const uint8_t *ciphertext, - size_t ciphertext_length, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length ) -{ +psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length) { psa_status_t status; aead_operation_t operation = AEAD_OPERATION_INIT; const uint8_t *tag = NULL; *plaintext_length = 0; - status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_DECRYPT, alg ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_aead_setup(&operation, key, PSA_KEY_USAGE_DECRYPT, alg); + if (status != PSA_SUCCESS) + return (status); - status = psa_aead_unpadded_locate_tag( operation.tag_length, - ciphertext, ciphertext_length, - plaintext_size, &tag ); - if( status != PSA_SUCCESS ) + status = psa_aead_unpadded_locate_tag(operation.tag_length, + ciphertext, ciphertext_length, + plaintext_size, &tag); + if (status != PSA_SUCCESS) goto exit; #if defined(MBEDTLS_GCM_C) - if( operation.core_alg == PSA_ALG_GCM ) - { + if (operation.core_alg == PSA_ALG_GCM) { status = mbedtls_to_psa_error( - mbedtls_gcm_auth_decrypt( &operation.ctx.gcm, - ciphertext_length - operation.tag_length, - nonce, nonce_length, - additional_data, - additional_data_length, - tag, operation.tag_length, - ciphertext, plaintext ) ); - } - else + mbedtls_gcm_auth_decrypt(&operation.ctx.gcm, + ciphertext_length - operation.tag_length, + nonce, nonce_length, + additional_data, + additional_data_length, + tag, operation.tag_length, + ciphertext, plaintext)); + } else #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) - if( operation.core_alg == PSA_ALG_CCM ) - { - status = mbedtls_to_psa_error( - mbedtls_ccm_auth_decrypt( &operation.ctx.ccm, - ciphertext_length - operation.tag_length, - nonce, nonce_length, - additional_data, - additional_data_length, - ciphertext, plaintext, - tag, operation.tag_length ) ); - } - else + if (operation.core_alg == PSA_ALG_CCM) { + status = mbedtls_to_psa_error( + mbedtls_ccm_auth_decrypt(&operation.ctx.ccm, + ciphertext_length - operation.tag_length, + nonce, nonce_length, + additional_data, + additional_data_length, + ciphertext, plaintext, + tag, operation.tag_length)); + } else #endif /* MBEDTLS_CCM_C */ #if defined(MBEDTLS_CHACHAPOLY_C) - if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) - { - if( nonce_length != 12 || operation.tag_length != 16 ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - status = mbedtls_to_psa_error( - mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly, - ciphertext_length - operation.tag_length, - nonce, - additional_data, - additional_data_length, - tag, - ciphertext, - plaintext ) ); - } - else + if (operation.core_alg == PSA_ALG_CHACHA20_POLY1305) { + if (nonce_length != 12 || operation.tag_length != 16) { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( + mbedtls_chachapoly_auth_decrypt(&operation.ctx.chachapoly, + ciphertext_length - operation.tag_length, + nonce, + additional_data, + additional_data_length, + tag, + ciphertext, + plaintext)); + } else #endif /* MBEDTLS_CHACHAPOLY_C */ - { - return( PSA_ERROR_NOT_SUPPORTED ); - } + { + return (PSA_ERROR_NOT_SUPPORTED); + } - if( status != PSA_SUCCESS && plaintext_size != 0 ) - memset( plaintext, 0, plaintext_size ); + if (status != PSA_SUCCESS && plaintext_size != 0) + memset(plaintext, 0, plaintext_size); exit: - psa_aead_abort_internal( &operation ); - if( status == PSA_SUCCESS ) + psa_aead_abort_internal(&operation); + if (status == PSA_SUCCESS) *plaintext_length = ciphertext_length - operation.tag_length; - return( status ); + return (status); } @@ -4595,160 +4287,144 @@ exit: #define HKDF_STATE_OUTPUT 3 /* output started */ static psa_algorithm_t psa_key_derivation_get_kdf_alg( - const psa_key_derivation_operation_t *operation ) -{ - if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) - return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) ); + const psa_key_derivation_operation_t *operation) { + if (PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) + return (PSA_ALG_KEY_AGREEMENT_GET_KDF(operation->alg)); else - return( operation->alg ); + return (operation->alg); } -psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation ) -{ +psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) { psa_status_t status = PSA_SUCCESS; - psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); - if( kdf_alg == 0 ) - { + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); + if (kdf_alg == 0) { /* The object has (apparently) been initialized but it is not * in use. It's ok to call abort on such an object, and there's * nothing to do. */ - } - else + } else #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) - { - mbedtls_free( operation->ctx.hkdf.info ); - status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); - } - else + if (PSA_ALG_IS_HKDF(kdf_alg)) { + mbedtls_free(operation->ctx.hkdf.info); + status = psa_hmac_abort_internal(&operation->ctx.hkdf.hmac); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - { - if( operation->ctx.tls12_prf.seed != NULL ) - { - mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed, - operation->ctx.tls12_prf.seed_length ); - mbedtls_free( operation->ctx.tls12_prf.seed ); - } + if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || + /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ + PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { + if (operation->ctx.tls12_prf.seed != NULL) { + mbedtls_platform_zeroize(operation->ctx.tls12_prf.seed, + operation->ctx.tls12_prf.seed_length); + mbedtls_free(operation->ctx.tls12_prf.seed); + } - if( operation->ctx.tls12_prf.label != NULL ) - { - mbedtls_platform_zeroize( operation->ctx.tls12_prf.label, - operation->ctx.tls12_prf.label_length ); - mbedtls_free( operation->ctx.tls12_prf.label ); - } + if (operation->ctx.tls12_prf.label != NULL) { + mbedtls_platform_zeroize(operation->ctx.tls12_prf.label, + operation->ctx.tls12_prf.label_length); + mbedtls_free(operation->ctx.tls12_prf.label); + } - status = psa_hmac_abort_internal( &operation->ctx.tls12_prf.hmac ); + status = psa_hmac_abort_internal(&operation->ctx.tls12_prf.hmac); - /* We leave the fields Ai and output_block to be erased safely by the - * mbedtls_platform_zeroize() in the end of this function. */ - } - else + /* We leave the fields Ai and output_block to be erased safely by the + * mbedtls_platform_zeroize() in the end of this function. */ + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */ - { - status = PSA_ERROR_BAD_STATE; - } - mbedtls_platform_zeroize( operation, sizeof( *operation ) ); - return( status ); + { + status = PSA_ERROR_BAD_STATE; + } + mbedtls_platform_zeroize(operation, sizeof(*operation)); + return (status); } psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, - size_t *capacity) -{ - if( operation->alg == 0 ) - { + size_t *capacity) { + if (operation->alg == 0) { /* This is a blank key derivation operation. */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } *capacity = operation->capacity; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation, - size_t capacity ) -{ - if( operation->alg == 0 ) - return( PSA_ERROR_BAD_STATE ); - if( capacity > operation->capacity ) - return( PSA_ERROR_INVALID_ARGUMENT ); +psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, + size_t capacity) { + if (operation->alg == 0) + return (PSA_ERROR_BAD_STATE); + if (capacity > operation->capacity) + return (PSA_ERROR_INVALID_ARGUMENT); operation->capacity = capacity; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) /* Read some bytes from an HKDF-based operation. This performs a chunk * of the expand phase of the HKDF algorithm. */ -static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, - uint8_t *output, - size_t output_length ) -{ - uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); +static psa_status_t psa_key_derivation_hkdf_read(psa_hkdf_key_derivation_t *hkdf, + psa_algorithm_t hash_alg, + uint8_t *output, + size_t output_length) { + uint8_t hash_length = PSA_HASH_LENGTH(hash_alg); psa_status_t status; - if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set ) - return( PSA_ERROR_BAD_STATE ); + if (hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set) + return (PSA_ERROR_BAD_STATE); hkdf->state = HKDF_STATE_OUTPUT; - while( output_length != 0 ) - { + while (output_length != 0) { /* Copy what remains of the current block */ uint8_t n = hash_length - hkdf->offset_in_block; - if( n > output_length ) + if (n > output_length) n = (uint8_t) output_length; - memcpy( output, hkdf->output_block + hkdf->offset_in_block, n ); + memcpy(output, hkdf->output_block + hkdf->offset_in_block, n); output += n; output_length -= n; hkdf->offset_in_block += n; - if( output_length == 0 ) + if (output_length == 0) break; /* We can't be wanting more output after block 0xff, otherwise * the capacity check in psa_key_derivation_output_bytes() would have * prevented this call. It could happen only if the operation * object was corrupted or if this function is called directly * inside the library. */ - if( hkdf->block_number == 0xff ) - return( PSA_ERROR_BAD_STATE ); + if (hkdf->block_number == 0xff) + return (PSA_ERROR_BAD_STATE); /* We need a new block */ ++hkdf->block_number; hkdf->offset_in_block = 0; - status = psa_hmac_setup_internal( &hkdf->hmac, - hkdf->prk, hash_length, - hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); - if( hkdf->block_number != 1 ) - { - status = psa_hash_update( &hkdf->hmac.hash_ctx, - hkdf->output_block, - hash_length ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_hmac_setup_internal(&hkdf->hmac, + hkdf->prk, hash_length, + hash_alg); + if (status != PSA_SUCCESS) + return (status); + if (hkdf->block_number != 1) { + status = psa_hash_update(&hkdf->hmac.hash_ctx, + hkdf->output_block, + hash_length); + if (status != PSA_SUCCESS) + return (status); } - status = psa_hash_update( &hkdf->hmac.hash_ctx, - hkdf->info, - hkdf->info_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_hash_update( &hkdf->hmac.hash_ctx, - &hkdf->block_number, 1 ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_hmac_finish_internal( &hkdf->hmac, - hkdf->output_block, - sizeof( hkdf->output_block ) ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_hash_update(&hkdf->hmac.hash_ctx, + hkdf->info, + hkdf->info_length); + if (status != PSA_SUCCESS) + return (status); + status = psa_hash_update(&hkdf->hmac.hash_ctx, + &hkdf->block_number, 1); + if (status != PSA_SUCCESS) + return (status); + status = psa_hmac_finish_internal(&hkdf->hmac, + hkdf->output_block, + sizeof(hkdf->output_block)); + if (status != PSA_SUCCESS) + return (status); } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ @@ -4756,10 +4432,9 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( psa_tls12_prf_key_derivation_t *tls12_prf, - psa_algorithm_t alg ) -{ - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); - uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); + psa_algorithm_t alg) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(alg); + uint8_t hash_length = PSA_HASH_LENGTH(hash_alg); psa_hash_operation_t backup = PSA_HASH_OPERATION_INIT; psa_status_t status, cleanup_status; @@ -4768,8 +4443,8 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( * prevented this call. It could happen only if the operation * object was corrupted or if this function is called directly * inside the library. */ - if( tls12_prf->block_number == 0xff ) - return( PSA_ERROR_CORRUPTION_DETECTED ); + if (tls12_prf->block_number == 0xff) + return (PSA_ERROR_CORRUPTION_DETECTED); /* We need a new block */ ++tls12_prf->block_number; @@ -4795,110 +4470,104 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( /* Save the hash context before using it, to preserve the hash state with * only the inner padding in it. We need this, because inner padding depends * on the key (secret in the RFC's terminology). */ - status = psa_hash_clone( &tls12_prf->hmac.hash_ctx, &backup ); - if( status != PSA_SUCCESS ) + status = psa_hash_clone(&tls12_prf->hmac.hash_ctx, &backup); + if (status != PSA_SUCCESS) goto cleanup; /* Calculate A(i) where i = tls12_prf->block_number. */ - if( tls12_prf->block_number == 1 ) - { + if (tls12_prf->block_number == 1) { /* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads * the variable seed and in this instance means it in the context of the * P_hash function, where seed = label + seed.) */ - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->label, tls12_prf->label_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&tls12_prf->hmac.hash_ctx, + tls12_prf->label, tls12_prf->label_length); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->seed, tls12_prf->seed_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&tls12_prf->hmac.hash_ctx, + tls12_prf->seed, tls12_prf->seed_length); + if (status != PSA_SUCCESS) goto cleanup; - } - else - { + } else { /* A(i) = HMAC_hash(secret, A(i-1)) */ - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->Ai, hash_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&tls12_prf->hmac.hash_ctx, + tls12_prf->Ai, hash_length); + if (status != PSA_SUCCESS) goto cleanup; } - status = psa_hmac_finish_internal( &tls12_prf->hmac, - tls12_prf->Ai, hash_length ); - if( status != PSA_SUCCESS ) + status = psa_hmac_finish_internal(&tls12_prf->hmac, + tls12_prf->Ai, hash_length); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx ); - if( status != PSA_SUCCESS ) + status = psa_hash_clone(&backup, &tls12_prf->hmac.hash_ctx); + if (status != PSA_SUCCESS) goto cleanup; /* Calculate HMAC_hash(secret, A(i) + label + seed). */ - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->Ai, hash_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&tls12_prf->hmac.hash_ctx, + tls12_prf->Ai, hash_length); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->label, tls12_prf->label_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&tls12_prf->hmac.hash_ctx, + tls12_prf->label, tls12_prf->label_length); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->seed, tls12_prf->seed_length ); - if( status != PSA_SUCCESS ) + status = psa_hash_update(&tls12_prf->hmac.hash_ctx, + tls12_prf->seed, tls12_prf->seed_length); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hmac_finish_internal( &tls12_prf->hmac, - tls12_prf->output_block, hash_length ); - if( status != PSA_SUCCESS ) + status = psa_hmac_finish_internal(&tls12_prf->hmac, + tls12_prf->output_block, hash_length); + if (status != PSA_SUCCESS) goto cleanup; - status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx ); - if( status != PSA_SUCCESS ) + status = psa_hash_clone(&backup, &tls12_prf->hmac.hash_ctx); + if (status != PSA_SUCCESS) goto cleanup; cleanup: - cleanup_status = psa_hash_abort( &backup ); - if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS ) + cleanup_status = psa_hash_abort(&backup); + if (status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS) status = cleanup_status; - return( status ); + return (status); } static psa_status_t psa_key_derivation_tls12_prf_read( psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg, uint8_t *output, - size_t output_length ) -{ - psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg ); - uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); + size_t output_length) { + psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH(alg); + uint8_t hash_length = PSA_HASH_LENGTH(hash_alg); psa_status_t status; uint8_t offset, length; - while( output_length != 0 ) - { + while (output_length != 0) { /* Check if we have fully processed the current block. */ - if( tls12_prf->left_in_block == 0 ) - { - status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf, - alg ); - if( status != PSA_SUCCESS ) - return( status ); + if (tls12_prf->left_in_block == 0) { + status = psa_key_derivation_tls12_prf_generate_next_block(tls12_prf, + alg); + if (status != PSA_SUCCESS) + return (status); continue; } - if( tls12_prf->left_in_block > output_length ) + if (tls12_prf->left_in_block > output_length) length = (uint8_t) output_length; else length = tls12_prf->left_in_block; offset = hash_length - tls12_prf->left_in_block; - memcpy( output, tls12_prf->output_block + offset, length ); + memcpy(output, tls12_prf->output_block + offset, length); output += length; output_length -= length; tls12_prf->left_in_block -= length; } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ @@ -4906,141 +4575,129 @@ static psa_status_t psa_key_derivation_tls12_prf_read( psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, uint8_t *output, - size_t output_length ) -{ + size_t output_length) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); - if( operation->alg == 0 ) - { + if (operation->alg == 0) { /* This is a blank operation. */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } - if( output_length > operation->capacity ) - { + if (output_length > operation->capacity) { operation->capacity = 0; /* Go through the error path to wipe all confidential data now * that the operation object is useless. */ status = PSA_ERROR_INSUFFICIENT_DATA; goto exit; } - if( output_length == 0 && operation->capacity == 0 ) - { + if (output_length == 0 && operation->capacity == 0) { /* Edge case: this is a finished operation, and 0 bytes * were requested. The right error in this case could * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return * INSUFFICIENT_CAPACITY, which is right for a finished * operation, for consistency with the case when * output_length > 0. */ - return( PSA_ERROR_INSUFFICIENT_DATA ); + return (PSA_ERROR_INSUFFICIENT_DATA); } operation->capacity -= output_length; #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) - { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg, - output, output_length ); - } - else + if (PSA_ALG_IS_HKDF(kdf_alg)) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); + status = psa_key_derivation_hkdf_read(&operation->ctx.hkdf, hash_alg, + output, output_length); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - { - status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf, - kdf_alg, output, - output_length ); - } - else + if (PSA_ALG_IS_TLS12_PRF(kdf_alg) || + PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { + status = psa_key_derivation_tls12_prf_read(&operation->ctx.tls12_prf, + kdf_alg, output, + output_length); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ - { - (void) kdf_alg; - return( PSA_ERROR_BAD_STATE ); - } + { + (void) kdf_alg; + return (PSA_ERROR_BAD_STATE); + } exit: - if( status != PSA_SUCCESS ) - { + if (status != PSA_SUCCESS) { /* Preserve the algorithm upon errors, but clear all sensitive state. * This allows us to differentiate between exhausted operations and * blank operations, so we can return PSA_ERROR_BAD_STATE on blank * operations. */ psa_algorithm_t alg = operation->alg; - psa_key_derivation_abort( operation ); + psa_key_derivation_abort(operation); operation->alg = alg; - memset( output, '!', output_length ); + memset(output, '!', output_length); } - return( status ); + return (status); } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) -static void psa_des_set_key_parity( uint8_t *data, size_t data_size ) -{ - if( data_size >= 8 ) - mbedtls_des_key_set_parity( data ); - if( data_size >= 16 ) - mbedtls_des_key_set_parity( data + 8 ); - if( data_size >= 24 ) - mbedtls_des_key_set_parity( data + 16 ); +static void psa_des_set_key_parity(uint8_t *data, size_t data_size) { + if (data_size >= 8) + mbedtls_des_key_set_parity(data); + if (data_size >= 16) + mbedtls_des_key_set_parity(data + 8); + if (data_size >= 24) + mbedtls_des_key_set_parity(data + 16); } #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ static psa_status_t psa_generate_derived_key_internal( psa_key_slot_t *slot, size_t bits, - psa_key_derivation_operation_t *operation ) -{ + psa_key_derivation_operation_t *operation) { uint8_t *data = NULL; - size_t bytes = PSA_BITS_TO_BYTES( bits ); + size_t bytes = PSA_BITS_TO_BYTES(bits); psa_status_t status; - if( ! key_type_is_raw_bytes( slot->attr.type ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - if( bits % 8 != 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - data = mbedtls_calloc( 1, bytes ); - if( data == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if (! key_type_is_raw_bytes(slot->attr.type)) + return (PSA_ERROR_INVALID_ARGUMENT); + if (bits % 8 != 0) + return (PSA_ERROR_INVALID_ARGUMENT); + data = mbedtls_calloc(1, bytes); + if (data == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - status = psa_key_derivation_output_bytes( operation, data, bytes ); - if( status != PSA_SUCCESS ) + status = psa_key_derivation_output_bytes(operation, data, bytes); + if (status != PSA_SUCCESS) goto exit; #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) - if( slot->attr.type == PSA_KEY_TYPE_DES ) - psa_des_set_key_parity( data, bytes ); + if (slot->attr.type == PSA_KEY_TYPE_DES) + psa_des_set_key_parity(data, bytes); #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ - status = psa_allocate_buffer_to_slot( slot, bytes ); - if( status != PSA_SUCCESS ) + status = psa_allocate_buffer_to_slot(slot, bytes); + if (status != PSA_SUCCESS) goto exit; slot->attr.bits = (psa_key_bits_t) bits; psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; - status = psa_driver_wrapper_import_key( &attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits ); - if( bits != slot->attr.bits ) + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + if (bits != slot->attr.bits) status = PSA_ERROR_INVALID_ARGUMENT; exit: - mbedtls_free( data ); - return( status ); + mbedtls_free(data); + return (status); } -psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t *key ) -{ +psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; @@ -5049,33 +4706,31 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut /* Reject any attempt to create a zero-length key so that we don't * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ - if( psa_get_key_bits( attributes ) == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (psa_get_key_bits(attributes) == 0) + return (PSA_ERROR_INVALID_ARGUMENT); - if( ! operation->can_output_key ) - return( PSA_ERROR_NOT_PERMITTED ); + if (! operation->can_output_key) + return (PSA_ERROR_NOT_PERMITTED); - status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes, - &slot, &driver ); + status = psa_start_key_creation(PSA_KEY_CREATION_DERIVE, attributes, + &slot, &driver); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( driver != NULL ) - { + if (driver != NULL) { /* Deriving a key in a secure element is not implemented yet. */ status = PSA_ERROR_NOT_SUPPORTED; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( status == PSA_SUCCESS ) - { - status = psa_generate_derived_key_internal( slot, - attributes->core.bits, - operation ); + if (status == PSA_SUCCESS) { + status = psa_generate_derived_key_internal(slot, + attributes->core.bits, + operation); } - if( status == PSA_SUCCESS ) - status = psa_finish_key_creation( slot, driver, key ); - if( status != PSA_SUCCESS ) - psa_fail_key_creation( slot, driver ); + if (status == PSA_SUCCESS) + status = psa_finish_key_creation(slot, driver, key); + if (status != PSA_SUCCESS) + psa_fail_key_creation(slot, driver); - return( status ); + return (status); } @@ -5087,234 +4742,215 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut #if defined(AT_LEAST_ONE_BUILTIN_KDF) static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, - psa_algorithm_t kdf_alg ) -{ + psa_algorithm_t kdf_alg) { int is_kdf_alg_supported; /* Make sure that operation->ctx is properly zero-initialised. (Macro * initialisers for this union leave some bytes unspecified.) */ - memset( &operation->ctx, 0, sizeof( operation->ctx ) ); + memset(&operation->ctx, 0, sizeof(operation->ctx)); /* Make sure that kdf_alg is a supported key derivation algorithm. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) + if (PSA_ALG_IS_HKDF(kdf_alg)) is_kdf_alg_supported = 1; else #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) - is_kdf_alg_supported = 1; - else + if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) + is_kdf_alg_supported = 1; + else #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) - if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - is_kdf_alg_supported = 1; - else + if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) + is_kdf_alg_supported = 1; + else #endif - is_kdf_alg_supported = 0; + is_kdf_alg_supported = 0; - if( is_kdf_alg_supported ) - { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - size_t hash_size = PSA_HASH_LENGTH( hash_alg ); - if( hash_size == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) && - ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) ) - { - return( PSA_ERROR_NOT_SUPPORTED ); + if (is_kdf_alg_supported) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); + size_t hash_size = PSA_HASH_LENGTH(hash_alg); + if (hash_size == 0) + return (PSA_ERROR_NOT_SUPPORTED); + if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || + PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) && + !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { + return (PSA_ERROR_NOT_SUPPORTED); } operation->capacity = 255 * hash_size; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } #endif /* AT_LEAST_ONE_BUILTIN_KDF */ -psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation, - psa_algorithm_t alg ) -{ +psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, + psa_algorithm_t alg) { psa_status_t status; - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); + if (operation->alg != 0) + return (PSA_ERROR_BAD_STATE); - if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - { + if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) + return (PSA_ERROR_INVALID_ARGUMENT); + else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) { #if defined(AT_LEAST_ONE_BUILTIN_KDF) - psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); - status = psa_key_derivation_setup_kdf( operation, kdf_alg ); + psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); + status = psa_key_derivation_setup_kdf(operation, kdf_alg); #else - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* AT_LEAST_ONE_BUILTIN_KDF */ - } - else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) - { + } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) { #if defined(AT_LEAST_ONE_BUILTIN_KDF) - status = psa_key_derivation_setup_kdf( operation, alg ); + status = psa_key_derivation_setup_kdf(operation, alg); #else - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* AT_LEAST_ONE_BUILTIN_KDF */ - } - else - return( PSA_ERROR_INVALID_ARGUMENT ); + } else + return (PSA_ERROR_INVALID_ARGUMENT); - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) operation->alg = alg; - return( status ); + return (status); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) -static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length ) -{ +static psa_status_t psa_hkdf_input(psa_hkdf_key_derivation_t *hkdf, + psa_algorithm_t hash_alg, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length) { psa_status_t status; - switch( step ) - { + switch (step) { case PSA_KEY_DERIVATION_INPUT_SALT: - if( hkdf->state != HKDF_STATE_INIT ) - return( PSA_ERROR_BAD_STATE ); - status = psa_hmac_setup_internal( &hkdf->hmac, - data, data_length, - hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); + if (hkdf->state != HKDF_STATE_INIT) + return (PSA_ERROR_BAD_STATE); + status = psa_hmac_setup_internal(&hkdf->hmac, + data, data_length, + hash_alg); + if (status != PSA_SUCCESS) + return (status); hkdf->state = HKDF_STATE_STARTED; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); case PSA_KEY_DERIVATION_INPUT_SECRET: /* If no salt was provided, use an empty salt. */ - if( hkdf->state == HKDF_STATE_INIT ) - { - status = psa_hmac_setup_internal( &hkdf->hmac, - NULL, 0, - hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); + if (hkdf->state == HKDF_STATE_INIT) { + status = psa_hmac_setup_internal(&hkdf->hmac, + NULL, 0, + hash_alg); + if (status != PSA_SUCCESS) + return (status); hkdf->state = HKDF_STATE_STARTED; } - if( hkdf->state != HKDF_STATE_STARTED ) - return( PSA_ERROR_BAD_STATE ); - status = psa_hash_update( &hkdf->hmac.hash_ctx, - data, data_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_hmac_finish_internal( &hkdf->hmac, - hkdf->prk, - sizeof( hkdf->prk ) ); - if( status != PSA_SUCCESS ) - return( status ); - hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); + if (hkdf->state != HKDF_STATE_STARTED) + return (PSA_ERROR_BAD_STATE); + status = psa_hash_update(&hkdf->hmac.hash_ctx, + data, data_length); + if (status != PSA_SUCCESS) + return (status); + status = psa_hmac_finish_internal(&hkdf->hmac, + hkdf->prk, + sizeof(hkdf->prk)); + if (status != PSA_SUCCESS) + return (status); + hkdf->offset_in_block = PSA_HASH_LENGTH(hash_alg); hkdf->block_number = 0; hkdf->state = HKDF_STATE_KEYED; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); case PSA_KEY_DERIVATION_INPUT_INFO: - if( hkdf->state == HKDF_STATE_OUTPUT ) - return( PSA_ERROR_BAD_STATE ); - if( hkdf->info_set ) - return( PSA_ERROR_BAD_STATE ); + if (hkdf->state == HKDF_STATE_OUTPUT) + return (PSA_ERROR_BAD_STATE); + if (hkdf->info_set) + return (PSA_ERROR_BAD_STATE); hkdf->info_length = data_length; - if( data_length != 0 ) - { - hkdf->info = mbedtls_calloc( 1, data_length ); - if( hkdf->info == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( hkdf->info, data, data_length ); + if (data_length != 0) { + hkdf->info = mbedtls_calloc(1, data_length); + if (hkdf->info == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); + memcpy(hkdf->info, data, data_length); } hkdf->info_set = 1; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); default: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) -static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf, - const uint8_t *data, - size_t data_length ) -{ - if( prf->state != PSA_TLS12_PRF_STATE_INIT ) - return( PSA_ERROR_BAD_STATE ); +static psa_status_t psa_tls12_prf_set_seed(psa_tls12_prf_key_derivation_t *prf, + const uint8_t *data, + size_t data_length) { + if (prf->state != PSA_TLS12_PRF_STATE_INIT) + return (PSA_ERROR_BAD_STATE); - if( data_length != 0 ) - { - prf->seed = mbedtls_calloc( 1, data_length ); - if( prf->seed == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if (data_length != 0) { + prf->seed = mbedtls_calloc(1, data_length); + if (prf->seed == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - memcpy( prf->seed, data, data_length ); + memcpy(prf->seed, data, data_length); prf->seed_length = data_length; } prf->state = PSA_TLS12_PRF_STATE_SEED_SET; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, - const uint8_t *data, - size_t data_length ) -{ +static psa_status_t psa_tls12_prf_set_key(psa_tls12_prf_key_derivation_t *prf, + psa_algorithm_t hash_alg, + const uint8_t *data, + size_t data_length) { psa_status_t status; - if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET ) - return( PSA_ERROR_BAD_STATE ); + if (prf->state != PSA_TLS12_PRF_STATE_SEED_SET) + return (PSA_ERROR_BAD_STATE); - status = psa_hmac_setup_internal( &prf->hmac, data, data_length, hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_hmac_setup_internal(&prf->hmac, data, data_length, hash_alg); + if (status != PSA_SUCCESS) + return (status); prf->state = PSA_TLS12_PRF_STATE_KEY_SET; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf, - const uint8_t *data, - size_t data_length ) -{ - if( prf->state != PSA_TLS12_PRF_STATE_KEY_SET ) - return( PSA_ERROR_BAD_STATE ); +static psa_status_t psa_tls12_prf_set_label(psa_tls12_prf_key_derivation_t *prf, + const uint8_t *data, + size_t data_length) { + if (prf->state != PSA_TLS12_PRF_STATE_KEY_SET) + return (PSA_ERROR_BAD_STATE); - if( data_length != 0 ) - { - prf->label = mbedtls_calloc( 1, data_length ); - if( prf->label == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if (data_length != 0) { + prf->label = mbedtls_calloc(1, data_length); + if (prf->label == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - memcpy( prf->label, data, data_length ); + memcpy(prf->label, data, data_length); prf->label_length = data_length; } prf->state = PSA_TLS12_PRF_STATE_LABEL_SET; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length ) -{ - switch( step ) - { +static psa_status_t psa_tls12_prf_input(psa_tls12_prf_key_derivation_t *prf, + psa_algorithm_t hash_alg, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length) { + switch (step) { case PSA_KEY_DERIVATION_INPUT_SEED: - return( psa_tls12_prf_set_seed( prf, data, data_length ) ); + return (psa_tls12_prf_set_seed(prf, data, data_length)); case PSA_KEY_DERIVATION_INPUT_SECRET: - return( psa_tls12_prf_set_key( prf, hash_alg, data, data_length ) ); + return (psa_tls12_prf_set_key(prf, hash_alg, data, data_length)); case PSA_KEY_DERIVATION_INPUT_LABEL: - return( psa_tls12_prf_set_label( prf, data, data_length ) ); + return (psa_tls12_prf_set_label(prf, data, data_length)); default: - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || @@ -5325,14 +4961,13 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( psa_tls12_prf_key_derivation_t *prf, psa_algorithm_t hash_alg, const uint8_t *data, - size_t data_length ) -{ + size_t data_length) { psa_status_t status; uint8_t pms[ 4 + 2 * PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ]; uint8_t *cur = pms; - if( data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE) + return (PSA_ERROR_INVALID_ARGUMENT); /* Quoting RFC 4279, Section 2: * @@ -5341,19 +4976,19 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( * uint16 with the value N, and the PSK itself. */ - *cur++ = ( data_length >> 8 ) & 0xff; - *cur++ = ( data_length >> 0 ) & 0xff; - memset( cur, 0, data_length ); + *cur++ = (data_length >> 8) & 0xff; + *cur++ = (data_length >> 0) & 0xff; + memset(cur, 0, data_length); cur += data_length; *cur++ = pms[0]; *cur++ = pms[1]; - memcpy( cur, data, data_length ); + memcpy(cur, data, data_length); cur += data_length; - status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms ); + status = psa_tls12_prf_set_key(prf, hash_alg, pms, cur - pms); - mbedtls_platform_zeroize( pms, sizeof( pms ) ); - return( status ); + mbedtls_platform_zeroize(pms, sizeof(pms)); + return (status); } static psa_status_t psa_tls12_prf_psk_to_ms_input( @@ -5361,15 +4996,13 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( psa_algorithm_t hash_alg, psa_key_derivation_step_t step, const uint8_t *data, - size_t data_length ) -{ - if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) - { - return( psa_tls12_prf_psk_to_ms_set_key( prf, hash_alg, - data, data_length ) ); + size_t data_length) { + if (step == PSA_KEY_DERIVATION_INPUT_SECRET) { + return (psa_tls12_prf_psk_to_ms_set_key(prf, hash_alg, + data, data_length)); } - return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) ); + return (psa_tls12_prf_input(prf, hash_alg, step, data, data_length)); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ @@ -5384,27 +5017,25 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( */ static int psa_key_derivation_check_input_type( psa_key_derivation_step_t step, - psa_key_type_t key_type ) -{ - switch( step ) - { + psa_key_type_t key_type) { + switch (step) { case PSA_KEY_DERIVATION_INPUT_SECRET: - if( key_type == PSA_KEY_TYPE_DERIVE ) - return( PSA_SUCCESS ); - if( key_type == PSA_KEY_TYPE_NONE ) - return( PSA_SUCCESS ); + if (key_type == PSA_KEY_TYPE_DERIVE) + return (PSA_SUCCESS); + if (key_type == PSA_KEY_TYPE_NONE) + return (PSA_SUCCESS); break; case PSA_KEY_DERIVATION_INPUT_LABEL: case PSA_KEY_DERIVATION_INPUT_SALT: case PSA_KEY_DERIVATION_INPUT_INFO: case PSA_KEY_DERIVATION_INPUT_SEED: - if( key_type == PSA_KEY_TYPE_RAW_DATA ) - return( PSA_SUCCESS ); - if( key_type == PSA_KEY_TYPE_NONE ) - return( PSA_SUCCESS ); + if (key_type == PSA_KEY_TYPE_RAW_DATA) + return (PSA_SUCCESS); + if (key_type == PSA_KEY_TYPE_NONE) + return (PSA_SUCCESS); break; } - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } static psa_status_t psa_key_derivation_input_internal( @@ -5412,97 +5043,87 @@ static psa_status_t psa_key_derivation_input_internal( psa_key_derivation_step_t step, psa_key_type_t key_type, const uint8_t *data, - size_t data_length ) -{ + size_t data_length) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); - status = psa_key_derivation_check_input_type( step, key_type ); - if( status != PSA_SUCCESS ) + status = psa_key_derivation_check_input_type(step, key_type); + if (status != PSA_SUCCESS) goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) - { - status = psa_hkdf_input( &operation->ctx.hkdf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), - step, data, data_length ); - } - else + if (PSA_ALG_IS_HKDF(kdf_alg)) { + status = psa_hkdf_input(&operation->ctx.hkdf, + PSA_ALG_HKDF_GET_HASH(kdf_alg), + step, data, data_length); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) - { - status = psa_tls12_prf_input( &operation->ctx.tls12_prf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), - step, data, data_length ); - } - else + if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) { + status = psa_tls12_prf_input(&operation->ctx.tls12_prf, + PSA_ALG_HKDF_GET_HASH(kdf_alg), + step, data, data_length); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) - if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) - { - status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), - step, data, data_length ); - } - else + if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { + status = psa_tls12_prf_psk_to_ms_input(&operation->ctx.tls12_prf, + PSA_ALG_HKDF_GET_HASH(kdf_alg), + step, data, data_length); + } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ - { - /* This can't happen unless the operation object was not initialized */ - (void) data; - (void) data_length; - (void) kdf_alg; - return( PSA_ERROR_BAD_STATE ); - } + { + /* This can't happen unless the operation object was not initialized */ + (void) data; + (void) data_length; + (void) kdf_alg; + return (PSA_ERROR_BAD_STATE); + } exit: - if( status != PSA_SUCCESS ) - psa_key_derivation_abort( operation ); - return( status ); + if (status != PSA_SUCCESS) + psa_key_derivation_abort(operation); + return (status); } psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, - size_t data_length ) -{ - return( psa_key_derivation_input_internal( operation, step, - PSA_KEY_TYPE_NONE, - data, data_length ) ); + size_t data_length) { + return (psa_key_derivation_input_internal(operation, step, + PSA_KEY_TYPE_NONE, + data, data_length)); } psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, - mbedtls_svc_key_id_t key ) -{ + mbedtls_svc_key_id_t key) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; status = psa_get_and_lock_transparent_key_slot_with_policy( - key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( operation ); - return( status ); + key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(operation); + return (status); } /* Passing a key object as a SECRET input unlocks the permission * to output to a key object. */ - if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) + if (step == PSA_KEY_DERIVATION_INPUT_SECRET) operation->can_output_key = 1; - status = psa_key_derivation_input_internal( operation, - step, slot->attr.type, - slot->key.data, - slot->key.bytes ); + status = psa_key_derivation_input_internal(operation, + step, slot->attr.type, + slot->key.data, + slot->key.bytes); - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } @@ -5512,92 +5133,89 @@ psa_status_t psa_key_derivation_input_key( /****************************************************************/ #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) -static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, - size_t peer_key_length, - const mbedtls_ecp_keypair *our_key, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length ) -{ +static psa_status_t psa_key_agreement_ecdh(const uint8_t *peer_key, + size_t peer_key_length, + const mbedtls_ecp_keypair *our_key, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) { mbedtls_ecp_keypair *their_key = NULL; mbedtls_ecdh_context ecdh; psa_status_t status; size_t bits = 0; - psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits ); - mbedtls_ecdh_init( &ecdh ); + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(our_key->grp.id, &bits); + mbedtls_ecdh_init(&ecdh); status = mbedtls_psa_ecp_load_representation( PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve), bits, peer_key, peer_key_length, - &their_key ); - if( status != PSA_SUCCESS ) + &their_key); + if (status != PSA_SUCCESS) goto exit; status = mbedtls_to_psa_error( - mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecdh_get_params(&ecdh, their_key, MBEDTLS_ECDH_THEIRS)); + if (status != PSA_SUCCESS) goto exit; status = mbedtls_to_psa_error( - mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecdh_get_params(&ecdh, our_key, MBEDTLS_ECDH_OURS)); + if (status != PSA_SUCCESS) goto exit; status = mbedtls_to_psa_error( - mbedtls_ecdh_calc_secret( &ecdh, - shared_secret_length, - shared_secret, shared_secret_size, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecdh_calc_secret(&ecdh, + shared_secret_length, + shared_secret, shared_secret_size, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); + if (status != PSA_SUCCESS) goto exit; - if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length ) + if (PSA_BITS_TO_BYTES(bits) != *shared_secret_length) status = PSA_ERROR_CORRUPTION_DETECTED; exit: - if( status != PSA_SUCCESS ) - mbedtls_platform_zeroize( shared_secret, shared_secret_size ); - mbedtls_ecdh_free( &ecdh ); - mbedtls_ecp_keypair_free( their_key ); - mbedtls_free( their_key ); + if (status != PSA_SUCCESS) + mbedtls_platform_zeroize(shared_secret, shared_secret_size); + mbedtls_ecdh_free(&ecdh); + mbedtls_ecp_keypair_free(their_key); + mbedtls_free(their_key); - return( status ); + return (status); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES -static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, - psa_key_slot_t *private_key, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length ) -{ - switch( alg ) - { +static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg, + psa_key_slot_t *private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) { + switch (alg) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) case PSA_ALG_ECDH: - if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (! PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) + return (PSA_ERROR_INVALID_ARGUMENT); mbedtls_ecp_keypair *ecp = NULL; psa_status_t status = mbedtls_psa_ecp_load_representation( private_key->attr.type, private_key->attr.bits, private_key->key.data, private_key->key.bytes, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_key_agreement_ecdh( peer_key, peer_key_length, - ecp, - shared_secret, shared_secret_size, - shared_secret_length ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - return( status ); + &ecp); + if (status != PSA_SUCCESS) + return (status); + status = psa_key_agreement_ecdh(peer_key, peer_key_length, + ecp, + shared_secret, shared_secret_size, + shared_secret_length); + mbedtls_ecp_keypair_free(ecp); + mbedtls_free(ecp); + return (status); #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */ default: (void) private_key; @@ -5606,111 +5224,105 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, (void) shared_secret; (void) shared_secret_size; (void) shared_secret_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } } /* Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_slot_t *private_key, - const uint8_t *peer_key, - size_t peer_key_length ) -{ +static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_slot_t *private_key, + const uint8_t *peer_key, + size_t peer_key_length) { psa_status_t status; uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE]; size_t shared_secret_length = 0; - psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg ); + psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg); /* Step 1: run the secret agreement algorithm to generate the shared * secret. */ - status = psa_key_agreement_raw_internal( ka_alg, - private_key, - peer_key, peer_key_length, - shared_secret, - sizeof( shared_secret ), - &shared_secret_length ); - if( status != PSA_SUCCESS ) + status = psa_key_agreement_raw_internal(ka_alg, + private_key, + peer_key, peer_key_length, + shared_secret, + sizeof(shared_secret), + &shared_secret_length); + if (status != PSA_SUCCESS) goto exit; /* Step 2: set up the key derivation to generate key material from * the shared secret. A shared secret is permitted wherever a key * of type DERIVE is permitted. */ - status = psa_key_derivation_input_internal( operation, step, - PSA_KEY_TYPE_DERIVE, - shared_secret, - shared_secret_length ); + status = psa_key_derivation_input_internal(operation, step, + PSA_KEY_TYPE_DERIVE, + shared_secret, + shared_secret_length); exit: - mbedtls_platform_zeroize( shared_secret, shared_secret_length ); - return( status ); + mbedtls_platform_zeroize(shared_secret, shared_secret_length); + return (status); } -psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, - size_t peer_key_length ) -{ +psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (! PSA_ALG_IS_KEY_AGREEMENT(operation->alg)) + return (PSA_ERROR_INVALID_ARGUMENT); status = psa_get_and_lock_transparent_key_slot_with_policy( - private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_key_agreement_internal( operation, step, - slot, - peer_key, peer_key_length ); - if( status != PSA_SUCCESS ) - psa_key_derivation_abort( operation ); - else - { + private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); + if (status != PSA_SUCCESS) + return (status); + status = psa_key_agreement_internal(operation, step, + slot, + peer_key, peer_key_length); + if (status != PSA_SUCCESS) + psa_key_derivation_abort(operation); + else { /* If a private key has been added as SECRET, we allow the derived * key material to be used as a key in PSA Crypto. */ - if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) + if (step == PSA_KEY_DERIVATION_INPUT_SECRET) operation->can_output_key = 1; } - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } -psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, - mbedtls_svc_key_id_t private_key, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ +psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, + mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ) - { + if (! PSA_ALG_IS_KEY_AGREEMENT(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } status = psa_get_and_lock_transparent_key_slot_with_policy( - private_key, &slot, PSA_KEY_USAGE_DERIVE, alg ); - if( status != PSA_SUCCESS ) + private_key, &slot, PSA_KEY_USAGE_DERIVE, alg); + if (status != PSA_SUCCESS) goto exit; - status = psa_key_agreement_raw_internal( alg, slot, - peer_key, peer_key_length, - output, output_size, - output_length ); + status = psa_key_agreement_raw_internal(alg, slot, + peer_key, peer_key_length, + output, output_size, + output_length); exit: - if( status != PSA_SUCCESS ) - { + if (status != PSA_SUCCESS) { /* If an error happens and is not handled properly, the output * may be used as a key to protect sensitive data. Arrange for such * a key to be random, which is likely to result in decryption or @@ -5718,13 +5330,13 @@ exit: * some constant data such as zeros, which would result in the data * being protected with a reproducible, easily knowable key. */ - psa_generate_random( output, output_size ); + psa_generate_random(output, output_size); *output_length = output_size; } - unlock_status = psa_unlock_key_slot( slot ); + unlock_status = psa_unlock_key_slot(slot); - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + return ((status == PSA_SUCCESS) ? unlock_status : status); } @@ -5735,97 +5347,92 @@ exit: /** Initialize the PSA random generator. */ -static void mbedtls_psa_random_init( mbedtls_psa_random_context_t *rng ) -{ +static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - memset( rng, 0, sizeof( *rng ) ); + memset(rng, 0, sizeof(*rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ /* Set default configuration if * mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */ - if( rng->entropy_init == NULL ) + if (rng->entropy_init == NULL) rng->entropy_init = mbedtls_entropy_init; - if( rng->entropy_free == NULL ) + if (rng->entropy_free == NULL) rng->entropy_free = mbedtls_entropy_free; - rng->entropy_init( &rng->entropy ); + rng->entropy_init(&rng->entropy); #if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) /* The PSA entropy injection feature depends on using NV seed as an entropy * source. Add NV seed as an entropy source for PSA entropy injection. */ - mbedtls_entropy_add_source( &rng->entropy, - mbedtls_nv_seed_poll, NULL, - MBEDTLS_ENTROPY_BLOCK_SIZE, - MBEDTLS_ENTROPY_SOURCE_STRONG ); + mbedtls_entropy_add_source(&rng->entropy, + mbedtls_nv_seed_poll, NULL, + MBEDTLS_ENTROPY_BLOCK_SIZE, + MBEDTLS_ENTROPY_SOURCE_STRONG); #endif - mbedtls_psa_drbg_init( MBEDTLS_PSA_RANDOM_STATE ); + mbedtls_psa_drbg_init(MBEDTLS_PSA_RANDOM_STATE); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } /** Deinitialize the PSA random generator. */ -static void mbedtls_psa_random_free( mbedtls_psa_random_context_t *rng ) -{ +static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - memset( rng, 0, sizeof( *rng ) ); + memset(rng, 0, sizeof(*rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free( MBEDTLS_PSA_RANDOM_STATE ); - rng->entropy_free( &rng->entropy ); + mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); + rng->entropy_free(&rng->entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } /** Seed the PSA random generator. */ -static psa_status_t mbedtls_psa_random_seed( mbedtls_psa_random_context_t *rng ) -{ +static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng) { #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) /* Do nothing: the external RNG seeds itself. */ (void) rng; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ const unsigned char drbg_seed[] = "PSA"; - int ret = mbedtls_psa_drbg_seed( &rng->entropy, - drbg_seed, sizeof( drbg_seed ) - 1 ); - return mbedtls_to_psa_error( ret ); + int ret = mbedtls_psa_drbg_seed(&rng->entropy, + drbg_seed, sizeof(drbg_seed) - 1); + return mbedtls_to_psa_error(ret); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } -psa_status_t psa_generate_random( uint8_t *output, - size_t output_size ) -{ +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size) { GUARD_MODULE_INITIALIZED; #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) size_t output_length = 0; - psa_status_t status = mbedtls_psa_external_get_random( &global_data.rng, - output, output_size, - &output_length ); - if( status != PSA_SUCCESS ) - return( status ); + psa_status_t status = mbedtls_psa_external_get_random(&global_data.rng, + output, output_size, + &output_length); + if (status != PSA_SUCCESS) + return (status); /* Breaking up a request into smaller chunks is currently not supported * for the extrernal RNG interface. */ - if( output_length != output_size ) - return( PSA_ERROR_INSUFFICIENT_ENTROPY ); - return( PSA_SUCCESS ); + if (output_length != output_size) + return (PSA_ERROR_INSUFFICIENT_ENTROPY); + return (PSA_SUCCESS); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - while( output_size > 0 ) - { + while (output_size > 0) { size_t request_size = - ( output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? - MBEDTLS_PSA_RANDOM_MAX_REQUEST : - output_size ); - int ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, - output, request_size ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); + (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? + MBEDTLS_PSA_RANDOM_MAX_REQUEST : + output_size); + int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, + output, request_size); + if (ret != 0) + return (mbedtls_to_psa_error(ret)); output_size -= request_size; output += request_size; } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } @@ -5843,39 +5450,37 @@ psa_status_t psa_generate_random( uint8_t *output, * as a constant function pointer to `mbedtls_xxx_drbg_random`. */ #if defined (MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -int mbedtls_psa_get_random( void *p_rng, - unsigned char *output, - size_t output_size ) -{ +int mbedtls_psa_get_random(void *p_rng, + unsigned char *output, + size_t output_size) { /* This function takes a pointer to the RNG state because that's what * classic mbedtls functions using an RNG expect. The PSA RNG manages * its own state internally and doesn't let the caller access that state. * So we just ignore the state parameter, and in practice we'll pass * NULL. */ (void) p_rng; - psa_status_t status = psa_generate_random( output, output_size ); - if( status == PSA_SUCCESS ) - return( 0 ); + psa_status_t status = psa_generate_random(output, output_size); + if (status == PSA_SUCCESS) + return (0); else - return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + return (MBEDTLS_ERR_ENTROPY_SOURCE_FAILED); } #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ #if defined(MBEDTLS_PSA_INJECT_ENTROPY) #include "mbedtls/entropy_poll.h" -psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, - size_t seed_size ) -{ - if( global_data.initialized ) - return( PSA_ERROR_NOT_PERMITTED ); +psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, + size_t seed_size) { + if (global_data.initialized) + return (PSA_ERROR_NOT_PERMITTED); - if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) || - ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) || - ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (((seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM) || + (seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE)) || + (seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE)) + return (PSA_ERROR_INVALID_ARGUMENT); - return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) ); + return (mbedtls_psa_storage_inject_entropy(seed, seed_size)); } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ @@ -5893,102 +5498,87 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed, * the two is not supported. */ static psa_status_t psa_validate_key_type_and_size_for_key_generation( - psa_key_type_t type, size_t bits ) -{ + psa_key_type_t type, size_t bits) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( key_type_is_raw_bytes( type ) ) - { - status = validate_unstructured_key_bit_size( type, bits ); - if( status != PSA_SUCCESS ) - return( status ); - } - else + if (key_type_is_raw_bytes(type)) { + status = validate_unstructured_key_bit_size(type, bits); + if (status != PSA_SUCCESS) + return (status); + } else #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) - if( PSA_KEY_TYPE_IS_RSA( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) - { - if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (PSA_KEY_TYPE_IS_RSA(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) + return (PSA_ERROR_NOT_SUPPORTED); - /* Accept only byte-aligned keys, for the same reasons as - * in psa_import_rsa_key(). */ - if( bits % 8 != 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - } - else + /* Accept only byte-aligned keys, for the same reasons as + * in psa_import_rsa_key(). */ + if (bits % 8 != 0) + return (PSA_ERROR_NOT_SUPPORTED); + } else #endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) */ #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) - if( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) - { - /* To avoid empty block, return successfully here. */ - return( PSA_SUCCESS ); - } - else + if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + /* To avoid empty block, return successfully here. */ + return (PSA_SUCCESS); + } else #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */ - { - return( PSA_ERROR_NOT_SUPPORTED ); - } + { + return (PSA_ERROR_NOT_SUPPORTED); + } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_type_t type = attributes->core.type; - if( ( attributes->domain_parameters == NULL ) && - ( attributes->domain_parameters_size != 0 ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if ((attributes->domain_parameters == NULL) && + (attributes->domain_parameters_size != 0)) + return (PSA_ERROR_INVALID_ARGUMENT); - if( key_type_is_raw_bytes( type ) ) - { - status = psa_generate_random( key_buffer, key_buffer_size ); - if( status != PSA_SUCCESS ) - return( status ); + if (key_type_is_raw_bytes(type)) { + status = psa_generate_random(key_buffer, key_buffer_size); + if (status != PSA_SUCCESS) + return (status); #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) - if( type == PSA_KEY_TYPE_DES ) - psa_des_set_key_parity( key_buffer, key_buffer_size ); + if (type == PSA_KEY_TYPE_DES) + psa_des_set_key_parity(key_buffer, key_buffer_size); #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */ - } - else + } else #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) - if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR ) - { - return( mbedtls_psa_rsa_generate_key( attributes, - key_buffer, - key_buffer_size, - key_buffer_length ) ); - } - else + if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + return (mbedtls_psa_rsa_generate_key(attributes, + key_buffer, + key_buffer_size, + key_buffer_length)); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) - if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) - { - return( mbedtls_psa_ecp_generate_key( attributes, - key_buffer, - key_buffer_size, - key_buffer_length ) ); - } - else + if (PSA_KEY_TYPE_IS_ECC(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + return (mbedtls_psa_ecp_generate_key(attributes, + key_buffer, + key_buffer_size, + key_buffer_length)); + } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ - { - (void)key_buffer_length; - return( PSA_ERROR_NOT_SUPPORTED ); - } + { + (void)key_buffer_length; + return (PSA_ERROR_NOT_SUPPORTED); + } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key ) -{ +psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; psa_se_drv_table_entry_t *driver = NULL; @@ -5998,58 +5588,54 @@ psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, /* Reject any attempt to create a zero-length key so that we don't * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ - if( psa_get_key_bits( attributes ) == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (psa_get_key_bits(attributes) == 0) + return (PSA_ERROR_INVALID_ARGUMENT); - status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes, - &slot, &driver ); - if( status != PSA_SUCCESS ) + status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes, + &slot, &driver); + if (status != PSA_SUCCESS) goto exit; /* In the case of a transparent key or an opaque key stored in local * storage (thus not in the case of generating a key in a secure element * or cryptoprocessor with storage), we have to allocate a buffer to * hold the generated key material. */ - if( slot->key.data == NULL ) - { - if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == - PSA_KEY_LOCATION_LOCAL_STORAGE ) - { + if (slot->key.data == NULL) { + if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) == + PSA_KEY_LOCATION_LOCAL_STORAGE) { status = psa_validate_key_type_and_size_for_key_generation( - attributes->core.type, attributes->core.bits ); - if( status != PSA_SUCCESS ) + attributes->core.type, attributes->core.bits); + if (status != PSA_SUCCESS) goto exit; key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( attributes->core.type, - attributes->core.bits ); - } - else - { + attributes->core.bits); + } else { status = psa_driver_wrapper_get_key_buffer_size( - attributes, &key_buffer_size ); - if( status != PSA_SUCCESS ) + attributes, &key_buffer_size); + if (status != PSA_SUCCESS) goto exit; } - status = psa_allocate_buffer_to_slot( slot, key_buffer_size ); - if( status != PSA_SUCCESS ) + status = psa_allocate_buffer_to_slot(slot, key_buffer_size); + if (status != PSA_SUCCESS) goto exit; } - status = psa_driver_wrapper_generate_key( attributes, - slot->key.data, slot->key.bytes, &slot->key.bytes ); + status = psa_driver_wrapper_generate_key(attributes, + slot->key.data, slot->key.bytes, &slot->key.bytes); - if( status != PSA_SUCCESS ) - psa_remove_key_data_from_memory( slot ); + if (status != PSA_SUCCESS) + psa_remove_key_data_from_memory(slot); exit: - if( status == PSA_SUCCESS ) - status = psa_finish_key_creation( slot, driver, key ); - if( status != PSA_SUCCESS ) - psa_fail_key_creation( slot, driver ); + if (status == PSA_SUCCESS) + status = psa_finish_key_creation(slot, driver, key); + if (status != PSA_SUCCESS) + psa_fail_key_creation(slot, driver); - return( status ); + return (status); } /****************************************************************/ @@ -6058,32 +5644,29 @@ exit: #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) psa_status_t mbedtls_psa_crypto_configure_entropy_sources( - void (* entropy_init )( mbedtls_entropy_context *ctx ), - void (* entropy_free )( mbedtls_entropy_context *ctx ) ) -{ - if( global_data.rng_state != RNG_NOT_INITIALIZED ) - return( PSA_ERROR_BAD_STATE ); + void (* entropy_init)(mbedtls_entropy_context *ctx), + void (* entropy_free)(mbedtls_entropy_context *ctx)) { + if (global_data.rng_state != RNG_NOT_INITIALIZED) + return (PSA_ERROR_BAD_STATE); global_data.rng.entropy_init = entropy_init; global_data.rng.entropy_free = entropy_free; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -void mbedtls_psa_crypto_free( void ) -{ - psa_wipe_all_key_slots( ); - if( global_data.rng_state != RNG_NOT_INITIALIZED ) - { - mbedtls_psa_random_free( &global_data.rng ); +void mbedtls_psa_crypto_free(void) { + psa_wipe_all_key_slots(); + if (global_data.rng_state != RNG_NOT_INITIALIZED) { + mbedtls_psa_random_free(&global_data.rng); } /* Wipe all remaining data, including configuration. * In particular, this sets all state indicator to the value * indicating "uninitialized". */ - mbedtls_platform_zeroize( &global_data, sizeof( global_data ) ); + mbedtls_platform_zeroize(&global_data, sizeof(global_data)); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Unregister all secure element drivers, so that we restart from * a pristine state. */ - psa_unregister_all_se_drivers( ); + psa_unregister_all_se_drivers(); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ } @@ -6095,61 +5678,55 @@ void mbedtls_psa_crypto_free( void ) * fails. */ static psa_status_t psa_crypto_recover_transaction( - const psa_crypto_transaction_t *transaction ) -{ - switch( transaction->unknown.type ) - { + const psa_crypto_transaction_t *transaction) { + switch (transaction->unknown.type) { case PSA_CRYPTO_TRANSACTION_CREATE_KEY: case PSA_CRYPTO_TRANSACTION_DESTROY_KEY: - /* TODO - fall through to the failure case until this - * is implemented. - * https://github.com/ARMmbed/mbed-crypto/issues/218 - */ + /* TODO - fall through to the failure case until this + * is implemented. + * https://github.com/ARMmbed/mbed-crypto/issues/218 + */ default: /* We found an unsupported transaction in the storage. * We don't know what state the storage is in. Give up. */ - return( PSA_ERROR_DATA_INVALID ); + return (PSA_ERROR_DATA_INVALID); } } #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ -psa_status_t psa_crypto_init( void ) -{ +psa_status_t psa_crypto_init(void) { psa_status_t status; /* Double initialization is explicitly allowed. */ - if( global_data.initialized != 0 ) - return( PSA_SUCCESS ); + if (global_data.initialized != 0) + return (PSA_SUCCESS); /* Initialize and seed the random generator. */ - mbedtls_psa_random_init( &global_data.rng ); + mbedtls_psa_random_init(&global_data.rng); global_data.rng_state = RNG_INITIALIZED; - status = mbedtls_psa_random_seed( &global_data.rng ); - if( status != PSA_SUCCESS ) + status = mbedtls_psa_random_seed(&global_data.rng); + if (status != PSA_SUCCESS) goto exit; global_data.rng_state = RNG_SEEDED; - status = psa_initialize_key_slots( ); - if( status != PSA_SUCCESS ) + status = psa_initialize_key_slots(); + if (status != PSA_SUCCESS) goto exit; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - status = psa_init_all_se_drivers( ); - if( status != PSA_SUCCESS ) + status = psa_init_all_se_drivers(); + if (status != PSA_SUCCESS) goto exit; #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) - status = psa_crypto_load_transaction( ); - if( status == PSA_SUCCESS ) - { - status = psa_crypto_recover_transaction( &psa_crypto_transaction ); - if( status != PSA_SUCCESS ) + status = psa_crypto_load_transaction(); + if (status == PSA_SUCCESS) { + status = psa_crypto_recover_transaction(&psa_crypto_transaction); + if (status != PSA_SUCCESS) goto exit; - status = psa_crypto_stop_transaction( ); - } - else if( status == PSA_ERROR_DOES_NOT_EXIST ) - { + status = psa_crypto_stop_transaction(); + } else if (status == PSA_ERROR_DOES_NOT_EXIST) { /* There's no transaction to complete. It's all good. */ status = PSA_SUCCESS; } @@ -6159,9 +5736,9 @@ psa_status_t psa_crypto_init( void ) global_data.initialized = 1; exit: - if( status != PSA_SUCCESS ) - mbedtls_psa_crypto_free( ); - return( status ); + if (status != PSA_SUCCESS) + mbedtls_psa_crypto_free(); + return (status); } #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/common/mbedtls/psa_crypto_client.c b/common/mbedtls/psa_crypto_client.c index e84cf3015..df35a96a7 100644 --- a/common/mbedtls/psa_crypto_client.c +++ b/common/mbedtls/psa_crypto_client.c @@ -31,32 +31,28 @@ #define mbedtls_free free #endif -void psa_reset_key_attributes( psa_key_attributes_t *attributes ) -{ - mbedtls_free( attributes->domain_parameters ); - memset( attributes, 0, sizeof( *attributes ) ); +void psa_reset_key_attributes(psa_key_attributes_t *attributes) { + mbedtls_free(attributes->domain_parameters); + memset(attributes, 0, sizeof(*attributes)); } -psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length ) -{ +psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, + psa_key_type_t type, + const uint8_t *data, + size_t data_length) { uint8_t *copy = NULL; - if( data_length != 0 ) - { - copy = mbedtls_calloc( 1, data_length ); - if( copy == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( copy, data, data_length ); + if (data_length != 0) { + copy = mbedtls_calloc(1, data_length); + if (copy == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); + memcpy(copy, data, data_length); } /* After this point, this function is guaranteed to succeed, so it * can start modifying `*attributes`. */ - if( attributes->domain_parameters != NULL ) - { - mbedtls_free( attributes->domain_parameters ); + if (attributes->domain_parameters != NULL) { + mbedtls_free(attributes->domain_parameters); attributes->domain_parameters = NULL; attributes->domain_parameters_size = 0; } @@ -64,20 +60,19 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes, attributes->domain_parameters = copy; attributes->domain_parameters_size = data_length; attributes->core.type = type; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } psa_status_t psa_get_key_domain_parameters( const psa_key_attributes_t *attributes, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - if( attributes->domain_parameters_size > data_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + uint8_t *data, size_t data_size, size_t *data_length) { + if (attributes->domain_parameters_size > data_size) + return (PSA_ERROR_BUFFER_TOO_SMALL); *data_length = attributes->domain_parameters_size; - if( attributes->domain_parameters_size != 0 ) - memcpy( data, attributes->domain_parameters, - attributes->domain_parameters_size ); - return( PSA_SUCCESS ); + if (attributes->domain_parameters_size != 0) + memcpy(data, attributes->domain_parameters, + attributes->domain_parameters_size); + return (PSA_SUCCESS); } #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ diff --git a/common/mbedtls/psa_crypto_core.h b/common/mbedtls/psa_crypto_core.h index da690444c..59fb49388 100644 --- a/common/mbedtls/psa_crypto_core.h +++ b/common/mbedtls/psa_crypto_core.h @@ -35,8 +35,7 @@ /** The data structure representing a key slot, containing key material * and metadata for one key. */ -typedef struct -{ +typedef struct { psa_core_key_attributes_t attr; /* @@ -66,8 +65,7 @@ typedef struct /* Dynamically allocated key data buffer. * Format as specified in psa_export_key(). */ - struct key_data - { + struct key_data { uint8_t *data; size_t bytes; } key; @@ -87,9 +85,8 @@ typedef struct * * \return 1 if the slot is occupied, 0 otherwise. */ -static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot ) -{ - return( slot->attr.type != 0 ); +static inline int psa_is_key_slot_occupied(const psa_key_slot_t *slot) { + return (slot->attr.type != 0); } /** Test whether a key slot is locked. @@ -100,9 +97,8 @@ static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot ) * * \return 1 if the slot is locked, 0 otherwise. */ -static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot ) -{ - return( slot->lock_count > 0 ); +static inline int psa_is_key_slot_locked(const psa_key_slot_t *slot) { + return (slot->lock_count > 0); } /** Retrieve flags from psa_key_slot_t::attr::core::flags. @@ -113,10 +109,9 @@ static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot ) * \return The key attribute flags in the given slot, * bitwise-anded with \p mask. */ -static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot, - uint16_t mask ) -{ - return( slot->attr.flags & mask ); +static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot, + uint16_t mask) { + return (slot->attr.flags & mask); } /** Set flags in psa_key_slot_t::attr::core::flags. @@ -125,12 +120,11 @@ static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot, * \param mask The mask of bits to modify. * \param value The new value of the selected bits. */ -static inline void psa_key_slot_set_flags( psa_key_slot_t *slot, - uint16_t mask, - uint16_t value ) -{ - slot->attr.flags = ( ( ~mask & slot->attr.flags ) | - ( mask & value ) ); +static inline void psa_key_slot_set_flags(psa_key_slot_t *slot, + uint16_t mask, + uint16_t value) { + slot->attr.flags = ((~mask & slot->attr.flags) | + (mask & value)); } /** Turn on flags in psa_key_slot_t::attr::core::flags. @@ -138,9 +132,8 @@ static inline void psa_key_slot_set_flags( psa_key_slot_t *slot, * \param[in,out] slot The key slot to modify. * \param mask The mask of bits to set. */ -static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot, - uint16_t mask ) -{ +static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot, + uint16_t mask) { slot->attr.flags |= mask; } @@ -149,9 +142,8 @@ static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot, * \param[in,out] slot The key slot to modify. * \param mask The mask of bits to clear. */ -static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot, - uint16_t mask ) -{ +static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot, + uint16_t mask) { slot->attr.flags &= ~mask; } @@ -163,9 +155,8 @@ static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot, * secure element, otherwise the behaviour is undefined. */ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( - const psa_key_slot_t *slot ) -{ - return( *( (psa_key_slot_number_t *)( slot->key.data ) ) ); + const psa_key_slot_t *slot) { + return (*((psa_key_slot_number_t *)(slot->key.data))); } #endif @@ -180,7 +171,7 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( * already fully wiped. * \retval #PSA_ERROR_CORRUPTION_DETECTED */ -psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ); +psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot); /** Copy key data (in export format) into an empty key slot. * @@ -199,9 +190,9 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ); * \retval #PSA_ERROR_ALREADY_EXISTS * There was other key material already present in the slot. */ -psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, - const uint8_t *data, - size_t data_length ); +psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot, + const uint8_t *data, + size_t data_length); /** Convert an mbed TLS error code to a PSA error code * @@ -212,7 +203,7 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, * * \return The corresponding PSA error code */ -psa_status_t mbedtls_to_psa_error( int ret ); +psa_status_t mbedtls_to_psa_error(int ret); /** Get Mbed TLS MD information of a hash algorithm given its PSA identifier * @@ -221,7 +212,7 @@ psa_status_t mbedtls_to_psa_error( int ret ); * \return The Mbed TLS MD information of the hash algorithm. \c NULL if the * PSA hash algorithm is not supported. */ -const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ); +const mbedtls_md_info_t *mbedtls_md_info_from_psa(psa_algorithm_t alg); /** Import a key in binary format. * @@ -253,7 +244,7 @@ psa_status_t psa_import_key_into_slot( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); + size_t *key_buffer_length, size_t *bits); /** Export a key in binary format * @@ -280,7 +271,7 @@ psa_status_t psa_import_key_into_slot( psa_status_t psa_export_key_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); /** Export a public key or the public part of a key pair in binary format. * @@ -308,7 +299,7 @@ psa_status_t psa_export_key_internal( psa_status_t psa_export_public_key_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); /** * \brief Generate a key. @@ -330,10 +321,10 @@ psa_status_t psa_export_public_key_internal( * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of \p key_buffer is too small. */ -psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, - size_t key_buffer_size, - size_t *key_buffer_length ); +psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length); /** Sign an already-calculated hash with a private key. * @@ -373,7 +364,7 @@ psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); /** * \brief Verify the signature a hash or short message using a public key. @@ -409,6 +400,6 @@ psa_status_t psa_verify_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); #endif /* PSA_CRYPTO_CORE_H */ diff --git a/common/mbedtls/psa_crypto_driver_wrappers.c b/common/mbedtls/psa_crypto_driver_wrappers.c index 6cf23cef9..33a62c1e9 100644 --- a/common/mbedtls/psa_crypto_driver_wrappers.c +++ b/common/mbedtls/psa_crypto_driver_wrappers.c @@ -61,83 +61,79 @@ psa_status_t psa_driver_wrapper_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_sign == NULL ) - { + if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) { + if (drv->asymmetric == NULL || + drv->asymmetric->p_sign == NULL) { /* Key is defined in SE, but we have no way to exercise it */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } - return( drv->asymmetric->p_sign( - drv_context, *( (psa_key_slot_number_t *)key_buffer ), + return (drv->asymmetric->p_sign( + drv_context, *((psa_key_slot_number_t *)key_buffer), alg, hash, hash_length, - signature, signature_size, signature_length ) ); + signature, signature_size, signature_length)); } #endif /* PSA_CRYPTO_SE_C */ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_signature_sign_hash( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ); + status = test_transparent_signature_sign_hash(attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); + if (status != PSA_ERROR_NOT_SUPPORTED) + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( psa_sign_hash_internal( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ) ); + return (psa_sign_hash_internal(attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length)); - /* Add cases for opaque driver here */ + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_signature_sign_hash( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ) ); + return (test_opaque_signature_sign_hash(attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ (void)status; - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } } @@ -145,80 +141,76 @@ psa_status_t psa_driver_wrapper_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ + const uint8_t *signature, size_t signature_length) { /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_verify == NULL ) - { + if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) { + if (drv->asymmetric == NULL || + drv->asymmetric->p_verify == NULL) { /* Key is defined in SE, but we have no way to exercise it */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } - return( drv->asymmetric->p_verify( - drv_context, *( (psa_key_slot_number_t *)key_buffer ), + return (drv->asymmetric->p_verify( + drv_context, *((psa_key_slot_number_t *)key_buffer), alg, hash, hash_length, - signature, signature_length ) ); + signature, signature_length)); } #endif /* PSA_CRYPTO_SE_C */ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_signature_verify_hash( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_length ); + status = test_transparent_signature_verify_hash(attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); + if (status != PSA_ERROR_NOT_SUPPORTED) + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( psa_verify_hash_internal( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_length ) ); + return (psa_verify_hash_internal(attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length)); - /* Add cases for opaque driver here */ + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_signature_verify_hash( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_length ) ); + return (test_opaque_signature_verify_hash(attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ (void)status; - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } } @@ -239,61 +231,51 @@ psa_status_t psa_driver_wrapper_verify_hash( */ psa_status_t psa_driver_wrapper_get_key_buffer_size( const psa_key_attributes_t *attributes, - size_t *key_buffer_size ) -{ - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + size_t *key_buffer_size) { + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); psa_key_type_t key_type = attributes->core.type; size_t key_bits = attributes->core.bits; *key_buffer_size = 0; - switch( location ) - { + switch (location) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: #ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION - *key_buffer_size = test_size_function( key_type, key_bits ); - return( PSA_SUCCESS ); + *key_buffer_size = test_size_function(key_type, key_bits); + return (PSA_SUCCESS); #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ - if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) ) - { + if (PSA_KEY_TYPE_IS_KEY_PAIR(key_type)) { int public_key_overhead = - ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ? - PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 ); + ((TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1) ? + PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) : 0); *key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE - + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE - + public_key_overhead; - } - else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) ) - { + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE + + public_key_overhead; + } else if (PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) { *key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE - + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; - } - else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) && - !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) ) - { + + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE; + } else if (!PSA_KEY_TYPE_IS_KEY_PAIR(key_type) && + !PSA_KEY_TYPE_IS_PUBLIC_KEY(key_type)) { *key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE - + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR - * ( ( key_bits + 7 ) / 8 ); + + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR + * ((key_bits + 7) / 8); + } else { + return (PSA_ERROR_NOT_SUPPORTED); } - else - { - return( PSA_ERROR_NOT_SUPPORTED ); - } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); #endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */ #endif /* PSA_CRYPTO_DRIVER_TEST */ default: (void)key_type; (void)key_bits; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } } psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); @@ -303,36 +285,32 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { + if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) { size_t pubkey_length = 0; /* We don't support this feature yet */ - if( drv->key_management == NULL || - drv->key_management->p_generate == NULL ) - { + if (drv->key_management == NULL || + drv->key_management->p_generate == NULL) { /* Key is defined as being in SE, but we have no way to generate it */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } - return( drv->key_management->p_generate( - drv_context, - *( (psa_key_slot_number_t *)key_buffer ), - attributes, NULL, 0, &pubkey_length ) ); + return (drv->key_management->p_generate( + drv_context, + *((psa_key_slot_number_t *)key_buffer), + attributes, NULL, 0, &pubkey_length)); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Transparent drivers are limited to generating asymmetric keys */ - if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) - { - /* Cycle through all known transparent accelerators */ + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type)) { + /* Cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_generate_key( - attributes, key_buffer, key_buffer_size, - key_buffer_length ); + attributes, key_buffer, key_buffer_size, + key_buffer_length); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) + if (status != PSA_ERROR_NOT_SUPPORTED) break; #endif /* PSA_CRYPTO_DRIVER_TEST */ } @@ -340,15 +318,15 @@ psa_status_t psa_driver_wrapper_generate_key( /* Software fallback */ status = psa_generate_key_internal( - attributes, key_buffer, key_buffer_size, key_buffer_length ); + attributes, key_buffer, key_buffer_size, key_buffer_length); break; - /* Add cases for opaque driver here */ + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: status = test_opaque_generate_key( - attributes, key_buffer, key_buffer_size, key_buffer_length ); + attributes, key_buffer, key_buffer_size, key_buffer_length); break; #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -359,7 +337,7 @@ psa_status_t psa_driver_wrapper_generate_key( break; } - return( status ); + return (status); } psa_status_t psa_driver_wrapper_import_key( @@ -369,68 +347,65 @@ psa_status_t psa_driver_wrapper_import_key( uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length, - size_t *bits ) -{ + size_t *bits) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - psa_get_key_lifetime( attributes ) ); + psa_get_key_lifetime(attributes)); /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( drv->key_management == NULL || - drv->key_management->p_import == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) { + if (drv->key_management == NULL || + drv->key_management->p_import == NULL) + return (PSA_ERROR_NOT_SUPPORTED); /* The driver should set the number of key bits, however in * case it doesn't, we initialize bits to an invalid value. */ *bits = PSA_MAX_KEY_BITS + 1; status = drv->key_management->p_import( - drv_context, - *( (psa_key_slot_number_t *)key_buffer ), - attributes, data, data_length, bits ); + drv_context, + *((psa_key_slot_number_t *)key_buffer), + attributes, data, data_length, bits); - if( status != PSA_SUCCESS ) - return( status ); + if (status != PSA_SUCCESS) + return (status); - if( (*bits) > PSA_MAX_KEY_BITS ) - return( PSA_ERROR_NOT_SUPPORTED ); + if ((*bits) > PSA_MAX_KEY_BITS) + return (PSA_ERROR_NOT_SUPPORTED); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #endif /* PSA_CRYPTO_SE_C */ - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_import_key( attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ); + status = test_transparent_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); + if (status != PSA_ERROR_NOT_SUPPORTED) + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( psa_import_key_into_slot( attributes, - data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + return (psa_import_key_into_slot(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits)); default: /* Importing a key with external storage in not yet supported. * Return in error indicating that the lifetime is not valid. */ (void)status; - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); } } @@ -438,132 +413,126 @@ psa_status_t psa_driver_wrapper_import_key( psa_status_t psa_driver_wrapper_export_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) + uint8_t *data, size_t data_size, size_t *data_length) { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - psa_get_key_lifetime( attributes ) ); + psa_get_key_lifetime(attributes)); /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( ( drv->key_management == NULL ) || - ( drv->key_management->p_export == NULL ) ) - { - return( PSA_ERROR_NOT_SUPPORTED ); + if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) { + if ((drv->key_management == NULL) || + (drv->key_management->p_export == NULL)) { + return (PSA_ERROR_NOT_SUPPORTED); } - return( drv->key_management->p_export( - drv_context, - *( (psa_key_slot_number_t *)key_buffer ), - data, data_size, data_length ) ); + return (drv->key_management->p_export( + drv_context, + *((psa_key_slot_number_t *)key_buffer), + data, data_size, data_length)); } #endif /* PSA_CRYPTO_SE_C */ - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: - return( psa_export_key_internal( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ) ); - - /* Add cases for opaque driver here */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_export_key( attributes, + return (psa_export_key_internal(attributes, key_buffer, key_buffer_size, data, data_size, - data_length ) ); + data_length)); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return (test_opaque_export_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + return (status); } } psa_status_t psa_driver_wrapper_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) + uint8_t *data, size_t data_size, size_t *data_length) { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - psa_get_key_lifetime( attributes ) ); + psa_get_key_lifetime(attributes)); /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( ( drv->key_management == NULL ) || - ( drv->key_management->p_export_public == NULL ) ) - { - return( PSA_ERROR_NOT_SUPPORTED ); + if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) { + if ((drv->key_management == NULL) || + (drv->key_management->p_export_public == NULL)) { + return (PSA_ERROR_NOT_SUPPORTED); } - return( drv->key_management->p_export_public( + return (drv->key_management->p_export_public( drv_context, - *( (psa_key_slot_number_t *)key_buffer ), - data, data_size, data_length ) ); + *((psa_key_slot_number_t *)key_buffer), + data, data_size, data_length)); } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_export_public_key( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ); + status = test_transparent_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); + if (status != PSA_ERROR_NOT_SUPPORTED) + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( psa_export_public_key_internal( attributes, - key_buffer, - key_buffer_size, - data, - data_size, - data_length ) ); - - /* Add cases for opaque driver here */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_export_public_key( attributes, + return (psa_export_public_key_internal(attributes, key_buffer, key_buffer_size, data, data_size, - data_length ) ); + data_length)); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return (test_opaque_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + return (status); } } @@ -577,52 +546,50 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ) -{ + size_t *output_length) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_cipher_encrypt( &attributes, - slot->key.data, - slot->key.bytes, - alg, - input, - input_length, - output, - output_size, - output_length ); + status = test_transparent_cipher_encrypt(&attributes, + slot->key.data, + slot->key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); + if (status != PSA_ERROR_NOT_SUPPORTED) + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); - /* Add cases for opaque driver here */ + return (PSA_ERROR_NOT_SUPPORTED); + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_cipher_encrypt( &attributes, - slot->key.data, - slot->key.bytes, - alg, - input, - input_length, - output, - output_size, - output_length ) ); + return (test_opaque_cipher_encrypt(&attributes, + slot->key.data, + slot->key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + return (status); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) slot; @@ -633,7 +600,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -644,52 +611,50 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ) -{ + size_t *output_length) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_cipher_decrypt( &attributes, - slot->key.data, - slot->key.bytes, - alg, - input, - input_length, - output, - output_size, - output_length ); + status = test_transparent_cipher_decrypt(&attributes, + slot->key.data, + slot->key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length); /* Declared with fallback == true */ - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); + if (status != PSA_ERROR_NOT_SUPPORTED) + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); - /* Add cases for opaque driver here */ + return (PSA_ERROR_NOT_SUPPORTED); + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_cipher_decrypt( &attributes, - slot->key.data, - slot->key.bytes, - alg, - input, - input_length, - output, - output_size, - output_length ) ); + return (test_opaque_cipher_decrypt(&attributes, + slot->key.data, + slot->key.bytes, + alg, + input, + input_length, + output, + output_size, + output_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + return (status); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) slot; @@ -700,169 +665,161 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_encrypt_setup( psa_operation_driver_context_t *operation, psa_key_slot_t *slot, - psa_algorithm_t alg ) -{ + psa_algorithm_t alg) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); - if( operation->ctx == NULL ) + operation->ctx = mbedtls_calloc(1, sizeof(test_transparent_cipher_operation_t)); + if (operation->ctx == NULL) return PSA_ERROR_INSUFFICIENT_MEMORY; - status = test_transparent_cipher_encrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, - alg ); + status = test_transparent_cipher_encrypt_setup(operation->ctx, + &attributes, + slot->key.data, + slot->key.bytes, + alg); /* Declared with fallback == true */ - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; - else - { + else { mbedtls_platform_zeroize( operation->ctx, - sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); + sizeof(test_transparent_cipher_operation_t)); + mbedtls_free(operation->ctx); operation->ctx = NULL; } - return( status ); + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); - /* Add cases for opaque driver here */ + return (PSA_ERROR_NOT_SUPPORTED); + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( operation->ctx == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + operation->ctx = mbedtls_calloc(1, sizeof(test_opaque_cipher_operation_t)); + if (operation->ctx == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - status = test_opaque_cipher_encrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, - alg ); - if( status == PSA_SUCCESS ) + status = test_opaque_cipher_encrypt_setup(operation->ctx, + &attributes, + slot->key.data, + slot->key.bytes, + alg); + if (status == PSA_SUCCESS) operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; - else - { + else { mbedtls_platform_zeroize( operation->ctx, - sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); + sizeof(test_opaque_cipher_operation_t)); + mbedtls_free(operation->ctx); operation->ctx = NULL; } - return( status ); + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)operation; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_decrypt_setup( psa_operation_driver_context_t *operation, psa_key_slot_t *slot, - psa_algorithm_t alg ) -{ + psa_algorithm_t alg) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_attributes_t attributes = { - .core = slot->attr + .core = slot->attr }; - switch( location ) - { + switch (location) { case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); - if( operation->ctx == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + operation->ctx = mbedtls_calloc(1, sizeof(test_transparent_cipher_operation_t)); + if (operation->ctx == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - status = test_transparent_cipher_decrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, - alg ); + status = test_transparent_cipher_decrypt_setup(operation->ctx, + &attributes, + slot->key.data, + slot->key.bytes, + alg); /* Declared with fallback == true */ - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; - else - { + else { mbedtls_platform_zeroize( operation->ctx, - sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); + sizeof(test_transparent_cipher_operation_t)); + mbedtls_free(operation->ctx); operation->ctx = NULL; } - return( status ); + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); - /* Add cases for opaque driver here */ + return (PSA_ERROR_NOT_SUPPORTED); + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( operation->ctx == NULL ) + operation->ctx = mbedtls_calloc(1, sizeof(test_opaque_cipher_operation_t)); + if (operation->ctx == NULL) return PSA_ERROR_INSUFFICIENT_MEMORY; - status = test_opaque_cipher_decrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, - alg ); - if( status == PSA_SUCCESS ) + status = test_opaque_cipher_decrypt_setup(operation->ctx, + &attributes, + slot->key.data, + slot->key.bytes, + alg); + if (status == PSA_SUCCESS) operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; - else - { + else { mbedtls_platform_zeroize( operation->ctx, - sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); + sizeof(test_opaque_cipher_operation_t)); + mbedtls_free(operation->ctx); operation->ctx = NULL; } - return( status ); + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; (void)alg; (void)operation; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -870,28 +827,26 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( psa_operation_driver_context_t *operation, uint8_t *iv, size_t iv_size, - size_t *iv_length ) -{ + size_t *iv_length) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) - { + switch (operation->id) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_generate_iv( operation->ctx, - iv, - iv_size, - iv_length ) ); + return (test_transparent_cipher_generate_iv(operation->ctx, + iv, + iv_size, + iv_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_generate_iv( operation->ctx, - iv, - iv_size, - iv_length ) ); + return (test_opaque_cipher_generate_iv(operation->ctx, + iv, + iv_size, + iv_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -899,40 +854,38 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( (void) iv_size; (void) iv_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_set_iv( psa_operation_driver_context_t *operation, const uint8_t *iv, - size_t iv_length ) -{ + size_t iv_length) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) - { + switch (operation->id) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_set_iv( operation->ctx, - iv, - iv_length ) ); + return (test_transparent_cipher_set_iv(operation->ctx, + iv, + iv_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_set_iv( operation->ctx, - iv, - iv_length ) ); + return (test_opaque_cipher_set_iv(operation->ctx, + iv, + iv_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; (void) iv; (void) iv_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -942,32 +895,30 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ) -{ + size_t *output_length) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) - { + switch (operation->id) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_update( operation->ctx, - input, - input_length, - output, - output_size, - output_length ) ); + return (test_transparent_cipher_update(operation->ctx, + input, + input_length, + output, + output_size, + output_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_update( operation->ctx, - input, - input_length, - output, - output_size, - output_length ) ); + return (test_opaque_cipher_update(operation->ctx, + input, + input_length, + output, + output_size, + output_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -977,7 +928,7 @@ psa_status_t psa_driver_wrapper_cipher_update( (void) output_length; (void) output_size; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } @@ -985,28 +936,26 @@ psa_status_t psa_driver_wrapper_cipher_finish( psa_operation_driver_context_t *operation, uint8_t *output, size_t output_size, - size_t *output_length ) -{ + size_t *output_length) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) - { + switch (operation->id) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_finish( operation->ctx, - output, - output_size, - output_length ) ); + return (test_transparent_cipher_finish(operation->ctx, + output, + output_size, + output_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_finish( operation->ctx, - output, - output_size, - output_length ) ); + return (test_opaque_cipher_finish(operation->ctx, + output, + output_size, + output_length)); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -1014,55 +963,53 @@ psa_status_t psa_driver_wrapper_cipher_finish( (void) output_size; (void) output_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_abort( - psa_operation_driver_context_t *operation ) -{ + psa_operation_driver_context_t *operation) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; /* The object has (apparently) been initialized but it is not in use. It's * ok to call abort on such an object, and there's nothing to do. */ - if( operation->ctx == NULL && operation->id == 0 ) - return( PSA_SUCCESS ); + if (operation->ctx == NULL && operation->id == 0) + return (PSA_SUCCESS); - switch( operation->id ) - { + switch (operation->id) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - status = test_transparent_cipher_abort( operation->ctx ); + status = test_transparent_cipher_abort(operation->ctx); mbedtls_platform_zeroize( operation->ctx, - sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); + sizeof(test_transparent_cipher_operation_t)); + mbedtls_free(operation->ctx); operation->ctx = NULL; operation->id = 0; - return( status ); + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - status = test_opaque_cipher_abort( operation->ctx ); + status = test_opaque_cipher_abort(operation->ctx); mbedtls_platform_zeroize( operation->ctx, - sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); + sizeof(test_opaque_cipher_operation_t)); + mbedtls_free(operation->ctx); operation->ctx = NULL; operation->id = 0; - return( status ); + return (status); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Operation is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return (PSA_ERROR_BAD_STATE); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)operation; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } diff --git a/common/mbedtls/psa_crypto_driver_wrappers.h b/common/mbedtls/psa_crypto_driver_wrappers.h index 22d22d61c..d4cdf5f5a 100644 --- a/common/mbedtls/psa_crypto_driver_wrappers.h +++ b/common/mbedtls/psa_crypto_driver_wrappers.h @@ -32,13 +32,13 @@ psa_status_t psa_driver_wrapper_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); psa_status_t psa_driver_wrapper_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); /* * Key handling functions @@ -48,25 +48,25 @@ psa_status_t psa_driver_wrapper_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); + size_t *key_buffer_length, size_t *bits); psa_status_t psa_driver_wrapper_export_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t psa_driver_wrapper_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t psa_driver_wrapper_get_key_buffer_size( const psa_key_attributes_t *attributes, - size_t *key_buffer_size ); + size_t *key_buffer_size); psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); /* * Cipher functions @@ -78,7 +78,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ); + size_t *output_length); psa_status_t psa_driver_wrapper_cipher_decrypt( psa_key_slot_t *slot, @@ -87,28 +87,28 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ); + size_t *output_length); psa_status_t psa_driver_wrapper_cipher_encrypt_setup( psa_operation_driver_context_t *operation, psa_key_slot_t *slot, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t psa_driver_wrapper_cipher_decrypt_setup( psa_operation_driver_context_t *operation, psa_key_slot_t *slot, - psa_algorithm_t alg ); + psa_algorithm_t alg); psa_status_t psa_driver_wrapper_cipher_generate_iv( psa_operation_driver_context_t *operation, uint8_t *iv, size_t iv_size, - size_t *iv_length ); + size_t *iv_length); psa_status_t psa_driver_wrapper_cipher_set_iv( psa_operation_driver_context_t *operation, const uint8_t *iv, - size_t iv_length ); + size_t iv_length); psa_status_t psa_driver_wrapper_cipher_update( psa_operation_driver_context_t *operation, @@ -116,16 +116,16 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t input_length, uint8_t *output, size_t output_size, - size_t *output_length ); + size_t *output_length); psa_status_t psa_driver_wrapper_cipher_finish( psa_operation_driver_context_t *operation, uint8_t *output, size_t output_size, - size_t *output_length ); + size_t *output_length); psa_status_t psa_driver_wrapper_cipher_abort( - psa_operation_driver_context_t *operation ); + psa_operation_driver_context_t *operation); #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ diff --git a/common/mbedtls/psa_crypto_ecp.c b/common/mbedtls/psa_crypto_ecp.c index 75ab1690d..e8fa4c6a4 100644 --- a/common/mbedtls/psa_crypto_ecp.c +++ b/common/mbedtls/psa_crypto_ecp.c @@ -73,25 +73,23 @@ psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, - mbedtls_ecp_keypair **p_ecp ) -{ + mbedtls_ecp_keypair **p_ecp) { mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; size_t curve_bytes = data_length; - int explicit_bits = ( curve_bits != 0 ); + int explicit_bits = (curve_bits != 0); - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) && - PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY ) - { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && + PSA_KEY_TYPE_ECC_GET_FAMILY(type) != PSA_ECC_FAMILY_MONTGOMERY) { /* A Weierstrass public key is represented as: * - The byte 0x04; * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. * So its data length is 2m+1 where m is the curve size in bits. */ - if( ( data_length & 1 ) == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if ((data_length & 1) == 0) + return (PSA_ERROR_INVALID_ARGUMENT); curve_bytes = data_length / 2; /* Montgomery public keys are represented in compressed format, meaning @@ -101,31 +99,27 @@ psa_status_t mbedtls_psa_ecp_load_representation( * format, meaning their curve_bytes is equal to the amount of input. */ } - if( explicit_bits ) - { + if (explicit_bits) { /* With an explicit bit-size, the data must have the matching length. */ - if( curve_bytes != PSA_BITS_TO_BYTES( curve_bits ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - } - else - { + if (curve_bytes != PSA_BITS_TO_BYTES(curve_bits)) + return (PSA_ERROR_INVALID_ARGUMENT); + } else { /* We need to infer the bit-size from the data. Since the only * information we have is the length in bytes, the value of curve_bits * at this stage is rounded up to the nearest multiple of 8. */ - curve_bits = PSA_BYTES_TO_BITS( curve_bytes ); + curve_bits = PSA_BYTES_TO_BITS(curve_bytes); } /* Allocate and initialize a key representation. */ - ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); - if( ecp == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - mbedtls_ecp_keypair_init( ecp ); + ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); + if (ecp == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); + mbedtls_ecp_keypair_init(ecp); /* Load the group. */ - grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( type ), - curve_bits, !explicit_bits ); - if( grp_id == MBEDTLS_ECP_DP_NONE ) - { + grp_id = mbedtls_ecc_group_of_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), + curve_bits, !explicit_bits); + if (grp_id == MBEDTLS_ECP_DP_NONE) { /* We can't distinguish between a nonsensical family/size combination * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a * well-regarded curve that Mbed TLS just doesn't know about (which @@ -137,48 +131,44 @@ psa_status_t mbedtls_psa_ecp_load_representation( } status = mbedtls_to_psa_error( - mbedtls_ecp_group_load( &ecp->grp, grp_id ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecp_group_load(&ecp->grp, grp_id)); + if (status != PSA_SUCCESS) goto exit; /* Load the key material. */ - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) - { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { /* Load the public value. */ status = mbedtls_to_psa_error( - mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q, - data, - data_length ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecp_point_read_binary(&ecp->grp, &ecp->Q, + data, + data_length)); + if (status != PSA_SUCCESS) goto exit; /* Check that the point is on the curve. */ status = mbedtls_to_psa_error( - mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecp_check_pubkey(&ecp->grp, &ecp->Q)); + if (status != PSA_SUCCESS) goto exit; - } - else - { + } else { /* Load and validate the secret value. */ status = mbedtls_to_psa_error( - mbedtls_ecp_read_key( ecp->grp.id, - ecp, - data, - data_length ) ); - if( status != PSA_SUCCESS ) + mbedtls_ecp_read_key(ecp->grp.id, + ecp, + data, + data_length)); + if (status != PSA_SUCCESS) goto exit; } *p_ecp = ecp; exit: - if( status != PSA_SUCCESS ) - { - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + if (status != PSA_SUCCESS) { + mbedtls_ecp_keypair_free(ecp); + mbedtls_free(ecp); } - return( status ); + return (status); } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || @@ -193,22 +183,21 @@ static psa_status_t ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ + size_t *key_buffer_length, size_t *bits) { psa_status_t status; mbedtls_ecp_keypair *ecp = NULL; /* Parse input */ - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - data, - data_length, - &ecp ); - if( status != PSA_SUCCESS ) + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + data, + data_length, + &ecp); + if (status != PSA_SUCCESS) goto exit; - if( PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) == - PSA_ECC_FAMILY_MONTGOMERY ) + if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == + PSA_ECC_FAMILY_MONTGOMERY) *bits = ecp->grp.nbits + 1; else *bits = ecp->grp.nbits; @@ -216,93 +205,87 @@ static psa_status_t ecp_import_key( /* Re-export the data to PSA export format. There is currently no support * for other input formats then the export format, so this is a 1-1 * copy operation. */ - status = mbedtls_psa_ecp_export_key( attributes->core.type, - ecp, - key_buffer, - key_buffer_size, - key_buffer_length ); + status = mbedtls_psa_ecp_export_key(attributes->core.type, + ecp, + key_buffer, + key_buffer_size, + key_buffer_length); exit: /* Always free the PK object (will also free contained ECP context) */ - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + mbedtls_ecp_keypair_free(ecp); + mbedtls_free(ecp); - return( status ); + return (status); } -psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type, - mbedtls_ecp_keypair *ecp, - uint8_t *data, - size_t data_size, - size_t *data_length ) -{ +psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type, + mbedtls_ecp_keypair *ecp, + uint8_t *data, + size_t data_size, + size_t *data_length) { psa_status_t status; - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ) - { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { /* Check whether the public part is loaded */ - if( mbedtls_ecp_is_zero( &ecp->Q ) ) - { + if (mbedtls_ecp_is_zero(&ecp->Q)) { /* Calculate the public key */ status = mbedtls_to_psa_error( - mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); - if( status != PSA_SUCCESS ) - return( status ); + mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); + if (status != PSA_SUCCESS) + return (status); } status = mbedtls_to_psa_error( - mbedtls_ecp_point_write_binary( &ecp->grp, &ecp->Q, + mbedtls_ecp_point_write_binary(&ecp->grp, &ecp->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, data_length, data, - data_size ) ); - if( status != PSA_SUCCESS ) - memset( data, 0, data_size ); + data_size)); + if (status != PSA_SUCCESS) + memset(data, 0, data_size); - return( status ); - } - else - { - if( data_size < PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + return (status); + } else { + if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) + return (PSA_ERROR_BUFFER_TOO_SMALL); status = mbedtls_to_psa_error( - mbedtls_ecp_write_key( ecp, + mbedtls_ecp_write_key(ecp, data, - PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) ); - if( status == PSA_SUCCESS ) - *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits ); + PSA_BITS_TO_BYTES(ecp->grp.nbits))); + if (status == PSA_SUCCESS) + *data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits); else - memset( data, 0, data_size ); + memset(data, 0, data_size); - return( status ); + return (status); } } static psa_status_t ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ + uint8_t *data, size_t data_size, size_t *data_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair *ecp = NULL; status = mbedtls_psa_ecp_load_representation( - attributes->core.type, attributes->core.bits, - key_buffer, key_buffer_size, &ecp ); - if( status != PSA_SUCCESS ) - return( status ); + attributes->core.type, attributes->core.bits, + key_buffer, key_buffer_size, &ecp); + if (status != PSA_SUCCESS) + return (status); status = mbedtls_psa_ecp_export_key( PSA_KEY_TYPE_ECC_PUBLIC_KEY( - PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ), - ecp, data, data_size, data_length ); + PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)), + ecp, data, data_size, data_length); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + mbedtls_ecp_keypair_free(ecp); + mbedtls_free(ecp); - return( status ); + return (status); } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ @@ -310,45 +293,43 @@ static psa_status_t ecp_export_public_key( #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) static psa_status_t ecp_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( - attributes->core.type ); + attributes->core.type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_of_psa( curve, attributes->core.bits, 0 ); + mbedtls_ecc_group_of_psa(curve, attributes->core.bits, 0); const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( grp_id ); + mbedtls_ecp_curve_info_from_grp_id(grp_id); mbedtls_ecp_keypair ecp; - if( attributes->domain_parameters_size != 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (attributes->domain_parameters_size != 0) + return (PSA_ERROR_NOT_SUPPORTED); - if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL) + return (PSA_ERROR_NOT_SUPPORTED); - mbedtls_ecp_keypair_init( &ecp ); - ret = mbedtls_ecp_gen_key( grp_id, &ecp, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ); - if( ret != 0 ) - { - mbedtls_ecp_keypair_free( &ecp ); - return( mbedtls_to_psa_error( ret ) ); + mbedtls_ecp_keypair_init(&ecp); + ret = mbedtls_ecp_gen_key(grp_id, &ecp, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE); + if (ret != 0) { + mbedtls_ecp_keypair_free(&ecp); + return (mbedtls_to_psa_error(ret)); } status = mbedtls_to_psa_error( - mbedtls_ecp_write_key( &ecp, key_buffer, key_buffer_size ) ); + mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size)); - mbedtls_ecp_keypair_free( &ecp ); + mbedtls_ecp_keypair_free(&ecp); - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) *key_buffer_length = key_buffer_size; - return( status ); + return (status); } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ @@ -362,82 +343,76 @@ static psa_status_t ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair *ecp = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t curve_bytes; mbedtls_mpi r, s; - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp); + if (status != PSA_SUCCESS) + return (status); - curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); + curve_bytes = PSA_BITS_TO_BYTES(ecp->grp.pbits); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); - if( signature_size < 2 * curve_bytes ) - { + if (signature_size < 2 * curve_bytes) { ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; goto cleanup; } - if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) ) - { + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { #if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( - &ecp->grp, &r, &s, - &ecp->d, hash, - hash_length, md_alg, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_get_type(md_info); + MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext( + &ecp->grp, &r, &s, + &ecp->d, hash, + hash_length, md_alg, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); #else - ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - goto cleanup; + ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + goto cleanup; #endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - } - else - { + } else { (void) alg; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, - hash, hash_length, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); + MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ecp->grp, &r, &s, &ecp->d, + hash, hash_length, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&r, + signature, + curve_bytes)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&s, + signature + curve_bytes, + curve_bytes)); cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - if( ret == 0 ) + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); + if (ret == 0) *signature_length = 2 * curve_bytes; - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + mbedtls_ecp_keypair_free(ecp); + mbedtls_free(ecp); - return( mbedtls_to_psa_error( ret ) ); + return (mbedtls_to_psa_error(ret)); } static psa_status_t ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ + const uint8_t *signature, size_t signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair *ecp = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -446,49 +421,47 @@ static psa_status_t ecdsa_verify_hash( (void)alg; - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp); + if (status != PSA_SUCCESS) + return (status); - curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); + curve_bytes = PSA_BITS_TO_BYTES(ecp->grp.pbits); + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); - if( signature_length != 2 * curve_bytes ) - { + if (signature_length != 2 * curve_bytes) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r, + signature, + curve_bytes)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&s, + signature + curve_bytes, + curve_bytes)); /* Check whether the public part is loaded. If not, load it. */ - if( mbedtls_ecp_is_zero( &ecp->Q ) ) - { + if (mbedtls_ecp_is_zero(&ecp->Q)) { MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); + mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, + mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)); } - ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length, - &ecp->Q, &r, &s ); + ret = mbedtls_ecdsa_verify(&ecp->grp, hash, hash_length, + &ecp->Q, &r, &s); cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); + mbedtls_ecp_keypair_free(ecp); + mbedtls_free(ecp); - return( mbedtls_to_psa_error( ret ) ); + return (mbedtls_to_psa_error(ret)); } #endif /* defined(BUILTIN_ALG_ECDSA) || \ @@ -501,20 +474,18 @@ psa_status_t mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( ecp_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + size_t *key_buffer_length, size_t *bits) { + return (ecp_import_key(attributes, data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits)); } psa_status_t mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( ecp_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); + uint8_t *data, size_t data_size, size_t *data_length) { + return (ecp_export_public_key(attributes, key_buffer, key_buffer_size, + data, data_size, data_length)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || @@ -523,10 +494,9 @@ psa_status_t mbedtls_psa_ecp_export_public_key( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) psa_status_t mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( ecp_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { + return (ecp_generate_key(attributes, key_buffer, key_buffer_size, + key_buffer_length)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ @@ -538,25 +508,23 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { - return( ecdsa_sign_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return (ecdsa_sign_hash(attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length)); } psa_status_t mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - return( ecdsa_verify_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + const uint8_t *signature, size_t signature_length) { + return (ecdsa_verify_hash(attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -575,20 +543,18 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( ecp_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + size_t *key_buffer_length, size_t *bits) { + return (ecp_import_key(attributes, data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits)); } psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( ecp_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); + uint8_t *data, size_t data_size, size_t *data_length) { + return (ecp_export_public_key(attributes, key_buffer, key_buffer_size, + data, data_size, data_length)); } #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || @@ -598,10 +564,9 @@ psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( defined(MBEDTLS_GENPRIME) psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( ecp_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { + return (ecp_generate_key(attributes, key_buffer, key_buffer_size, + key_buffer_length)); } #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ @@ -613,14 +578,13 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { #if defined(MBEDTLS_ECDSA_C) - return( ecdsa_sign_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return (ecdsa_sign_hash(attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length)); #else (void)attributes; (void)key_buffer; @@ -631,7 +595,7 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( (void)signature; (void)signature_size; (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif } @@ -639,13 +603,12 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ + const uint8_t *signature, size_t signature_length) { #if defined(MBEDTLS_ECDSA_C) - return( ecdsa_verify_hash( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return (ecdsa_verify_hash(attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length)); #else (void)attributes; (void)key_buffer; @@ -655,7 +618,7 @@ psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( (void)hash_length; (void)signature; (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif } diff --git a/common/mbedtls/psa_crypto_ecp.h b/common/mbedtls/psa_crypto_ecp.h index 0c2b92895..c37e7df89 100644 --- a/common/mbedtls/psa_crypto_ecp.h +++ b/common/mbedtls/psa_crypto_ecp.h @@ -42,11 +42,11 @@ * contents of the context and the context itself * when done. */ -psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, - size_t curve_bits, - const uint8_t *data, - size_t data_length, - mbedtls_ecp_keypair **p_ecp ); +psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type, + size_t curve_bits, + const uint8_t *data, + size_t data_length, + mbedtls_ecp_keypair **p_ecp); /** Import an ECP key in binary format. * @@ -78,7 +78,7 @@ psa_status_t mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); + size_t *key_buffer_length, size_t *bits); /** Export an ECP key to export representation * @@ -88,11 +88,11 @@ psa_status_t mbedtls_psa_ecp_import_key( * \param[in] data_size The length of the buffer to export to * \param[out] data_length The amount of bytes written to \p data */ -psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type, - mbedtls_ecp_keypair *ecp, - uint8_t *data, - size_t data_size, - size_t *data_length ); +psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type, + mbedtls_ecp_keypair *ecp, + uint8_t *data, + size_t data_size, + size_t *data_length); /** Export an ECP public key or the public part of an ECP key pair in binary * format. @@ -121,7 +121,7 @@ psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type, psa_status_t mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); /** * \brief Generate an ECP key. @@ -144,7 +144,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key( */ psa_status_t mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); /** Sign an already-calculated hash with ECDSA. * @@ -182,7 +182,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); /** * \brief Verify an ECDSA hash or short message signature. @@ -217,7 +217,7 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ @@ -228,28 +228,28 @@ psa_status_t mbedtls_transparent_test_driver_ecp_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); + size_t *key_buffer_length, size_t *bits); psa_status_t mbedtls_transparent_test_driver_ecp_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/common/mbedtls/psa_crypto_invasive.h b/common/mbedtls/psa_crypto_invasive.h index 1e5a40711..58e357e37 100644 --- a/common/mbedtls/psa_crypto_invasive.h +++ b/common/mbedtls/psa_crypto_invasive.h @@ -73,14 +73,14 @@ * The library has already been initialized. */ psa_status_t mbedtls_psa_crypto_configure_entropy_sources( - void (* entropy_init )( mbedtls_entropy_context *ctx ), - void (* entropy_free )( mbedtls_entropy_context *ctx ) ); + void (* entropy_init)(mbedtls_entropy_context *ctx), + void (* entropy_free)(mbedtls_entropy_context *ctx)); #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) psa_status_t psa_mac_key_can_do( psa_algorithm_t algorithm, - psa_key_type_t key_type ); + psa_key_type_t key_type); #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */ #endif /* PSA_CRYPTO_INVASIVE_H */ diff --git a/common/mbedtls/psa_crypto_its.h b/common/mbedtls/psa_crypto_its.h index 3a3f49a72..a48b43ce5 100644 --- a/common/mbedtls/psa_crypto_its.h +++ b/common/mbedtls/psa_crypto_its.h @@ -45,8 +45,7 @@ typedef uint64_t psa_storage_uid_t; /** * \brief A container for metadata associated with a specific uid */ -struct psa_storage_info_t -{ +struct psa_storage_info_t { uint32_t size; /**< The size of the data associated with a uid **/ psa_storage_create_flags_t flags; /**< The flags set when the uid was created **/ }; @@ -109,7 +108,7 @@ psa_status_t psa_its_get(psa_storage_uid_t uid, uint32_t data_offset, uint32_t data_length, void *p_data, - size_t *p_data_length ); + size_t *p_data_length); /** * \brief Retrieve the metadata about the provided uid diff --git a/common/mbedtls/psa_crypto_random_impl.h b/common/mbedtls/psa_crypto_random_impl.h index 3c4c09a28..985a1468b 100644 --- a/common/mbedtls/psa_crypto_random_impl.h +++ b/common/mbedtls/psa_crypto_random_impl.h @@ -41,9 +41,9 @@ typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t; /* Trivial wrapper around psa_generate_random(). */ -int mbedtls_psa_get_random( void *p_rng, - unsigned char *output, - size_t output_size ); +int mbedtls_psa_get_random(void *p_rng, + unsigned char *output, + size_t output_size); /* The PSA RNG API doesn't need any externally maintained state. */ #define MBEDTLS_PSA_RANDOM_STATE NULL @@ -89,12 +89,11 @@ int mbedtls_psa_get_random( void *p_rng, * * \param p_rng Pointer to the Mbed TLS DRBG state. */ -static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng ) -{ +static inline void mbedtls_psa_drbg_init(mbedtls_psa_drbg_context_t *p_rng) { #if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_init( p_rng ); + mbedtls_ctr_drbg_init(p_rng); #elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_init( p_rng ); + mbedtls_hmac_drbg_init(p_rng); #endif } @@ -102,12 +101,11 @@ static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng ) * * \param p_rng Pointer to the Mbed TLS DRBG state. */ -static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng ) -{ +static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng) { #if defined(MBEDTLS_CTR_DRBG_C) - mbedtls_ctr_drbg_free( p_rng ); + mbedtls_ctr_drbg_free(p_rng); #elif defined(MBEDTLS_HMAC_DRBG_C) - mbedtls_hmac_drbg_free( p_rng ); + mbedtls_hmac_drbg_free(p_rng); #endif } @@ -116,10 +114,9 @@ static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng ) * The random generator context is composed of an entropy context and * a DRBG context. */ -typedef struct -{ - void (* entropy_init )( mbedtls_entropy_context *ctx ); - void (* entropy_free )( mbedtls_entropy_context *ctx ); +typedef struct { + void (* entropy_init)(mbedtls_entropy_context *ctx); + void (* entropy_free)(mbedtls_entropy_context *ctx); mbedtls_entropy_context entropy; mbedtls_psa_drbg_context_t drbg; } mbedtls_psa_random_context_t; @@ -182,21 +179,20 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; */ static inline int mbedtls_psa_drbg_seed( mbedtls_entropy_context *entropy, - const unsigned char *custom, size_t len ) -{ + const unsigned char *custom, size_t len) { #if defined(MBEDTLS_CTR_DRBG_C) - return( mbedtls_ctr_drbg_seed( MBEDTLS_PSA_RANDOM_STATE, - mbedtls_entropy_func, - entropy, - custom, len ) ); + return (mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE, + mbedtls_entropy_func, + entropy, + custom, len)); #elif defined(MBEDTLS_HMAC_DRBG_C) const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE ); - return( mbedtls_hmac_drbg_seed( MBEDTLS_PSA_RANDOM_STATE, - md_info, - mbedtls_entropy_func, - entropy, - custom, len ) ); + mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE); + return (mbedtls_hmac_drbg_seed(MBEDTLS_PSA_RANDOM_STATE, + md_info, + mbedtls_entropy_func, + entropy, + custom, len)); #endif } diff --git a/common/mbedtls/psa_crypto_rsa.c b/common/mbedtls/psa_crypto_rsa.c index 3e95d3ada..54c44b0ec 100644 --- a/common/mbedtls/psa_crypto_rsa.c +++ b/common/mbedtls/psa_crypto_rsa.c @@ -79,45 +79,41 @@ * way to return the exact bit size of a key. * To keep things simple, reject non-byte-aligned key sizes. */ static psa_status_t psa_check_rsa_key_byte_aligned( - const mbedtls_rsa_context *rsa ) -{ + const mbedtls_rsa_context *rsa) { mbedtls_mpi n; psa_status_t status; - mbedtls_mpi_init( &n ); + mbedtls_mpi_init(&n); status = mbedtls_to_psa_error( - mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) ); - if( status == PSA_SUCCESS ) - { - if( mbedtls_mpi_bitlen( &n ) % 8 != 0 ) + mbedtls_rsa_export(rsa, &n, NULL, NULL, NULL, NULL)); + if (status == PSA_SUCCESS) { + if (mbedtls_mpi_bitlen(&n) % 8 != 0) status = PSA_ERROR_NOT_SUPPORTED; } - mbedtls_mpi_free( &n ); - return( status ); + mbedtls_mpi_free(&n); + return (status); } psa_status_t mbedtls_psa_rsa_load_representation( psa_key_type_t type, const uint8_t *data, size_t data_length, - mbedtls_rsa_context **p_rsa ) -{ + mbedtls_rsa_context **p_rsa) { psa_status_t status; mbedtls_pk_context ctx; size_t bits; - mbedtls_pk_init( &ctx ); + mbedtls_pk_init(&ctx); /* Parse the data. */ - if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) + if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) status = mbedtls_to_psa_error( - mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) ); + mbedtls_pk_parse_key(&ctx, data, data_length, NULL, 0)); else status = mbedtls_to_psa_error( - mbedtls_pk_parse_public_key( &ctx, data, data_length ) ); - if( status != PSA_SUCCESS ) + mbedtls_pk_parse_public_key(&ctx, data, data_length)); + if (status != PSA_SUCCESS) goto exit; /* We have something that the pkparse module recognizes. If it is a * valid RSA key, store it. */ - if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA ) - { + if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } @@ -125,24 +121,23 @@ psa_status_t mbedtls_psa_rsa_load_representation( /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS * supports non-byte-aligned key sizes, but not well. For example, * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */ - bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) ); - if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) - { + bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx))); + if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } - status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) ); - if( status != PSA_SUCCESS ) + status = psa_check_rsa_key_byte_aligned(mbedtls_pk_rsa(ctx)); + if (status != PSA_SUCCESS) goto exit; /* Copy out the pointer to the RSA context, and reset the PK context * such that pk_free doesn't free the RSA context we just grabbed. */ - *p_rsa = mbedtls_pk_rsa( ctx ); + *p_rsa = mbedtls_pk_rsa(ctx); ctx.pk_info = NULL; exit: - mbedtls_pk_free( &ctx ); - return( status ); + mbedtls_pk_free(&ctx); + return (status); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || @@ -158,178 +153,168 @@ static psa_status_t rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ + size_t *key_buffer_length, size_t *bits) { psa_status_t status; mbedtls_rsa_context *rsa = NULL; /* Parse input */ - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - data, - data_length, - &rsa ); - if( status != PSA_SUCCESS ) + status = mbedtls_psa_rsa_load_representation(attributes->core.type, + data, + data_length, + &rsa); + if (status != PSA_SUCCESS) goto exit; - *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) ); + *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(rsa)); /* Re-export the data to PSA export format, such that we can store export * representation in the key slot. Export representation in case of RSA is * the smallest representation that's allowed as input, so a straight-up * allocation of the same size as the input buffer will be large enough. */ - status = mbedtls_psa_rsa_export_key( attributes->core.type, - rsa, - key_buffer, - key_buffer_size, - key_buffer_length ); + status = mbedtls_psa_rsa_export_key(attributes->core.type, + rsa, + key_buffer, + key_buffer_size, + key_buffer_length); exit: /* Always free the RSA object */ - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); - return( status ); + return (status); } -psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type, - mbedtls_rsa_context *rsa, - uint8_t *data, - size_t data_size, - size_t *data_length ) -{ +psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, + mbedtls_rsa_context *rsa, + uint8_t *data, + size_t data_size, + size_t *data_length) { #if defined(MBEDTLS_PK_WRITE_C) int ret; mbedtls_pk_context pk; uint8_t *pos = data + data_size; - mbedtls_pk_init( &pk ); + mbedtls_pk_init(&pk); pk.pk_info = &mbedtls_rsa_info; pk.pk_ctx = rsa; /* PSA Crypto API defines the format of an RSA key as a DER-encoded * representation of the non-encrypted PKCS#1 RSAPrivateKey for a * private key and of the RFC3279 RSAPublicKey for a public key. */ - if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) - ret = mbedtls_pk_write_key_der( &pk, data, data_size ); + if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) + ret = mbedtls_pk_write_key_der(&pk, data, data_size); else - ret = mbedtls_pk_write_pubkey( &pos, data, &pk ); + ret = mbedtls_pk_write_pubkey(&pos, data, &pk); - if( ret < 0 ) - { + if (ret < 0) { /* Clean up in case pk_write failed halfway through. */ - memset( data, 0, data_size ); - return( mbedtls_to_psa_error( ret ) ); + memset(data, 0, data_size); + return (mbedtls_to_psa_error(ret)); } /* The mbedtls_pk_xxx functions write to the end of the buffer. * Move the data to the beginning and erase remaining data * at the original location. */ - if( 2 * (size_t) ret <= data_size ) - { - memcpy( data, data + data_size - ret, ret ); - memset( data + data_size - ret, 0, ret ); - } - else if( (size_t) ret < data_size ) - { - memmove( data, data + data_size - ret, ret ); - memset( data + ret, 0, data_size - ret ); + if (2 * (size_t) ret <= data_size) { + memcpy(data, data + data_size - ret, ret); + memset(data + data_size - ret, 0, ret); + } else if ((size_t) ret < data_size) { + memmove(data, data + data_size - ret, ret); + memset(data + ret, 0, data_size - ret); } *data_length = ret; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); #else (void) type; (void) rsa; (void) data; (void) data_size; (void) data_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* MBEDTLS_PK_WRITE_C */ } static psa_status_t rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ + uint8_t *data, size_t data_size, size_t *data_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_rsa_context *rsa = NULL; status = mbedtls_psa_rsa_load_representation( - attributes->core.type, key_buffer, key_buffer_size, &rsa ); - if( status != PSA_SUCCESS ) - return( status ); + attributes->core.type, key_buffer, key_buffer_size, &rsa); + if (status != PSA_SUCCESS) + return (status); - status = mbedtls_psa_rsa_export_key( PSA_KEY_TYPE_RSA_PUBLIC_KEY, - rsa, - data, - data_size, - data_length ); + status = mbedtls_psa_rsa_export_key(PSA_KEY_TYPE_RSA_PUBLIC_KEY, + rsa, + data, + data_size, + data_length); - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); - return( status ); + return (status); } #endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) -static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters, - size_t domain_parameters_size, - int *exponent ) -{ +static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, + size_t domain_parameters_size, + int *exponent) { size_t i; uint32_t acc = 0; - if( domain_parameters_size == 0 ) - { + if (domain_parameters_size == 0) { *exponent = 65537; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /* Mbed TLS encodes the public exponent as an int. For simplicity, only * support values that fit in a 32-bit integer, which is larger than * int on just about every platform anyway. */ - if( domain_parameters_size > sizeof( acc ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - for( i = 0; i < domain_parameters_size; i++ ) - acc = ( acc << 8 ) | domain_parameters[i]; - if( acc > INT_MAX ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (domain_parameters_size > sizeof(acc)) + return (PSA_ERROR_NOT_SUPPORTED); + for (i = 0; i < domain_parameters_size; i++) + acc = (acc << 8) | domain_parameters[i]; + if (acc > INT_MAX) + return (PSA_ERROR_NOT_SUPPORTED); *exponent = acc; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } static psa_status_t rsa_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { psa_status_t status; mbedtls_rsa_context rsa; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int exponent; - status = psa_rsa_read_exponent( attributes->domain_parameters, - attributes->domain_parameters_size, - &exponent ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_rsa_read_exponent(attributes->domain_parameters, + attributes->domain_parameters_size, + &exponent); + if (status != PSA_SUCCESS) + return (status); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_gen_key( &rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - (unsigned int)attributes->core.bits, - exponent ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); + mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE); + ret = mbedtls_rsa_gen_key(&rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + (unsigned int)attributes->core.bits, + exponent); + if (ret != 0) + return (mbedtls_to_psa_error(ret)); - status = mbedtls_psa_rsa_export_key( attributes->core.type, - &rsa, key_buffer, key_buffer_size, - key_buffer_length ); - mbedtls_rsa_free( &rsa ); + status = mbedtls_psa_rsa_export_key(attributes->core.type, + &rsa, key_buffer, key_buffer_size, + key_buffer_length); + mbedtls_rsa_free(&rsa); - return( status ); + return (status); } #endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ @@ -341,198 +326,183 @@ static psa_status_t rsa_generate_key( /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ -static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, - size_t hash_length, - mbedtls_md_type_t *md_alg ) -{ - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - *md_alg = mbedtls_md_get_type( md_info ); +static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, + size_t hash_length, + mbedtls_md_type_t *md_alg) { + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa(hash_alg); + *md_alg = mbedtls_md_get_type(md_info); /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an * overflow later. */ #if SIZE_MAX > UINT_MAX - if( hash_length > UINT_MAX ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (hash_length > UINT_MAX) + return (PSA_ERROR_INVALID_ARGUMENT); #endif #if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) /* For PKCS#1 v1.5 signature, if using a hash, the hash length * must be correct. */ - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && - alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) - { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( mbedtls_md_get_size( md_info ) != hash_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) && + alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW) { + if (md_info == NULL) + return (PSA_ERROR_NOT_SUPPORTED); + if (mbedtls_md_get_size(md_info) != hash_length) + return (PSA_ERROR_INVALID_ARGUMENT); } #endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ #if defined(BUILTIN_ALG_RSA_PSS) /* PSS requires a hash internally. */ - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (PSA_ALG_IS_RSA_PSS(alg)) { + if (md_info == NULL) + return (PSA_ERROR_NOT_SUPPORTED); } #endif /* BUILTIN_ALG_RSA_PSS */ - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } static psa_status_t rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_rsa_context *rsa = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - return( status ); + status = mbedtls_psa_rsa_load_representation(attributes->core.type, + key_buffer, + key_buffer_size, + &rsa); + if (status != PSA_SUCCESS) + return (status); - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); - if( status != PSA_SUCCESS ) + status = psa_rsa_decode_md_type(alg, hash_length, &md_alg); + if (status != PSA_SUCCESS) goto exit; - if( signature_size < mbedtls_rsa_get_len( rsa ) ) - { + if (signature_size < mbedtls_rsa_get_len(rsa)) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; } #if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - md_alg, - (unsigned int) hash_length, - hash, - signature ); - } - else + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { + mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE); + ret = mbedtls_rsa_pkcs1_sign(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + md_alg, + (unsigned int) hash_length, + hash, + signature); + } else #endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ #if defined(BUILTIN_ALG_RSA_PSS) - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); - } - else + if (PSA_ALG_IS_RSA_PSS(alg)) { + mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg); + ret = mbedtls_rsa_rsassa_pss_sign(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature); + } else #endif /* BUILTIN_ALG_RSA_PSS */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } - if( ret == 0 ) - *signature_length = mbedtls_rsa_get_len( rsa ); - status = mbedtls_to_psa_error( ret ); + if (ret == 0) + *signature_length = mbedtls_rsa_get_len(rsa); + status = mbedtls_to_psa_error(ret); exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); - return( status ); + return (status); } static psa_status_t rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ + const uint8_t *signature, size_t signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_rsa_context *rsa = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) + status = mbedtls_psa_rsa_load_representation(attributes->core.type, + key_buffer, + key_buffer_size, + &rsa); + if (status != PSA_SUCCESS) goto exit; - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); - if( status != PSA_SUCCESS ) + status = psa_rsa_decode_md_type(alg, hash_length, &md_alg); + if (status != PSA_SUCCESS) goto exit; - if( signature_length != mbedtls_rsa_get_len( rsa ) ) - { + if (signature_length != mbedtls_rsa_get_len(rsa)) { status = PSA_ERROR_INVALID_SIGNATURE; goto exit; } #if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - md_alg, - (unsigned int) hash_length, - hash, - signature ); - } - else + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { + mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE); + ret = mbedtls_rsa_pkcs1_verify(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + md_alg, + (unsigned int) hash_length, + hash, + signature); + } else #endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ #if defined(BUILTIN_ALG_RSA_PSS) - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); - } - else + if (PSA_ALG_IS_RSA_PSS(alg)) { + mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg); + ret = mbedtls_rsa_rsassa_pss_verify(rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature); + } else #endif /* BUILTIN_ALG_RSA_PSS */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } /* Mbed TLS distinguishes "invalid padding" from "valid padding but * the rest of the signature is invalid". This has little use in * practice and PSA doesn't report this distinction. */ - status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? + status = (ret == MBEDTLS_ERR_RSA_INVALID_PADDING) ? PSA_ERROR_INVALID_SIGNATURE : - mbedtls_to_psa_error( ret ); + mbedtls_to_psa_error(ret); exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + mbedtls_rsa_free(rsa); + mbedtls_free(rsa); - return( status ); + return (status); } #endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || @@ -545,20 +515,18 @@ psa_status_t mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( rsa_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + size_t *key_buffer_length, size_t *bits) { + return (rsa_import_key(attributes, data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits)); } psa_status_t mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( rsa_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); + uint8_t *data, size_t data_size, size_t *data_length) { + return (rsa_export_public_key(attributes, key_buffer, key_buffer_size, + data, data_size, data_length)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || @@ -567,10 +535,9 @@ psa_status_t mbedtls_psa_rsa_export_public_key( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( rsa_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { + return (rsa_generate_key(attributes, key_buffer, key_buffer_size, + key_buffer_length)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ @@ -580,26 +547,24 @@ psa_status_t mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - return( rsa_sign_hash( + uint8_t *signature, size_t signature_size, size_t *signature_length) { + return (rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_size, signature_length ) ); + signature, signature_size, signature_length)); } psa_status_t mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - return( rsa_verify_hash( + const uint8_t *signature, size_t signature_length) { + return (rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_length ) ); + signature, signature_length)); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ @@ -617,20 +582,18 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ) -{ - return( rsa_import_key( attributes, data, data_length, - key_buffer, key_buffer_size, - key_buffer_length, bits ) ); + size_t *key_buffer_length, size_t *bits) { + return (rsa_import_key(attributes, data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits)); } psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ) -{ - return( rsa_export_public_key( attributes, key_buffer, key_buffer_size, - data, data_size, data_length ) ); + uint8_t *data, size_t data_size, size_t *data_length) { + return (rsa_export_public_key(attributes, key_buffer, key_buffer_size, + data, data_size, data_length)); } #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || @@ -639,10 +602,9 @@ psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) -{ - return( rsa_generate_key( attributes, key_buffer, key_buffer_size, - key_buffer_length ) ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { + return (rsa_generate_key(attributes, key_buffer, key_buffer_size, + key_buffer_length)); } #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ @@ -652,15 +614,14 @@ psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ + uint8_t *signature, size_t signature_size, size_t *signature_length) { #if defined(MBEDTLS_RSA_C) && \ (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) - return( rsa_sign_hash( + return (rsa_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_size, signature_length ) ); + signature, signature_size, signature_length)); #else (void)attributes; (void)key_buffer; @@ -671,7 +632,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( (void)signature; (void)signature_size; (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif } @@ -679,15 +640,14 @@ psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ + const uint8_t *signature, size_t signature_length) { #if defined(MBEDTLS_RSA_C) && \ (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) - return( rsa_verify_hash( + return (rsa_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, - signature, signature_length ) ); + signature, signature_length)); #else (void)attributes; (void)key_buffer; @@ -697,7 +657,7 @@ psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( (void)hash_length; (void)signature; (void)signature_length; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif } #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || diff --git a/common/mbedtls/psa_crypto_rsa.h b/common/mbedtls/psa_crypto_rsa.h index 41a90f78e..407b29700 100644 --- a/common/mbedtls/psa_crypto_rsa.h +++ b/common/mbedtls/psa_crypto_rsa.h @@ -34,10 +34,10 @@ * contents of the context and the context itself * when done. */ -psa_status_t mbedtls_psa_rsa_load_representation( psa_key_type_t type, - const uint8_t *data, - size_t data_length, - mbedtls_rsa_context **p_rsa ); +psa_status_t mbedtls_psa_rsa_load_representation(psa_key_type_t type, + const uint8_t *data, + size_t data_length, + mbedtls_rsa_context **p_rsa); /** Import an RSA key in binary format. * @@ -69,7 +69,7 @@ psa_status_t mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); + size_t *key_buffer_length, size_t *bits); /** Export an RSA key to export representation * @@ -79,11 +79,11 @@ psa_status_t mbedtls_psa_rsa_import_key( * \param[in] data_size The length of the buffer to export to * \param[out] data_length The amount of bytes written to \p data */ -psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type, - mbedtls_rsa_context *rsa, - uint8_t *data, - size_t data_size, - size_t *data_length ); +psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, + mbedtls_rsa_context *rsa, + uint8_t *data, + size_t data_size, + size_t *data_length); /** Export a public RSA key or the public part of an RSA key pair in binary * format. @@ -112,7 +112,7 @@ psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type, psa_status_t mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); /** * \brief Generate an RSA key. @@ -135,7 +135,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key( */ psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); /** Sign an already-calculated hash with an RSA private key. * @@ -174,7 +174,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); /** * \brief Verify the signature a hash or short message using a public RSA key. @@ -210,7 +210,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. @@ -222,28 +222,28 @@ psa_status_t mbedtls_transparent_test_driver_rsa_import_key( const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, uint8_t *key_buffer, size_t key_buffer_size, - size_t *key_buffer_length, size_t *bits ); + size_t *key_buffer_length, size_t *bits); psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - uint8_t *data, size_t data_size, size_t *data_length ); + uint8_t *data, size_t data_size, size_t *data_length); psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( const psa_key_attributes_t *attributes, - uint8_t *key, size_t key_size, size_t *key_length ); + uint8_t *key, size_t key_size, size_t *key_length); psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ); + uint8_t *signature, size_t signature_size, size_t *signature_length); psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ); + const uint8_t *signature, size_t signature_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/common/mbedtls/psa_crypto_se.c b/common/mbedtls/psa_crypto_se.c index 56678d6a9..61075697d 100644 --- a/common/mbedtls/psa_crypto_se.c +++ b/common/mbedtls/psa_crypto_se.c @@ -52,19 +52,16 @@ /* This structure is identical to psa_drv_se_context_t declared in * `crypto_se_driver.h`, except that some parts are writable here * (non-const, or pointer to non-const). */ -typedef struct -{ +typedef struct { void *persistent_data; size_t persistent_data_size; uintptr_t transient_data; } psa_drv_se_internal_context_t; -struct psa_se_drv_table_entry_s -{ +struct psa_se_drv_table_entry_s { psa_key_location_t location; const psa_drv_se_t *methods; - union - { + union { psa_drv_se_internal_context_t internal; psa_drv_se_context_t context; } u; @@ -73,46 +70,41 @@ struct psa_se_drv_table_entry_s static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS]; psa_se_drv_table_entry_t *psa_get_se_driver_entry( - psa_key_lifetime_t lifetime ) -{ + psa_key_lifetime_t lifetime) { size_t i; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(lifetime); /* In the driver table, location=0 means an entry that isn't used. * No driver has a location of 0 because it's a reserved value * (which designates transparent keys). Make sure we never return * a driver entry for location 0. */ - if( location == 0 ) - return( NULL ); - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - if( driver_table[i].location == location ) - return( &driver_table[i] ); + if (location == 0) + return (NULL); + for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { + if (driver_table[i].location == location) + return (&driver_table[i]); } - return( NULL ); + return (NULL); } const psa_drv_se_t *psa_get_se_driver_methods( - const psa_se_drv_table_entry_t *driver ) -{ - return( driver->methods ); + const psa_se_drv_table_entry_t *driver) { + return (driver->methods); } psa_drv_se_context_t *psa_get_se_driver_context( - psa_se_drv_table_entry_t *driver ) -{ - return( &driver->u.context ); + psa_se_drv_table_entry_t *driver) { + return (&driver->u.context); } -int psa_get_se_driver( psa_key_lifetime_t lifetime, - const psa_drv_se_t **p_methods, - psa_drv_se_context_t **p_drv_context) -{ - psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime ); - if( p_methods != NULL ) - *p_methods = ( driver ? driver->methods : NULL ); - if( p_drv_context != NULL ) - *p_drv_context = ( driver ? &driver->u.context : NULL ); - return( driver != NULL ); +int psa_get_se_driver(psa_key_lifetime_t lifetime, + const psa_drv_se_t **p_methods, + psa_drv_se_context_t **p_drv_context) { + psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime); + if (p_methods != NULL) + *p_methods = (driver ? driver->methods : NULL); + if (p_drv_context != NULL) + *p_drv_context = (driver ? &driver->u.context : NULL); + return (driver != NULL); } @@ -123,32 +115,30 @@ int psa_get_se_driver( psa_key_lifetime_t lifetime, static psa_status_t psa_get_se_driver_its_file_uid( const psa_se_drv_table_entry_t *driver, - psa_storage_uid_t *uid ) -{ - if( driver->location > PSA_MAX_SE_LOCATION ) - return( PSA_ERROR_NOT_SUPPORTED ); + psa_storage_uid_t *uid) { + if (driver->location > PSA_MAX_SE_LOCATION) + return (PSA_ERROR_NOT_SUPPORTED); #if SIZE_MAX > UINT32_MAX /* ITS file sizes are limited to 32 bits. */ - if( driver->u.internal.persistent_data_size > UINT32_MAX ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (driver->u.internal.persistent_data_size > UINT32_MAX) + return (PSA_ERROR_NOT_SUPPORTED); #endif /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } psa_status_t psa_load_se_persistent_data( - const psa_se_drv_table_entry_t *driver ) -{ + const psa_se_drv_table_entry_t *driver) { psa_status_t status; psa_storage_uid_t uid; size_t length; - status = psa_get_se_driver_its_file_uid( driver, &uid ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_se_driver_its_file_uid(driver, &uid); + if (status != PSA_SUCCESS) + return (status); /* Read the amount of persistent data that the driver requests. * If the data in storage is larger, it is truncated. If the data @@ -157,98 +147,89 @@ psa_status_t psa_load_se_persistent_data( /* psa_get_se_driver_its_file_uid ensures that the size_t * persistent_data_size is in range, but compilers don't know that, * so cast to reassure them. */ - return( psa_its_get( uid, 0, - (uint32_t) driver->u.internal.persistent_data_size, - driver->u.internal.persistent_data, - &length ) ); + return (psa_its_get(uid, 0, + (uint32_t) driver->u.internal.persistent_data_size, + driver->u.internal.persistent_data, + &length)); } psa_status_t psa_save_se_persistent_data( - const psa_se_drv_table_entry_t *driver ) -{ + const psa_se_drv_table_entry_t *driver) { psa_status_t status; psa_storage_uid_t uid; - status = psa_get_se_driver_its_file_uid( driver, &uid ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_se_driver_its_file_uid(driver, &uid); + if (status != PSA_SUCCESS) + return (status); /* psa_get_se_driver_its_file_uid ensures that the size_t * persistent_data_size is in range, but compilers don't know that, * so cast to reassure them. */ - return( psa_its_set( uid, - (uint32_t) driver->u.internal.persistent_data_size, - driver->u.internal.persistent_data, - 0 ) ); + return (psa_its_set(uid, + (uint32_t) driver->u.internal.persistent_data_size, + driver->u.internal.persistent_data, + 0)); } -psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ) -{ +psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location) { psa_storage_uid_t uid; - if( location > PSA_MAX_SE_LOCATION ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (location > PSA_MAX_SE_LOCATION) + return (PSA_ERROR_NOT_SUPPORTED); uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location; - return( psa_its_remove( uid ) ); + return (psa_its_remove(uid)); } psa_status_t psa_find_se_slot_for_key( const psa_key_attributes_t *attributes, psa_key_creation_method_t method, psa_se_drv_table_entry_t *driver, - psa_key_slot_number_t *slot_number ) -{ + psa_key_slot_number_t *slot_number) { psa_status_t status; psa_key_location_t key_location = - PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) ); + PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)); /* If the location is wrong, it's a bug in the library. */ - if( driver->location != key_location ) - return( PSA_ERROR_CORRUPTION_DETECTED ); + if (driver->location != key_location) + return (PSA_ERROR_CORRUPTION_DETECTED); /* If the driver doesn't support key creation in any way, give up now. */ - if( driver->methods->key_management == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (driver->methods->key_management == NULL) + return (PSA_ERROR_NOT_SUPPORTED); - if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS ) - { + if (psa_get_key_slot_number(attributes, slot_number) == PSA_SUCCESS) { /* The application wants to use a specific slot. Allow it if * the driver supports it. On a system with isolation, * the crypto service must check that the application is * permitted to request this slot. */ psa_drv_se_validate_slot_number_t p_validate_slot_number = driver->methods->key_management->p_validate_slot_number; - if( p_validate_slot_number == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - status = p_validate_slot_number( &driver->u.context, - driver->u.internal.persistent_data, - attributes, method, - *slot_number ); - } - else if( method == PSA_KEY_CREATION_REGISTER ) - { + if (p_validate_slot_number == NULL) + return (PSA_ERROR_NOT_SUPPORTED); + status = p_validate_slot_number(&driver->u.context, + driver->u.internal.persistent_data, + attributes, method, + *slot_number); + } else if (method == PSA_KEY_CREATION_REGISTER) { /* The application didn't specify a slot number. This doesn't * make sense when registering a slot. */ - return( PSA_ERROR_INVALID_ARGUMENT ); - } - else - { + return (PSA_ERROR_INVALID_ARGUMENT); + } else { /* The application didn't tell us which slot to use. Let the driver * choose. This is the normal case. */ psa_drv_se_allocate_key_t p_allocate = driver->methods->key_management->p_allocate; - if( p_allocate == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - status = p_allocate( &driver->u.context, - driver->u.internal.persistent_data, - attributes, method, - slot_number ); + if (p_allocate == NULL) + return (PSA_ERROR_NOT_SUPPORTED); + status = p_allocate(&driver->u.context, + driver->u.internal.persistent_data, + attributes, method, + slot_number); } - return( status ); + return (status); } -psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver, - psa_key_slot_number_t slot_number ) -{ +psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver, + psa_key_slot_number_t slot_number) { psa_status_t status; psa_status_t storage_status; /* Normally a missing method would mean that the action is not @@ -259,40 +240,37 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver, * locked in a read-only state: we can use the keys but not * destroy them. Hence, if the driver doesn't support destroying * keys, it's really a lack of permission. */ - if( driver->methods->key_management == NULL || - driver->methods->key_management->p_destroy == NULL ) - return( PSA_ERROR_NOT_PERMITTED ); + if (driver->methods->key_management == NULL || + driver->methods->key_management->p_destroy == NULL) + return (PSA_ERROR_NOT_PERMITTED); status = driver->methods->key_management->p_destroy( - &driver->u.context, - driver->u.internal.persistent_data, - slot_number ); - storage_status = psa_save_se_persistent_data( driver ); - return( status == PSA_SUCCESS ? storage_status : status ); + &driver->u.context, + driver->u.internal.persistent_data, + slot_number); + storage_status = psa_save_se_persistent_data(driver); + return (status == PSA_SUCCESS ? storage_status : status); } -psa_status_t psa_init_all_se_drivers( void ) -{ +psa_status_t psa_init_all_se_drivers(void) { size_t i; - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { + for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { psa_se_drv_table_entry_t *driver = &driver_table[i]; - if( driver->location == 0 ) + if (driver->location == 0) continue; /* skipping unused entry */ - const psa_drv_se_t *methods = psa_get_se_driver_methods( driver ); - if( methods->p_init != NULL ) - { + const psa_drv_se_t *methods = psa_get_se_driver_methods(driver); + if (methods->p_init != NULL) { psa_status_t status = methods->p_init( - &driver->u.context, - driver->u.internal.persistent_data, - driver->location ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_save_se_persistent_data( driver ); - if( status != PSA_SUCCESS ) - return( status ); + &driver->u.context, + driver->u.internal.persistent_data, + driver->location); + if (status != PSA_SUCCESS) + return (status); + status = psa_save_se_persistent_data(driver); + if (status != PSA_SUCCESS) + return (status); } } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } @@ -303,75 +281,69 @@ psa_status_t psa_init_all_se_drivers( void ) psa_status_t psa_register_se_driver( psa_key_location_t location, - const psa_drv_se_t *methods) -{ + const psa_drv_se_t *methods) { size_t i; psa_status_t status; - if( methods->hal_version != PSA_DRV_SE_HAL_VERSION ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (methods->hal_version != PSA_DRV_SE_HAL_VERSION) + return (PSA_ERROR_NOT_SUPPORTED); /* Driver table entries are 0-initialized. 0 is not a valid driver * location because it means a transparent key. */ #if defined(static_assert) - static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0, - "Secure element support requires 0 to mean a local key" ); + static_assert(PSA_KEY_LOCATION_LOCAL_STORAGE == 0, + "Secure element support requires 0 to mean a local key"); #endif - if( location == PSA_KEY_LOCATION_LOCAL_STORAGE ) - return( PSA_ERROR_INVALID_ARGUMENT ); - if( location > PSA_MAX_SE_LOCATION ) - return( PSA_ERROR_NOT_SUPPORTED ); + if (location == PSA_KEY_LOCATION_LOCAL_STORAGE) + return (PSA_ERROR_INVALID_ARGUMENT); + if (location > PSA_MAX_SE_LOCATION) + return (PSA_ERROR_NOT_SUPPORTED); - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - if( driver_table[i].location == 0 ) + for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { + if (driver_table[i].location == 0) break; /* Check that location isn't already in use up to the first free * entry. Since entries are created in order and never deleted, * there can't be a used entry after the first free entry. */ - if( driver_table[i].location == location ) - return( PSA_ERROR_ALREADY_EXISTS ); + if (driver_table[i].location == location) + return (PSA_ERROR_ALREADY_EXISTS); } - if( i == PSA_MAX_SE_DRIVERS ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if (i == PSA_MAX_SE_DRIVERS) + return (PSA_ERROR_INSUFFICIENT_MEMORY); driver_table[i].location = location; driver_table[i].methods = methods; driver_table[i].u.internal.persistent_data_size = methods->persistent_data_size; - if( methods->persistent_data_size != 0 ) - { + if (methods->persistent_data_size != 0) { driver_table[i].u.internal.persistent_data = - mbedtls_calloc( 1, methods->persistent_data_size ); - if( driver_table[i].u.internal.persistent_data == NULL ) - { + mbedtls_calloc(1, methods->persistent_data_size); + if (driver_table[i].u.internal.persistent_data == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto error; } /* Load the driver's persistent data. On first use, the persistent * data does not exist in storage, and is initialized to * all-bits-zero by the calloc call just above. */ - status = psa_load_se_persistent_data( &driver_table[i] ); - if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST ) + status = psa_load_se_persistent_data(&driver_table[i]); + if (status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST) goto error; } - return( PSA_SUCCESS ); + return (PSA_SUCCESS); error: - memset( &driver_table[i], 0, sizeof( driver_table[i] ) ); - return( status ); + memset(&driver_table[i], 0, sizeof(driver_table[i])); + return (status); } -void psa_unregister_all_se_drivers( void ) -{ +void psa_unregister_all_se_drivers(void) { size_t i; - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - if( driver_table[i].u.internal.persistent_data != NULL ) - mbedtls_free( driver_table[i].u.internal.persistent_data ); + for (i = 0; i < PSA_MAX_SE_DRIVERS; i++) { + if (driver_table[i].u.internal.persistent_data != NULL) + mbedtls_free(driver_table[i].u.internal.persistent_data); } - memset( driver_table, 0, sizeof( driver_table ) ); + memset(driver_table, 0, sizeof(driver_table)); } diff --git a/common/mbedtls/psa_crypto_se.h b/common/mbedtls/psa_crypto_se.h index 710426168..edf8989fe 100644 --- a/common/mbedtls/psa_crypto_se.h +++ b/common/mbedtls/psa_crypto_se.h @@ -62,13 +62,13 @@ * state. This function is only intended to be called at the end * of mbedtls_psa_crypto_free(). */ -void psa_unregister_all_se_drivers( void ); +void psa_unregister_all_se_drivers(void); /** Initialize all secure element drivers. * * Called from psa_crypto_init(). */ -psa_status_t psa_init_all_se_drivers( void ); +psa_status_t psa_init_all_se_drivers(void); /** A structure that describes a registered secure element driver. * @@ -93,9 +93,9 @@ typedef struct psa_se_drv_table_entry_s psa_se_drv_table_entry_t; * \retval 0 * \p lifetime does not correspond to a registered driver. */ -int psa_get_se_driver( psa_key_lifetime_t lifetime, - const psa_drv_se_t **p_methods, - psa_drv_se_context_t **p_drv_context); +int psa_get_se_driver(psa_key_lifetime_t lifetime, + const psa_drv_se_t **p_methods, + psa_drv_se_context_t **p_drv_context); /** Return the secure element driver table entry for a lifetime value. * @@ -105,7 +105,7 @@ int psa_get_se_driver( psa_key_lifetime_t lifetime, * \p NULL if \p lifetime does not correspond to a registered driver. */ psa_se_drv_table_entry_t *psa_get_se_driver_entry( - psa_key_lifetime_t lifetime ); + psa_key_lifetime_t lifetime); /** Return the method table for a secure element driver. * @@ -115,7 +115,7 @@ psa_se_drv_table_entry_t *psa_get_se_driver_entry( * \c NULL if \p driver is \c NULL. */ const psa_drv_se_t *psa_get_se_driver_methods( - const psa_se_drv_table_entry_t *driver ); + const psa_se_drv_table_entry_t *driver); /** Return the context of a secure element driver. * @@ -125,7 +125,7 @@ const psa_drv_se_t *psa_get_se_driver_methods( * \c NULL if \p driver is \c NULL. */ psa_drv_se_context_t *psa_get_se_driver_context( - psa_se_drv_table_entry_t *driver ); + psa_se_drv_table_entry_t *driver); /** Find a free slot for a key that is to be created. * @@ -141,15 +141,15 @@ psa_status_t psa_find_se_slot_for_key( const psa_key_attributes_t *attributes, psa_key_creation_method_t method, psa_se_drv_table_entry_t *driver, - psa_key_slot_number_t *slot_number ); + psa_key_slot_number_t *slot_number); /** Destoy a key in a secure element. * * This function calls the relevant driver method to destroy a key * and updates the driver's persistent data. */ -psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver, - psa_key_slot_number_t slot_number ); +psa_status_t psa_destroy_se_key(psa_se_drv_table_entry_t *driver, + psa_key_slot_number_t slot_number); /** Load the persistent data of a secure element driver. * @@ -164,7 +164,7 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver, * \return #PSA_ERROR_INVALID_ARGUMENT */ psa_status_t psa_load_se_persistent_data( - const psa_se_drv_table_entry_t *driver ); + const psa_se_drv_table_entry_t *driver); /** Save the persistent data of a secure element driver. * @@ -180,7 +180,7 @@ psa_status_t psa_load_se_persistent_data( * \return #PSA_ERROR_INVALID_ARGUMENT */ psa_status_t psa_save_se_persistent_data( - const psa_se_drv_table_entry_t *driver ); + const psa_se_drv_table_entry_t *driver); /** Destroy the persistent data of a secure element driver. * @@ -189,14 +189,13 @@ psa_status_t psa_save_se_persistent_data( * \param[in] location The location identifier for the driver whose * persistent data is to be erased. */ -psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location ); +psa_status_t psa_destroy_se_persistent_data(psa_key_location_t location); /** The storage representation of a key whose data is in a secure element. */ -typedef struct -{ - uint8_t slot_number[sizeof( psa_key_slot_number_t )]; +typedef struct { + uint8_t slot_number[sizeof(psa_key_slot_number_t)]; } psa_se_key_data_storage_t; #endif /* PSA_CRYPTO_SE_H */ diff --git a/common/mbedtls/psa_crypto_slot_management.c b/common/mbedtls/psa_crypto_slot_management.c index dcbee31aa..ed7da73d4 100644 --- a/common/mbedtls/psa_crypto_slot_management.c +++ b/common/mbedtls/psa_crypto_slot_management.c @@ -43,8 +43,7 @@ #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) -typedef struct -{ +typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; unsigned key_slots_initialized : 1; } psa_global_data_t; @@ -52,20 +51,19 @@ typedef struct static psa_global_data_t global_data; psa_status_t psa_validate_key_id( - mbedtls_svc_key_id_t key, int vendor_ok ) -{ - psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + mbedtls_svc_key_id_t key, int vendor_ok) { + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key); - if( ( PSA_KEY_ID_USER_MIN <= key_id ) && - ( key_id <= PSA_KEY_ID_USER_MAX ) ) - return( PSA_SUCCESS ); + if ((PSA_KEY_ID_USER_MIN <= key_id) && + (key_id <= PSA_KEY_ID_USER_MAX)) + return (PSA_SUCCESS); - if( vendor_ok && - ( PSA_KEY_ID_VENDOR_MIN <= key_id ) && - ( key_id <= PSA_KEY_ID_VENDOR_MAX ) ) - return( PSA_SUCCESS ); + if (vendor_ok && + (PSA_KEY_ID_VENDOR_MIN <= key_id) && + (key_id <= PSA_KEY_ID_VENDOR_MAX)) + return (PSA_SUCCESS); - return( PSA_ERROR_INVALID_HANDLE ); + return (PSA_ERROR_INVALID_HANDLE); } /** Get the description in memory of a key given its identifier and lock it. @@ -100,15 +98,13 @@ psa_status_t psa_validate_key_id( * There is no key with key identifier \p key in the key slots. */ static psa_status_t psa_get_and_lock_key_slot_in_memory( - mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot ) -{ + mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ); + psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key); size_t slot_idx; psa_key_slot_t *slot = NULL; - if( psa_key_id_is_volatile( key_id ) ) - { + if (psa_key_id_is_volatile(key_id)) { slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ]; /* @@ -119,83 +115,72 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( * is equal to zero. This is an invalid value for a PSA key identifier * and thus cannot be equal to the valid PSA key identifier key_id. */ - status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ? + status = mbedtls_svc_key_id_equal(key, slot->attr.id) ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; - } - else - { - status = psa_validate_key_id( key, 1 ); - if( status != PSA_SUCCESS ) - return( status ); + } else { + status = psa_validate_key_id(key, 1); + if (status != PSA_SUCCESS) + return (status); - for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ ) - { + for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { slot = &global_data.key_slots[ slot_idx ]; - if( mbedtls_svc_key_id_equal( key, slot->attr.id ) ) + if (mbedtls_svc_key_id_equal(key, slot->attr.id)) break; } - status = ( slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT ) ? + status = (slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT) ? PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; } - if( status == PSA_SUCCESS ) - { - status = psa_lock_key_slot( slot ); - if( status == PSA_SUCCESS ) + if (status == PSA_SUCCESS) { + status = psa_lock_key_slot(slot); + if (status == PSA_SUCCESS) *p_slot = slot; } - return( status ); + return (status); } -psa_status_t psa_initialize_key_slots( void ) -{ +psa_status_t psa_initialize_key_slots(void) { /* Nothing to do: program startup and psa_wipe_all_key_slots() both * guarantee that the key slots are initialized to all-zero, which * means that all the key slots are in a valid, empty state. */ global_data.key_slots_initialized = 1; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -void psa_wipe_all_key_slots( void ) -{ +void psa_wipe_all_key_slots(void) { size_t slot_idx; - for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ ) - { + for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; slot->lock_count = 1; - (void) psa_wipe_key_slot( slot ); + (void) psa_wipe_key_slot(slot); } global_data.key_slots_initialized = 0; } -psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, - psa_key_slot_t **p_slot ) -{ +psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, + psa_key_slot_t **p_slot) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t slot_idx; psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot; - if( ! global_data.key_slots_initialized ) - { + if (! global_data.key_slots_initialized) { status = PSA_ERROR_BAD_STATE; goto error; } selected_slot = unlocked_persistent_key_slot = NULL; - for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ ) - { + for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; - if( ! psa_is_key_slot_occupied( slot ) ) - { + if (! psa_is_key_slot_occupied(slot)) { selected_slot = slot; break; } - if( ( unlocked_persistent_key_slot == NULL ) && - ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && - ( ! psa_is_key_slot_locked( slot ) ) ) + if ((unlocked_persistent_key_slot == NULL) && + (! PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && + (! psa_is_key_slot_locked(slot))) unlocked_persistent_key_slot = slot; } @@ -206,25 +191,23 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, * persistent key we are evicting now, we will reload its description from * storage. */ - if( ( selected_slot == NULL ) && - ( unlocked_persistent_key_slot != NULL ) ) - { + if ((selected_slot == NULL) && + (unlocked_persistent_key_slot != NULL)) { selected_slot = unlocked_persistent_key_slot; selected_slot->lock_count = 1; - psa_wipe_key_slot( selected_slot ); + psa_wipe_key_slot(selected_slot); } - if( selected_slot != NULL ) - { - status = psa_lock_key_slot( selected_slot ); - if( status != PSA_SUCCESS ) - goto error; + if (selected_slot != NULL) { + status = psa_lock_key_slot(selected_slot); + if (status != PSA_SUCCESS) + goto error; *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN + - ( (psa_key_id_t)( selected_slot - global_data.key_slots ) ); + ((psa_key_id_t)(selected_slot - global_data.key_slots)); *p_slot = selected_slot; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } status = PSA_ERROR_INSUFFICIENT_MEMORY; @@ -232,19 +215,18 @@ error: *p_slot = NULL; *volatile_key_id = 0; - return( status ); + return (status); } #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) -{ +static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) { psa_status_t status = PSA_SUCCESS; uint8_t *key_data = NULL; size_t key_data_length = 0; - status = psa_load_persistent_key( &slot->attr, - &key_data, &key_data_length ); - if( status != PSA_SUCCESS ) + status = psa_load_persistent_key(&slot->attr, + &key_data, &key_data_length); + if (status != PSA_SUCCESS) goto exit; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -252,77 +234,72 @@ static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot ) * dynamically registered SE interface. */ const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) - { + if (psa_get_se_driver(slot->attr.lifetime, &drv, &drv_context)) { psa_se_key_data_storage_t *data; - if( key_data_length != sizeof( *data ) ) - { + if (key_data_length != sizeof(*data)) { status = PSA_ERROR_DATA_INVALID; goto exit; } data = (psa_se_key_data_storage_t *) key_data; status = psa_copy_key_material_into_slot( - slot, data->slot_number, sizeof( data->slot_number ) ); + slot, data->slot_number, sizeof(data->slot_number)); goto exit; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); + status = psa_copy_key_material_into_slot(slot, key_data, key_data_length); exit: - psa_free_persistent_key_data( key_data, key_data_length ); - return( status ); + psa_free_persistent_key_data(key_data, key_data_length); + return (status); } #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot ) -{ +psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; *p_slot = NULL; - if( ! global_data.key_slots_initialized ) - return( PSA_ERROR_BAD_STATE ); + if (! global_data.key_slots_initialized) + return (PSA_ERROR_BAD_STATE); /* * On success, the pointer to the slot is passed directly to the caller * thus no need to unlock the key slot here. */ - status = psa_get_and_lock_key_slot_in_memory( key, p_slot ); - if( status != PSA_ERROR_DOES_NOT_EXIST ) - return( status ); + status = psa_get_and_lock_key_slot_in_memory(key, p_slot); + if (status != PSA_ERROR_DOES_NOT_EXIST) + return (status); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_key_id_t volatile_key_id; - status = psa_get_empty_key_slot( &volatile_key_id, p_slot ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_empty_key_slot(&volatile_key_id, p_slot); + if (status != PSA_SUCCESS) + return (status); (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT; (*p_slot)->attr.id = key; - status = psa_load_persistent_key_into_slot( *p_slot ); - if( status != PSA_SUCCESS ) - psa_wipe_key_slot( *p_slot ); + status = psa_load_persistent_key_into_slot(*p_slot); + if (status != PSA_SUCCESS) + psa_wipe_key_slot(*p_slot); - return( status ); + return (status); #else - return( PSA_ERROR_DOES_NOT_EXIST ); + return (PSA_ERROR_DOES_NOT_EXIST); #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ } -psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) -{ - if( slot == NULL ) - return( PSA_SUCCESS ); +psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot) { + if (slot == NULL) + return (PSA_SUCCESS); - if( slot->lock_count > 0 ) - { + if (slot->lock_count > 0) { slot->lock_count--; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /* @@ -333,25 +310,22 @@ psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) * test suite execution). */ #ifdef MBEDTLS_CHECK_PARAMS - MBEDTLS_PARAM_FAILED( slot->lock_count > 0 ); + MBEDTLS_PARAM_FAILED(slot->lock_count > 0); #endif - return( PSA_ERROR_CORRUPTION_DETECTED ); + return (PSA_ERROR_CORRUPTION_DETECTED); } -psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, - psa_se_drv_table_entry_t **p_drv ) -{ - if ( psa_key_lifetime_is_external( lifetime ) ) - { +psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime, + psa_se_drv_table_entry_t **p_drv) { + if (psa_key_lifetime_is_external(lifetime)) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Check whether a driver is registered against this lifetime */ - psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime ); - if( driver != NULL ) - { + psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry(lifetime); + if (driver != NULL) { if (p_drv != NULL) *p_drv = driver; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } #else /* MBEDTLS_PSA_CRYPTO_SE_C */ (void) p_drv; @@ -359,126 +333,110 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) /* Key location for external keys gets checked by the wrapper */ - return( PSA_SUCCESS ); + return (PSA_SUCCESS); #else /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* No support for external lifetimes at all, or dynamic interface * did not find driver for requested lifetime. */ - return( PSA_ERROR_INVALID_ARGUMENT ); + return (PSA_ERROR_INVALID_ARGUMENT); #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ - } - else + } else /* Local/internal keys are always valid */ - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ) -{ - if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) - { +psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime) { + if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { /* Volatile keys are always supported */ - return( PSA_SUCCESS ); - } - else - { + return (PSA_SUCCESS); + } else { /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - return( PSA_SUCCESS ); + return (PSA_SUCCESS); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ } } -psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle ) -{ +psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle) { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) psa_status_t status; psa_key_slot_t *slot; - status = psa_get_and_lock_key_slot( key, &slot ); - if( status != PSA_SUCCESS ) - { + status = psa_get_and_lock_key_slot(key, &slot); + if (status != PSA_SUCCESS) { *handle = PSA_KEY_HANDLE_INIT; - return( status ); + return (status); } *handle = key; - return( psa_unlock_key_slot( slot ) ); + return (psa_unlock_key_slot(slot)); #else /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ (void) key; *handle = PSA_KEY_HANDLE_INIT; - return( PSA_ERROR_NOT_SUPPORTED ); + return (PSA_ERROR_NOT_SUPPORTED); #endif /* !defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ } -psa_status_t psa_close_key( psa_key_handle_t handle ) -{ +psa_status_t psa_close_key(psa_key_handle_t handle) { psa_status_t status; psa_key_slot_t *slot; - if( psa_key_handle_is_null( handle ) ) - return( PSA_SUCCESS ); + if (psa_key_handle_is_null(handle)) + return (PSA_SUCCESS); - status = psa_get_and_lock_key_slot_in_memory( handle, &slot ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot_in_memory(handle, &slot); + if (status != PSA_SUCCESS) + return (status); - if( slot->lock_count <= 1 ) - return( psa_wipe_key_slot( slot ) ); + if (slot->lock_count <= 1) + return (psa_wipe_key_slot(slot)); else - return( psa_unlock_key_slot( slot ) ); + return (psa_unlock_key_slot(slot)); } -psa_status_t psa_purge_key( mbedtls_svc_key_id_t key ) -{ +psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) { psa_status_t status; psa_key_slot_t *slot; - status = psa_get_and_lock_key_slot_in_memory( key, &slot ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_get_and_lock_key_slot_in_memory(key, &slot); + if (status != PSA_SUCCESS) + return (status); - if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) && - ( slot->lock_count <= 1 ) ) - return( psa_wipe_key_slot( slot ) ); + if ((! PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && + (slot->lock_count <= 1)) + return (psa_wipe_key_slot(slot)); else - return( psa_unlock_key_slot( slot ) ); + return (psa_unlock_key_slot(slot)); } -void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ) -{ +void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) { size_t slot_idx; - memset( stats, 0, sizeof( *stats ) ); + memset(stats, 0, sizeof(*stats)); - for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ ) - { + for (slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++) { const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ]; - if( psa_is_key_slot_locked( slot ) ) - { + if (psa_is_key_slot_locked(slot)) { ++stats->locked_slots; } - if( ! psa_is_key_slot_occupied( slot ) ) - { + if (! psa_is_key_slot_occupied(slot)) { ++stats->empty_slots; continue; } - if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE ) + if (slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE) ++stats->volatile_slots; - else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT ) - { - psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ); + else if (slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT) { + psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id); ++stats->persistent_slots; - if( id > stats->max_open_internal_key_id ) + if (id > stats->max_open_internal_key_id) stats->max_open_internal_key_id = id; - } - else - { - psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ); + } else { + psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot->attr.id); ++stats->external_slots; - if( id > stats->max_open_external_key_id ) + if (id > stats->max_open_external_key_id) stats->max_open_external_key_id = id; } } diff --git a/common/mbedtls/psa_crypto_slot_management.h b/common/mbedtls/psa_crypto_slot_management.h index 3d1a85286..de2eea4cd 100644 --- a/common/mbedtls/psa_crypto_slot_management.h +++ b/common/mbedtls/psa_crypto_slot_management.h @@ -51,10 +51,9 @@ * \retval 0 * The key identifier is not a volatile key identifier. */ -static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) -{ - return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) && - ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) ); +static inline int psa_key_id_is_volatile(psa_key_id_t key_id) { + return ((key_id >= PSA_KEY_ID_VOLATILE_MIN) && + (key_id <= PSA_KEY_ID_VOLATILE_MAX)); } /** Get the description of a key given its identifier and lock it. @@ -92,20 +91,20 @@ static inline int psa_key_id_is_volatile( psa_key_id_t key_id ) * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_CORRUPT */ -psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot ); +psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot); /** Initialize the key slot structures. * * \retval #PSA_SUCCESS * Currently this function always succeeds. */ -psa_status_t psa_initialize_key_slots( void ); +psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. * * This does not affect persistent storage. */ -void psa_wipe_all_key_slots( void ); +void psa_wipe_all_key_slots(void); /** Find a free key slot. * @@ -122,8 +121,8 @@ void psa_wipe_all_key_slots( void ); * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, - psa_key_slot_t **p_slot ); +psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, + psa_key_slot_t **p_slot); /** Lock a key slot. * @@ -137,14 +136,13 @@ psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id, * The lock counter already reached its maximum value and was not * increased. */ -static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot ) -{ - if( slot->lock_count >= SIZE_MAX ) - return( PSA_ERROR_CORRUPTION_DETECTED ); +static inline psa_status_t psa_lock_key_slot(psa_key_slot_t *slot) { + if (slot->lock_count >= SIZE_MAX) + return (PSA_ERROR_CORRUPTION_DETECTED); slot->lock_count++; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** Unlock a key slot. @@ -163,7 +161,7 @@ static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot ) * The lock counter was equal to 0. * */ -psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ); +psa_status_t psa_unlock_key_slot(psa_key_slot_t *slot); /** Test whether a lifetime designates a key in an external cryptoprocessor. * @@ -177,10 +175,9 @@ psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ); * The lifetime designates a key that is volatile or in internal * storage. */ -static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) -{ - return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) - != PSA_KEY_LOCATION_LOCAL_STORAGE ); +static inline int psa_key_lifetime_is_external(psa_key_lifetime_t lifetime) { + return (PSA_KEY_LIFETIME_GET_LOCATION(lifetime) + != PSA_KEY_LOCATION_LOCAL_STORAGE); } /** Validate a key's location. @@ -197,8 +194,8 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT */ -psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, - psa_se_drv_table_entry_t **p_drv ); +psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime, + psa_se_drv_table_entry_t **p_drv); /** Validate the persistence of a key. * @@ -208,7 +205,7 @@ psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, * \retval #PSA_ERROR_INVALID_ARGUMENT The key is persistent but persistent * keys are not supported. */ -psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ); +psa_status_t psa_validate_key_persistence(psa_key_lifetime_t lifetime); /** Validate a key identifier. * @@ -220,6 +217,6 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime ); * \retval #PSA_SUCCESS The identifier is valid. * \retval #PSA_ERROR_INVALID_ARGUMENT The key identifier is not valid. */ -psa_status_t psa_validate_key_id( mbedtls_svc_key_id_t key, int vendor_ok ); +psa_status_t psa_validate_key_id(mbedtls_svc_key_id_t key, int vendor_ok); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ diff --git a/common/mbedtls/psa_crypto_storage.c b/common/mbedtls/psa_crypto_storage.c index 773d3aaaf..c013366f8 100644 --- a/common/mbedtls/psa_crypto_storage.c +++ b/common/mbedtls/psa_crypto_storage.c @@ -60,22 +60,21 @@ * other than storing a key. Currently, the only such file is the random seed * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is * 0xFFFFFF52. */ -static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) -{ +static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) { #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Encode the owner in the upper 32 bits. This means that if * owner values are nonzero (as they are on a PSA platform), * no key file will ever have a value less than 0x100000000, so * the whole range 0..0xffffffff is available for non-key files. */ - uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key ); - return( ( (uint64_t) unsigned_owner_id << 32 ) | - MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) ); + uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(key); + return (((uint64_t) unsigned_owner_id << 32) | + MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key)); #else /* Use the key id directly as a file name. * psa_is_key_id_valid() in psa_crypto_slot_management.c * is responsible for ensuring that key identifiers do not have a * value that is reserved for non-key files. */ - return( key ); + return (key); #endif } @@ -97,35 +96,33 @@ static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key ) * \retval #PSA_ERROR_DOES_NOT_EXIST */ static psa_status_t psa_crypto_storage_load( - const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size ) -{ + const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size) { psa_status_t status; - psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key); struct psa_storage_info_t data_identifier_info; size_t data_length = 0; - status = psa_its_get_info( data_identifier, &data_identifier_info ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_its_get_info(data_identifier, &data_identifier_info); + if (status != PSA_SUCCESS) + return (status); - status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length ); - if( data_size != data_length ) - return( PSA_ERROR_DATA_INVALID ); + status = psa_its_get(data_identifier, 0, (uint32_t) data_size, data, &data_length); + if (data_size != data_length) + return (PSA_ERROR_DATA_INVALID); - return( status ); + return (status); } -int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ) -{ +int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key) { psa_status_t ret; - psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key); struct psa_storage_info_t data_identifier_info; - ret = psa_its_get_info( data_identifier, &data_identifier_info ); + ret = psa_its_get_info(data_identifier, &data_identifier_info); - if( ret == PSA_ERROR_DOES_NOT_EXIST ) - return( 0 ); - return( 1 ); + if (ret == PSA_ERROR_DOES_NOT_EXIST) + return (0); + return (1); } /** @@ -145,65 +142,59 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ) * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_INVALID */ -static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key, - const uint8_t *data, - size_t data_length ) -{ +static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key, + const uint8_t *data, + size_t data_length) { psa_status_t status; - psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key); struct psa_storage_info_t data_identifier_info; - if( psa_is_key_present_in_storage( key ) == 1 ) - return( PSA_ERROR_ALREADY_EXISTS ); + if (psa_is_key_present_in_storage(key) == 1) + return (PSA_ERROR_ALREADY_EXISTS); - status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 ); - if( status != PSA_SUCCESS ) - { - return( PSA_ERROR_DATA_INVALID ); + status = psa_its_set(data_identifier, (uint32_t) data_length, data, 0); + if (status != PSA_SUCCESS) { + return (PSA_ERROR_DATA_INVALID); } - status = psa_its_get_info( data_identifier, &data_identifier_info ); - if( status != PSA_SUCCESS ) - { + status = psa_its_get_info(data_identifier, &data_identifier_info); + if (status != PSA_SUCCESS) { goto exit; } - if( data_identifier_info.size != data_length ) - { + if (data_identifier_info.size != data_length) { status = PSA_ERROR_DATA_INVALID; goto exit; } exit: - if( status != PSA_SUCCESS ) - { + if (status != PSA_SUCCESS) { /* Remove the file in case we managed to create it but something * went wrong. It's ok if the file doesn't exist. If the file exists * but the removal fails, we're already reporting an error so there's * nothing else we can do. */ - (void) psa_its_remove( data_identifier ); + (void) psa_its_remove(data_identifier); } - return( status ); + return (status); } -psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ) -{ +psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key) { psa_status_t ret; - psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key); struct psa_storage_info_t data_identifier_info; - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret == PSA_ERROR_DOES_NOT_EXIST ) - return( PSA_SUCCESS ); + ret = psa_its_get_info(data_identifier, &data_identifier_info); + if (ret == PSA_ERROR_DOES_NOT_EXIST) + return (PSA_SUCCESS); - if( psa_its_remove( data_identifier ) != PSA_SUCCESS ) - return( PSA_ERROR_DATA_INVALID ); + if (psa_its_remove(data_identifier) != PSA_SUCCESS) + return (PSA_ERROR_DATA_INVALID); - ret = psa_its_get_info( data_identifier, &data_identifier_info ); - if( ret != PSA_ERROR_DOES_NOT_EXIST ) - return( PSA_ERROR_DATA_INVALID ); + ret = psa_its_get_info(data_identifier, &data_identifier_info); + if (ret != PSA_ERROR_DOES_NOT_EXIST) + return (PSA_ERROR_DATA_INVALID); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /** @@ -220,19 +211,18 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ) */ static psa_status_t psa_crypto_storage_get_data_length( const mbedtls_svc_key_id_t key, - size_t *data_length ) -{ + size_t *data_length) { psa_status_t status; - psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key ); + psa_storage_uid_t data_identifier = psa_its_identifier_of_slot(key); struct psa_storage_info_t data_identifier_info; - status = psa_its_get_info( data_identifier, &data_identifier_info ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_its_get_info(data_identifier, &data_identifier_info); + if (status != PSA_SUCCESS) + return (status); *data_length = (size_t) data_identifier_info.size; - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } /* @@ -286,163 +276,153 @@ static psa_status_t psa_crypto_storage_get_data_length( typedef struct { uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH]; uint8_t version[4]; - uint8_t lifetime[sizeof( psa_key_lifetime_t )]; + uint8_t lifetime[sizeof(psa_key_lifetime_t)]; uint8_t type[2]; uint8_t bits[2]; - uint8_t policy[sizeof( psa_key_policy_t )]; + uint8_t policy[sizeof(psa_key_policy_t)]; uint8_t data_len[4]; uint8_t key_data[]; } psa_persistent_key_storage_format; -void psa_format_key_data_for_storage( const uint8_t *data, - const size_t data_length, - const psa_core_key_attributes_t *attr, - uint8_t *storage_data ) -{ +void psa_format_key_data_for_storage(const uint8_t *data, + const size_t data_length, + const psa_core_key_attributes_t *attr, + uint8_t *storage_data) { psa_persistent_key_storage_format *storage_format = (psa_persistent_key_storage_format *) storage_data; - memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ); - PUT_UINT32_LE( 0, storage_format->version, 0 ); - PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 ); - PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 ); - PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); - PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); - PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); - PUT_UINT32_LE( data_length, storage_format->data_len, 0 ); - memcpy( storage_format->key_data, data, data_length ); + memcpy(storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH); + PUT_UINT32_LE(0, storage_format->version, 0); + PUT_UINT32_LE(attr->lifetime, storage_format->lifetime, 0); + PUT_UINT16_LE((uint16_t) attr->type, storage_format->type, 0); + PUT_UINT16_LE((uint16_t) attr->bits, storage_format->bits, 0); + PUT_UINT32_LE(attr->policy.usage, storage_format->policy, 0); + PUT_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t)); + PUT_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t)); + PUT_UINT32_LE(data_length, storage_format->data_len, 0); + memcpy(storage_format->key_data, data, data_length); } -static psa_status_t check_magic_header( const uint8_t *data ) -{ - if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER, - PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 ) - return( PSA_ERROR_DATA_INVALID ); - return( PSA_SUCCESS ); +static psa_status_t check_magic_header(const uint8_t *data) { + if (memcmp(data, PSA_KEY_STORAGE_MAGIC_HEADER, + PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH) != 0) + return (PSA_ERROR_DATA_INVALID); + return (PSA_SUCCESS); } -psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, - size_t storage_data_length, - uint8_t **key_data, - size_t *key_data_length, - psa_core_key_attributes_t *attr ) -{ +psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, + size_t storage_data_length, + uint8_t **key_data, + size_t *key_data_length, + psa_core_key_attributes_t *attr) { psa_status_t status; const psa_persistent_key_storage_format *storage_format = (const psa_persistent_key_storage_format *)storage_data; uint32_t version; - if( storage_data_length < sizeof(*storage_format) ) - return( PSA_ERROR_DATA_INVALID ); + if (storage_data_length < sizeof(*storage_format)) + return (PSA_ERROR_DATA_INVALID); - status = check_magic_header( storage_data ); - if( status != PSA_SUCCESS ) - return( status ); + status = check_magic_header(storage_data); + if (status != PSA_SUCCESS) + return (status); - GET_UINT32_LE( version, storage_format->version, 0 ); - if( version != 0 ) - return( PSA_ERROR_DATA_INVALID ); + GET_UINT32_LE(version, storage_format->version, 0); + if (version != 0) + return (PSA_ERROR_DATA_INVALID); - GET_UINT32_LE( *key_data_length, storage_format->data_len, 0 ); - if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) || - *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE ) - return( PSA_ERROR_DATA_INVALID ); + GET_UINT32_LE(*key_data_length, storage_format->data_len, 0); + if (*key_data_length > (storage_data_length - sizeof(*storage_format)) || + *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) + return (PSA_ERROR_DATA_INVALID); - if( *key_data_length == 0 ) - { + if (*key_data_length == 0) { *key_data = NULL; - } - else - { - *key_data = mbedtls_calloc( 1, *key_data_length ); - if( *key_data == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( *key_data, storage_format->key_data, *key_data_length ); + } else { + *key_data = mbedtls_calloc(1, *key_data_length); + if (*key_data == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); + memcpy(*key_data, storage_format->key_data, *key_data_length); } - GET_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 ); - GET_UINT16_LE( attr->type, storage_format->type, 0 ); - GET_UINT16_LE( attr->bits, storage_format->bits, 0 ); - GET_UINT32_LE( attr->policy.usage, storage_format->policy, 0 ); - GET_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) ); - GET_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) ); + GET_UINT32_LE(attr->lifetime, storage_format->lifetime, 0); + GET_UINT16_LE(attr->type, storage_format->type, 0); + GET_UINT16_LE(attr->bits, storage_format->bits, 0); + GET_UINT32_LE(attr->policy.usage, storage_format->policy, 0); + GET_UINT32_LE(attr->policy.alg, storage_format->policy, sizeof(uint32_t)); + GET_UINT32_LE(attr->policy.alg2, storage_format->policy, 2 * sizeof(uint32_t)); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, - const uint8_t *data, - const size_t data_length ) -{ +psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, + const uint8_t *data, + const size_t data_length) { size_t storage_data_length; uint8_t *storage_data; psa_status_t status; /* All keys saved to persistent storage always have a key context */ - if( data == NULL || data_length == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if (data == NULL || data_length == 0) + return (PSA_ERROR_INVALID_ARGUMENT); - if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE ) - return( PSA_ERROR_INSUFFICIENT_STORAGE ); - storage_data_length = data_length + sizeof( psa_persistent_key_storage_format ); + if (data_length > PSA_CRYPTO_MAX_STORAGE_SIZE) + return (PSA_ERROR_INSUFFICIENT_STORAGE); + storage_data_length = data_length + sizeof(psa_persistent_key_storage_format); - storage_data = mbedtls_calloc( 1, storage_data_length ); - if( storage_data == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + storage_data = mbedtls_calloc(1, storage_data_length); + if (storage_data == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - psa_format_key_data_for_storage( data, data_length, attr, storage_data ); + psa_format_key_data_for_storage(data, data_length, attr, storage_data); - status = psa_crypto_storage_store( attr->id, - storage_data, storage_data_length ); + status = psa_crypto_storage_store(attr->id, + storage_data, storage_data_length); - mbedtls_free( storage_data ); + mbedtls_free(storage_data); - return( status ); + return (status); } -void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ) -{ - if( key_data != NULL ) - { - mbedtls_platform_zeroize( key_data, key_data_length ); +void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length) { + if (key_data != NULL) { + mbedtls_platform_zeroize(key_data, key_data_length); } - mbedtls_free( key_data ); + mbedtls_free(key_data); } -psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, - uint8_t **data, - size_t *data_length ) -{ +psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, + uint8_t **data, + size_t *data_length) { psa_status_t status = PSA_SUCCESS; uint8_t *loaded_data; size_t storage_data_length = 0; mbedtls_svc_key_id_t key = attr->id; - status = psa_crypto_storage_get_data_length( key, &storage_data_length ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_crypto_storage_get_data_length(key, &storage_data_length); + if (status != PSA_SUCCESS) + return (status); - loaded_data = mbedtls_calloc( 1, storage_data_length ); + loaded_data = mbedtls_calloc(1, storage_data_length); - if( loaded_data == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + if (loaded_data == NULL) + return (PSA_ERROR_INSUFFICIENT_MEMORY); - status = psa_crypto_storage_load( key, loaded_data, storage_data_length ); - if( status != PSA_SUCCESS ) + status = psa_crypto_storage_load(key, loaded_data, storage_data_length); + if (status != PSA_SUCCESS) goto exit; - status = psa_parse_key_data_from_storage( loaded_data, storage_data_length, - data, data_length, attr ); + status = psa_parse_key_data_from_storage(loaded_data, storage_data_length, + data, data_length, attr); /* All keys saved to persistent storage always have a key context */ - if( status == PSA_SUCCESS && - ( *data == NULL || *data_length == 0 ) ) + if (status == PSA_SUCCESS && + (*data == NULL || *data_length == 0)) status = PSA_ERROR_STORAGE_FAILURE; exit: - mbedtls_free( loaded_data ); - return( status ); + mbedtls_free(loaded_data); + return (status); } @@ -455,47 +435,42 @@ exit: psa_crypto_transaction_t psa_crypto_transaction; -psa_status_t psa_crypto_save_transaction( void ) -{ +psa_status_t psa_crypto_save_transaction(void) { struct psa_storage_info_t p_info; psa_status_t status; - status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info ); - if( status == PSA_SUCCESS ) - { + status = psa_its_get_info(PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info); + if (status == PSA_SUCCESS) { /* This shouldn't happen: we're trying to start a transaction while * there is still a transaction that hasn't been replayed. */ - return( PSA_ERROR_CORRUPTION_DETECTED ); - } - else if( status != PSA_ERROR_DOES_NOT_EXIST ) - return( status ); - return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID, - sizeof( psa_crypto_transaction ), - &psa_crypto_transaction, - 0 ) ); + return (PSA_ERROR_CORRUPTION_DETECTED); + } else if (status != PSA_ERROR_DOES_NOT_EXIST) + return (status); + return (psa_its_set(PSA_CRYPTO_ITS_TRANSACTION_UID, + sizeof(psa_crypto_transaction), + &psa_crypto_transaction, + 0)); } -psa_status_t psa_crypto_load_transaction( void ) -{ +psa_status_t psa_crypto_load_transaction(void) { psa_status_t status; size_t length; - status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0, - sizeof( psa_crypto_transaction ), - &psa_crypto_transaction, &length ); - if( status != PSA_SUCCESS ) - return( status ); - if( length != sizeof( psa_crypto_transaction ) ) - return( PSA_ERROR_DATA_INVALID ); - return( PSA_SUCCESS ); + status = psa_its_get(PSA_CRYPTO_ITS_TRANSACTION_UID, 0, + sizeof(psa_crypto_transaction), + &psa_crypto_transaction, &length); + if (status != PSA_SUCCESS) + return (status); + if (length != sizeof(psa_crypto_transaction)) + return (PSA_ERROR_DATA_INVALID); + return (PSA_SUCCESS); } -psa_status_t psa_crypto_stop_transaction( void ) -{ - psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID ); +psa_status_t psa_crypto_stop_transaction(void) { + psa_status_t status = psa_its_remove(PSA_CRYPTO_ITS_TRANSACTION_UID); /* Whether or not updating the storage succeeded, the transaction is * finished now. It's too late to go back, so zero out the in-memory * data. */ - memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) ); - return( status ); + memset(&psa_crypto_transaction, 0, sizeof(psa_crypto_transaction)); + return (status); } #endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */ @@ -507,24 +482,20 @@ psa_status_t psa_crypto_stop_transaction( void ) /****************************************************************/ #if defined(MBEDTLS_PSA_INJECT_ENTROPY) -psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed, - size_t seed_size ) -{ +psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed, + size_t seed_size) { psa_status_t status; struct psa_storage_info_t p_info; - status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info ); + status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info); - if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */ - { - status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 ); - } - else if( PSA_SUCCESS == status ) - { + if (PSA_ERROR_DOES_NOT_EXIST == status) { /* No seed exists */ + status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0); + } else if (PSA_SUCCESS == status) { /* You should not be here. Seed needs to be injected only once */ status = PSA_ERROR_NOT_PERMITTED; } - return( status ); + return (status); } #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ diff --git a/common/mbedtls/psa_crypto_storage.h b/common/mbedtls/psa_crypto_storage.h index 970e1083a..52e904611 100644 --- a/common/mbedtls/psa_crypto_storage.h +++ b/common/mbedtls/psa_crypto_storage.h @@ -72,7 +72,7 @@ extern "C" { * \retval 1 * Persistent data present for slot number */ -int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); +int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key); /** * \brief Format key data and metadata and save to a location for given key @@ -105,9 +105,9 @@ int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key ); * \retval #PSA_ERROR_DATA_INVALID * \retval #PSA_ERROR_DATA_CORRUPT */ -psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, - const uint8_t *data, - const size_t data_length ); +psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, + const uint8_t *data, + const size_t data_length); /** * \brief Parses key data and metadata and load persistent key for given @@ -135,9 +135,9 @@ psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr, * \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DOES_NOT_EXIST */ -psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, - uint8_t **data, - size_t *data_length ); +psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, + uint8_t **data, + size_t *data_length); /** * \brief Remove persistent data for the given key slot number. @@ -150,7 +150,7 @@ psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr, * or the key did not exist. * \retval #PSA_ERROR_DATA_INVALID */ -psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); +psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key); /** * \brief Free the temporary buffer allocated by psa_load_persistent_key(). @@ -162,7 +162,7 @@ psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key ); * \param key_data_length Size of the key data buffer. * */ -void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ); +void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length); /** * \brief Formats key data and metadata for persistent storage @@ -173,10 +173,10 @@ void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length ); * \param[out] storage_data Output buffer for the formatted data. * */ -void psa_format_key_data_for_storage( const uint8_t *data, - const size_t data_length, - const psa_core_key_attributes_t *attr, - uint8_t *storage_data ); +void psa_format_key_data_for_storage(const uint8_t *data, + const size_t data_length, + const psa_core_key_attributes_t *attr, + uint8_t *storage_data); /** * \brief Parses persistent storage data into key data and metadata @@ -194,11 +194,11 @@ void psa_format_key_data_for_storage( const uint8_t *data, * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_DATA_INVALID */ -psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data, - size_t storage_data_length, - uint8_t **key_data, - size_t *key_data_length, - psa_core_key_attributes_t *attr ); +psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, + size_t storage_data_length, + uint8_t **key_data, + size_t *key_data_length, + psa_core_key_attributes_t *attr); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /** This symbol is defined if transaction support is required. */ @@ -274,8 +274,7 @@ typedef uint16_t psa_crypto_transaction_type_t; * in psa_crypto.c. If you add a new type of transaction, be * sure to add code for it in psa_crypto_recover_transaction(). */ -typedef union -{ +typedef union { /* Each element of this union must have the following properties * to facilitate serialization and deserialization: * @@ -284,8 +283,7 @@ typedef union * - Elements of the struct are arranged such a way that there is * no padding. */ - struct psa_crypto_transaction_unknown_s - { + struct psa_crypto_transaction_unknown_s { psa_crypto_transaction_type_t type; uint16_t unused1; uint32_t unused2; @@ -294,8 +292,7 @@ typedef union } unknown; /* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or * #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */ - struct psa_crypto_transaction_key_s - { + struct psa_crypto_transaction_key_s { psa_crypto_transaction_type_t type; uint16_t unused1; psa_key_lifetime_t lifetime; @@ -315,8 +312,7 @@ extern psa_crypto_transaction_t psa_crypto_transaction; * \param type The type of transaction to start. */ static inline void psa_crypto_prepare_transaction( - psa_crypto_transaction_type_t type ) -{ + psa_crypto_transaction_type_t type) { psa_crypto_transaction.unknown.type = type; } @@ -330,7 +326,7 @@ static inline void psa_crypto_prepare_transaction( * \retval #PSA_ERROR_INSUFFICIENT_STORAGE * \retval #PSA_ERROR_STORAGE_FAILURE */ -psa_status_t psa_crypto_save_transaction( void ); +psa_status_t psa_crypto_save_transaction(void); /** Load the transaction data from storage, if any. * @@ -346,7 +342,7 @@ psa_status_t psa_crypto_save_transaction( void ); * \retval #PSA_ERROR_DATA_INVALID * \retval #PSA_ERROR_DATA_CORRUPT */ -psa_status_t psa_crypto_load_transaction( void ); +psa_status_t psa_crypto_load_transaction(void); /** Indicate that the current transaction is finished. * @@ -366,7 +362,7 @@ psa_status_t psa_crypto_load_transaction( void ); * It was impossible to determine whether there was transaction data * in storage, or the transaction data could not be erased. */ -psa_status_t psa_crypto_stop_transaction( void ); +psa_status_t psa_crypto_stop_transaction(void); /** The ITS file identifier for the transaction data. * @@ -388,8 +384,8 @@ psa_status_t psa_crypto_stop_transaction( void ); * \retval #PSA_ERROR_NOT_PERMITTED * The entropy seed file already exists. */ -psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed, - size_t seed_size ); +psa_status_t mbedtls_psa_storage_inject_entropy(const unsigned char *seed, + size_t seed_size); #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ #ifdef __cplusplus diff --git a/common/mbedtls/psa_its_file.c b/common/mbedtls/psa_its_file.c index 7798da615..9065ea431 100644 --- a/common/mbedtls/psa_its_file.c +++ b/common/mbedtls/psa_its_file.c @@ -73,164 +73,154 @@ #define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath ) #endif -typedef struct -{ +typedef struct { uint8_t magic[PSA_ITS_MAGIC_LENGTH]; - uint8_t size[sizeof( uint32_t )]; - uint8_t flags[sizeof( psa_storage_create_flags_t )]; + uint8_t size[sizeof(uint32_t)]; + uint8_t flags[sizeof(psa_storage_create_flags_t)]; } psa_its_file_header_t; -static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename ) -{ +static void psa_its_fill_filename(psa_storage_uid_t uid, char *filename) { /* Break up the UID into two 32-bit pieces so as not to rely on * long long support in snprintf. */ - mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH, - "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s", - PSA_ITS_STORAGE_PREFIX, - (unsigned) ( uid >> 32 ), - (unsigned) ( uid & 0xffffffff ), - PSA_ITS_STORAGE_SUFFIX ); + mbedtls_snprintf(filename, PSA_ITS_STORAGE_FILENAME_LENGTH, + "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s", + PSA_ITS_STORAGE_PREFIX, + (unsigned)(uid >> 32), + (unsigned)(uid & 0xffffffff), + PSA_ITS_STORAGE_SUFFIX); } -static psa_status_t psa_its_read_file( psa_storage_uid_t uid, - struct psa_storage_info_t *p_info, - FILE **p_stream ) -{ +static psa_status_t psa_its_read_file(psa_storage_uid_t uid, + struct psa_storage_info_t *p_info, + FILE **p_stream) { char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; psa_its_file_header_t header; size_t n; *p_stream = NULL; - psa_its_fill_filename( uid, filename ); - *p_stream = fopen( filename, "rb" ); - if( *p_stream == NULL ) - return( PSA_ERROR_DOES_NOT_EXIST ); + psa_its_fill_filename(uid, filename); + *p_stream = fopen(filename, "rb"); + if (*p_stream == NULL) + return (PSA_ERROR_DOES_NOT_EXIST); - n = fread( &header, 1, sizeof( header ), *p_stream ); - if( n != sizeof( header ) ) - return( PSA_ERROR_DATA_CORRUPT ); - if( memcmp( header.magic, PSA_ITS_MAGIC_STRING, - PSA_ITS_MAGIC_LENGTH ) != 0 ) - return( PSA_ERROR_DATA_CORRUPT ); + n = fread(&header, 1, sizeof(header), *p_stream); + if (n != sizeof(header)) + return (PSA_ERROR_DATA_CORRUPT); + if (memcmp(header.magic, PSA_ITS_MAGIC_STRING, + PSA_ITS_MAGIC_LENGTH) != 0) + return (PSA_ERROR_DATA_CORRUPT); - p_info->size = ( header.size[0] | - header.size[1] << 8 | - header.size[2] << 16 | - header.size[3] << 24 ); - p_info->flags = ( header.flags[0] | - header.flags[1] << 8 | - header.flags[2] << 16 | - header.flags[3] << 24 ); - return( PSA_SUCCESS ); + p_info->size = (header.size[0] | + header.size[1] << 8 | + header.size[2] << 16 | + header.size[3] << 24); + p_info->flags = (header.flags[0] | + header.flags[1] << 8 | + header.flags[2] << 16 | + header.flags[3] << 24); + return (PSA_SUCCESS); } -psa_status_t psa_its_get_info( psa_storage_uid_t uid, - struct psa_storage_info_t *p_info ) -{ +psa_status_t psa_its_get_info(psa_storage_uid_t uid, + struct psa_storage_info_t *p_info) { psa_status_t status; FILE *stream = NULL; - status = psa_its_read_file( uid, p_info, &stream ); - if( stream != NULL ) - fclose( stream ); - return( status ); + status = psa_its_read_file(uid, p_info, &stream); + if (stream != NULL) + fclose(stream); + return (status); } -psa_status_t psa_its_get( psa_storage_uid_t uid, - uint32_t data_offset, - uint32_t data_length, - void *p_data, - size_t *p_data_length ) -{ +psa_status_t psa_its_get(psa_storage_uid_t uid, + uint32_t data_offset, + uint32_t data_length, + void *p_data, + size_t *p_data_length) { psa_status_t status; FILE *stream = NULL; size_t n; struct psa_storage_info_t info; - status = psa_its_read_file( uid, &info, &stream ); - if( status != PSA_SUCCESS ) + status = psa_its_read_file(uid, &info, &stream); + if (status != PSA_SUCCESS) goto exit; status = PSA_ERROR_INVALID_ARGUMENT; - if( data_offset + data_length < data_offset ) + if (data_offset + data_length < data_offset) goto exit; #if SIZE_MAX < 0xffffffff - if( data_offset + data_length > SIZE_MAX ) + if (data_offset + data_length > SIZE_MAX) goto exit; #endif - if( data_offset + data_length > info.size ) + if (data_offset + data_length > info.size) goto exit; status = PSA_ERROR_STORAGE_FAILURE; #if LONG_MAX < 0xffffffff - while( data_offset > LONG_MAX ) - { - if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 ) + while (data_offset > LONG_MAX) { + if (fseek(stream, LONG_MAX, SEEK_CUR) != 0) goto exit; data_offset -= LONG_MAX; } #endif - if( fseek( stream, data_offset, SEEK_CUR ) != 0 ) + if (fseek(stream, data_offset, SEEK_CUR) != 0) goto exit; - n = fread( p_data, 1, data_length, stream ); - if( n != data_length ) + n = fread(p_data, 1, data_length, stream); + if (n != data_length) goto exit; status = PSA_SUCCESS; - if( p_data_length != NULL ) + if (p_data_length != NULL) *p_data_length = n; exit: - if( stream != NULL ) - fclose( stream ); - return( status ); + if (stream != NULL) + fclose(stream); + return (status); } -psa_status_t psa_its_set( psa_storage_uid_t uid, - uint32_t data_length, - const void *p_data, - psa_storage_create_flags_t create_flags ) -{ +psa_status_t psa_its_set(psa_storage_uid_t uid, + uint32_t data_length, + const void *p_data, + psa_storage_create_flags_t create_flags) { psa_status_t status = PSA_ERROR_STORAGE_FAILURE; char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; FILE *stream = NULL; psa_its_file_header_t header; size_t n; - memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH ); + memcpy(header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH); header.size[0] = data_length & 0xff; - header.size[1] = ( data_length >> 8 ) & 0xff; - header.size[2] = ( data_length >> 16 ) & 0xff; - header.size[3] = ( data_length >> 24 ) & 0xff; + header.size[1] = (data_length >> 8) & 0xff; + header.size[2] = (data_length >> 16) & 0xff; + header.size[3] = (data_length >> 24) & 0xff; header.flags[0] = create_flags & 0xff; - header.flags[1] = ( create_flags >> 8 ) & 0xff; - header.flags[2] = ( create_flags >> 16 ) & 0xff; - header.flags[3] = ( create_flags >> 24 ) & 0xff; + header.flags[1] = (create_flags >> 8) & 0xff; + header.flags[2] = (create_flags >> 16) & 0xff; + header.flags[3] = (create_flags >> 24) & 0xff; - psa_its_fill_filename( uid, filename ); - stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" ); - if( stream == NULL ) + psa_its_fill_filename(uid, filename); + stream = fopen(PSA_ITS_STORAGE_TEMP, "wb"); + if (stream == NULL) goto exit; status = PSA_ERROR_INSUFFICIENT_STORAGE; - n = fwrite( &header, 1, sizeof( header ), stream ); - if( n != sizeof( header ) ) + n = fwrite(&header, 1, sizeof(header), stream); + if (n != sizeof(header)) goto exit; - if( data_length != 0 ) - { - n = fwrite( p_data, 1, data_length, stream ); - if( n != data_length ) + if (data_length != 0) { + n = fwrite(p_data, 1, data_length, stream); + if (n != data_length) goto exit; } status = PSA_SUCCESS; exit: - if( stream != NULL ) - { - int ret = fclose( stream ); - if( status == PSA_SUCCESS && ret != 0 ) + if (stream != NULL) { + int ret = fclose(stream); + if (status == PSA_SUCCESS && ret != 0) status = PSA_ERROR_INSUFFICIENT_STORAGE; } - if( status == PSA_SUCCESS ) - { - if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 ) + if (status == PSA_SUCCESS) { + if (rename_replace_existing(PSA_ITS_STORAGE_TEMP, filename) != 0) status = PSA_ERROR_STORAGE_FAILURE; } /* The temporary file may still exist, but only in failure cases where @@ -238,22 +228,21 @@ exit: * failure. If the function succeeded, and in some error cases, the * temporary file doesn't exist and so remove() is expected to fail. * Thus we just ignore the return status of remove(). */ - (void) remove( PSA_ITS_STORAGE_TEMP ); - return( status ); + (void) remove(PSA_ITS_STORAGE_TEMP); + return (status); } -psa_status_t psa_its_remove( psa_storage_uid_t uid ) -{ +psa_status_t psa_its_remove(psa_storage_uid_t uid) { char filename[PSA_ITS_STORAGE_FILENAME_LENGTH]; FILE *stream; - psa_its_fill_filename( uid, filename ); - stream = fopen( filename, "rb" ); - if( stream == NULL ) - return( PSA_ERROR_DOES_NOT_EXIST ); - fclose( stream ); - if( remove( filename ) != 0 ) - return( PSA_ERROR_STORAGE_FAILURE ); - return( PSA_SUCCESS ); + psa_its_fill_filename(uid, filename); + stream = fopen(filename, "rb"); + if (stream == NULL) + return (PSA_ERROR_DOES_NOT_EXIST); + fclose(stream); + if (remove(filename) != 0) + return (PSA_ERROR_STORAGE_FAILURE); + return (PSA_SUCCESS); } #endif /* MBEDTLS_PSA_ITS_FILE_C */ diff --git a/common/mbedtls/psa_util.h b/common/mbedtls/psa_util.h index f18857cf5..92348fa51 100644 --- a/common/mbedtls/psa_util.h +++ b/common/mbedtls/psa_util.h @@ -46,10 +46,8 @@ /* Translations for symmetric crypto. */ static inline psa_key_type_t mbedtls_psa_translate_cipher_type( - mbedtls_cipher_type_t cipher ) -{ - switch( cipher ) - { + mbedtls_cipher_type_t cipher) { + switch (cipher) { case MBEDTLS_CIPHER_AES_128_CCM: case MBEDTLS_CIPHER_AES_192_CCM: case MBEDTLS_CIPHER_AES_256_CCM: @@ -59,7 +57,7 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type( case MBEDTLS_CIPHER_AES_128_CBC: case MBEDTLS_CIPHER_AES_192_CBC: case MBEDTLS_CIPHER_AES_256_CBC: - return( PSA_KEY_TYPE_AES ); + return (PSA_KEY_TYPE_AES); /* ARIA not yet supported in PSA. */ /* case MBEDTLS_CIPHER_ARIA_128_CCM: @@ -74,86 +72,80 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type( return( PSA_KEY_TYPE_ARIA ); */ default: - return( 0 ); + return (0); } } static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( - mbedtls_cipher_mode_t mode, size_t taglen ) -{ - switch( mode ) - { + mbedtls_cipher_mode_t mode, size_t taglen) { + switch (mode) { case MBEDTLS_MODE_ECB: - return( PSA_ALG_ECB_NO_PADDING ); + return (PSA_ALG_ECB_NO_PADDING); case MBEDTLS_MODE_GCM: - return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) ); + return (PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen)); case MBEDTLS_MODE_CCM: - return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) ); + return (PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen)); case MBEDTLS_MODE_CBC: - if( taglen == 0 ) - return( PSA_ALG_CBC_NO_PADDING ); - /* Intentional fallthrough for taglen != 0 */ - /* fallthrough */ + if (taglen == 0) + return (PSA_ALG_CBC_NO_PADDING); + /* Intentional fallthrough for taglen != 0 */ + /* fallthrough */ default: - return( 0 ); + return (0); } } static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( - mbedtls_operation_t op ) -{ - switch( op ) - { + mbedtls_operation_t op) { + switch (op) { case MBEDTLS_ENCRYPT: - return( PSA_KEY_USAGE_ENCRYPT ); + return (PSA_KEY_USAGE_ENCRYPT); case MBEDTLS_DECRYPT: - return( PSA_KEY_USAGE_DECRYPT ); + return (PSA_KEY_USAGE_DECRYPT); default: - return( 0 ); + return (0); } } /* Translations for hashing. */ -static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg ) -{ - switch( md_alg ) - { +static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { + switch (md_alg) { #if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( PSA_ALG_MD2 ); + case MBEDTLS_MD_MD2: + return (PSA_ALG_MD2); #endif #if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( PSA_ALG_MD4 ); + case MBEDTLS_MD_MD4: + return (PSA_ALG_MD4); #endif #if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( PSA_ALG_MD5 ); + case MBEDTLS_MD_MD5: + return (PSA_ALG_MD5); #endif #if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( PSA_ALG_SHA_1 ); + case MBEDTLS_MD_SHA1: + return (PSA_ALG_SHA_1); #endif #if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - return( PSA_ALG_SHA_224 ); - case MBEDTLS_MD_SHA256: - return( PSA_ALG_SHA_256 ); + case MBEDTLS_MD_SHA224: + return (PSA_ALG_SHA_224); + case MBEDTLS_MD_SHA256: + return (PSA_ALG_SHA_256); #endif #if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA384: - return( PSA_ALG_SHA_384 ); - case MBEDTLS_MD_SHA512: - return( PSA_ALG_SHA_512 ); + case MBEDTLS_MD_SHA384: + return (PSA_ALG_SHA_384); + case MBEDTLS_MD_SHA512: + return (PSA_ALG_SHA_512); #endif #if defined(MBEDTLS_RIPEMD160_C) - case MBEDTLS_MD_RIPEMD160: - return( PSA_ALG_RIPEMD160 ); + case MBEDTLS_MD_RIPEMD160: + return (PSA_ALG_RIPEMD160); #endif - case MBEDTLS_MD_NONE: /* Intentional fallthrough */ - default: - return( 0 ); + case MBEDTLS_MD_NONE: /* Intentional fallthrough */ + default: + return (0); } } @@ -161,95 +153,90 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg static inline int mbedtls_psa_get_ecc_oid_from_id( psa_ecc_family_t curve, size_t bits, - char const **oid, size_t *oid_len ) -{ - switch( curve ) - { + char const **oid, size_t *oid_len) { + switch (curve) { case PSA_ECC_FAMILY_SECP_R1: - switch( bits ) - { + switch (bits) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case 192: *oid = MBEDTLS_OID_EC_GRP_SECP192R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case 224: *oid = MBEDTLS_OID_EC_GRP_SECP224R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case 256: *oid = MBEDTLS_OID_EC_GRP_SECP256R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case 384: *oid = MBEDTLS_OID_EC_GRP_SECP384R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case 521: *oid = MBEDTLS_OID_EC_GRP_SECP521R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ } break; case PSA_ECC_FAMILY_SECP_K1: - switch( bits ) - { + switch (bits) { #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case 192: *oid = MBEDTLS_OID_EC_GRP_SECP192K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case 224: *oid = MBEDTLS_OID_EC_GRP_SECP224K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case 256: *oid = MBEDTLS_OID_EC_GRP_SECP256K1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1); + return (0); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ } break; case PSA_ECC_FAMILY_BRAINPOOL_P_R1: - switch( bits ) - { + switch (bits) { #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case 256: *oid = MBEDTLS_OID_EC_GRP_BP256R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1); + return (0); #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case 384: *oid = MBEDTLS_OID_EC_GRP_BP384R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1); + return (0); #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case 512: *oid = MBEDTLS_OID_EC_GRP_BP512R1; - *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 ); - return( 0 ); + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1); + return (0); #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ } break; } (void) oid; (void) oid_len; - return( -1 ); + return (-1); } #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1 @@ -334,29 +321,27 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( /* Translations for PK layer */ -static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) -{ - switch( status ) - { +static inline int mbedtls_psa_err_translate_pk(psa_status_t status) { + switch (status) { case PSA_SUCCESS: - return( 0 ); + return (0); case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + return (MBEDTLS_ERR_PK_ALLOC_FAILED); case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + return (MBEDTLS_ERR_ECP_RANDOM_FAILED); case PSA_ERROR_BAD_STATE: - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_PK_BAD_INPUT_DATA); /* All other failures */ case PSA_ERROR_COMMUNICATION_FAILURE: case PSA_ERROR_HARDWARE_FAILURE: case PSA_ERROR_CORRUPTION_DETECTED: - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + return (MBEDTLS_ERR_PK_HW_ACCEL_FAILED); default: /* We return the same as for the 'other failures', * but list them separately nonetheless to indicate * which failure conditions we have considered. */ - return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); + return (MBEDTLS_ERR_PK_HW_ACCEL_FAILED); } } @@ -367,14 +352,13 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status ) * into a PSA ECC group identifier. */ #if defined(MBEDTLS_ECP_C) static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( - uint16_t tls_ecc_grp_reg_id, size_t *bits ) -{ + uint16_t tls_ecc_grp_reg_id, size_t *bits) { const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id ); - if( curve_info == NULL ) - return( 0 ); - return( PSA_KEY_TYPE_ECC_KEY_PAIR( - mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) ); + mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id); + if (curve_info == NULL) + return (0); + return (PSA_KEY_TYPE_ECC_KEY_PAIR( + mbedtls_ecc_group_to_psa(curve_info->grp_id, bits))); } #endif /* MBEDTLS_ECP_C */ @@ -388,14 +372,13 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( * as a subbuffer, and the function merely selects this subbuffer instead * of making a copy. */ -static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src, - size_t srclen, - unsigned char **dst, - size_t *dstlen ) -{ +static inline int mbedtls_psa_tls_psa_ec_to_ecpoint(unsigned char *src, + size_t srclen, + unsigned char **dst, + size_t *dstlen) { *dst = src; *dstlen = srclen; - return( 0 ); + return (0); } /* This function takes a buffer holding an ECPoint structure @@ -403,18 +386,17 @@ static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src, * exchanges) and converts it into a format that the PSA key * agreement API understands. */ -static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src, - size_t srclen, - unsigned char *dst, - size_t dstlen, - size_t *olen ) -{ - if( srclen > dstlen ) - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); +static inline int mbedtls_psa_tls_ecpoint_to_psa_ec(unsigned char const *src, + size_t srclen, + unsigned char *dst, + size_t dstlen, + size_t *olen) { + if (srclen > dstlen) + return (MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); - memcpy( dst, src, srclen ); + memcpy(dst, src, srclen); *olen = srclen; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -431,7 +413,7 @@ static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src, * This type name is not part of the Mbed TLS stable API. It may be renamed * or moved without warning. */ -typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size ); +typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size); #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) @@ -470,9 +452,9 @@ typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_s * `MBEDTLS_ERR_CTR_DRBG_xxx` or * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error. */ -int mbedtls_psa_get_random( void *p_rng, - unsigned char *output, - size_t output_size ); +int mbedtls_psa_get_random(void *p_rng, + unsigned char *output, + size_t output_size); /** The random generator state for the PSA subsystem. * diff --git a/common/mbedtls/ripemd160.c b/common/mbedtls/ripemd160.c index ae4dee412..0a84d980e 100644 --- a/common/mbedtls/ripemd160.c +++ b/common/mbedtls/ripemd160.c @@ -67,30 +67,26 @@ } #endif -void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) ); +void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_ripemd160_context)); } -void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ripemd160_context)); } -void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, - const mbedtls_ripemd160_context *src ) -{ +void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst, + const mbedtls_ripemd160_context *src) { *dst = *src; } /* * RIPEMD-160 context setup */ -int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) -{ +int mbedtls_ripemd160_starts_ret(mbedtls_ripemd160_context *ctx) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -100,13 +96,12 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) -{ - mbedtls_ripemd160_starts_ret( ctx ); +void mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx) { + mbedtls_ripemd160_starts_ret(ctx); } #endif @@ -114,30 +109,28 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) /* * Process one block */ -int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) -{ - struct - { +int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, + const unsigned char data[64]) { + struct { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; } local; - GET_UINT32_LE( local.X[ 0], data, 0 ); - GET_UINT32_LE( local.X[ 1], data, 4 ); - GET_UINT32_LE( local.X[ 2], data, 8 ); - GET_UINT32_LE( local.X[ 3], data, 12 ); - GET_UINT32_LE( local.X[ 4], data, 16 ); - GET_UINT32_LE( local.X[ 5], data, 20 ); - GET_UINT32_LE( local.X[ 6], data, 24 ); - GET_UINT32_LE( local.X[ 7], data, 28 ); - GET_UINT32_LE( local.X[ 8], data, 32 ); - GET_UINT32_LE( local.X[ 9], data, 36 ); - GET_UINT32_LE( local.X[10], data, 40 ); - GET_UINT32_LE( local.X[11], data, 44 ); - GET_UINT32_LE( local.X[12], data, 48 ); - GET_UINT32_LE( local.X[13], data, 52 ); - GET_UINT32_LE( local.X[14], data, 56 ); - GET_UINT32_LE( local.X[15], data, 60 ); + GET_UINT32_LE(local.X[ 0], data, 0); + GET_UINT32_LE(local.X[ 1], data, 4); + GET_UINT32_LE(local.X[ 2], data, 8); + GET_UINT32_LE(local.X[ 3], data, 12); + GET_UINT32_LE(local.X[ 4], data, 16); + GET_UINT32_LE(local.X[ 5], data, 20); + GET_UINT32_LE(local.X[ 6], data, 24); + GET_UINT32_LE(local.X[ 7], data, 28); + GET_UINT32_LE(local.X[ 8], data, 32); + GET_UINT32_LE(local.X[ 9], data, 36); + GET_UINT32_LE(local.X[10], data, 40); + GET_UINT32_LE(local.X[11], data, 44); + GET_UINT32_LE(local.X[12], data, 48); + GET_UINT32_LE(local.X[13], data, 52); + GET_UINT32_LE(local.X[14], data, 56); + GET_UINT32_LE(local.X[15], data, 60); local.A = local.Ap = ctx->state[0]; local.B = local.Bp = ctx->state[1]; @@ -173,22 +166,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x00000000 #define Fp F5 #define Kp 0x50A28BE6 - P2( local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8 ); - P2( local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9 ); - P2( local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11 ); - P2( local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13 ); - P2( local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15 ); - P2( local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15 ); - P2( local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5 ); - P2( local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7 ); - P2( local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7 ); - P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8 ); - P2( local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11 ); - P2( local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14 ); - P2( local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14 ); - P2( local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12 ); - P2( local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6 ); + P2(local.A, local.B, local.C, local.D, local.E, 0, 11, 5, 8); + P2(local.E, local.A, local.B, local.C, local.D, 1, 14, 14, 9); + P2(local.D, local.E, local.A, local.B, local.C, 2, 15, 7, 9); + P2(local.C, local.D, local.E, local.A, local.B, 3, 12, 0, 11); + P2(local.B, local.C, local.D, local.E, local.A, 4, 5, 9, 13); + P2(local.A, local.B, local.C, local.D, local.E, 5, 8, 2, 15); + P2(local.E, local.A, local.B, local.C, local.D, 6, 7, 11, 15); + P2(local.D, local.E, local.A, local.B, local.C, 7, 9, 4, 5); + P2(local.C, local.D, local.E, local.A, local.B, 8, 11, 13, 7); + P2(local.B, local.C, local.D, local.E, local.A, 9, 13, 6, 7); + P2(local.A, local.B, local.C, local.D, local.E, 10, 14, 15, 8); + P2(local.E, local.A, local.B, local.C, local.D, 11, 15, 8, 11); + P2(local.D, local.E, local.A, local.B, local.C, 12, 6, 1, 14); + P2(local.C, local.D, local.E, local.A, local.B, 13, 7, 10, 14); + P2(local.B, local.C, local.D, local.E, local.A, 14, 9, 3, 12); + P2(local.A, local.B, local.C, local.D, local.E, 15, 8, 12, 6); #undef F #undef K #undef Fp @@ -198,22 +191,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x5A827999 #define Fp F4 #define Kp 0x5C4DD124 - P2( local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9 ); - P2( local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13 ); - P2( local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15 ); - P2( local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7 ); - P2( local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12 ); - P2( local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8 ); - P2( local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11 ); - P2( local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7 ); - P2( local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7 ); - P2( local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12 ); - P2( local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7 ); - P2( local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6 ); - P2( local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15 ); - P2( local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13 ); - P2( local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11 ); + P2(local.E, local.A, local.B, local.C, local.D, 7, 7, 6, 9); + P2(local.D, local.E, local.A, local.B, local.C, 4, 6, 11, 13); + P2(local.C, local.D, local.E, local.A, local.B, 13, 8, 3, 15); + P2(local.B, local.C, local.D, local.E, local.A, 1, 13, 7, 7); + P2(local.A, local.B, local.C, local.D, local.E, 10, 11, 0, 12); + P2(local.E, local.A, local.B, local.C, local.D, 6, 9, 13, 8); + P2(local.D, local.E, local.A, local.B, local.C, 15, 7, 5, 9); + P2(local.C, local.D, local.E, local.A, local.B, 3, 15, 10, 11); + P2(local.B, local.C, local.D, local.E, local.A, 12, 7, 14, 7); + P2(local.A, local.B, local.C, local.D, local.E, 0, 12, 15, 7); + P2(local.E, local.A, local.B, local.C, local.D, 9, 15, 8, 12); + P2(local.D, local.E, local.A, local.B, local.C, 5, 9, 12, 7); + P2(local.C, local.D, local.E, local.A, local.B, 2, 11, 4, 6); + P2(local.B, local.C, local.D, local.E, local.A, 14, 7, 9, 15); + P2(local.A, local.B, local.C, local.D, local.E, 11, 13, 1, 13); + P2(local.E, local.A, local.B, local.C, local.D, 8, 12, 2, 11); #undef F #undef K #undef Fp @@ -223,22 +216,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x6ED9EBA1 #define Fp F3 #define Kp 0x6D703EF3 - P2( local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7 ); - P2( local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15 ); - P2( local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11 ); - P2( local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8 ); - P2( local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6 ); - P2( local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6 ); - P2( local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14 ); - P2( local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12 ); - P2( local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13 ); - P2( local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5 ); - P2( local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14 ); - P2( local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13 ); - P2( local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13 ); - P2( local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7 ); - P2( local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5 ); + P2(local.D, local.E, local.A, local.B, local.C, 3, 11, 15, 9); + P2(local.C, local.D, local.E, local.A, local.B, 10, 13, 5, 7); + P2(local.B, local.C, local.D, local.E, local.A, 14, 6, 1, 15); + P2(local.A, local.B, local.C, local.D, local.E, 4, 7, 3, 11); + P2(local.E, local.A, local.B, local.C, local.D, 9, 14, 7, 8); + P2(local.D, local.E, local.A, local.B, local.C, 15, 9, 14, 6); + P2(local.C, local.D, local.E, local.A, local.B, 8, 13, 6, 6); + P2(local.B, local.C, local.D, local.E, local.A, 1, 15, 9, 14); + P2(local.A, local.B, local.C, local.D, local.E, 2, 14, 11, 12); + P2(local.E, local.A, local.B, local.C, local.D, 7, 8, 8, 13); + P2(local.D, local.E, local.A, local.B, local.C, 0, 13, 12, 5); + P2(local.C, local.D, local.E, local.A, local.B, 6, 6, 2, 14); + P2(local.B, local.C, local.D, local.E, local.A, 13, 5, 10, 13); + P2(local.A, local.B, local.C, local.D, local.E, 11, 12, 0, 13); + P2(local.E, local.A, local.B, local.C, local.D, 5, 7, 4, 7); + P2(local.D, local.E, local.A, local.B, local.C, 12, 5, 13, 5); #undef F #undef K #undef Fp @@ -248,22 +241,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0x8F1BBCDC #define Fp F2 #define Kp 0x7A6D76E9 - P2( local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15 ); - P2( local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5 ); - P2( local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8 ); - P2( local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11 ); - P2( local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14 ); - P2( local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14 ); - P2( local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6 ); - P2( local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14 ); - P2( local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6 ); - P2( local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12 ); - P2( local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9 ); - P2( local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12 ); - P2( local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5 ); - P2( local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15 ); - P2( local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8 ); + P2(local.C, local.D, local.E, local.A, local.B, 1, 11, 8, 15); + P2(local.B, local.C, local.D, local.E, local.A, 9, 12, 6, 5); + P2(local.A, local.B, local.C, local.D, local.E, 11, 14, 4, 8); + P2(local.E, local.A, local.B, local.C, local.D, 10, 15, 1, 11); + P2(local.D, local.E, local.A, local.B, local.C, 0, 14, 3, 14); + P2(local.C, local.D, local.E, local.A, local.B, 8, 15, 11, 14); + P2(local.B, local.C, local.D, local.E, local.A, 12, 9, 15, 6); + P2(local.A, local.B, local.C, local.D, local.E, 4, 8, 0, 14); + P2(local.E, local.A, local.B, local.C, local.D, 13, 9, 5, 6); + P2(local.D, local.E, local.A, local.B, local.C, 3, 14, 12, 9); + P2(local.C, local.D, local.E, local.A, local.B, 7, 5, 2, 12); + P2(local.B, local.C, local.D, local.E, local.A, 15, 6, 13, 9); + P2(local.A, local.B, local.C, local.D, local.E, 14, 8, 9, 12); + P2(local.E, local.A, local.B, local.C, local.D, 5, 6, 7, 5); + P2(local.D, local.E, local.A, local.B, local.C, 6, 5, 10, 15); + P2(local.C, local.D, local.E, local.A, local.B, 2, 12, 14, 8); #undef F #undef K #undef Fp @@ -273,22 +266,22 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, #define K 0xA953FD4E #define Fp F1 #define Kp 0x00000000 - P2( local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8 ); - P2( local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5 ); - P2( local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12 ); - P2( local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9 ); - P2( local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12 ); - P2( local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5 ); - P2( local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14 ); - P2( local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6 ); - P2( local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8 ); - P2( local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13 ); - P2( local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6 ); - P2( local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5 ); - P2( local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15 ); - P2( local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13 ); - P2( local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11 ); - P2( local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11 ); + P2(local.B, local.C, local.D, local.E, local.A, 4, 9, 12, 8); + P2(local.A, local.B, local.C, local.D, local.E, 0, 15, 15, 5); + P2(local.E, local.A, local.B, local.C, local.D, 5, 5, 10, 12); + P2(local.D, local.E, local.A, local.B, local.C, 9, 11, 4, 9); + P2(local.C, local.D, local.E, local.A, local.B, 7, 6, 1, 12); + P2(local.B, local.C, local.D, local.E, local.A, 12, 8, 5, 5); + P2(local.A, local.B, local.C, local.D, local.E, 2, 13, 8, 14); + P2(local.E, local.A, local.B, local.C, local.D, 10, 12, 7, 6); + P2(local.D, local.E, local.A, local.B, local.C, 14, 5, 6, 8); + P2(local.C, local.D, local.E, local.A, local.B, 1, 12, 2, 13); + P2(local.B, local.C, local.D, local.E, local.A, 3, 13, 13, 6); + P2(local.A, local.B, local.C, local.D, local.E, 8, 14, 14, 5); + P2(local.E, local.A, local.B, local.C, local.D, 11, 11, 0, 15); + P2(local.D, local.E, local.A, local.B, local.C, 6, 8, 3, 13); + P2(local.C, local.D, local.E, local.A, local.B, 15, 5, 9, 11); + P2(local.B, local.C, local.D, local.E, local.A, 13, 6, 11, 11); #undef F #undef K #undef Fp @@ -302,16 +295,15 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, ctx->state[0] = local.C; /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_ripemd160_process( ctx, data ); +void mbedtls_ripemd160_process(mbedtls_ripemd160_context *ctx, + const unsigned char data[64]) { + mbedtls_internal_ripemd160_process(ctx, data); } #endif #endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */ @@ -319,16 +311,15 @@ void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, /* * RIPEMD-160 process buffer */ -int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_ripemd160_update_ret(mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) + return (0); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -336,50 +327,45 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) ctx->total[1]++; - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *)(ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_ripemd160_process(ctx, ctx->buffer)) != 0) + return (ret); input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_ripemd160_process(ctx, input)) != 0) + return (ret); input += 64; ilen -= 64; } - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) { + memcpy((void *)(ctx->buffer + left), input, ilen); } - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_ripemd160_update_ret( ctx, input, ilen ); +void mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_ripemd160_update_ret(ctx, input, ilen); } #endif -static const unsigned char ripemd160_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +static const unsigned char ripemd160_padding[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -388,46 +374,44 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ) -{ +int mbedtls_ripemd160_finish_ret(mbedtls_ripemd160_context *ctx, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - PUT_UINT32_LE( low, msglen, 0 ); - PUT_UINT32_LE( high, msglen, 4 ); + PUT_UINT32_LE(low, msglen, 0); + PUT_UINT32_LE(high, msglen, 4); last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + padn = (last < 56) ? (56 - last) : (120 - last); - ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ripemd160_update_ret(ctx, ripemd160_padding, padn); + if (ret != 0) + return (ret); - ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ripemd160_update_ret(ctx, msglen, 8); + if (ret != 0) + return (ret); - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); - PUT_UINT32_LE( ctx->state[4], output, 16 ); + PUT_UINT32_LE(ctx->state[0], output, 0); + PUT_UINT32_LE(ctx->state[1], output, 4); + PUT_UINT32_LE(ctx->state[2], output, 8); + PUT_UINT32_LE(ctx->state[3], output, 12); + PUT_UINT32_LE(ctx->state[4], output, 16); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ) -{ - mbedtls_ripemd160_finish_ret( ctx, output ); +void mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx, + unsigned char output[20]) { + mbedtls_ripemd160_finish_ret(ctx, output); } #endif @@ -436,36 +420,34 @@ void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, /* * output = RIPEMD-160( input buffer ) */ -int mbedtls_ripemd160_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ +int mbedtls_ripemd160_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ripemd160_context ctx; - mbedtls_ripemd160_init( &ctx ); + mbedtls_ripemd160_init(&ctx); - if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_ripemd160_starts_ret(&ctx)) != 0) goto exit; - if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_ripemd160_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_ripemd160_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_ripemd160_free( &ctx ); + mbedtls_ripemd160_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ripemd160( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ - mbedtls_ripemd160_ret( input, ilen, output ); +void mbedtls_ripemd160(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { + mbedtls_ripemd160_ret(input, ilen, output); } #endif @@ -475,8 +457,7 @@ void mbedtls_ripemd160( const unsigned char *input, * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC */ #define TESTS 8 -static const unsigned char ripemd160_test_str[TESTS][81] = -{ +static const unsigned char ripemd160_test_str[TESTS][81] = { { "" }, { "a" }, { "abc" }, @@ -487,71 +468,82 @@ static const unsigned char ripemd160_test_str[TESTS][81] = { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }, }; -static const size_t ripemd160_test_strlen[TESTS] = -{ +static const size_t ripemd160_test_strlen[TESTS] = { 0, 1, 3, 14, 26, 56, 62, 80 }; -static const unsigned char ripemd160_test_md[TESTS][20] = -{ - { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28, - 0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 }, - { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae, - 0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe }, - { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04, - 0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc }, - { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8, - 0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 }, - { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb, - 0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc }, - { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05, - 0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b }, - { 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed, - 0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 }, - { 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb, - 0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb }, +static const unsigned char ripemd160_test_md[TESTS][20] = { + { + 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28, + 0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 + }, + { + 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae, + 0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe + }, + { + 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04, + 0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc + }, + { + 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8, + 0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 + }, + { + 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb, + 0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc + }, + { + 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05, + 0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b + }, + { + 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed, + 0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 + }, + { + 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb, + 0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb + }, }; /* * Checkup routine */ -int mbedtls_ripemd160_self_test( int verbose ) -{ +int mbedtls_ripemd160_self_test(int verbose) { int i, ret = 0; unsigned char output[20]; - memset( output, 0, sizeof output ); + memset(output, 0, sizeof output); - for( i = 0; i < TESTS; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); + for (i = 0; i < TESTS; i++) { + if (verbose != 0) + mbedtls_printf(" RIPEMD-160 test #%d: ", i + 1); - ret = mbedtls_ripemd160_ret( ripemd160_test_str[i], - ripemd160_test_strlen[i], output ); - if( ret != 0 ) + ret = mbedtls_ripemd160_ret(ripemd160_test_str[i], + ripemd160_test_strlen[i], output); + if (ret != 0) goto fail; - if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 ) - { + if (memcmp(output, ripemd160_test_md[i], 20) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/ripemd160.h b/common/mbedtls/ripemd160.h index 381c725e1..a394f0551 100644 --- a/common/mbedtls/ripemd160.h +++ b/common/mbedtls/ripemd160.h @@ -46,8 +46,7 @@ extern "C" { /** * \brief RIPEMD-160 context structure */ -typedef struct mbedtls_ripemd160_context -{ +typedef struct mbedtls_ripemd160_context { uint32_t total[2]; /*!< number of bytes processed */ uint32_t state[5]; /*!< intermediate digest state */ unsigned char buffer[64]; /*!< data block being processed */ @@ -63,14 +62,14 @@ mbedtls_ripemd160_context; * * \param ctx RIPEMD-160 context to be initialized */ -void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx ); +void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx); /** * \brief Clear RIPEMD-160 context * * \param ctx RIPEMD-160 context to be cleared */ -void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); +void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx); /** * \brief Clone (the state of) an RIPEMD-160 context @@ -78,8 +77,8 @@ void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx ); * \param dst The destination context * \param src The context to be cloned */ -void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, - const mbedtls_ripemd160_context *src ); +void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst, + const mbedtls_ripemd160_context *src); /** * \brief RIPEMD-160 context setup @@ -88,7 +87,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * * \return 0 if successful */ -int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts_ret(mbedtls_ripemd160_context *ctx); /** * \brief RIPEMD-160 process buffer @@ -99,9 +98,9 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); * * \return 0 if successful */ -int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_ripemd160_update_ret(mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief RIPEMD-160 final digest @@ -111,8 +110,8 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ); +int mbedtls_ripemd160_finish_ret(mbedtls_ripemd160_context *ctx, + unsigned char output[20]); /** * \brief RIPEMD-160 process data block (internal use only) @@ -122,8 +121,8 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -139,7 +138,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, * \param ctx context to be initialized */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts( - mbedtls_ripemd160_context *ctx ); + mbedtls_ripemd160_context *ctx); /** * \brief RIPEMD-160 process buffer @@ -151,9 +150,9 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts( * \param ilen length of the input data */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_update( - mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ); + mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief RIPEMD-160 final digest @@ -164,8 +163,8 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_update( * \param output RIPEMD-160 checksum result */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish( - mbedtls_ripemd160_context *ctx, - unsigned char output[20] ); + mbedtls_ripemd160_context *ctx, + unsigned char output[20]); /** * \brief RIPEMD-160 process data block (internal use only) @@ -176,8 +175,8 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish( * \param data buffer holding one block of data */ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( - mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); + mbedtls_ripemd160_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -191,9 +190,9 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( * * \return 0 if successful */ -int mbedtls_ripemd160_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +int mbedtls_ripemd160_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -210,9 +209,9 @@ int mbedtls_ripemd160_ret( const unsigned char *input, * \param ilen length of the input data * \param output RIPEMD-160 checksum result */ -MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +MBEDTLS_DEPRECATED void mbedtls_ripemd160(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -224,7 +223,7 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_ripemd160_self_test( int verbose ); +int mbedtls_ripemd160_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/rsa.c b/common/mbedtls/rsa.c index 68a36f253..eb7ced3b0 100644 --- a/common/mbedtls/rsa.c +++ b/common/mbedtls/rsa.c @@ -74,77 +74,72 @@ #if defined(MBEDTLS_PKCS1_V15) /* constant-time buffer comparison */ -static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) -{ +static inline int mbedtls_safer_memcmp(const void *a, const void *b, size_t n) { size_t i; const unsigned char *A = (const unsigned char *) a; const unsigned char *B = (const unsigned char *) b; unsigned char diff = 0; - for( i = 0; i < n; i++ ) + for (i = 0; i < n; i++) diff |= A[i] ^ B[i]; - return( diff ); + return (diff); } #endif /* MBEDTLS_PKCS1_V15 */ -int mbedtls_rsa_import( mbedtls_rsa_context *ctx, - const mbedtls_mpi *N, - const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *E ) -{ +int mbedtls_rsa_import(mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || - ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || - ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) || - ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || - ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) || + (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) || + (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) || + (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) || + (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); } - if( N != NULL ) - ctx->len = mbedtls_mpi_size( &ctx->N ); + if (N != NULL) + ctx->len = mbedtls_mpi_size(&ctx->N); - return( 0 ); + return (0); } -int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char const *N, size_t N_len, - unsigned char const *P, size_t P_len, - unsigned char const *Q, size_t Q_len, - unsigned char const *D, size_t D_len, - unsigned char const *E, size_t E_len ) -{ +int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx, + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len) { int ret = 0; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - if( N != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) ); - ctx->len = mbedtls_mpi_size( &ctx->N ); + if (N != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len)); + ctx->len = mbedtls_mpi_size(&ctx->N); } - if( P != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) ); + if (P != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len)); - if( Q != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) ); + if (Q != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len)); - if( D != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) ); + if (D != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len)); - if( E != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) ); + if (E != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len)); cleanup: - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if (ret != 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); - return( 0 ); + return (0); } /* @@ -152,19 +147,17 @@ cleanup: * that the RSA primitives will be able to execute without error. * It does *not* make guarantees for consistency of the parameters. */ -static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, - int blinding_needed ) -{ +static int rsa_check_context(mbedtls_rsa_context const *ctx, int is_priv, + int blinding_needed) { #if !defined(MBEDTLS_RSA_NO_CRT) /* blinding_needed is only used for NO_CRT to decide whether * P,Q need to be present or not. */ ((void) blinding_needed); #endif - if( ctx->len != mbedtls_mpi_size( &ctx->N ) || - ctx->len > MBEDTLS_MPI_MAX_SIZE ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ctx->len != mbedtls_mpi_size(&ctx->N) || + ctx->len > MBEDTLS_MPI_MAX_SIZE) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } /* @@ -173,23 +166,21 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, /* Modular exponentiation wrt. N is always used for * RSA public key operations. */ - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 || + mbedtls_mpi_get_bit(&ctx->N, 0) == 0) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } #if !defined(MBEDTLS_RSA_NO_CRT) /* Modular exponentiation for P and Q is only * used for private key operations and if CRT * is used. */ - if( is_priv && - ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 || - mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && + (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || + mbedtls_mpi_get_bit(&ctx->P, 0) == 0 || + mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 || + mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } #endif /* !MBEDTLS_RSA_NO_CRT */ @@ -198,20 +189,19 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, */ /* Always need E for public key operations */ - if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); #if defined(MBEDTLS_RSA_NO_CRT) /* For private key operations, use D or DP & DQ * as (unblinded) exponents. */ - if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); #else - if( is_priv && - ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 || - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && + (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 || + mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -219,29 +209,26 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, * so check that P, Q >= 1 if that hasn't yet been * done as part of 1. */ #if defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && blinding_needed && - ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && blinding_needed && + (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || + mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } #endif /* It wouldn't lead to an error if it wasn't satisfied, * but check for QP >= 1 nonetheless. */ #if !defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (is_priv && + mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } #endif - return( 0 ); + return (0); } -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) -{ +int mbedtls_rsa_complete(mbedtls_rsa_context *ctx) { int ret = 0; int have_N, have_P, have_Q, have_D, have_E; #if !defined(MBEDTLS_RSA_NO_CRT) @@ -249,18 +236,18 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) #endif int n_missing, pq_missing, d_missing, is_pub, is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); - have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); - have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); - have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); - have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); - have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); + have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0); + have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0); + have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0); + have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0); + have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0); #if !defined(MBEDTLS_RSA_NO_CRT) - have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 ); - have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 ); - have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 ); + have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0); + have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0); + have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0); #endif /* @@ -281,44 +268,38 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) /* These three alternatives are mutually exclusive */ is_priv = n_missing || pq_missing || d_missing; - if( !is_priv && !is_pub ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (!is_priv && !is_pub) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* * Step 1: Deduce N if P, Q are provided. */ - if( !have_N && have_P && have_Q ) - { - if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, - &ctx->Q ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if (!have_N && have_P && have_Q) { + if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, + &ctx->Q)) != 0) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); } - ctx->len = mbedtls_mpi_size( &ctx->N ); + ctx->len = mbedtls_mpi_size(&ctx->N); } /* * Step 2: Deduce and verify all remaining core parameters. */ - if( pq_missing ) - { - ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, - &ctx->P, &ctx->Q ); - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if (pq_missing) { + ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D, + &ctx->P, &ctx->Q); + if (ret != 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); - } - else if( d_missing ) - { - if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, - &ctx->Q, - &ctx->E, - &ctx->D ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } else if (d_missing) { + if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P, + &ctx->Q, + &ctx->E, + &ctx->D)) != 0) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); } } @@ -328,12 +309,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) */ #if !defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && ! ( have_DP && have_DQ && have_QP ) ) - { - ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ); - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if (is_priv && !(have_DP && have_DQ && have_QP)) { + ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP); + if (ret != 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -341,94 +321,89 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) * Step 3: Basic sanity checks */ - return( rsa_check_context( ctx, is_priv, 1 ) ); + return (rsa_check_context(ctx, is_priv, 1)); } -int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ) -{ +int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len) { int ret = 0; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; - if( !is_priv ) - { + if (!is_priv) { /* If we're trying to export private parameters for a public key, * something must be wrong. */ - if( P != NULL || Q != NULL || D != NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (P != NULL || Q != NULL || D != NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } - if( N != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) ); + if (N != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->N, N, N_len)); - if( P != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) ); + if (P != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, P, P_len)); - if( Q != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) ); + if (Q != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->Q, Q, Q_len)); - if( D != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) ); + if (D != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->D, D, D_len)); - if( E != NULL ) - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) ); + if (E != NULL) + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->E, E, E_len)); cleanup: - return( ret ); + return (ret); } -int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, - mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ) -{ +int mbedtls_rsa_export(const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; - if( !is_priv ) - { + if (!is_priv) { /* If we're trying to export private parameters for a public key, * something must be wrong. */ - if( P != NULL || Q != NULL || D != NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (P != NULL || Q != NULL || D != NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } /* Export all requested core parameters. */ - if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) || - ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) || - ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) || - ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) || - ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) ) - { - return( ret ); + if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) || + (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) || + (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) || + (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) || + (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) { + return (ret); } - return( 0 ); + return (0); } /* @@ -437,75 +412,70 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt * can be used in this case. */ -int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) -{ +int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int is_priv; - RSA_VALIDATE_RET( ctx != NULL ); + RSA_VALIDATE_RET(ctx != NULL); /* Check if key is private or public */ is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && + mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; - if( !is_priv ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (!is_priv) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); #if !defined(MBEDTLS_RSA_NO_CRT) /* Export all requested blinding parameters. */ - if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || - ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || - ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) || + (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) || + (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); } #else - if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - DP, DQ, QP ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, + DP, DQ, QP)) != 0) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret); } #endif - return( 0 ); + return (0); } /* * Initialize an RSA context */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ) -{ - RSA_VALIDATE( ctx != NULL ); - RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || - padding == MBEDTLS_RSA_PKCS_V21 ); +void mbedtls_rsa_init(mbedtls_rsa_context *ctx, + int padding, + int hash_id) { + RSA_VALIDATE(ctx != NULL); + RSA_VALIDATE(padding == MBEDTLS_RSA_PKCS_V15 || + padding == MBEDTLS_RSA_PKCS_V21); - memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); + memset(ctx, 0, sizeof(mbedtls_rsa_context)); - mbedtls_rsa_set_padding( ctx, padding, hash_id ); + mbedtls_rsa_set_padding(ctx, padding, hash_id); #if defined(MBEDTLS_THREADING_C) /* Set ctx->ver to nonzero to indicate that the mutex has been * initialized and will need to be freed. */ ctx->ver = 1; - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } /* * Set padding for an existing RSA context */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id ) -{ - RSA_VALIDATE( ctx != NULL ); - RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || - padding == MBEDTLS_RSA_PKCS_V21 ); +void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, + int hash_id) { + RSA_VALIDATE(ctx != NULL); + RSA_VALIDATE(padding == MBEDTLS_RSA_PKCS_V15 || + padding == MBEDTLS_RSA_PKCS_V21); ctx->padding = padding; ctx->hash_id = hash_id; @@ -515,9 +485,8 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, * Get length in bytes of RSA modulus */ -size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) -{ - return( ctx->len ); +size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) { + return (ctx->len); } @@ -529,31 +498,29 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) * This generation method follows the RSA key pair generation procedure of * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072. */ -int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ) -{ +int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi H, G, L; int prime_quality = 0; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( f_rng != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(f_rng != NULL); /* * If the modulus is 1024 bit long or shorter, then the security strength of * the RSA algorithm is less than or equal to 80 bits and therefore an error * rate of 2^-80 is sufficient. */ - if( nbits > 1024 ) + if (nbits > 1024) prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR; - mbedtls_mpi_init( &H ); - mbedtls_mpi_init( &G ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&H); + mbedtls_mpi_init(&G); + mbedtls_mpi_init(&L); - if( nbits < 128 || exponent < 3 || nbits % 2 != 0 ) - { + if (nbits < 128 || exponent < 3 || nbits % 2 != 0) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } @@ -564,54 +531,52 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * 2. GCD( E, (P-1)*(Q-1) ) == 1 * 3. E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 ) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->E, exponent)); - do - { - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, - prime_quality, f_rng, p_rng ) ); + do { + MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->P, nbits >> 1, + prime_quality, f_rng, p_rng)); - MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, - prime_quality, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->Q, nbits >> 1, + prime_quality, f_rng, p_rng)); /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) ); - if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) ) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&H, &ctx->P, &ctx->Q)); + if (mbedtls_mpi_bitlen(&H) <= ((nbits >= 200) ? ((nbits >> 1) - 99) : 0)) continue; /* not required by any standards, but some users rely on the fact that P > Q */ - if( H.s < 0 ) - mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + if (H.s < 0) + mbedtls_mpi_swap(&ctx->P, &ctx->Q); /* Temporarily replace P,Q by P-1, Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->P, &ctx->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->Q, &ctx->Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &ctx->P, &ctx->Q)); /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); - if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->E, &H)); + if (mbedtls_mpi_cmp_int(&G, 1) != 0) continue; /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->P, &ctx->Q)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&L, NULL, &H, &G)); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->D, &ctx->E, &L)); - if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a)) + if (mbedtls_mpi_bitlen(&ctx->D) <= ((nbits + 1) / 2)) // (FIPS 186-4 §B.3.1 criterion 3(a)) continue; break; - } - while( 1 ); + } while (1); /* Restore P,Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->P, &ctx->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->Q, &ctx->Q, 1)); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q)); - ctx->len = mbedtls_mpi_size( &ctx->N ); + ctx->len = mbedtls_mpi_size(&ctx->N); #if !defined(MBEDTLS_RSA_NO_CRT) /* @@ -619,28 +584,27 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ - MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP)); #endif /* MBEDTLS_RSA_NO_CRT */ /* Double-check */ - MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_check_privkey(ctx)); cleanup: - mbedtls_mpi_free( &H ); - mbedtls_mpi_free( &G ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&H); + mbedtls_mpi_free(&G); + mbedtls_mpi_free(&L); - if( ret != 0 ) - { - mbedtls_rsa_free( ctx ); - if( ( -ret & ~0x7f ) == 0 ) + if (ret != 0) { + mbedtls_rsa_free(ctx); + if ((-ret & ~0x7f) == 0) ret = MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret; - return( ret ); + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_GENPRIME */ @@ -648,130 +612,118 @@ cleanup: /* * Check a public RSA key */ -int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) -{ - RSA_VALIDATE_RET( ctx != NULL ); +int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx) { + RSA_VALIDATE_RET(ctx != NULL); - if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); - if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_mpi_bitlen(&ctx->N) < 128) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } - if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 || - mbedtls_mpi_bitlen( &ctx->E ) < 2 || - mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 || + mbedtls_mpi_bitlen(&ctx->E) < 2 || + mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } - return( 0 ); + return (0); } /* * Check for the consistency of all fields in an RSA private key context */ -int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) -{ - RSA_VALIDATE_RET( ctx != NULL ); +int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx) { + RSA_VALIDATE_RET(ctx != NULL); - if( mbedtls_rsa_check_pubkey( ctx ) != 0 || - rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_rsa_check_pubkey(ctx) != 0 || + rsa_check_context(ctx, 1 /* private */, 1 /* blinding */) != 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } - if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, NULL, NULL ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_rsa_validate_params(&ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, NULL, NULL) != 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } #if !defined(MBEDTLS_RSA_NO_CRT) - else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, - &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + else if (mbedtls_rsa_validate_crt(&ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP) != 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } #endif - return( 0 ); + return (0); } /* * Check if contexts holding a public and private key match */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, - const mbedtls_rsa_context *prv ) -{ - RSA_VALIDATE_RET( pub != NULL ); - RSA_VALIDATE_RET( prv != NULL ); +int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv) { + RSA_VALIDATE_RET(pub != NULL); + RSA_VALIDATE_RET(prv != NULL); - if( mbedtls_rsa_check_pubkey( pub ) != 0 || - mbedtls_rsa_check_privkey( prv ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_rsa_check_pubkey(pub) != 0 || + mbedtls_rsa_check_privkey(prv) != 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } - if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 || - mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if (mbedtls_mpi_cmp_mpi(&pub->N, &prv->N) != 0 || + mbedtls_mpi_cmp_mpi(&pub->E, &prv->E) != 0) { + return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED); } - return( 0 ); + return (0); } /* * Do an RSA public key operation */ -int mbedtls_rsa_public( mbedtls_rsa_context *ctx, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_rsa_public(mbedtls_rsa_context *ctx, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; mbedtls_mpi T; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(output != NULL); - if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); - if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) - { + if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } olen = ctx->len; - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &ctx->E, &ctx->N, &ctx->RN)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret ); + if (ret != 0) + return (MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret); - return( 0 ); + return (0); } /* @@ -780,63 +732,60 @@ cleanup: * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer * Berlin Heidelberg, 1996. p. 104-113. */ -static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ +static int rsa_prepare_blinding(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret, count = 0; mbedtls_mpi R; - mbedtls_mpi_init( &R ); + mbedtls_mpi_init(&R); - if( ctx->Vf.p != NULL ) - { + if (ctx->Vf.p != NULL) { /* We already have blinding values, just update them by squaring */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N)); goto cleanup; } /* Unblinding value: Vf = random number, invertible mod N */ do { - if( count++ > 10 ) - { + if (count++ > 10) { ret = MBEDTLS_ERR_RSA_RNG_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng)); /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); /* At this point, Vi is invertible mod N if and only if both Vf and R * are invertible mod N. If one of them isn't, we don't need to know * which one, we just loop and choose new values for both of them. * (Each iteration succeeds with overwhelming probability.) */ - ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); - if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) + ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N); + if (ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) goto cleanup; - } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + } while (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); /* Blinding value: Vi = Vf^(-e) mod N * (Vi already contains Vf^-1 at this point) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN)); cleanup: - mbedtls_mpi_free( &R ); + mbedtls_mpi_free(&R); - return( ret ); + return (ret); } /* @@ -863,12 +812,11 @@ cleanup: /* * Do an RSA private key operation */ -int mbedtls_rsa_private( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_rsa_private(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + const unsigned char *input, + unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; @@ -904,110 +852,107 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * checked result; should be the same in the end. */ mbedtls_mpi I, C; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(output != NULL); - if( rsa_check_context( ctx, 1 /* private key checks */, - f_rng != NULL /* blinding y/n */ ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (rsa_check_context(ctx, 1 /* private key checks */, + f_rng != NULL /* blinding y/n */) != 0) { + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif /* MPI Initialization */ - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&T); - mbedtls_mpi_init( &P1 ); - mbedtls_mpi_init( &Q1 ); - mbedtls_mpi_init( &R ); + mbedtls_mpi_init(&P1); + mbedtls_mpi_init(&Q1); + mbedtls_mpi_init(&R); - if( f_rng != NULL ) - { + if (f_rng != NULL) { #if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_init( &D_blind ); + mbedtls_mpi_init(&D_blind); #else - mbedtls_mpi_init( &DP_blind ); - mbedtls_mpi_init( &DQ_blind ); + mbedtls_mpi_init(&DP_blind); + mbedtls_mpi_init(&DQ_blind); #endif } #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); + mbedtls_mpi_init(&TP); + mbedtls_mpi_init(&TQ); #endif - mbedtls_mpi_init( &I ); - mbedtls_mpi_init( &C ); + mbedtls_mpi_init(&I); + mbedtls_mpi_init(&C); /* End of MPI initialization */ - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) ); - if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); + if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&I, &T)); - if( f_rng != NULL ) - { + if (f_rng != NULL) { /* * Blinding * T = T * Vi mod N */ - MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); + MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); /* * Exponent blinding */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1)); #if defined(MBEDTLS_RSA_NO_CRT) /* * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D)); D = &D_blind; #else /* * DP_blind = ( P - 1 ) * R + DP */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind, - &ctx->DP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DP_blind, &P1, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind, + &ctx->DP)); DP = &DP_blind; /* * DQ_blind = ( Q - 1 ) * R + DQ */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind, - &ctx->DQ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, + f_rng, p_rng)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind, + &ctx->DQ)); DQ = &DQ_blind; #endif /* MBEDTLS_RSA_NO_CRT */ } #if defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, D, &ctx->N, &ctx->RN)); #else /* * Faster decryption using the CRT @@ -1016,78 +961,76 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * TQ = input ^ dQ mod Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, DP, &ctx->P, &ctx->RP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, DQ, &ctx->Q, &ctx->RQ)); /* * T = (TP - TQ) * (Q^-1 mod P) mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&T, &TP, &TQ)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P)); /* * T = TQ + T * Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP)); #endif /* MBEDTLS_RSA_NO_CRT */ - if( f_rng != NULL ) - { + if (f_rng != NULL) { /* * Unblind * T = T * Vf mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vf)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); } /* Verify the result to prevent glitching attacks. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, - &ctx->N, &ctx->RN ) ); - if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&C, &T, &ctx->E, + &ctx->N, &ctx->RN)); + if (mbedtls_mpi_cmp_mpi(&C, &I) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } olen = ctx->len; - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - mbedtls_mpi_free( &P1 ); - mbedtls_mpi_free( &Q1 ); - mbedtls_mpi_free( &R ); + mbedtls_mpi_free(&P1); + mbedtls_mpi_free(&Q1); + mbedtls_mpi_free(&R); - if( f_rng != NULL ) - { + if (f_rng != NULL) { #if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &D_blind ); + mbedtls_mpi_free(&D_blind); #else - mbedtls_mpi_free( &DP_blind ); - mbedtls_mpi_free( &DQ_blind ); + mbedtls_mpi_free(&DP_blind); + mbedtls_mpi_free(&DQ_blind); #endif } - mbedtls_mpi_free( &T ); + mbedtls_mpi_free(&T); #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ ); + mbedtls_mpi_free(&TP); + mbedtls_mpi_free(&TQ); #endif - mbedtls_mpi_free( &C ); - mbedtls_mpi_free( &I ); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&I); - if( ret != 0 && ret >= -0x007f ) - return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); + if (ret != 0 && ret >= -0x007f) + return (MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret); - return( ret ); + return (ret); } #if defined(MBEDTLS_PKCS1_V21) @@ -1100,9 +1043,8 @@ cleanup: * \param slen length of the source buffer * \param md_ctx message digest context to use */ -static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, - size_t slen, mbedtls_md_context_t *md_ctx ) -{ +static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, + size_t slen, mbedtls_md_context_t *md_ctx) { unsigned char mask[MBEDTLS_MD_MAX_SIZE]; unsigned char counter[4]; unsigned char *p; @@ -1110,30 +1052,29 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t i, use_len; int ret = 0; - memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); - memset( counter, 0, 4 ); + memset(mask, 0, MBEDTLS_MD_MAX_SIZE); + memset(counter, 0, 4); - hlen = mbedtls_md_get_size( md_ctx->md_info ); + hlen = mbedtls_md_get_size(md_ctx->md_info); /* Generate and apply dbMask */ p = dst; - while( dlen > 0 ) - { + while (dlen > 0) { use_len = hlen; - if( dlen < hlen ) + if (dlen < hlen) use_len = dlen; - if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(md_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 ) + if ((ret = mbedtls_md_update(md_ctx, src, slen)) != 0) goto exit; - if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 ) + if ((ret = mbedtls_md_update(md_ctx, counter, 4)) != 0) goto exit; - if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 ) + if ((ret = mbedtls_md_finish(md_ctx, mask)) != 0) goto exit; - for( i = 0; i < use_len; ++i ) + for (i = 0; i < use_len; ++i) *p++ ^= mask[i]; counter[3]++; @@ -1142,9 +1083,9 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, } exit: - mbedtls_platform_zeroize( mask, sizeof( mask ) ); + mbedtls_platform_zeroize(mask, sizeof(mask)); - return( ret ); + return (ret); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1152,15 +1093,14 @@ exit: /* * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function */ -int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t ilen, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t ilen, + const unsigned char *input, + unsigned char *output) { size_t olen; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = output; @@ -1168,72 +1108,72 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); - RSA_VALIDATE_RET( label_len == 0 || label != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output != NULL); + RSA_VALIDATE_RET(ilen == 0 || input != NULL); + RSA_VALIDATE_RET(label_len == 0 || label != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (f_rng == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); olen = ctx->len; - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); /* first comparison checks for overflow */ - if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - memset( output, 0, olen ); + memset(output, 0, olen); *p++ = 0; /* Generate a random octet string seed */ - if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); + if ((ret = f_rng(p_rng, p, hlen)) != 0) + return (MBEDTLS_ERR_RSA_RNG_FAILED + ret); p += hlen; /* Construct DB */ - if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_md(md_info, label, label_len, p)) != 0) + return (ret); p += hlen; p += olen - 2 * hlen - 2 - ilen; *p++ = 1; - if( ilen != 0 ) - memcpy( p, input, ilen ); + if (ilen != 0) + memcpy(p, input, ilen); - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) goto exit; /* maskedDB: Apply dbMask to DB */ - if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, - &md_ctx ) ) != 0 ) + if ((ret = mgf_mask(output + hlen + 1, olen - hlen - 1, output + 1, hlen, + &md_ctx)) != 0) goto exit; /* maskedSeed: Apply seedMask to seed */ - if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, - &md_ctx ) ) != 0 ) + if ((ret = mgf_mask(output + 1, hlen, output + hlen + 1, olen - hlen - 1, + &md_ctx)) != 0) goto exit; exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - if( ret != 0 ) - return( ret ); + if (ret != 0) + return (ret); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return ((mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, output, output) + : mbedtls_rsa_private(ctx, f_rng, p_rng, output, output)); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1241,107 +1181,100 @@ exit: /* * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function */ -int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ) -{ +int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output) { size_t nb_pad, olen; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = output; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output != NULL); + RSA_VALIDATE_RET(ilen == 0 || input != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); olen = ctx->len; /* first comparison checks for overflow */ - if( ilen + 11 < ilen || olen < ilen + 11 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen + 11 < ilen || olen < ilen + 11) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); nb_pad = olen - 3 - ilen; *p++ = 0; - if( mode == MBEDTLS_RSA_PUBLIC ) - { - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PUBLIC) { + if (f_rng == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); *p++ = MBEDTLS_RSA_CRYPT; - while( nb_pad-- > 0 ) - { + while (nb_pad-- > 0) { int rng_dl = 100; do { - ret = f_rng( p_rng, p, 1 ); - } while( *p == 0 && --rng_dl && ret == 0 ); + ret = f_rng(p_rng, p, 1); + } while (*p == 0 && --rng_dl && ret == 0); /* Check if RNG failed to generate data */ - if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); + if (rng_dl == 0 || ret != 0) + return (MBEDTLS_ERR_RSA_RNG_FAILED + ret); p++; } - } - else - { + } else { *p++ = MBEDTLS_RSA_SIGN; - while( nb_pad-- > 0 ) + while (nb_pad-- > 0) *p++ = 0xFF; } *p++ = 0; - if( ilen != 0 ) - memcpy( p, input, ilen ); + if (ilen != 0) + memcpy(p, input, ilen); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, output, output ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); + return ((mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, output, output) + : mbedtls_rsa_private(ctx, f_rng, p_rng, output, output)); } #endif /* MBEDTLS_PKCS1_V15 */ /* * Add the message padding, then do an RSA operation */ -int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ) -{ - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output != NULL ); - RSA_VALIDATE_RET( ilen == 0 || input != NULL ); +int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output) { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output != NULL); + RSA_VALIDATE_RET(ilen == 0 || input != NULL); - switch( ctx->padding ) - { + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen, - input, output ); + return mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx, f_rng, p_rng, mode, ilen, + input, output); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0, - ilen, input, output ); + return mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, mode, NULL, 0, + ilen, input, output); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return (MBEDTLS_ERR_RSA_INVALID_PADDING); } } @@ -1349,16 +1282,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function */ -int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ) -{ +int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen, i, pad_len; unsigned char *p, bad, pad_done; @@ -1368,70 +1300,68 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( label_len == 0 || label != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output_max_len == 0 || output != NULL); + RSA_VALIDATE_RET(label_len == 0 || label != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(olen != NULL); /* * Parameters sanity checks */ - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); ilen = ctx->len; - if( ilen < 16 || ilen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen < 16 || ilen > sizeof(buf)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); // checking for integer underflow - if( 2 * hlen + 2 > ilen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (2 * hlen + 2 > ilen) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* * RSA operation */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, input, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, input, buf) + : mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf); - if( ret != 0 ) + if (ret != 0) goto cleanup; /* * Unmask data and generate lHash */ - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) { + mbedtls_md_free(&md_ctx); goto cleanup; } /* seed: Apply seedMask to maskedSeed */ - if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, - &md_ctx ) ) != 0 || - /* DB: Apply dbMask to maskedDB */ - ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, - &md_ctx ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); + if ((ret = mgf_mask(buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, + &md_ctx)) != 0 || + /* DB: Apply dbMask to maskedDB */ + (ret = mgf_mask(buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, + &md_ctx)) != 0) { + mbedtls_md_free(&md_ctx); goto cleanup; } - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); /* Generate lHash */ - if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 ) + if ((ret = mbedtls_md(md_info, label, label_len, lhash)) != 0) goto cleanup; /* @@ -1445,17 +1375,16 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, p += hlen; /* Skip seed */ /* Check lHash */ - for( i = 0; i < hlen; i++ ) + for (i = 0; i < hlen; i++) bad |= lhash[i] ^ *p++; /* Get zero-padding len, but always read till end of buffer * (minus one, for the 01 byte) */ pad_len = 0; pad_done = 0; - for( i = 0; i < ilen - 2 * hlen - 2; i++ ) - { + for (i = 0; i < ilen - 2 * hlen - 2; i++) { pad_done |= p[i]; - pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; + pad_len += ((pad_done | (unsigned char) - pad_done) >> 7) ^ 1; } p += pad_len; @@ -1467,28 +1396,26 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between * the different error conditions. */ - if( bad != 0 ) - { + if (bad != 0) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto cleanup; } - if( ilen - ( p - buf ) > output_max_len ) - { + if (ilen - (p - buf) > output_max_len) { ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; goto cleanup; } *olen = ilen - (p - buf); - if( *olen != 0 ) - memcpy( output, p, *olen ); + if (*olen != 0) + memcpy(output, p, *olen); ret = 0; cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); - mbedtls_platform_zeroize( lhash, sizeof( lhash ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); + mbedtls_platform_zeroize(lhash, sizeof(lhash)); - return( ret ); + return (ret); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1498,15 +1425,14 @@ cleanup: * \param value The value to analyze. * \return Zero if \p value is zero, otherwise all-bits-one. */ -static unsigned all_or_nothing_int( unsigned value ) -{ +static unsigned all_or_nothing_int(unsigned value) { /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ #if defined(_MSC_VER) #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); + return (- ((value | - value) >> (sizeof(value) * 8 - 1))); #if defined(_MSC_VER) #pragma warning( pop ) #endif @@ -1522,10 +1448,9 @@ static unsigned all_or_nothing_int( unsigned value ) * \return \c 0 if `size <= max`. * \return \c 1 if `size > max`. */ -static unsigned size_greater_than( size_t size, size_t max ) -{ +static unsigned size_greater_than(size_t size, size_t max) { /* Return the sign bit (1 for negative) of (max - size). */ - return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) ); + return ((max - size) >> (sizeof(size_t) * 8 - 1)); } /** Choose between two integer values, without branches. @@ -1538,10 +1463,9 @@ static unsigned size_greater_than( size_t size, size_t max ) * \param if0 Value to use if \p cond is zero. * \return \c if1 if \p cond is nonzero, otherwise \c if0. */ -static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 ) -{ - unsigned mask = all_or_nothing_int( cond ); - return( ( mask & if1 ) | (~mask & if0 ) ); +static unsigned if_int(unsigned cond, unsigned if1, unsigned if0) { + unsigned mask = all_or_nothing_int(cond); + return ((mask & if1) | (~mask & if0)); } /** Shift some data towards the left inside a buffer without leaking @@ -1560,41 +1484,37 @@ static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 ) * \param total Total size of the buffer. * \param offset Offset from which to copy \p total - \p offset bytes. */ -static void mem_move_to_left( void *start, - size_t total, - size_t offset ) -{ +static void mem_move_to_left(void *start, + size_t total, + size_t offset) { volatile unsigned char *buf = start; size_t i, n; - if( total == 0 ) + if (total == 0) return; - for( i = 0; i < total; i++ ) - { - unsigned no_op = size_greater_than( total - offset, i ); + for (i = 0; i < total; i++) { + unsigned no_op = size_greater_than(total - offset, i); /* The first `total - offset` passes are a no-op. The last * `offset` passes shift the data one byte to the left and * zero out the last byte. */ - for( n = 0; n < total - 1; n++ ) - { + for (n = 0; n < total - 1; n++) { unsigned char current = buf[n]; - unsigned char next = buf[n+1]; - buf[n] = if_int( no_op, current, next ); + unsigned char next = buf[n + 1]; + buf[n] = if_int(no_op, current, next); } - buf[total-1] = if_int( no_op, buf[total-1], 0 ); + buf[total - 1] = if_int(no_op, buf[total - 1], 0); } } /* * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function */ -int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ) -{ +int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t ilen, i, plaintext_max_size; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; @@ -1614,51 +1534,47 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, size_t plaintext_size = 0; unsigned output_too_large; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output_max_len == 0 || output != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(olen != NULL); ilen = ctx->len; - plaintext_max_size = ( output_max_len > ilen - 11 ? - ilen - 11 : - output_max_len ); + plaintext_max_size = (output_max_len > ilen - 11 ? + ilen - 11 : + output_max_len); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( ilen < 16 || ilen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (ilen < 16 || ilen > sizeof(buf)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, input, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, input, buf) + : mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf); - if( ret != 0 ) + if (ret != 0) goto cleanup; /* Check and get padding length in constant time and constant * memory trace. The first byte must be 0. */ bad |= buf[0]; - if( mode == MBEDTLS_RSA_PRIVATE ) - { + if (mode == MBEDTLS_RSA_PRIVATE) { /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 * where PS must be at least 8 nonzero bytes. */ bad |= buf[1] ^ MBEDTLS_RSA_CRYPT; /* Read the whole buffer. Set pad_done to nonzero if we find * the 0x00 byte and remember the padding length in pad_count. */ - for( i = 2; i < ilen; i++ ) - { - pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1; - pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; + for (i = 2; i < ilen; i++) { + pad_done |= ((buf[i] | (unsigned char) - buf[i]) >> 7) ^ 1; + pad_count += ((pad_done | (unsigned char) - pad_done) >> 7) ^ 1; } - } - else - { + } else { /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00 * where PS must be at least 8 bytes with the value 0xFF. */ bad |= buf[1] ^ MBEDTLS_RSA_SIGN; @@ -1666,19 +1582,18 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, /* Read the whole buffer. Set pad_done to nonzero if we find * the 0x00 byte and remember the padding length in pad_count. * If there's a non-0xff byte in the padding, the padding is bad. */ - for( i = 2; i < ilen; i++ ) - { - pad_done |= if_int( buf[i], 0, 1 ); - pad_count += if_int( pad_done, 0, 1 ); - bad |= if_int( pad_done, 0, buf[i] ^ 0xFF ); + for (i = 2; i < ilen; i++) { + pad_done |= if_int(buf[i], 0, 1); + pad_count += if_int(pad_done, 0, 1); + bad |= if_int(pad_done, 0, buf[i] ^ 0xFF); } } /* If pad_done is still zero, there's no data, only unfinished padding. */ - bad |= if_int( pad_done, 0, 1 ); + bad |= if_int(pad_done, 0, 1); /* There must be at least 8 bytes of padding. */ - bad |= size_greater_than( 8, pad_count ); + bad |= size_greater_than(8, pad_count); /* If the padding is valid, set plaintext_size to the number of * remaining bytes after stripping the padding. If the padding @@ -1687,23 +1602,23 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * buffer. Do it without branches to avoid leaking the padding * validity through timing. RSA keys are small enough that all the * size_t values involved fit in unsigned int. */ - plaintext_size = if_int( bad, - (unsigned) plaintext_max_size, - (unsigned) ( ilen - pad_count - 3 ) ); + plaintext_size = if_int(bad, + (unsigned) plaintext_max_size, + (unsigned)(ilen - pad_count - 3)); /* Set output_too_large to 0 if the plaintext fits in the output * buffer and to 1 otherwise. */ - output_too_large = size_greater_than( plaintext_size, - plaintext_max_size ); + output_too_large = size_greater_than(plaintext_size, + plaintext_max_size); /* Set ret without branches to avoid timing attacks. Return: * - INVALID_PADDING if the padding is bad (bad != 0). * - OUTPUT_TOO_LARGE if the padding is good but the decrypted * plaintext does not fit in the output buffer. * - 0 if the padding is correct. */ - ret = - (int) if_int( bad, - MBEDTLS_ERR_RSA_INVALID_PADDING, - if_int( output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - 0 ) ); + ret = - (int) if_int(bad, - MBEDTLS_ERR_RSA_INVALID_PADDING, + if_int(output_too_large, - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, + 0)); /* If the padding is bad or the plaintext is too large, zero the * data that we're about to copy to the output buffer. @@ -1711,17 +1626,17 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * from the same buffer whether the padding is good or not to * avoid leaking the padding validity through overall timing or * through memory or cache access patterns. */ - bad = all_or_nothing_int( bad | output_too_large ); - for( i = 11; i < ilen; i++ ) + bad = all_or_nothing_int(bad | output_too_large); + for (i = 11; i < ilen; i++) buf[i] &= ~bad; /* If the plaintext is too large, truncate it to the buffer size. * Copy anyway to avoid revealing the length through timing, because * revealing the length is as bad as revealing the padding validity * for a Bleichenbacher attack. */ - plaintext_size = if_int( output_too_large, - (unsigned) plaintext_max_size, - (unsigned) plaintext_size ); + plaintext_size = if_int(output_too_large, + (unsigned) plaintext_max_size, + (unsigned) plaintext_size); /* Move the plaintext to the leftmost position where it can start in * the working buffer, i.e. make it start plaintext_max_size from @@ -1729,9 +1644,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * does not depend on the plaintext size. After this move, the * starting location of the plaintext is no longer sensitive * information. */ - mem_move_to_left( buf + ilen - plaintext_max_size, - plaintext_max_size, - plaintext_max_size - plaintext_size ); + mem_move_to_left(buf + ilen - plaintext_max_size, + plaintext_max_size, + plaintext_max_size - plaintext_size); /* Finally copy the decrypted plaintext plus trailing zeros into the output * buffer. If output_max_len is 0, then output may be an invalid pointer @@ -1740,8 +1655,8 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * user-provided output buffer), which is independent from plaintext * length, validity of padding, success of the decryption, and other * secrets. */ - if( output_max_len != 0 ) - memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size ); + if (output_max_len != 0) + memcpy(output, buf + ilen - plaintext_max_size, plaintext_max_size); /* Report the amount of data we copied to the output buffer. In case * of errors (bad padding or output too large), the value of *olen @@ -1750,47 +1665,45 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, *olen = plaintext_size; cleanup: - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return (ret); } #endif /* MBEDTLS_PKCS1_V15 */ /* * Do an RSA operation, then remove the message padding */ -int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len) -{ - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( olen != NULL ); +int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len) { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(output_max_len == 0 || output != NULL); + RSA_VALIDATE_RET(input != NULL); + RSA_VALIDATE_RET(olen != NULL); - switch( ctx->padding ) - { + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen, - input, output, output_max_len ); + return mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx, f_rng, p_rng, mode, olen, + input, output, output_max_len); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0, - olen, input, output, - output_max_len ); + return mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, mode, NULL, 0, + olen, input, output, + output_max_len); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return (MBEDTLS_ERR_RSA_INVALID_PADDING); } } @@ -1798,15 +1711,14 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function */ -int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) -{ +int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { size_t olen; unsigned char *p = sig; unsigned char salt[MBEDTLS_MD_MAX_SIZE]; @@ -1815,37 +1727,36 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, size_t msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + RSA_VALIDATE_RET(sig != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( f_rng == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (f_rng == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); olen = ctx->len; - if( md_alg != MBEDTLS_MD_NONE ) - { + if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); } - md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) ctx->hash_id); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); /* Calculate the largest possible salt length. Normally this is the hash * length, which is the maximum length the salt can have. If there is not @@ -1854,68 +1765,68 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017 * (PKCS#1 v2.2) §9.1.1 step 3. */ min_slen = hlen - 2; - if( olen < hlen + min_slen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - else if( olen >= hlen + hlen + 2 ) + if (olen < hlen + min_slen + 2) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); + else if (olen >= hlen + hlen + 2) slen = hlen; else slen = olen - hlen - 2; - memset( sig, 0, olen ); + memset(sig, 0, olen); /* Generate salt of length slen */ - if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); + if ((ret = f_rng(p_rng, salt, slen)) != 0) + return (MBEDTLS_ERR_RSA_RNG_FAILED + ret); /* Note: EMSA-PSS encoding is over the length of N - 1 bits */ - msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; + msb = mbedtls_mpi_bitlen(&ctx->N) - 1; p += olen - hlen - slen - 2; *p++ = 0x01; - memcpy( p, salt, slen ); + memcpy(p, salt, slen); p += slen; - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) goto exit; /* Generate H = Hash( M' ) */ - if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + if ((ret = mbedtls_md_starts(&md_ctx)) != 0) goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, p, 8)) != 0) goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, hash, hashlen)) != 0) goto exit; - if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 ) + if ((ret = mbedtls_md_update(&md_ctx, salt, slen)) != 0) goto exit; - if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 ) + if ((ret = mbedtls_md_finish(&md_ctx, p)) != 0) goto exit; /* Compensate for boundary condition when applying mask */ - if( msb % 8 == 0 ) + if (msb % 8 == 0) offset = 1; /* maskedDB: Apply dbMask to DB */ - if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, - &md_ctx ) ) != 0 ) + if ((ret = mgf_mask(sig + offset, olen - hlen - 1 - offset, p, hlen, + &md_ctx)) != 0) goto exit; - msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; - sig[0] &= 0xFF >> ( olen * 8 - msb ); + msb = mbedtls_mpi_bitlen(&ctx->N) - 1; + sig[0] &= 0xFF >> (olen * 8 - msb); p += hlen; *p++ = 0xBC; - mbedtls_platform_zeroize( salt, sizeof( salt ) ); + mbedtls_platform_zeroize(salt, sizeof(salt)); exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - if( ret != 0 ) - return( ret ); + if (ret != 0) + return (ret); - return( ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, sig ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); + return ((mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, sig, sig) + : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig)); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -1942,35 +1853,33 @@ exit: * - dst points to a buffer of size at least dst_len. * */ -static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - size_t dst_len, - unsigned char *dst ) -{ +static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + size_t dst_len, + unsigned char *dst) { size_t oid_size = 0; size_t nb_pad = dst_len; unsigned char *p = dst; const char *oid = NULL; /* Are we signing hashed or raw data? */ - if( md_alg != MBEDTLS_MD_NONE ) - { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (md_alg != MBEDTLS_MD_NONE) { + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); /* Double-check that 8 + hashlen + oid_size can be used as a * 1-byte ASN.1 length encoding and that there's no overflow. */ - if( 8 + hashlen + oid_size >= 0x80 || - 10 + hashlen < hashlen || - 10 + hashlen + oid_size < 10 + hashlen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (8 + hashlen + oid_size >= 0x80 || + 10 + hashlen < hashlen || + 10 + hashlen + oid_size < 10 + hashlen) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* * Static bounds check: @@ -1980,22 +1889,20 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * - Need hashlen bytes for hash * - Need oid_size bytes for hash alg OID. */ - if( nb_pad < 10 + hashlen + oid_size ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (nb_pad < 10 + hashlen + oid_size) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); nb_pad -= 10 + hashlen + oid_size; - } - else - { - if( nb_pad < hashlen ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } else { + if (nb_pad < hashlen) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); nb_pad -= hashlen; } /* Need space for signature header and padding delimiter (3 bytes), * and 8 bytes for the minimal padding */ - if( nb_pad < 3 + 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (nb_pad < 3 + 8) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); nb_pad -= 3; /* Now nb_pad is the amount of memory to be filled @@ -2004,15 +1911,14 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Write signature header and padding */ *p++ = 0; *p++ = MBEDTLS_RSA_SIGN; - memset( p, 0xFF, nb_pad ); + memset(p, 0xFF, nb_pad); p += nb_pad; *p++ = 0; /* Are we signing raw data? */ - if( md_alg == MBEDTLS_MD_NONE ) - { - memcpy( p, hash, hashlen ); - return( 0 ); + if (md_alg == MBEDTLS_MD_NONE) { + memcpy(p, hash, hashlen); + return (0); } /* Signing hashed data, add corresponding ASN.1 structure @@ -2029,73 +1935,70 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * TAG-OCTET + LEN [ HASH ] ] */ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char)( 0x08 + oid_size + hashlen ); + *p++ = (unsigned char)(0x08 + oid_size + hashlen); *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char)( 0x04 + oid_size ); + *p++ = (unsigned char)(0x04 + oid_size); *p++ = MBEDTLS_ASN1_OID; *p++ = (unsigned char) oid_size; - memcpy( p, oid, oid_size ); + memcpy(p, oid, oid_size); p += oid_size; *p++ = MBEDTLS_ASN1_NULL; *p++ = 0x00; *p++ = MBEDTLS_ASN1_OCTET_STRING; *p++ = (unsigned char) hashlen; - memcpy( p, hash, hashlen ); + memcpy(p, hash, hashlen); p += hashlen; /* Just a sanity-check, should be automatic * after the initial bounds check. */ - if( p != dst + dst_len ) - { - mbedtls_platform_zeroize( dst, dst_len ); - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (p != dst + dst_len) { + mbedtls_platform_zeroize(dst, dst_len); + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); } - return( 0 ); + return (0); } /* * Do an RSA operation to sign the message digest */ -int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) -{ +int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *sig_try = NULL, *verif = NULL; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + RSA_VALIDATE_RET(sig != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* * Prepare PKCS1-v1.5 encoding (padding and hash identifier) */ - if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, - ctx->len, sig ) ) != 0 ) - return( ret ); + if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, + ctx->len, sig)) != 0) + return (ret); /* * Call respective RSA primitive */ - if( mode == MBEDTLS_RSA_PUBLIC ) - { + if (mode == MBEDTLS_RSA_PUBLIC) { /* Skip verification on a public key operation */ - return( mbedtls_rsa_public( ctx, sig, sig ) ); + return (mbedtls_rsa_public(ctx, sig, sig)); } /* Private key operation @@ -2104,72 +2007,68 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * temporary buffer and check it before returning it. */ - sig_try = mbedtls_calloc( 1, ctx->len ); - if( sig_try == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + sig_try = mbedtls_calloc(1, ctx->len); + if (sig_try == NULL) + return (MBEDTLS_ERR_MPI_ALLOC_FAILED); - verif = mbedtls_calloc( 1, ctx->len ); - if( verif == NULL ) - { - mbedtls_free( sig_try ); - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); + verif = mbedtls_calloc(1, ctx->len); + if (verif == NULL) { + mbedtls_free(sig_try); + return (MBEDTLS_ERR_MPI_ALLOC_FAILED); } - MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try)); + MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif)); - if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 ) - { + if (mbedtls_safer_memcmp(verif, sig, ctx->len) != 0) { ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; goto cleanup; } - memcpy( sig, sig_try, ctx->len ); + memcpy(sig, sig_try, ctx->len); cleanup: - mbedtls_free( sig_try ); - mbedtls_free( verif ); + mbedtls_free(sig_try); + mbedtls_free(verif); - return( ret ); + return (ret); } #endif /* MBEDTLS_PKCS1_V15 */ /* * Do an RSA operation to sign the message digest */ -int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ) -{ - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); - RSA_VALIDATE_RET( sig != NULL ); +int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig) { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); + RSA_VALIDATE_RET(sig != NULL); - switch( ctx->padding ) - { + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return (MBEDTLS_ERR_RSA_INVALID_PADDING); } } @@ -2177,17 +2076,16 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ -int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - mbedtls_md_type_t mgf1_hash_id, - int expected_salt_len, - const unsigned char *sig ) -{ +int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + mbedtls_md_type_t mgf1_hash_id, + int expected_salt_len, + const unsigned char *sig) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t siglen; unsigned char *p; @@ -2200,95 +2098,91 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); siglen = ctx->len; - if( siglen < 16 || siglen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (siglen < 16 || siglen > sizeof(buf)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, sig, buf) + : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, buf); - if( ret != 0 ) - return( ret ); + if (ret != 0) + return (ret); p = buf; - if( buf[siglen - 1] != 0xBC ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + if (buf[siglen - 1] != 0xBC) + return (MBEDTLS_ERR_RSA_INVALID_PADDING); - if( md_alg != MBEDTLS_MD_NONE ) - { + if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hashlen = mbedtls_md_get_size( md_info ); + hashlen = mbedtls_md_get_size(md_info); } - md_info = mbedtls_md_info_from_type( mgf1_hash_id ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(mgf1_hash_id); + if (md_info == NULL) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); - hlen = mbedtls_md_get_size( md_info ); + hlen = mbedtls_md_get_size(md_info); - memset( zeros, 0, 8 ); + memset(zeros, 0, 8); /* * Note: EMSA-PSS verification is over the length of N - 1 bits */ - msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; + msb = mbedtls_mpi_bitlen(&ctx->N) - 1; - if( buf[0] >> ( 8 - siglen * 8 + msb ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (buf[0] >> (8 - siglen * 8 + msb)) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* Compensate for boundary condition when applying mask */ - if( msb % 8 == 0 ) - { + if (msb % 8 == 0) { p++; siglen -= 1; } - if( siglen < hlen + 2 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (siglen < hlen + 2) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); hash_start = p + siglen - hlen - 1; - mbedtls_md_init( &md_ctx ); - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) + mbedtls_md_init(&md_ctx); + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 0)) != 0) goto exit; - ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx ); - if( ret != 0 ) + ret = mgf_mask(p, siglen - hlen - 1, hash_start, hlen, &md_ctx); + if (ret != 0) goto exit; - buf[0] &= 0xFF >> ( siglen * 8 - msb ); + buf[0] &= 0xFF >> (siglen * 8 - msb); - while( p < hash_start - 1 && *p == 0 ) + while (p < hash_start - 1 && *p == 0) p++; - if( *p++ != 0x01 ) - { + if (*p++ != 0x01) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto exit; } observed_salt_len = hash_start - p; - if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && - observed_salt_len != (size_t) expected_salt_len ) - { + if (expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && + observed_salt_len != (size_t) expected_salt_len) { ret = MBEDTLS_ERR_RSA_INVALID_PADDING; goto exit; } @@ -2296,63 +2190,61 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, /* * Generate H = Hash( M' ) */ - ret = mbedtls_md_starts( &md_ctx ); - if ( ret != 0 ) + ret = mbedtls_md_starts(&md_ctx); + if (ret != 0) goto exit; - ret = mbedtls_md_update( &md_ctx, zeros, 8 ); - if ( ret != 0 ) + ret = mbedtls_md_update(&md_ctx, zeros, 8); + if (ret != 0) goto exit; - ret = mbedtls_md_update( &md_ctx, hash, hashlen ); - if ( ret != 0 ) + ret = mbedtls_md_update(&md_ctx, hash, hashlen); + if (ret != 0) goto exit; - ret = mbedtls_md_update( &md_ctx, p, observed_salt_len ); - if ( ret != 0 ) + ret = mbedtls_md_update(&md_ctx, p, observed_salt_len); + if (ret != 0) goto exit; - ret = mbedtls_md_finish( &md_ctx, result ); - if ( ret != 0 ) + ret = mbedtls_md_finish(&md_ctx, result); + if (ret != 0) goto exit; - if( memcmp( hash_start, result, hlen ) != 0 ) - { + if (memcmp(hash_start, result, hlen) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto exit; } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - return( ret ); + return (ret); } /* * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function */ -int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ) -{ +int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig) { mbedtls_md_type_t mgf1_hash_id; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); - mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE ) - ? (mbedtls_md_type_t) ctx->hash_id - : md_alg; + mgf1_hash_id = (ctx->hash_id != MBEDTLS_MD_NONE) + ? (mbedtls_md_type_t) ctx->hash_id + : md_alg; - return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode, - md_alg, hashlen, hash, - mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, - sig ) ); + return (mbedtls_rsa_rsassa_pss_verify_ext(ctx, f_rng, p_rng, mode, + md_alg, hashlen, hash, + mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY, + sig)); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2361,196 +2253,186 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ -int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ) -{ +int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig) { int ret = 0; size_t sig_len; unsigned char *encoded = NULL, *encoded_expected = NULL; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); sig_len = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if (mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15) + return (MBEDTLS_ERR_RSA_BAD_INPUT_DATA); /* * Prepare expected PKCS1 v1.5 encoding of hash. */ - if( ( encoded = mbedtls_calloc( 1, sig_len ) ) == NULL || - ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL ) - { + if ((encoded = mbedtls_calloc(1, sig_len)) == NULL || + (encoded_expected = mbedtls_calloc(1, sig_len)) == NULL) { ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; goto cleanup; } - if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len, - encoded_expected ) ) != 0 ) + if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len, + encoded_expected)) != 0) goto cleanup; /* * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); - if( ret != 0 ) + ret = (mode == MBEDTLS_RSA_PUBLIC) + ? mbedtls_rsa_public(ctx, sig, encoded) + : mbedtls_rsa_private(ctx, f_rng, p_rng, sig, encoded); + if (ret != 0) goto cleanup; /* * Compare */ - if( ( ret = mbedtls_safer_memcmp( encoded, encoded_expected, - sig_len ) ) != 0 ) - { + if ((ret = mbedtls_safer_memcmp(encoded, encoded_expected, + sig_len)) != 0) { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; goto cleanup; } cleanup: - if( encoded != NULL ) - { - mbedtls_platform_zeroize( encoded, sig_len ); - mbedtls_free( encoded ); + if (encoded != NULL) { + mbedtls_platform_zeroize(encoded, sig_len); + mbedtls_free(encoded); } - if( encoded_expected != NULL ) - { - mbedtls_platform_zeroize( encoded_expected, sig_len ); - mbedtls_free( encoded_expected ); + if (encoded_expected != NULL) { + mbedtls_platform_zeroize(encoded_expected, sig_len); + mbedtls_free(encoded_expected); } - return( ret ); + return (ret); } #endif /* MBEDTLS_PKCS1_V15 */ /* * Do an RSA operation and check the message digest */ -int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ) -{ - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); - RSA_VALIDATE_RET( sig != NULL ); - RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && - hashlen == 0 ) || - hash != NULL ); +int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig) { + RSA_VALIDATE_RET(ctx != NULL); + RSA_VALIDATE_RET(mode == MBEDTLS_RSA_PRIVATE || + mode == MBEDTLS_RSA_PUBLIC); + RSA_VALIDATE_RET(sig != NULL); + RSA_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && + hashlen == 0) || + hash != NULL); - switch( ctx->padding ) - { + switch (ctx->padding) { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_verify(ctx, f_rng, p_rng, mode, md_alg, + hashlen, hash, sig); #endif default: - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + return (MBEDTLS_ERR_RSA_INVALID_PADDING); } } /* * Copy the components of an RSA key */ -int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) -{ +int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - RSA_VALIDATE_RET( dst != NULL ); - RSA_VALIDATE_RET( src != NULL ); + RSA_VALIDATE_RET(dst != NULL); + RSA_VALIDATE_RET(src != NULL); dst->len = src->len; - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->N, &src->N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->E, &src->E)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->D, &src->D)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->P, &src->P)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Q, &src->Q)); #if !defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DP, &src->DP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DQ, &src->DQ)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->QP, &src->QP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RP, &src->RP)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RQ, &src->RQ)); #endif - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RN, &src->RN)); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vi, &src->Vi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf)); dst->padding = src->padding; dst->hash_id = src->hash_id; cleanup: - if( ret != 0 ) - mbedtls_rsa_free( dst ); + if (ret != 0) + mbedtls_rsa_free(dst); - return( ret ); + return (ret); } /* * Free the components of an RSA key */ -void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_rsa_free(mbedtls_rsa_context *ctx) { + if (ctx == NULL) return; - mbedtls_mpi_free( &ctx->Vi ); - mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->RN ); - mbedtls_mpi_free( &ctx->D ); - mbedtls_mpi_free( &ctx->Q ); - mbedtls_mpi_free( &ctx->P ); - mbedtls_mpi_free( &ctx->E ); - mbedtls_mpi_free( &ctx->N ); + mbedtls_mpi_free(&ctx->Vi); + mbedtls_mpi_free(&ctx->Vf); + mbedtls_mpi_free(&ctx->RN); + mbedtls_mpi_free(&ctx->D); + mbedtls_mpi_free(&ctx->Q); + mbedtls_mpi_free(&ctx->P); + mbedtls_mpi_free(&ctx->E); + mbedtls_mpi_free(&ctx->N); #if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &ctx->RQ ); - mbedtls_mpi_free( &ctx->RP ); - mbedtls_mpi_free( &ctx->QP ); - mbedtls_mpi_free( &ctx->DQ ); - mbedtls_mpi_free( &ctx->DP ); + mbedtls_mpi_free(&ctx->RQ); + mbedtls_mpi_free(&ctx->RP); + mbedtls_mpi_free(&ctx->QP); + mbedtls_mpi_free(&ctx->DQ); + mbedtls_mpi_free(&ctx->DP); #endif /* MBEDTLS_RSA_NO_CRT */ #if defined(MBEDTLS_THREADING_C) /* Free the mutex, but only if it hasn't been freed already. */ - if( ctx->ver != 0 ) - { - mbedtls_mutex_free( &ctx->mutex ); + if (ctx->ver != 0) { + mbedtls_mutex_free(&ctx->mutex); ctx->ver = 0; } #endif @@ -2602,32 +2484,30 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD" #if defined(MBEDTLS_PKCS1_V15) -static int myrand( void *rng_state, unsigned char *output, size_t len ) -{ +static int myrand(void *rng_state, unsigned char *output, size_t len) { #if !defined(__OpenBSD__) && !defined(__NetBSD__) size_t i; - if( rng_state != NULL ) + if (rng_state != NULL) rng_state = NULL; - for( i = 0; i < len; ++i ) + for (i = 0; i < len; ++i) output[i] = rand(); #else - if( rng_state != NULL ) + if (rng_state != NULL) rng_state = NULL; - arc4random_buf( output, len ); + arc4random_buf(output, len); #endif /* !OpenBSD && !NetBSD */ - return( 0 ); + return (0); } #endif /* MBEDTLS_PKCS1_V15 */ /* * Checkup routine */ -int mbedtls_rsa_self_test( int verbose ) -{ +int mbedtls_rsa_self_test(int verbose) { int ret = 0; #if defined(MBEDTLS_PKCS1_V15) size_t len; @@ -2641,128 +2521,121 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_mpi K; - mbedtls_mpi_init( &K ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init(&K); + mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_N)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, &K, NULL, NULL, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_P)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, &K, NULL, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_Q)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, &K, NULL, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_D)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, &K, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&K, 16, RSA_E)); + MBEDTLS_MPI_CHK(mbedtls_rsa_import(&rsa, NULL, NULL, NULL, NULL, &K)); - MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) ); + MBEDTLS_MPI_CHK(mbedtls_rsa_complete(&rsa)); - if( verbose != 0 ) - mbedtls_printf( " RSA key validation: " ); + if (verbose != 0) + mbedtls_printf(" RSA key validation: "); - if( mbedtls_rsa_check_pubkey( &rsa ) != 0 || - mbedtls_rsa_check_privkey( &rsa ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_check_pubkey(&rsa) != 0 || + mbedtls_rsa_check_privkey(&rsa) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n PKCS#1 encryption : " ); + if (verbose != 0) + mbedtls_printf("passed\n PKCS#1 encryption : "); - memcpy( rsa_plaintext, RSA_PT, PT_LEN ); + memcpy(rsa_plaintext, RSA_PT, PT_LEN); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, - PT_LEN, rsa_plaintext, - rsa_ciphertext ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_encrypt(&rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + PT_LEN, rsa_plaintext, + rsa_ciphertext) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n PKCS#1 decryption : " ); + if (verbose != 0) + mbedtls_printf("passed\n PKCS#1 decryption : "); - if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, - &len, rsa_ciphertext, rsa_decrypted, - sizeof(rsa_decrypted) ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_decrypt(&rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, + &len, rsa_ciphertext, rsa_decrypted, + sizeof(rsa_decrypted)) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(rsa_decrypted, rsa_plaintext, len) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); #if defined(MBEDTLS_SHA1_C) - if( verbose != 0 ) - mbedtls_printf( " PKCS#1 data sign : " ); + if (verbose != 0) + mbedtls_printf(" PKCS#1 data sign : "); - if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_sha1_ret(rsa_plaintext, PT_LEN, sha1sum) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); - return( 1 ); + return (1); } - if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_sign(&rsa, myrand, NULL, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); + if (verbose != 0) + mbedtls_printf("passed\n PKCS#1 sig. verify: "); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (mbedtls_rsa_pkcs1_verify(&rsa, NULL, NULL, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); #endif /* MBEDTLS_SHA1_C */ - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); cleanup: - mbedtls_mpi_free( &K ); - mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free(&K); + mbedtls_rsa_free(&rsa); #else /* MBEDTLS_PKCS1_V15 */ ((void) verbose); #endif /* MBEDTLS_PKCS1_V15 */ - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/rsa.h b/common/mbedtls/rsa.h index 701fe8bed..d13ef3c43 100644 --- a/common/mbedtls/rsa.h +++ b/common/mbedtls/rsa.h @@ -95,8 +95,7 @@ extern "C" { * is deprecated. All manipulation should instead be done through * the public interface functions. */ -typedef struct mbedtls_rsa_context -{ +typedef struct mbedtls_rsa_context { int ver; /*!< Reserved for internal purposes. * Do not set this field in application * code. Its meaning might change without @@ -167,9 +166,9 @@ mbedtls_rsa_context; * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused * otherwise. */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ); +void mbedtls_rsa_init(mbedtls_rsa_context *ctx, + int padding, + int hash_id); /** * \brief This function imports a set of core parameters into an @@ -200,10 +199,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return A non-zero error code on failure. */ -int mbedtls_rsa_import( mbedtls_rsa_context *ctx, - const mbedtls_mpi *N, - const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *E ); +int mbedtls_rsa_import(mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E); /** * \brief This function imports core RSA parameters, in raw big-endian @@ -239,12 +238,12 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return A non-zero error code on failure. */ -int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char const *N, size_t N_len, - unsigned char const *P, size_t P_len, - unsigned char const *Q, size_t Q_len, - unsigned char const *D, size_t D_len, - unsigned char const *E, size_t E_len ); +int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx, + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len); /** * \brief This function completes an RSA context from @@ -278,7 +277,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * failed. * */ -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); +int mbedtls_rsa_complete(mbedtls_rsa_context *ctx); /** * \brief This function exports the core parameters of an RSA key. @@ -320,9 +319,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * \return A non-zero return code on any other failure. * */ -int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, - mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ); +int mbedtls_rsa_export(const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E); /** * \brief This function exports core parameters of an RSA key @@ -371,12 +370,12 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * functionality or because of security policies. * \return A non-zero return code on any other failure. */ -int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ); +int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len); /** * \brief This function exports CRT parameters of a private RSA key. @@ -397,8 +396,8 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, * \return A non-zero error code on failure. * */ -int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); +int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP); /** * \brief This function sets padding for an already initialized RSA @@ -409,8 +408,8 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id ); +void mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, + int hash_id); /** * \brief This function retrieves the length of RSA modulus in Bytes. @@ -420,7 +419,7 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, * \return The length of the RSA modulus in Bytes. * */ -size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); +size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx); /** * \brief This function generates an RSA keypair. @@ -440,10 +439,10 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ); +int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent); /** * \brief This function checks if a context contains at least an RSA @@ -459,7 +458,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ -int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); +int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx); /** * \brief This function checks if a context contains an RSA private key @@ -497,7 +496,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); +int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx); /** * \brief This function checks a public-private RSA key pair. @@ -510,8 +509,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, - const mbedtls_rsa_context *prv ); +int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv); /** * \brief This function performs an RSA public key operation. @@ -532,9 +531,9 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_public( mbedtls_rsa_context *ctx, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_public(mbedtls_rsa_context *ctx, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs an RSA private key operation. @@ -567,11 +566,11 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ -int mbedtls_rsa_private( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_private(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + const unsigned char *input, + unsigned char *output); /** * \brief This function adds the message padding, then performs an RSA @@ -612,12 +611,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs a PKCS#1 v1.5 encryption operation @@ -653,12 +652,12 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t ilen, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t ilen, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs a PKCS#1 v2.1 OAEP encryption @@ -698,14 +697,14 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t ilen, - const unsigned char *input, - unsigned char *output ); +int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t ilen, + const unsigned char *input, + unsigned char *output); /** * \brief This function performs an RSA operation, then removes the @@ -751,13 +750,13 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief This function performs a PKCS#1 v1.5 decryption @@ -801,13 +800,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * */ -int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief This function performs a PKCS#1 v2.1 OAEP decryption @@ -855,15 +854,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - const unsigned char *label, size_t label_len, - size_t *olen, - const unsigned char *input, - unsigned char *output, - size_t output_max_len ); +int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + const unsigned char *label, size_t label_len, + size_t *olen, + const unsigned char *input, + unsigned char *output, + size_t output_max_len); /** * \brief This function performs a private RSA operation to sign @@ -915,14 +914,14 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * \brief This function performs a PKCS#1 v1.5 signature @@ -963,14 +962,14 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS signature @@ -1025,14 +1024,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \return \c 0 if the signing operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + unsigned char *sig); /** * \brief This function performs a public RSA operation and checks @@ -1078,14 +1077,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); +int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig); /** * \brief This function performs a PKCS#1 v1.5 verification @@ -1124,14 +1123,14 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); +int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS verification @@ -1181,14 +1180,14 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - const unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + const unsigned char *sig); /** * \brief This function performs a PKCS#1 v2.1 PSS verification @@ -1229,16 +1228,16 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * \return \c 0 if the verify operation was successful. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ -int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - int mode, - mbedtls_md_type_t md_alg, - unsigned int hashlen, - const unsigned char *hash, - mbedtls_md_type_t mgf1_hash_id, - int expected_salt_len, - const unsigned char *sig ); +int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int mode, + mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + mbedtls_md_type_t mgf1_hash_id, + int expected_salt_len, + const unsigned char *sig); /** * \brief This function copies the components of an RSA context. @@ -1249,7 +1248,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * \return \c 0 on success. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure. */ -int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); +int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src); /** * \brief This function frees the components of an RSA key. @@ -1258,7 +1257,7 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) * this function is a no-op. If it is not \c NULL, it must * point to an initialized RSA context. */ -void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); +void mbedtls_rsa_free(mbedtls_rsa_context *ctx); #if defined(MBEDTLS_SELF_TEST) @@ -1268,7 +1267,7 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_rsa_self_test( int verbose ); +int mbedtls_rsa_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/rsa_internal.c b/common/mbedtls/rsa_internal.c index d6ba97a14..e1be1d9c0 100644 --- a/common/mbedtls/rsa_internal.c +++ b/common/mbedtls/rsa_internal.c @@ -59,10 +59,9 @@ * of (a) and (b) above to attempt to factor N. * */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, - mbedtls_mpi const *E, mbedtls_mpi const *D, - mbedtls_mpi *P, mbedtls_mpi *Q ) -{ +int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, + mbedtls_mpi const *E, mbedtls_mpi const *D, + mbedtls_mpi *P, mbedtls_mpi *Q) { int ret = 0; uint16_t attempt; /* Number of current attempt */ @@ -74,48 +73,46 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi K; /* Temporary holding the current candidate */ const unsigned char primes[] = { 2, - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251 - }; + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251 + }; - const size_t num_primes = sizeof( primes ) / sizeof( *primes ); + const size_t num_primes = sizeof(primes) / sizeof(*primes); - if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (P == NULL || Q == NULL || P->p != NULL || Q->p != NULL) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || - mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(N, 0) <= 0 || + mbedtls_mpi_cmp_int(D, 1) <= 0 || + mbedtls_mpi_cmp_mpi(D, N) >= 0 || + mbedtls_mpi_cmp_int(E, 1) <= 0 || + mbedtls_mpi_cmp_mpi(E, N) >= 0) { + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); } /* * Initializations and temporary changes */ - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &T ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&T); /* T := DE - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, D, E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&T, &T, 1)); - if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 ) - { + if ((order = (uint16_t) mbedtls_mpi_lsb(&T)) == 0) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } /* After this operation, T holds the largest odd divisor of DE - 1. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&T, order)); /* * Actual work @@ -123,49 +120,46 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, /* Skip trying 2 if N == 1 mod 8 */ attempt = 0; - if( N->p[0] % 8 == 1 ) + if (N->p[0] % 8 == 1) attempt = 1; - for( ; attempt < num_primes; ++attempt ) - { - mbedtls_mpi_lset( &K, primes[attempt] ); + for (; attempt < num_primes; ++attempt) { + mbedtls_mpi_lset(&K, primes[attempt]); /* Check if gcd(K,N) = 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N)); + if (mbedtls_mpi_cmp_int(P, 1) != 0) continue; /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... * and check whether they have nontrivial GCD with N. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, - Q /* temporarily use Q for storing Montgomery - * multiplication helper values */ ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &K, &T, N, + Q /* temporarily use Q for storing Montgomery + * multiplication helper values */)); - for( iter = 1; iter <= order; ++iter ) - { + for (iter = 1; iter <= order; ++iter) { /* If we reach 1 prematurely, there's no point * in continuing to square K */ - if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 ) + if (mbedtls_mpi_cmp_int(&K, 1) == 0) break; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N)); - if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && - mbedtls_mpi_cmp_mpi( P, N ) == -1 ) - { + if (mbedtls_mpi_cmp_int(P, 1) == 1 && + mbedtls_mpi_cmp_mpi(P, N) == -1) { /* * Have found a nontrivial divisor P of N. * Set Q := N / P. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(Q, NULL, N, P)); goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &K)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, N)); } /* @@ -175,8 +169,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, * Check if that's the case and abort if not, to avoid very long, * yet eventually failing, computations if N,D,E were not sane. */ - if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&K, 1) != 0) { break; } } @@ -185,125 +178,113 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, cleanup: - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &T ); - return( ret ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&T); + return (ret); } /* * Given P, Q and the public exponent E, deduce D. * This is essentially a modular inversion. */ -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ) -{ +int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D) { int ret = 0; mbedtls_mpi K, L; - if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (D == NULL || mbedtls_mpi_cmp_int(D, 0) != 0) + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 0 ) == 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + if (mbedtls_mpi_cmp_int(P, 1) <= 0 || + mbedtls_mpi_cmp_int(Q, 1) <= 0 || + mbedtls_mpi_cmp_int(E, 0) == 0) { + return (MBEDTLS_ERR_MPI_BAD_INPUT_DATA); } - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&L); /* Temporarily put K := P-1 and L := Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1)); /* Temporarily put D := gcd(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(D, &K, &L)); /* K := LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, &K, &L)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&K, NULL, &K, D)); /* Compute modular inverse of E in LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(D, E, &K)); cleanup: - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&L); - return( ret ); + return (ret); } /* * Check that RSA CRT parameters are in accordance with core parameters. */ -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) -{ +int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP) { int ret = 0; mbedtls_mpi K, L; - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&L); /* Check that DP - D == 0 mod P - 1 */ - if( DP != NULL ) - { - if( P == NULL ) - { + if (DP != NULL) { + if (P == NULL) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DP, D)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K)); - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&L, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } } /* Check that DQ - D == 0 mod Q - 1 */ - if( DQ != NULL ) - { - if( Q == NULL ) - { + if (DQ != NULL) { + if (Q == NULL) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&L, DQ, D)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&L, &L, &K)); - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { + if (mbedtls_mpi_cmp_int(&L, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } } /* Check that QP * Q - 1 == 0 mod P */ - if( QP != NULL ) - { - if( P == NULL || Q == NULL ) - { + if (QP != NULL) { + if (P == NULL || Q == NULL) { ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, QP, Q)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, P)); + if (mbedtls_mpi_cmp_int(&K, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -312,33 +293,31 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, cleanup: /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && - ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && - ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) - { + if (ret != 0 && + ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && + ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&L); - return( ret ); + return (ret); } /* * Check that core RSA parameters are sane. */ -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = 0; mbedtls_mpi K, L; - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); + mbedtls_mpi_init(&K); + mbedtls_mpi_init(&L); /* * Step 1: If PRNG provided, check that P and Q are prime @@ -350,16 +329,14 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * rate of at most 2^-100 and we are aiming for the same certainty here as * well. */ - if( f_rng != NULL && P != NULL && - ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 ) - { + if (f_rng != NULL && P != NULL && + (ret = mbedtls_mpi_is_prime_ext(P, 50, f_rng, p_rng)) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } - if( f_rng != NULL && Q != NULL && - ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 ) - { + if (f_rng != NULL && Q != NULL && + (ret = mbedtls_mpi_is_prime_ext(Q, 50, f_rng, p_rng)) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -372,12 +349,10 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * Step 2: Check that 1 < N = P * Q */ - if( P != NULL && Q != NULL && N != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) - { + if (P != NULL && Q != NULL && N != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, P, Q)); + if (mbedtls_mpi_cmp_int(N, 1) <= 0 || + mbedtls_mpi_cmp_mpi(&K, N) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -387,13 +362,11 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * Step 3: Check and 1 < D, E < N if present. */ - if( N != NULL && D != NULL && E != NULL ) - { - if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { + if (N != NULL && D != NULL && E != NULL) { + if (mbedtls_mpi_cmp_int(D, 1) <= 0 || + mbedtls_mpi_cmp_int(E, 1) <= 0 || + mbedtls_mpi_cmp_mpi(D, N) >= 0 || + mbedtls_mpi_cmp_mpi(E, N) >= 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -403,33 +376,29 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * Step 4: Check that D, E are inverse modulo P-1 and Q-1 */ - if( P != NULL && Q != NULL && D != NULL && E != NULL ) - { - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) - { + if (P != NULL && Q != NULL && D != NULL && E != NULL) { + if (mbedtls_mpi_cmp_int(P, 1) <= 0 || + mbedtls_mpi_cmp_int(Q, 1) <= 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L)); + if (mbedtls_mpi_cmp_int(&K, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&K, D, E)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, &K, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&L, Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&K, &K, &L)); + if (mbedtls_mpi_cmp_int(&K, 0) != 0) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } @@ -437,50 +406,45 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, cleanup: - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&L); /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) - { + if (ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED) { ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } - return( ret ); + return (ret); } -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ) -{ +int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP) { int ret = 0; mbedtls_mpi K; - mbedtls_mpi_init( &K ); + mbedtls_mpi_init(&K); /* DP = D mod P-1 */ - if( DP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); + if (DP != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, P, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DP, D, &K)); } /* DQ = D mod Q-1 */ - if( DQ != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); + if (DQ != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&K, Q, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(DQ, D, &K)); } /* QP = Q^{-1} mod P */ - if( QP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); + if (QP != NULL) { + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(QP, Q, P)); } cleanup: - mbedtls_mpi_free( &K ); + mbedtls_mpi_free(&K); - return( ret ); + return (ret); } #endif /* MBEDTLS_RSA_C */ diff --git a/common/mbedtls/rsa_internal.h b/common/mbedtls/rsa_internal.h index d55492bb1..017018bca 100644 --- a/common/mbedtls/rsa_internal.h +++ b/common/mbedtls/rsa_internal.h @@ -92,9 +92,9 @@ extern "C" { * use the helper function \c mbedtls_rsa_validate_params. * */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E, - mbedtls_mpi const *D, - mbedtls_mpi *P, mbedtls_mpi *Q ); +int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, mbedtls_mpi const *E, + mbedtls_mpi const *D, + mbedtls_mpi *P, mbedtls_mpi *Q); /** * \brief Compute RSA private exponent from @@ -117,10 +117,10 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E, * \note This function does not check whether P and Q are primes. * */ -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ); +int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D); /** @@ -143,9 +143,9 @@ int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, * prime and whether D is a valid private exponent. * */ -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ); +int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP); /** @@ -178,11 +178,11 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * to perform specific checks only. E.g., calling it with * (-,P,-,-,-) and a PRNG amounts to a primality check for P. */ -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Check validity of RSA CRT parameters @@ -213,9 +213,9 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * to perform specific checks only. E.g., calling it with the * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. */ -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); +int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP); #ifdef __cplusplus } diff --git a/common/mbedtls/sha1.c b/common/mbedtls/sha1.c index 6b0f58e7b..cfb302f5e 100644 --- a/common/mbedtls/sha1.c +++ b/common/mbedtls/sha1.c @@ -71,26 +71,23 @@ } #endif -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - SHA1_VALIDATE( ctx != NULL ); +void mbedtls_sha1_init(mbedtls_sha1_context *ctx) { + SHA1_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha1_context)); } -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_sha1_free(mbedtls_sha1_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha1_context)); } -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ) -{ - SHA1_VALIDATE( dst != NULL ); - SHA1_VALIDATE( src != NULL ); +void mbedtls_sha1_clone(mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src) { + SHA1_VALIDATE(dst != NULL); + SHA1_VALIDATE(src != NULL); *dst = *src; } @@ -98,9 +95,8 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) -{ - SHA1_VALIDATE_RET( ctx != NULL ); +int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx) { + SHA1_VALIDATE_RET(ctx != NULL); ctx->total[0] = 0; ctx->total[1] = 0; @@ -111,44 +107,41 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); +void mbedtls_sha1_starts(mbedtls_sha1_context *ctx) { + mbedtls_sha1_starts_ret(ctx); } #endif #if !defined(MBEDTLS_SHA1_PROCESS_ALT) -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - struct - { +int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]) { + struct { uint32_t temp, W[16], A, B, C, D, E; } local; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA1_VALIDATE_RET(ctx != NULL); + SHA1_VALIDATE_RET((const unsigned char *)data != NULL); - GET_UINT32_BE( local.W[ 0], data, 0 ); - GET_UINT32_BE( local.W[ 1], data, 4 ); - GET_UINT32_BE( local.W[ 2], data, 8 ); - GET_UINT32_BE( local.W[ 3], data, 12 ); - GET_UINT32_BE( local.W[ 4], data, 16 ); - GET_UINT32_BE( local.W[ 5], data, 20 ); - GET_UINT32_BE( local.W[ 6], data, 24 ); - GET_UINT32_BE( local.W[ 7], data, 28 ); - GET_UINT32_BE( local.W[ 8], data, 32 ); - GET_UINT32_BE( local.W[ 9], data, 36 ); - GET_UINT32_BE( local.W[10], data, 40 ); - GET_UINT32_BE( local.W[11], data, 44 ); - GET_UINT32_BE( local.W[12], data, 48 ); - GET_UINT32_BE( local.W[13], data, 52 ); - GET_UINT32_BE( local.W[14], data, 56 ); - GET_UINT32_BE( local.W[15], data, 60 ); + GET_UINT32_BE(local.W[ 0], data, 0); + GET_UINT32_BE(local.W[ 1], data, 4); + GET_UINT32_BE(local.W[ 2], data, 8); + GET_UINT32_BE(local.W[ 3], data, 12); + GET_UINT32_BE(local.W[ 4], data, 16); + GET_UINT32_BE(local.W[ 5], data, 20); + GET_UINT32_BE(local.W[ 6], data, 24); + GET_UINT32_BE(local.W[ 7], data, 28); + GET_UINT32_BE(local.W[ 8], data, 32); + GET_UINT32_BE(local.W[ 9], data, 36); + GET_UINT32_BE(local.W[10], data, 40); + GET_UINT32_BE(local.W[11], data, 44); + GET_UINT32_BE(local.W[12], data, 48); + GET_UINT32_BE(local.W[13], data, 52); + GET_UINT32_BE(local.W[14], data, 56); + GET_UINT32_BE(local.W[15], data, 60); #define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) @@ -177,26 +170,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, #define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) #define K 0x5A827999 - P( local.A, local.B, local.C, local.D, local.E, local.W[0] ); - P( local.E, local.A, local.B, local.C, local.D, local.W[1] ); - P( local.D, local.E, local.A, local.B, local.C, local.W[2] ); - P( local.C, local.D, local.E, local.A, local.B, local.W[3] ); - P( local.B, local.C, local.D, local.E, local.A, local.W[4] ); - P( local.A, local.B, local.C, local.D, local.E, local.W[5] ); - P( local.E, local.A, local.B, local.C, local.D, local.W[6] ); - P( local.D, local.E, local.A, local.B, local.C, local.W[7] ); - P( local.C, local.D, local.E, local.A, local.B, local.W[8] ); - P( local.B, local.C, local.D, local.E, local.A, local.W[9] ); - P( local.A, local.B, local.C, local.D, local.E, local.W[10] ); - P( local.E, local.A, local.B, local.C, local.D, local.W[11] ); - P( local.D, local.E, local.A, local.B, local.C, local.W[12] ); - P( local.C, local.D, local.E, local.A, local.B, local.W[13] ); - P( local.B, local.C, local.D, local.E, local.A, local.W[14] ); - P( local.A, local.B, local.C, local.D, local.E, local.W[15] ); - P( local.E, local.A, local.B, local.C, local.D, R(16) ); - P( local.D, local.E, local.A, local.B, local.C, R(17) ); - P( local.C, local.D, local.E, local.A, local.B, R(18) ); - P( local.B, local.C, local.D, local.E, local.A, R(19) ); + P(local.A, local.B, local.C, local.D, local.E, local.W[0]); + P(local.E, local.A, local.B, local.C, local.D, local.W[1]); + P(local.D, local.E, local.A, local.B, local.C, local.W[2]); + P(local.C, local.D, local.E, local.A, local.B, local.W[3]); + P(local.B, local.C, local.D, local.E, local.A, local.W[4]); + P(local.A, local.B, local.C, local.D, local.E, local.W[5]); + P(local.E, local.A, local.B, local.C, local.D, local.W[6]); + P(local.D, local.E, local.A, local.B, local.C, local.W[7]); + P(local.C, local.D, local.E, local.A, local.B, local.W[8]); + P(local.B, local.C, local.D, local.E, local.A, local.W[9]); + P(local.A, local.B, local.C, local.D, local.E, local.W[10]); + P(local.E, local.A, local.B, local.C, local.D, local.W[11]); + P(local.D, local.E, local.A, local.B, local.C, local.W[12]); + P(local.C, local.D, local.E, local.A, local.B, local.W[13]); + P(local.B, local.C, local.D, local.E, local.A, local.W[14]); + P(local.A, local.B, local.C, local.D, local.E, local.W[15]); + P(local.E, local.A, local.B, local.C, local.D, R(16)); + P(local.D, local.E, local.A, local.B, local.C, R(17)); + P(local.C, local.D, local.E, local.A, local.B, R(18)); + P(local.B, local.C, local.D, local.E, local.A, R(19)); #undef K #undef F @@ -204,26 +197,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, #define F(x,y,z) ((x) ^ (y) ^ (z)) #define K 0x6ED9EBA1 - P( local.A, local.B, local.C, local.D, local.E, R(20) ); - P( local.E, local.A, local.B, local.C, local.D, R(21) ); - P( local.D, local.E, local.A, local.B, local.C, R(22) ); - P( local.C, local.D, local.E, local.A, local.B, R(23) ); - P( local.B, local.C, local.D, local.E, local.A, R(24) ); - P( local.A, local.B, local.C, local.D, local.E, R(25) ); - P( local.E, local.A, local.B, local.C, local.D, R(26) ); - P( local.D, local.E, local.A, local.B, local.C, R(27) ); - P( local.C, local.D, local.E, local.A, local.B, R(28) ); - P( local.B, local.C, local.D, local.E, local.A, R(29) ); - P( local.A, local.B, local.C, local.D, local.E, R(30) ); - P( local.E, local.A, local.B, local.C, local.D, R(31) ); - P( local.D, local.E, local.A, local.B, local.C, R(32) ); - P( local.C, local.D, local.E, local.A, local.B, R(33) ); - P( local.B, local.C, local.D, local.E, local.A, R(34) ); - P( local.A, local.B, local.C, local.D, local.E, R(35) ); - P( local.E, local.A, local.B, local.C, local.D, R(36) ); - P( local.D, local.E, local.A, local.B, local.C, R(37) ); - P( local.C, local.D, local.E, local.A, local.B, R(38) ); - P( local.B, local.C, local.D, local.E, local.A, R(39) ); + P(local.A, local.B, local.C, local.D, local.E, R(20)); + P(local.E, local.A, local.B, local.C, local.D, R(21)); + P(local.D, local.E, local.A, local.B, local.C, R(22)); + P(local.C, local.D, local.E, local.A, local.B, R(23)); + P(local.B, local.C, local.D, local.E, local.A, R(24)); + P(local.A, local.B, local.C, local.D, local.E, R(25)); + P(local.E, local.A, local.B, local.C, local.D, R(26)); + P(local.D, local.E, local.A, local.B, local.C, R(27)); + P(local.C, local.D, local.E, local.A, local.B, R(28)); + P(local.B, local.C, local.D, local.E, local.A, R(29)); + P(local.A, local.B, local.C, local.D, local.E, R(30)); + P(local.E, local.A, local.B, local.C, local.D, R(31)); + P(local.D, local.E, local.A, local.B, local.C, R(32)); + P(local.C, local.D, local.E, local.A, local.B, R(33)); + P(local.B, local.C, local.D, local.E, local.A, R(34)); + P(local.A, local.B, local.C, local.D, local.E, R(35)); + P(local.E, local.A, local.B, local.C, local.D, R(36)); + P(local.D, local.E, local.A, local.B, local.C, R(37)); + P(local.C, local.D, local.E, local.A, local.B, R(38)); + P(local.B, local.C, local.D, local.E, local.A, R(39)); #undef K #undef F @@ -231,26 +224,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, #define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y)))) #define K 0x8F1BBCDC - P( local.A, local.B, local.C, local.D, local.E, R(40) ); - P( local.E, local.A, local.B, local.C, local.D, R(41) ); - P( local.D, local.E, local.A, local.B, local.C, R(42) ); - P( local.C, local.D, local.E, local.A, local.B, R(43) ); - P( local.B, local.C, local.D, local.E, local.A, R(44) ); - P( local.A, local.B, local.C, local.D, local.E, R(45) ); - P( local.E, local.A, local.B, local.C, local.D, R(46) ); - P( local.D, local.E, local.A, local.B, local.C, R(47) ); - P( local.C, local.D, local.E, local.A, local.B, R(48) ); - P( local.B, local.C, local.D, local.E, local.A, R(49) ); - P( local.A, local.B, local.C, local.D, local.E, R(50) ); - P( local.E, local.A, local.B, local.C, local.D, R(51) ); - P( local.D, local.E, local.A, local.B, local.C, R(52) ); - P( local.C, local.D, local.E, local.A, local.B, R(53) ); - P( local.B, local.C, local.D, local.E, local.A, R(54) ); - P( local.A, local.B, local.C, local.D, local.E, R(55) ); - P( local.E, local.A, local.B, local.C, local.D, R(56) ); - P( local.D, local.E, local.A, local.B, local.C, R(57) ); - P( local.C, local.D, local.E, local.A, local.B, R(58) ); - P( local.B, local.C, local.D, local.E, local.A, R(59) ); + P(local.A, local.B, local.C, local.D, local.E, R(40)); + P(local.E, local.A, local.B, local.C, local.D, R(41)); + P(local.D, local.E, local.A, local.B, local.C, R(42)); + P(local.C, local.D, local.E, local.A, local.B, R(43)); + P(local.B, local.C, local.D, local.E, local.A, R(44)); + P(local.A, local.B, local.C, local.D, local.E, R(45)); + P(local.E, local.A, local.B, local.C, local.D, R(46)); + P(local.D, local.E, local.A, local.B, local.C, R(47)); + P(local.C, local.D, local.E, local.A, local.B, R(48)); + P(local.B, local.C, local.D, local.E, local.A, R(49)); + P(local.A, local.B, local.C, local.D, local.E, R(50)); + P(local.E, local.A, local.B, local.C, local.D, R(51)); + P(local.D, local.E, local.A, local.B, local.C, R(52)); + P(local.C, local.D, local.E, local.A, local.B, R(53)); + P(local.B, local.C, local.D, local.E, local.A, R(54)); + P(local.A, local.B, local.C, local.D, local.E, R(55)); + P(local.E, local.A, local.B, local.C, local.D, R(56)); + P(local.D, local.E, local.A, local.B, local.C, R(57)); + P(local.C, local.D, local.E, local.A, local.B, R(58)); + P(local.B, local.C, local.D, local.E, local.A, R(59)); #undef K #undef F @@ -258,26 +251,26 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, #define F(x,y,z) ((x) ^ (y) ^ (z)) #define K 0xCA62C1D6 - P( local.A, local.B, local.C, local.D, local.E, R(60) ); - P( local.E, local.A, local.B, local.C, local.D, R(61) ); - P( local.D, local.E, local.A, local.B, local.C, R(62) ); - P( local.C, local.D, local.E, local.A, local.B, R(63) ); - P( local.B, local.C, local.D, local.E, local.A, R(64) ); - P( local.A, local.B, local.C, local.D, local.E, R(65) ); - P( local.E, local.A, local.B, local.C, local.D, R(66) ); - P( local.D, local.E, local.A, local.B, local.C, R(67) ); - P( local.C, local.D, local.E, local.A, local.B, R(68) ); - P( local.B, local.C, local.D, local.E, local.A, R(69) ); - P( local.A, local.B, local.C, local.D, local.E, R(70) ); - P( local.E, local.A, local.B, local.C, local.D, R(71) ); - P( local.D, local.E, local.A, local.B, local.C, R(72) ); - P( local.C, local.D, local.E, local.A, local.B, R(73) ); - P( local.B, local.C, local.D, local.E, local.A, R(74) ); - P( local.A, local.B, local.C, local.D, local.E, R(75) ); - P( local.E, local.A, local.B, local.C, local.D, R(76) ); - P( local.D, local.E, local.A, local.B, local.C, R(77) ); - P( local.C, local.D, local.E, local.A, local.B, R(78) ); - P( local.B, local.C, local.D, local.E, local.A, R(79) ); + P(local.A, local.B, local.C, local.D, local.E, R(60)); + P(local.E, local.A, local.B, local.C, local.D, R(61)); + P(local.D, local.E, local.A, local.B, local.C, R(62)); + P(local.C, local.D, local.E, local.A, local.B, R(63)); + P(local.B, local.C, local.D, local.E, local.A, R(64)); + P(local.A, local.B, local.C, local.D, local.E, R(65)); + P(local.E, local.A, local.B, local.C, local.D, R(66)); + P(local.D, local.E, local.A, local.B, local.C, R(67)); + P(local.C, local.D, local.E, local.A, local.B, R(68)); + P(local.B, local.C, local.D, local.E, local.A, R(69)); + P(local.A, local.B, local.C, local.D, local.E, R(70)); + P(local.E, local.A, local.B, local.C, local.D, R(71)); + P(local.D, local.E, local.A, local.B, local.C, R(72)); + P(local.C, local.D, local.E, local.A, local.B, R(73)); + P(local.B, local.C, local.D, local.E, local.A, R(74)); + P(local.A, local.B, local.C, local.D, local.E, R(75)); + P(local.E, local.A, local.B, local.C, local.D, R(76)); + P(local.D, local.E, local.A, local.B, local.C, R(77)); + P(local.C, local.D, local.E, local.A, local.B, R(78)); + P(local.B, local.C, local.D, local.E, local.A, R(79)); #undef K #undef F @@ -289,16 +282,15 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, ctx->state[4] += local.E; /* Zeroise buffers and variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); +void mbedtls_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]) { + mbedtls_internal_sha1_process(ctx, data); } #endif #endif /* !MBEDTLS_SHA1_PROCESS_ALT */ @@ -306,19 +298,18 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, /* * SHA-1 process buffer */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA1_VALIDATE_RET(ctx != NULL); + SHA1_VALIDATE_RET(ilen == 0 || input != NULL); - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) + return (0); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -326,57 +317,53 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) ctx->total[1]++; - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *)(ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) + return (ret); input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_sha1_process(ctx, input)) != 0) + return (ret); input += 64; ilen -= 64; } - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) + memcpy((void *)(ctx->buffer + left), input, ilen); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); +void mbedtls_sha1_update(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_sha1_update_ret(ctx, input, ilen); } #endif /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ +int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; - SHA1_VALIDATE_RET( ctx != NULL ); - SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA1_VALIDATE_RET(ctx != NULL); + SHA1_VALIDATE_RET((unsigned char *)output != NULL); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -385,52 +372,48 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 56 ) - { + if (used <= 56) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + memset(ctx->buffer + used, 0, 56 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + memset(ctx->buffer + used, 0, 64 - used); - if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) + return (ret); - memset( ctx->buffer, 0, 56 ); + memset(ctx->buffer, 0, 56); } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - PUT_UINT32_BE( high, ctx->buffer, 56 ); - PUT_UINT32_BE( low, ctx->buffer, 60 ); + PUT_UINT32_BE(high, ctx->buffer, 56); + PUT_UINT32_BE(low, ctx->buffer, 60); - if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) + return (ret); /* * Output final state */ - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); + PUT_UINT32_BE(ctx->state[0], output, 0); + PUT_UINT32_BE(ctx->state[1], output, 4); + PUT_UINT32_BE(ctx->state[2], output, 8); + PUT_UINT32_BE(ctx->state[3], output, 12); + PUT_UINT32_BE(ctx->state[4], output, 16); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); +void mbedtls_sha1_finish(mbedtls_sha1_context *ctx, + unsigned char output[20]) { + mbedtls_sha1_finish_ret(ctx, output); } #endif @@ -439,39 +422,37 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, /* * output = SHA-1( input buffer ) */ -int mbedtls_sha1_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ +int mbedtls_sha1_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha1_context ctx; - SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA1_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA1_VALIDATE_RET(ilen == 0 || input != NULL); + SHA1_VALIDATE_RET((unsigned char *)output != NULL); - mbedtls_sha1_init( &ctx ); + mbedtls_sha1_init(&ctx); - if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) goto exit; - if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha1_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_sha1_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_sha1_free( &ctx ); + mbedtls_sha1_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ) -{ - mbedtls_sha1_ret( input, ilen, output ); +void mbedtls_sha1(const unsigned char *input, + size_t ilen, + unsigned char output[20]) { + mbedtls_sha1_ret(input, ilen, output); } #endif @@ -479,96 +460,92 @@ void mbedtls_sha1( const unsigned char *input, /* * FIPS-180-1 test vectors */ -static const unsigned char sha1_test_buf[3][57] = -{ +static const unsigned char sha1_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, { "" } }; -static const size_t sha1_test_buflen[3] = -{ +static const size_t sha1_test_buflen[3] = { 3, 56, 1000 }; -static const unsigned char sha1_test_sum[3][20] = -{ - { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, - 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D }, - { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, - 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 }, - { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, - 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F } +static const unsigned char sha1_test_sum[3][20] = { + { + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E, + 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D + }, + { + 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE, + 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 + }, + { + 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E, + 0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F + } }; /* * Checkup routine */ -int mbedtls_sha1_self_test( int verbose ) -{ +int mbedtls_sha1_self_test(int verbose) { int i, j, buflen, ret = 0; unsigned char buf[1024]; unsigned char sha1sum[20]; mbedtls_sha1_context ctx; - mbedtls_sha1_init( &ctx ); + mbedtls_sha1_init(&ctx); /* * SHA-1 */ - for( i = 0; i < 3; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); + for (i = 0; i < 3; i++) { + if (verbose != 0) + mbedtls_printf(" SHA-1 test #%d: ", i + 1); - if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) + if ((ret = mbedtls_sha1_starts_ret(&ctx)) != 0) goto fail; - if( i == 2 ) - { - memset( buf, 'a', buflen = 1000 ); + if (i == 2) { + memset(buf, 'a', buflen = 1000); - for( j = 0; j < 1000; j++ ) - { - ret = mbedtls_sha1_update_ret( &ctx, buf, buflen ); - if( ret != 0 ) + for (j = 0; j < 1000; j++) { + ret = mbedtls_sha1_update_ret(&ctx, buf, buflen); + if (ret != 0) goto fail; } - } - else - { - ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ); - if( ret != 0 ) + } else { + ret = mbedtls_sha1_update_ret(&ctx, sha1_test_buf[i], + sha1_test_buflen[i]); + if (ret != 0) goto fail; } - if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 ) + if ((ret = mbedtls_sha1_finish_ret(&ctx, sha1sum)) != 0) goto fail; - if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - { + if (memcmp(sha1sum, sha1_test_sum[i], 20) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); goto exit; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); exit: - mbedtls_sha1_free( &ctx ); + mbedtls_sha1_free(&ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/sha1.h b/common/mbedtls/sha1.h index 86a3d06bf..4a9d7565b 100644 --- a/common/mbedtls/sha1.h +++ b/common/mbedtls/sha1.h @@ -58,8 +58,7 @@ extern "C" { * stronger message digests instead. * */ -typedef struct mbedtls_sha1_context -{ +typedef struct mbedtls_sha1_context { uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[5]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ @@ -81,7 +80,7 @@ mbedtls_sha1_context; * This must not be \c NULL. * */ -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); +void mbedtls_sha1_init(mbedtls_sha1_context *ctx); /** * \brief This function clears a SHA-1 context. @@ -96,7 +95,7 @@ void mbedtls_sha1_init( mbedtls_sha1_context *ctx ); * SHA-1 context. * */ -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); +void mbedtls_sha1_free(mbedtls_sha1_context *ctx); /** * \brief This function clones the state of a SHA-1 context. @@ -109,8 +108,8 @@ void mbedtls_sha1_free( mbedtls_sha1_context *ctx ); * \param src The SHA-1 context to clone from. This must be initialized. * */ -void mbedtls_sha1_clone( mbedtls_sha1_context *dst, - const mbedtls_sha1_context *src ); +void mbedtls_sha1_clone(mbedtls_sha1_context *dst, + const mbedtls_sha1_context *src); /** * \brief This function starts a SHA-1 checksum calculation. @@ -125,7 +124,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * \return A negative error code on failure. * */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts_ret(mbedtls_sha1_context *ctx); /** * \brief This function feeds an input buffer into an ongoing SHA-1 @@ -144,9 +143,9 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha1_update_ret(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-1 operation, and writes @@ -164,8 +163,8 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, - unsigned char output[20] ); +int mbedtls_sha1_finish_ret(mbedtls_sha1_context *ctx, + unsigned char output[20]); /** * \brief SHA-1 process data block (internal use only). @@ -182,8 +181,8 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, * \return A negative error code on failure. * */ -int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -203,7 +202,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * \param ctx The SHA-1 context to initialize. This must be initialized. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); +MBEDTLS_DEPRECATED void mbedtls_sha1_starts(mbedtls_sha1_context *ctx); /** * \brief This function feeds an input buffer into an ongoing SHA-1 @@ -222,9 +221,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * \param ilen The length of the input data \p input in Bytes. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_sha1_update(mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-1 operation, and writes @@ -241,8 +240,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx, * \param output The SHA-1 checksum result. * This must be a writable buffer of length \c 20 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ); +MBEDTLS_DEPRECATED void mbedtls_sha1_finish(mbedtls_sha1_context *ctx, + unsigned char output[20]); /** * \brief SHA-1 process data block (internal use only). @@ -258,8 +257,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, * This must be a readable buffer of length \c 64 bytes. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_sha1_process(mbedtls_sha1_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -287,9 +286,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, * \return A negative error code on failure. * */ -int mbedtls_sha1_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +int mbedtls_sha1_ret(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -319,9 +318,9 @@ int mbedtls_sha1_ret( const unsigned char *input, * buffer of size \c 20 Bytes. * */ -MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +MBEDTLS_DEPRECATED void mbedtls_sha1(const unsigned char *input, + size_t ilen, + unsigned char output[20]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -339,7 +338,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input, * \return \c 1 on failure. * */ -int mbedtls_sha1_self_test( int verbose ); +int mbedtls_sha1_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/sha256.c b/common/mbedtls/sha256.c index be373d9cb..a8acc781b 100644 --- a/common/mbedtls/sha256.c +++ b/common/mbedtls/sha256.c @@ -73,26 +73,23 @@ do { \ } while( 0 ) #endif -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) -{ - SHA256_VALIDATE( ctx != NULL ); +void mbedtls_sha256_init(mbedtls_sha256_context *ctx) { + SHA256_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha256_context)); } -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_sha256_free(mbedtls_sha256_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context)); } -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ) -{ - SHA256_VALIDATE( dst != NULL ); - SHA256_VALIDATE( src != NULL ); +void mbedtls_sha256_clone(mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src) { + SHA256_VALIDATE(dst != NULL); + SHA256_VALIDATE(src != NULL); *dst = *src; } @@ -100,16 +97,14 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) -{ - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); +int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224) { + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET(is224 == 0 || is224 == 1); ctx->total[0] = 0; ctx->total[1] = 0; - if( is224 == 0 ) - { + if (is224 == 0) { /* SHA-256 */ ctx->state[0] = 0x6A09E667; ctx->state[1] = 0xBB67AE85; @@ -119,9 +114,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->state[5] = 0x9B05688C; ctx->state[6] = 0x1F83D9AB; ctx->state[7] = 0x5BE0CD19; - } - else - { + } else { /* SHA-224 */ ctx->state[0] = 0xC1059ED8; ctx->state[1] = 0x367CD507; @@ -135,20 +128,18 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) ctx->is224 = is224; - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); +void mbedtls_sha256_starts(mbedtls_sha256_context *ctx, + int is224) { + mbedtls_sha256_starts_ret(ctx, is224); } #endif #if !defined(MBEDTLS_SHA256_PROCESS_ALT) -static const uint32_t K[] = -{ +static const uint32_t K[] = { 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, @@ -193,99 +184,97 @@ static const uint32_t K[] = (d) += local.temp1; (h) = local.temp1 + local.temp2; \ } while( 0 ) -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - struct - { +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]) { + struct { uint32_t temp1, temp2, W[64]; uint32_t A[8]; } local; unsigned int i; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET((const unsigned char *)data != NULL); - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) local.A[i] = ctx->state[i]; #if defined(MBEDTLS_SHA256_SMALLER) - for( i = 0; i < 64; i++ ) - { - if( i < 16 ) - GET_UINT32_BE( local.W[i], data, 4 * i ); + for (i = 0; i < 64; i++) { + if (i < 16) + GET_UINT32_BE(local.W[i], data, 4 * i); else - R( i ); + R(i); - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i], K[i]); - local.temp1 = local.A[7]; local.A[7] = local.A[6]; - local.A[6] = local.A[5]; local.A[5] = local.A[4]; - local.A[4] = local.A[3]; local.A[3] = local.A[2]; - local.A[2] = local.A[1]; local.A[1] = local.A[0]; + local.temp1 = local.A[7]; + local.A[7] = local.A[6]; + local.A[6] = local.A[5]; + local.A[5] = local.A[4]; + local.A[4] = local.A[3]; + local.A[3] = local.A[2]; + local.A[2] = local.A[1]; + local.A[1] = local.A[0]; local.A[0] = local.temp1; } #else /* MBEDTLS_SHA256_SMALLER */ - for( i = 0; i < 16; i++ ) - GET_UINT32_BE( local.W[i], data, 4 * i ); + for (i = 0; i < 16; i++) + GET_UINT32_BE(local.W[i], data, 4 * i); - for( i = 0; i < 16; i += 8 ) - { - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] ); - P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], - local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] ); - P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], - local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] ); - P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], - local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] ); - P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], - local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] ); - P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], - local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] ); - P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], - local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] ); - P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], - local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] ); + for (i = 0; i < 16; i += 8) { + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i + 0], K[i + 0]); + P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], + local.A[4], local.A[5], local.A[6], local.W[i + 1], K[i + 1]); + P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], + local.A[3], local.A[4], local.A[5], local.W[i + 2], K[i + 2]); + P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], + local.A[2], local.A[3], local.A[4], local.W[i + 3], K[i + 3]); + P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], + local.A[1], local.A[2], local.A[3], local.W[i + 4], K[i + 4]); + P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], + local.A[0], local.A[1], local.A[2], local.W[i + 5], K[i + 5]); + P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], + local.A[7], local.A[0], local.A[1], local.W[i + 6], K[i + 6]); + P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], + local.A[6], local.A[7], local.A[0], local.W[i + 7], K[i + 7]); } - for( i = 16; i < 64; i += 8 ) - { - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] ); - P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], - local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] ); - P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], - local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] ); - P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], - local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] ); - P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], - local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] ); - P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], - local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] ); - P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], - local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] ); - P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], - local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] ); + for (i = 16; i < 64; i += 8) { + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], R(i + 0), K[i + 0]); + P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], + local.A[4], local.A[5], local.A[6], R(i + 1), K[i + 1]); + P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], + local.A[3], local.A[4], local.A[5], R(i + 2), K[i + 2]); + P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], + local.A[2], local.A[3], local.A[4], R(i + 3), K[i + 3]); + P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], + local.A[1], local.A[2], local.A[3], R(i + 4), K[i + 4]); + P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], + local.A[0], local.A[1], local.A[2], R(i + 5), K[i + 5]); + P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], + local.A[7], local.A[0], local.A[1], R(i + 6), K[i + 6]); + P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], + local.A[6], local.A[7], local.A[0], R(i + 7), K[i + 7]); } #endif /* MBEDTLS_SHA256_SMALLER */ - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) ctx->state[i] += local.A[i]; /* Zeroise buffers and variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); +void mbedtls_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]) { + mbedtls_internal_sha256_process(ctx, data); } #endif #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ @@ -293,19 +282,18 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; uint32_t left; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET(ilen == 0 || input != NULL); - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) + return (0); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -313,57 +301,53 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, ctx->total[0] += (uint32_t) ilen; ctx->total[0] &= 0xFFFFFFFF; - if( ctx->total[0] < (uint32_t) ilen ) + if (ctx->total[0] < (uint32_t) ilen) ctx->total[1]++; - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *)(ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) + return (ret); input += fill; ilen -= fill; left = 0; } - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 64) { + if ((ret = mbedtls_internal_sha256_process(ctx, input)) != 0) + return (ret); input += 64; ilen -= 64; } - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) + memcpy((void *)(ctx->buffer + left), input, ilen); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); +void mbedtls_sha256_update(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_sha256_update_ret(ctx, input, ilen); } #endif /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ +int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, + unsigned char output[32]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; uint32_t high, low; - SHA256_VALIDATE_RET( ctx != NULL ); - SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET(ctx != NULL); + SHA256_VALIDATE_RET((unsigned char *)output != NULL); /* * Add padding: 0x80 then 0x00 until 8 bytes remain for the length @@ -372,57 +356,53 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 56 ) - { + if (used <= 56) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); - } - else - { + memset(ctx->buffer + used, 0, 56 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + memset(ctx->buffer + used, 0, 64 - used); - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) + return (ret); - memset( ctx->buffer, 0, 56 ); + memset(ctx->buffer, 0, 56); } /* * Add message length */ - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 29) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - PUT_UINT32_BE( high, ctx->buffer, 56 ); - PUT_UINT32_BE( low, ctx->buffer, 60 ); + PUT_UINT32_BE(high, ctx->buffer, 56); + PUT_UINT32_BE(low, ctx->buffer, 60); - if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) + return (ret); /* * Output final state */ - PUT_UINT32_BE( ctx->state[0], output, 0 ); - PUT_UINT32_BE( ctx->state[1], output, 4 ); - PUT_UINT32_BE( ctx->state[2], output, 8 ); - PUT_UINT32_BE( ctx->state[3], output, 12 ); - PUT_UINT32_BE( ctx->state[4], output, 16 ); - PUT_UINT32_BE( ctx->state[5], output, 20 ); - PUT_UINT32_BE( ctx->state[6], output, 24 ); + PUT_UINT32_BE(ctx->state[0], output, 0); + PUT_UINT32_BE(ctx->state[1], output, 4); + PUT_UINT32_BE(ctx->state[2], output, 8); + PUT_UINT32_BE(ctx->state[3], output, 12); + PUT_UINT32_BE(ctx->state[4], output, 16); + PUT_UINT32_BE(ctx->state[5], output, 20); + PUT_UINT32_BE(ctx->state[6], output, 24); - if( ctx->is224 == 0 ) - PUT_UINT32_BE( ctx->state[7], output, 28 ); + if (ctx->is224 == 0) + PUT_UINT32_BE(ctx->state[7], output, 28); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); +void mbedtls_sha256_finish(mbedtls_sha256_context *ctx, + unsigned char output[32]) { + mbedtls_sha256_finish_ret(ctx, output); } #endif @@ -431,42 +411,40 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, /* * output = SHA-256( input buffer ) */ -int mbedtls_sha256_ret( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ) -{ +int mbedtls_sha256_ret(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha256_context ctx; - SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); - SHA256_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA256_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA256_VALIDATE_RET(is224 == 0 || is224 == 1); + SHA256_VALIDATE_RET(ilen == 0 || input != NULL); + SHA256_VALIDATE_RET((unsigned char *)output != NULL); - mbedtls_sha256_init( &ctx ); + mbedtls_sha256_init(&ctx); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) + if ((ret = mbedtls_sha256_starts_ret(&ctx, is224)) != 0) goto exit; - if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha256_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_sha256_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_sha256_free( &ctx ); + mbedtls_sha256_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ) -{ - mbedtls_sha256_ret( input, ilen, output, is224 ); +void mbedtls_sha256(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224) { + mbedtls_sha256_ret(input, ilen, output, is224); } #endif @@ -474,133 +452,134 @@ void mbedtls_sha256( const unsigned char *input, /* * FIPS-180-2 test vectors */ -static const unsigned char sha256_test_buf[3][57] = -{ +static const unsigned char sha256_test_buf[3][57] = { { "abc" }, { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, { "" } }; -static const size_t sha256_test_buflen[3] = -{ +static const size_t sha256_test_buflen[3] = { 3, 56, 1000 }; -static const unsigned char sha256_test_sum[6][32] = -{ +static const unsigned char sha256_test_sum[6][32] = { /* * SHA-224 test vectors */ - { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, - 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3, - 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, - 0xE3, 0x6C, 0x9D, 0xA7 }, - { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, - 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50, - 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, - 0x52, 0x52, 0x25, 0x25 }, - { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8, - 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, - 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, - 0x4E, 0xE7, 0xAD, 0x67 }, + { + 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, + 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3, + 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, + 0xE3, 0x6C, 0x9D, 0xA7 + }, + { + 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, + 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50, + 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, + 0x52, 0x52, 0x25, 0x25 + }, + { + 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8, + 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B, + 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE, + 0x4E, 0xE7, 0xAD, 0x67 + }, /* * SHA-256 test vectors */ - { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, - 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, - 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, - 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD }, - { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, - 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, - 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, - 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 }, - { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92, - 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67, - 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E, - 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 } + { + 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, + 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, + 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, + 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD + }, + { + 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8, + 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39, + 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67, + 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 + }, + { + 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92, + 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67, + 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E, + 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 + } }; /* * Checkup routine */ -int mbedtls_sha256_self_test( int verbose ) -{ +int mbedtls_sha256_self_test(int verbose) { int i, j, k, buflen, ret = 0; unsigned char *buf; unsigned char sha256sum[32]; mbedtls_sha256_context ctx; - buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); - if( NULL == buf ) - { - if( verbose != 0 ) - mbedtls_printf( "Buffer allocation failed\n" ); + buf = mbedtls_calloc(1024, sizeof(unsigned char)); + if (NULL == buf) { + if (verbose != 0) + mbedtls_printf("Buffer allocation failed\n"); - return( 1 ); + return (1); } - mbedtls_sha256_init( &ctx ); + mbedtls_sha256_init(&ctx); - for( i = 0; i < 6; i++ ) - { + for (i = 0; i < 6; i++) { j = i % 3; k = i < 3; - if( verbose != 0 ) - mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); + if (verbose != 0) + mbedtls_printf(" SHA-%d test #%d: ", 256 - k * 32, j + 1); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) + if ((ret = mbedtls_sha256_starts_ret(&ctx, k)) != 0) goto fail; - if( j == 2 ) - { - memset( buf, 'a', buflen = 1000 ); + if (j == 2) { + memset(buf, 'a', buflen = 1000); - for( j = 0; j < 1000; j++ ) - { - ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); - if( ret != 0 ) + for (j = 0; j < 1000; j++) { + ret = mbedtls_sha256_update_ret(&ctx, buf, buflen); + if (ret != 0) goto fail; } - } - else - { - ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ); - if( ret != 0 ) - goto fail; + } else { + ret = mbedtls_sha256_update_ret(&ctx, sha256_test_buf[j], + sha256_test_buflen[j]); + if (ret != 0) + goto fail; } - if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) + if ((ret = mbedtls_sha256_finish_ret(&ctx, sha256sum)) != 0) goto fail; - if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) - { + if (memcmp(sha256sum, sha256_test_sum[i], 32 - k * 4) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); goto exit; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); exit: - mbedtls_sha256_free( &ctx ); - mbedtls_free( buf ); + mbedtls_sha256_free(&ctx); + mbedtls_free(buf); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/sha256.h b/common/mbedtls/sha256.h index 73d9544df..dc5308c7c 100644 --- a/common/mbedtls/sha256.h +++ b/common/mbedtls/sha256.h @@ -53,8 +53,7 @@ extern "C" { * checksum calculations. The choice between these two is * made in the call to mbedtls_sha256_starts_ret(). */ -typedef struct mbedtls_sha256_context -{ +typedef struct mbedtls_sha256_context { uint32_t total[2]; /*!< The number of Bytes processed. */ uint32_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[64]; /*!< The data block being processed. */ @@ -72,7 +71,7 @@ mbedtls_sha256_context; * * \param ctx The SHA-256 context to initialize. This must not be \c NULL. */ -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); +void mbedtls_sha256_init(mbedtls_sha256_context *ctx); /** * \brief This function clears a SHA-256 context. @@ -81,7 +80,7 @@ void mbedtls_sha256_init( mbedtls_sha256_context *ctx ); * case this function returns immediately. If it is not \c NULL, * it must point to an initialized SHA-256 context. */ -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); +void mbedtls_sha256_free(mbedtls_sha256_context *ctx); /** * \brief This function clones the state of a SHA-256 context. @@ -89,8 +88,8 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ); * \param dst The destination context. This must be initialized. * \param src The context to clone. This must be initialized. */ -void mbedtls_sha256_clone( mbedtls_sha256_context *dst, - const mbedtls_sha256_context *src ); +void mbedtls_sha256_clone(mbedtls_sha256_context *dst, + const mbedtls_sha256_context *src); /** * \brief This function starts a SHA-224 or SHA-256 checksum @@ -103,7 +102,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224); /** * \brief This function feeds an input buffer into an ongoing @@ -118,9 +117,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-256 operation, and writes @@ -134,8 +133,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ); +int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx, + unsigned char output[32]); /** * \brief This function processes a single data block within @@ -149,8 +148,8 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -168,8 +167,8 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ); +MBEDTLS_DEPRECATED void mbedtls_sha256_starts(mbedtls_sha256_context *ctx, + int is224); /** * \brief This function feeds an input buffer into an ongoing @@ -183,9 +182,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, * buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_sha256_update(mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-256 operation, and writes @@ -198,8 +197,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx, * \param output The SHA-224 or SHA-256 checksum result. This must be * a writable buffer of length \c 32 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ); +MBEDTLS_DEPRECATED void mbedtls_sha256_finish(mbedtls_sha256_context *ctx, + unsigned char output[32]); /** * \brief This function processes a single data block within @@ -212,8 +211,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, * \param data The buffer holding one block of data. This must be * a readable buffer of size \c 64 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); +MBEDTLS_DEPRECATED void mbedtls_sha256_process(mbedtls_sha256_context *ctx, + const unsigned char data[64]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -236,10 +235,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ -int mbedtls_sha256_ret( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ); +int mbedtls_sha256_ret(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -268,10 +267,10 @@ int mbedtls_sha256_ret( const unsigned char *input, * \param is224 Determines which function to use. This must be either * \c 0 for SHA-256, or \c 1 for SHA-224. */ -MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, - size_t ilen, - unsigned char output[32], - int is224 ); +MBEDTLS_DEPRECATED void mbedtls_sha256(const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -284,7 +283,7 @@ MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input, * \return \c 0 on success. * \return \c 1 on failure. */ -int mbedtls_sha256_self_test( int verbose ); +int mbedtls_sha256_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/sha512.c b/common/mbedtls/sha512.c index 06a628aed..f6038353e 100644 --- a/common/mbedtls/sha512.c +++ b/common/mbedtls/sha512.c @@ -31,9 +31,9 @@ #include "mbedtls/error.h" #if defined(_MSC_VER) || defined(__WATCOMC__) - #define UL64(x) x##ui64 +#define UL64(x) x##ui64 #else - #define UL64(x) x##ULL +#define UL64(x) x##ULL #endif #include @@ -88,34 +88,30 @@ #endif /* PUT_UINT64_BE */ #if defined(MBEDTLS_SHA512_SMALLER) -static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i ) -{ +static void sha512_put_uint64_be(uint64_t n, unsigned char *b, uint8_t i) { PUT_UINT64_BE(n, b, i); } #else #define sha512_put_uint64_be PUT_UINT64_BE #endif /* MBEDTLS_SHA512_SMALLER */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - SHA512_VALIDATE( ctx != NULL ); +void mbedtls_sha512_init(mbedtls_sha512_context *ctx) { + SHA512_VALIDATE(ctx != NULL); - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha512_context)); } -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_sha512_free(mbedtls_sha512_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha512_context)); } -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ) -{ - SHA512_VALIDATE( dst != NULL ); - SHA512_VALIDATE( src != NULL ); +void mbedtls_sha512_clone(mbedtls_sha512_context *dst, + const mbedtls_sha512_context *src) { + SHA512_VALIDATE(dst != NULL); + SHA512_VALIDATE(src != NULL); *dst = *src; } @@ -123,20 +119,18 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) -{ - SHA512_VALIDATE_RET( ctx != NULL ); +int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384) { + SHA512_VALIDATE_RET(ctx != NULL); #if !defined(MBEDTLS_SHA512_NO_SHA384) - SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + SHA512_VALIDATE_RET(is384 == 0 || is384 == 1); #else - SHA512_VALIDATE_RET( is384 == 0 ); + SHA512_VALIDATE_RET(is384 == 0); #endif ctx->total[0] = 0; ctx->total[1] = 0; - if( is384 == 0 ) - { + if (is384 == 0) { /* SHA-512 */ ctx->state[0] = UL64(0x6A09E667F3BCC908); ctx->state[1] = UL64(0xBB67AE8584CAA73B); @@ -146,11 +140,9 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) ctx->state[5] = UL64(0x9B05688C2B3E6C1F); ctx->state[6] = UL64(0x1F83D9ABFB41BD6B); ctx->state[7] = UL64(0x5BE0CD19137E2179); - } - else - { + } else { #if defined(MBEDTLS_SHA512_NO_SHA384) - return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_SHA512_BAD_INPUT_DATA); #else /* SHA-384 */ ctx->state[0] = UL64(0xCBBB9D5DC1059ED8); @@ -168,14 +160,13 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) ctx->is384 = is384; #endif - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); +void mbedtls_sha512_starts(mbedtls_sha512_context *ctx, + int is384) { + mbedtls_sha512_starts_ret(ctx, is384); } #endif @@ -184,8 +175,7 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, /* * Round constants */ -static const uint64_t K[80] = -{ +static const uint64_t K[80] = { UL64(0x428A2F98D728AE22), UL64(0x7137449123EF65CD), UL64(0xB5C0FBCFEC4D3B2F), UL64(0xE9B5DBA58189DBBC), UL64(0x3956C25BF348B538), UL64(0x59F111F1B605D019), @@ -228,18 +218,16 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]) { int i; - struct - { + struct { uint64_t temp1, temp2, W[80]; uint64_t A[8]; } local; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( (const unsigned char *)data != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); + SHA512_VALIDATE_RET((const unsigned char *)data != NULL); #define SHR(x,n) ((x) >> (n)) #define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n)))) @@ -261,80 +249,83 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, (d) += local.temp1; (h) = local.temp1 + local.temp2; \ } while( 0 ) - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) local.A[i] = ctx->state[i]; #if defined(MBEDTLS_SHA512_SMALLER) - for( i = 0; i < 80; i++ ) - { - if( i < 16 ) - { - GET_UINT64_BE( local.W[i], data, i << 3 ); - } - else - { + for (i = 0; i < 80; i++) { + if (i < 16) { + GET_UINT64_BE(local.W[i], data, i << 3); + } else { local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + - S0(local.W[i - 15]) + local.W[i - 16]; + S0(local.W[i - 15]) + local.W[i - 16]; } - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i], K[i]); - local.temp1 = local.A[7]; local.A[7] = local.A[6]; - local.A[6] = local.A[5]; local.A[5] = local.A[4]; - local.A[4] = local.A[3]; local.A[3] = local.A[2]; - local.A[2] = local.A[1]; local.A[1] = local.A[0]; + local.temp1 = local.A[7]; + local.A[7] = local.A[6]; + local.A[6] = local.A[5]; + local.A[5] = local.A[4]; + local.A[4] = local.A[3]; + local.A[3] = local.A[2]; + local.A[2] = local.A[1]; + local.A[1] = local.A[0]; local.A[0] = local.temp1; } #else /* MBEDTLS_SHA512_SMALLER */ - for( i = 0; i < 16; i++ ) - { - GET_UINT64_BE( local.W[i], data, i << 3 ); + for (i = 0; i < 16; i++) { + GET_UINT64_BE(local.W[i], data, i << 3); } - for( ; i < 80; i++ ) - { + for (; i < 80; i++) { local.W[i] = S1(local.W[i - 2]) + local.W[i - 7] + - S0(local.W[i - 15]) + local.W[i - 16]; + S0(local.W[i - 15]) + local.W[i - 16]; } i = 0; - do - { - P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], - local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); i++; - P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], - local.A[4], local.A[5], local.A[6], local.W[i], K[i] ); i++; - P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], - local.A[3], local.A[4], local.A[5], local.W[i], K[i] ); i++; - P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], - local.A[2], local.A[3], local.A[4], local.W[i], K[i] ); i++; - P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], - local.A[1], local.A[2], local.A[3], local.W[i], K[i] ); i++; - P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], - local.A[0], local.A[1], local.A[2], local.W[i], K[i] ); i++; - P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], - local.A[7], local.A[0], local.A[1], local.W[i], K[i] ); i++; - P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], - local.A[6], local.A[7], local.A[0], local.W[i], K[i] ); i++; - } - while( i < 80 ); + do { + P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], + local.A[5], local.A[6], local.A[7], local.W[i], K[i]); + i++; + P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], + local.A[4], local.A[5], local.A[6], local.W[i], K[i]); + i++; + P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], + local.A[3], local.A[4], local.A[5], local.W[i], K[i]); + i++; + P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], + local.A[2], local.A[3], local.A[4], local.W[i], K[i]); + i++; + P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], + local.A[1], local.A[2], local.A[3], local.W[i], K[i]); + i++; + P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], + local.A[0], local.A[1], local.A[2], local.W[i], K[i]); + i++; + P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], + local.A[7], local.A[0], local.A[1], local.W[i], K[i]); + i++; + P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], + local.A[6], local.A[7], local.A[0], local.W[i], K[i]); + i++; + } while (i < 80); #endif /* MBEDTLS_SHA512_SMALLER */ - for( i = 0; i < 8; i++ ) + for (i = 0; i < 8; i++) ctx->state[i] += local.A[i]; /* Zeroise buffers and variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); + mbedtls_platform_zeroize(&local, sizeof(local)); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); +void mbedtls_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]) { + mbedtls_internal_sha512_process(ctx, data); } #endif #endif /* !MBEDTLS_SHA512_PROCESS_ALT */ @@ -342,76 +333,71 @@ void mbedtls_sha512_process( mbedtls_sha512_context *ctx, /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ +int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t fill; unsigned int left; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); + SHA512_VALIDATE_RET(ilen == 0 || input != NULL); - if( ilen == 0 ) - return( 0 ); + if (ilen == 0) + return (0); - left = (unsigned int) (ctx->total[0] & 0x7F); + left = (unsigned int)(ctx->total[0] & 0x7F); fill = 128 - left; ctx->total[0] += (uint64_t) ilen; - if( ctx->total[0] < (uint64_t) ilen ) + if (ctx->total[0] < (uint64_t) ilen) ctx->total[1]++; - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), input, fill ); + if (left && ilen >= fill) { + memcpy((void *)(ctx->buffer + left), input, fill); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) + return (ret); input += fill; ilen -= fill; left = 0; } - while( ilen >= 128 ) - { - if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) - return( ret ); + while (ilen >= 128) { + if ((ret = mbedtls_internal_sha512_process(ctx, input)) != 0) + return (ret); input += 128; ilen -= 128; } - if( ilen > 0 ) - memcpy( (void *) (ctx->buffer + left), input, ilen ); + if (ilen > 0) + memcpy((void *)(ctx->buffer + left), input, ilen); - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); +void mbedtls_sha512_update(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen) { + mbedtls_sha512_update_ret(ctx, input, ilen); } #endif /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ +int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, + unsigned char output[64]) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; uint64_t high, low; - SHA512_VALIDATE_RET( ctx != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA512_VALIDATE_RET(ctx != NULL); + SHA512_VALIDATE_RET((unsigned char *)output != NULL); /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length @@ -420,61 +406,57 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, ctx->buffer[used++] = 0x80; - if( used <= 112 ) - { + if (used <= 112) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 112 - used ); - } - else - { + memset(ctx->buffer + used, 0, 112 - used); + } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 128 - used ); + memset(ctx->buffer + used, 0, 128 - used); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) + return (ret); - memset( ctx->buffer, 0, 112 ); + memset(ctx->buffer, 0, 112); } /* * Add message length */ - high = ( ctx->total[0] >> 61 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); + high = (ctx->total[0] >> 61) + | (ctx->total[1] << 3); + low = (ctx->total[0] << 3); - sha512_put_uint64_be( high, ctx->buffer, 112 ); - sha512_put_uint64_be( low, ctx->buffer, 120 ); + sha512_put_uint64_be(high, ctx->buffer, 112); + sha512_put_uint64_be(low, ctx->buffer, 120); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) + return (ret); /* * Output final state */ - sha512_put_uint64_be( ctx->state[0], output, 0 ); - sha512_put_uint64_be( ctx->state[1], output, 8 ); - sha512_put_uint64_be( ctx->state[2], output, 16 ); - sha512_put_uint64_be( ctx->state[3], output, 24 ); - sha512_put_uint64_be( ctx->state[4], output, 32 ); - sha512_put_uint64_be( ctx->state[5], output, 40 ); + sha512_put_uint64_be(ctx->state[0], output, 0); + sha512_put_uint64_be(ctx->state[1], output, 8); + sha512_put_uint64_be(ctx->state[2], output, 16); + sha512_put_uint64_be(ctx->state[3], output, 24); + sha512_put_uint64_be(ctx->state[4], output, 32); + sha512_put_uint64_be(ctx->state[5], output, 40); #if !defined(MBEDTLS_SHA512_NO_SHA384) - if( ctx->is384 == 0 ) + if (ctx->is384 == 0) #endif { - sha512_put_uint64_be( ctx->state[6], output, 48 ); - sha512_put_uint64_be( ctx->state[7], output, 56 ); + sha512_put_uint64_be(ctx->state[6], output, 48); + sha512_put_uint64_be(ctx->state[7], output, 56); } - return( 0 ); + return (0); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); +void mbedtls_sha512_finish(mbedtls_sha512_context *ctx, + unsigned char output[64]) { + mbedtls_sha512_finish_ret(ctx, output); } #endif @@ -483,46 +465,44 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, /* * output = SHA-512( input buffer ) */ -int mbedtls_sha512_ret( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ) -{ +int mbedtls_sha512_ret(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha512_context ctx; #if !defined(MBEDTLS_SHA512_NO_SHA384) - SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); + SHA512_VALIDATE_RET(is384 == 0 || is384 == 1); #else - SHA512_VALIDATE_RET( is384 == 0 ); + SHA512_VALIDATE_RET(is384 == 0); #endif - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); + SHA512_VALIDATE_RET(ilen == 0 || input != NULL); + SHA512_VALIDATE_RET((unsigned char *)output != NULL); - mbedtls_sha512_init( &ctx ); + mbedtls_sha512_init(&ctx); - if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) + if ((ret = mbedtls_sha512_starts_ret(&ctx, is384)) != 0) goto exit; - if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha512_update_ret(&ctx, input, ilen)) != 0) goto exit; - if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 ) + if ((ret = mbedtls_sha512_finish_ret(&ctx, output)) != 0) goto exit; exit: - mbedtls_sha512_free( &ctx ); + mbedtls_sha512_free(&ctx); - return( ret ); + return (ret); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ) -{ - mbedtls_sha512_ret( input, ilen, output, is384 ); +void mbedtls_sha512(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384) { + mbedtls_sha512_ret(input, ilen, output, is384); } #endif @@ -531,71 +511,80 @@ void mbedtls_sha512( const unsigned char *input, /* * FIPS-180-2 test vectors */ -static const unsigned char sha512_test_buf[3][113] = -{ +static const unsigned char sha512_test_buf[3][113] = { { "abc" }, { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" }, { "" } }; -static const size_t sha512_test_buflen[3] = -{ +static const size_t sha512_test_buflen[3] = { 3, 112, 1000 }; -static const unsigned char sha512_test_sum[][64] = -{ +static const unsigned char sha512_test_sum[][64] = { #if !defined(MBEDTLS_SHA512_NO_SHA384) /* * SHA-384 test vectors */ - { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B, - 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07, - 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63, - 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED, - 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23, - 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 }, - { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8, - 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47, - 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2, - 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12, - 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9, - 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 }, - { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB, - 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C, - 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52, - 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B, - 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB, - 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 }, + { + 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B, + 0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07, + 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63, + 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED, + 0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23, + 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 + }, + { + 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8, + 0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47, + 0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2, + 0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12, + 0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9, + 0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 + }, + { + 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB, + 0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C, + 0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52, + 0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B, + 0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB, + 0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 + }, #endif /* !MBEDTLS_SHA512_NO_SHA384 */ /* * SHA-512 test vectors */ - { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, - 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31, - 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, - 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, - 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8, - 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, - 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, - 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F }, - { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA, - 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F, - 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1, - 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18, - 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4, - 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A, - 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54, - 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 }, - { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64, - 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63, - 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28, - 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB, - 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A, - 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B, - 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E, - 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B } + { + 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, + 0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31, + 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2, + 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, + 0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8, + 0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD, + 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E, + 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F + }, + { + 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA, + 0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F, + 0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1, + 0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18, + 0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4, + 0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A, + 0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54, + 0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 + }, + { + 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64, + 0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63, + 0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28, + 0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB, + 0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A, + 0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B, + 0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E, + 0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B + } }; #define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) ) @@ -603,26 +592,23 @@ static const unsigned char sha512_test_sum[][64] = /* * Checkup routine */ -int mbedtls_sha512_self_test( int verbose ) -{ +int mbedtls_sha512_self_test(int verbose) { int i, j, k, buflen, ret = 0; unsigned char *buf; unsigned char sha512sum[64]; mbedtls_sha512_context ctx; - buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); - if( NULL == buf ) - { - if( verbose != 0 ) - mbedtls_printf( "Buffer allocation failed\n" ); + buf = mbedtls_calloc(1024, sizeof(unsigned char)); + if (NULL == buf) { + if (verbose != 0) + mbedtls_printf("Buffer allocation failed\n"); - return( 1 ); + return (1); } - mbedtls_sha512_init( &ctx ); + mbedtls_sha512_init(&ctx); - for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ ) - { + for (i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++) { j = i % 3; #if !defined(MBEDTLS_SHA512_NO_SHA384) k = i < 3; @@ -630,58 +616,53 @@ int mbedtls_sha512_self_test( int verbose ) k = 0; #endif - if( verbose != 0 ) - mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); + if (verbose != 0) + mbedtls_printf(" SHA-%d test #%d: ", 512 - k * 128, j + 1); - if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 ) + if ((ret = mbedtls_sha512_starts_ret(&ctx, k)) != 0) goto fail; - if( j == 2 ) - { - memset( buf, 'a', buflen = 1000 ); + if (j == 2) { + memset(buf, 'a', buflen = 1000); - for( j = 0; j < 1000; j++ ) - { - ret = mbedtls_sha512_update_ret( &ctx, buf, buflen ); - if( ret != 0 ) + for (j = 0; j < 1000; j++) { + ret = mbedtls_sha512_update_ret(&ctx, buf, buflen); + if (ret != 0) goto fail; } - } - else - { - ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ); - if( ret != 0 ) + } else { + ret = mbedtls_sha512_update_ret(&ctx, sha512_test_buf[j], + sha512_test_buflen[j]); + if (ret != 0) goto fail; } - if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 ) + if ((ret = mbedtls_sha512_finish_ret(&ctx, sha512sum)) != 0) goto fail; - if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) - { + if (memcmp(sha512sum, sha512_test_sum[i], 64 - k * 16) != 0) { ret = 1; goto fail; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); goto exit; fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (verbose != 0) + mbedtls_printf("failed\n"); exit: - mbedtls_sha512_free( &ctx ); - mbedtls_free( buf ); + mbedtls_sha512_free(&ctx); + mbedtls_free(buf); - return( ret ); + return (ret); } #undef ARRAY_LENGTH diff --git a/common/mbedtls/sha512.h b/common/mbedtls/sha512.h index 4a8ab4256..10587bc85 100644 --- a/common/mbedtls/sha512.h +++ b/common/mbedtls/sha512.h @@ -52,8 +52,7 @@ extern "C" { * checksum calculations. The choice between these two is * made in the call to mbedtls_sha512_starts_ret(). */ -typedef struct mbedtls_sha512_context -{ +typedef struct mbedtls_sha512_context { uint64_t total[2]; /*!< The number of Bytes processed. */ uint64_t state[8]; /*!< The intermediate digest state. */ unsigned char buffer[128]; /*!< The data block being processed. */ @@ -74,7 +73,7 @@ mbedtls_sha512_context; * \param ctx The SHA-512 context to initialize. This must * not be \c NULL. */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); +void mbedtls_sha512_init(mbedtls_sha512_context *ctx); /** * \brief This function clears a SHA-512 context. @@ -84,7 +83,7 @@ void mbedtls_sha512_init( mbedtls_sha512_context *ctx ); * is not \c NULL, it must point to an initialized * SHA-512 context. */ -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); +void mbedtls_sha512_free(mbedtls_sha512_context *ctx); /** * \brief This function clones the state of a SHA-512 context. @@ -92,8 +91,8 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ); * \param dst The destination context. This must be initialized. * \param src The context to clone. This must be initialized. */ -void mbedtls_sha512_clone( mbedtls_sha512_context *dst, - const mbedtls_sha512_context *src ); +void mbedtls_sha512_clone(mbedtls_sha512_context *dst, + const mbedtls_sha512_context *src); /** * \brief This function starts a SHA-384 or SHA-512 checksum @@ -110,7 +109,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts_ret(mbedtls_sha512_context *ctx, int is384); /** * \brief This function feeds an input buffer into an ongoing @@ -125,9 +124,9 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha512_update_ret(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-512 operation, and writes @@ -141,8 +140,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ); +int mbedtls_sha512_finish_ret(mbedtls_sha512_context *ctx, + unsigned char output[64]); /** * \brief This function processes a single data block within @@ -156,8 +155,8 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ); +int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx, + const unsigned char data[128]); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) #define MBEDTLS_DEPRECATED __attribute__((deprecated)) @@ -177,8 +176,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must * be \c 0, or the function will fail to work. */ -MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ); +MBEDTLS_DEPRECATED void mbedtls_sha512_starts(mbedtls_sha512_context *ctx, + int is384); /** * \brief This function feeds an input buffer into an ongoing @@ -192,9 +191,9 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, * buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); +MBEDTLS_DEPRECATED void mbedtls_sha512_update(mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen); /** * \brief This function finishes the SHA-512 operation, and writes @@ -207,8 +206,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx, * \param output The SHA-384 or SHA-512 checksum result. This must * be a writable buffer of size \c 64 Bytes. */ -MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ); +MBEDTLS_DEPRECATED void mbedtls_sha512_finish(mbedtls_sha512_context *ctx, + unsigned char output[64]); /** * \brief This function processes a single data block within @@ -222,8 +221,8 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, * a readable buffer of length \c 128 Bytes. */ MBEDTLS_DEPRECATED void mbedtls_sha512_process( - mbedtls_sha512_context *ctx, - const unsigned char data[128] ); + mbedtls_sha512_context *ctx, + const unsigned char data[128]); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -253,10 +252,10 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_ret( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ); +int mbedtls_sha512_ret(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -288,23 +287,23 @@ int mbedtls_sha512_ret( const unsigned char *input, * \note When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must * be \c 0, or the function will fail to work. */ -MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input, - size_t ilen, - unsigned char output[64], - int is384 ); +MBEDTLS_DEPRECATED void mbedtls_sha512(const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_SELF_TEST) - /** - * \brief The SHA-384 or SHA-512 checkup routine. - * - * \return \c 0 on success. - * \return \c 1 on failure. - */ -int mbedtls_sha512_self_test( int verbose ); +/** +* \brief The SHA-384 or SHA-512 checkup routine. +* +* \return \c 0 on success. +* \return \c 1 on failure. +*/ +int mbedtls_sha512_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus diff --git a/common/mbedtls/ssl.h b/common/mbedtls/ssl.h index 7815ad9d0..7c78a698a 100644 --- a/common/mbedtls/ssl.h +++ b/common/mbedtls/ssl.h @@ -427,8 +427,7 @@ #endif /* Dummy type used only for its size */ -union mbedtls_ssl_premaster_secret -{ +union mbedtls_ssl_premaster_secret { #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */ #endif @@ -469,8 +468,7 @@ extern "C" { /* * SSL state machine */ -typedef enum -{ +typedef enum { MBEDTLS_SSL_HELLO_REQUEST, MBEDTLS_SSL_CLIENT_HELLO, MBEDTLS_SSL_SERVER_HELLO, @@ -496,13 +494,12 @@ mbedtls_ssl_states; /* * The tls_prf function types. */ -typedef enum -{ - MBEDTLS_SSL_TLS_PRF_NONE, - MBEDTLS_SSL_TLS_PRF_SSL3, - MBEDTLS_SSL_TLS_PRF_TLS1, - MBEDTLS_SSL_TLS_PRF_SHA384, - MBEDTLS_SSL_TLS_PRF_SHA256 +typedef enum { + MBEDTLS_SSL_TLS_PRF_NONE, + MBEDTLS_SSL_TLS_PRF_SSL3, + MBEDTLS_SSL_TLS_PRF_TLS1, + MBEDTLS_SSL_TLS_PRF_SHA384, + MBEDTLS_SSL_TLS_PRF_SHA256 } mbedtls_tls_prf_types; /** @@ -522,9 +519,9 @@ mbedtls_tls_prf_types; * \note The callback is allowed to send fewer bytes than requested. * It must always return the number of bytes actually sent. */ -typedef int mbedtls_ssl_send_t( void *ctx, - const unsigned char *buf, - size_t len ); +typedef int mbedtls_ssl_send_t(void *ctx, + const unsigned char *buf, + size_t len); /** * \brief Callback type: receive data from the network. @@ -545,9 +542,9 @@ typedef int mbedtls_ssl_send_t( void *ctx, * buffer. It must always return the number of bytes actually * received and written to the buffer. */ -typedef int mbedtls_ssl_recv_t( void *ctx, - unsigned char *buf, - size_t len ); +typedef int mbedtls_ssl_recv_t(void *ctx, + unsigned char *buf, + size_t len); /** * \brief Callback type: receive data from the network, with timeout @@ -571,10 +568,10 @@ typedef int mbedtls_ssl_recv_t( void *ctx, * buffer. It must always return the number of bytes actually * received and written to the buffer. */ -typedef int mbedtls_ssl_recv_timeout_t( void *ctx, - unsigned char *buf, - size_t len, - uint32_t timeout ); +typedef int mbedtls_ssl_recv_timeout_t(void *ctx, + unsigned char *buf, + size_t len, + uint32_t timeout); /** * \brief Callback type: set a pair of timers/delays to watch * @@ -597,9 +594,9 @@ typedef int mbedtls_ssl_recv_timeout_t( void *ctx, * function while a timer is running must cancel it. Cancelled * timers must not generate any event. */ -typedef void mbedtls_ssl_set_timer_t( void * ctx, - uint32_t int_ms, - uint32_t fin_ms ); +typedef void mbedtls_ssl_set_timer_t(void *ctx, + uint32_t int_ms, + uint32_t fin_ms); /** * \brief Callback type: get status of timers/delays @@ -612,7 +609,7 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, * 1 if only the intermediate delay has passed, * 2 if the final delay has passed. */ -typedef int mbedtls_ssl_get_timer_t( void * ctx ); +typedef int mbedtls_ssl_get_timer_t(void *ctx); /* Defined below */ typedef struct mbedtls_ssl_session mbedtls_ssl_session; @@ -703,11 +700,11 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; * use \c MBEDTLS_ERR_SSL_xxx error codes except as * directed in the documentation of this callback. */ -typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - mbedtls_md_type_t md_alg, - const unsigned char *hash, - size_t hash_len ); +typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *cert, + mbedtls_md_type_t md_alg, + const unsigned char *hash, + size_t hash_len); /** * \brief Callback type: start external decryption operation. @@ -769,10 +766,10 @@ typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, * use \c MBEDTLS_ERR_SSL_xxx error codes except as * directed in the documentation of this callback. */ -typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *cert, - const unsigned char *input, - size_t input_len ); +typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *cert, + const unsigned char *input, + size_t input_len); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -817,10 +814,10 @@ typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, * use \c MBEDTLS_ERR_SSL_xxx error codes except as * directed in the documentation of this callback. */ -typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, - unsigned char *output, - size_t *output_len, - size_t output_size ); +typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl, + unsigned char *output, + size_t *output_len, + size_t output_size); /** * \brief Callback type: cancel external operation. @@ -839,7 +836,7 @@ typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, * \param ssl The SSL connection instance. It should not be * modified. */ -typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); +typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ @@ -883,8 +880,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); typedef uint16_t mbedtls_ssl_srtp_profile; -typedef struct mbedtls_dtls_srtp_info_t -{ +typedef struct mbedtls_dtls_srtp_info_t { /*! The SRTP profile that was negotiated. */ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; /*! The length of mki_value. */ @@ -907,8 +903,7 @@ mbedtls_dtls_srtp_info; * mbedtls_ssl_session_save() and ssl_session_load() * ssl_session_copy() */ -struct mbedtls_ssl_session -{ +struct mbedtls_ssl_session { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t start; /*!< starting time */ #endif @@ -953,8 +948,7 @@ struct mbedtls_ssl_session /** * SSL/TLS configuration to be shared between mbedtls_ssl_context structures. */ -struct mbedtls_ssl_config -{ +struct mbedtls_ssl_config { /* Group items by size (largest first) to minimize padding overhead */ /* @@ -968,7 +962,7 @@ struct mbedtls_ssl_config void *p_dbg; /*!< context for the debug function */ /** Callback for getting (pseudo-)random numbers */ - int (*f_rng)(void *, unsigned char *, size_t); + int (*f_rng)(void *, unsigned char *, size_t); void *p_rng; /*!< context for the RNG function */ /** Callback to retrieve a session from the cache */ @@ -997,33 +991,33 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a cookie for ClientHello veirifcation */ - int (*f_cookie_write)( void *, unsigned char **, unsigned char *, - const unsigned char *, size_t ); + int (*f_cookie_write)(void *, unsigned char **, unsigned char *, + const unsigned char *, size_t); /** Callback to verify validity of a ClientHello cookie */ - int (*f_cookie_check)( void *, const unsigned char *, size_t, - const unsigned char *, size_t ); + int (*f_cookie_check)(void *, const unsigned char *, size_t, + const unsigned char *, size_t); void *p_cookie; /*!< context for the cookie callbacks */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a session ticket */ - int (*f_ticket_write)( void *, const mbedtls_ssl_session *, - unsigned char *, const unsigned char *, size_t *, uint32_t * ); + int (*f_ticket_write)(void *, const mbedtls_ssl_session *, + unsigned char *, const unsigned char *, size_t *, uint32_t *); /** Callback to parse a session ticket into a session structure */ - int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t); + int (*f_ticket_parse)(void *, mbedtls_ssl_session *, unsigned char *, size_t); void *p_ticket; /*!< context for the ticket callbacks */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) /** Callback to export key block and master secret */ - int (*f_export_keys)( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t ); + int (*f_export_keys)(void *, const unsigned char *, + const unsigned char *, size_t, size_t, size_t); /** Callback to export key block, master secret, * tls_prf and random bytes. Should replace f_export_keys */ - int (*f_export_keys_ext)( void *, const unsigned char *, - const unsigned char *, size_t, size_t, size_t, - const unsigned char[32], const unsigned char[32], - mbedtls_tls_prf_types ); + int (*f_export_keys_ext)(void *, const unsigned char *, + const unsigned char *, size_t, size_t, size_t, + const unsigned char[32], const unsigned char[32], + mbedtls_tls_prf_types); void *p_export_keys; /*!< context for key export callback */ #endif @@ -1196,8 +1190,7 @@ struct mbedtls_ssl_config #endif }; -struct mbedtls_ssl_context -{ +struct mbedtls_ssl_context { const mbedtls_ssl_config *conf; /*!< configuration information */ /* @@ -1227,7 +1220,7 @@ struct mbedtls_ssl_context mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ mbedtls_ssl_recv_timeout_t *f_recv_timeout; - /*!< Callback for network receive with timeout */ + /*!< Callback for network receive with timeout */ void *p_bio; /*!< context for I/O operations */ @@ -1411,24 +1404,24 @@ struct mbedtls_ssl_context #endif /* MBEDTLS_DEPRECATED_WARNING */ MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_init)( - mbedtls_ssl_context *ssl, - const unsigned char *key_enc, const unsigned char *key_dec, - size_t keylen, - const unsigned char *iv_enc, const unsigned char *iv_dec, - size_t ivlen, - const unsigned char *mac_enc, const unsigned char *mac_dec, - size_t maclen); + mbedtls_ssl_context *ssl, + const unsigned char *key_enc, const unsigned char *key_dec, + size_t keylen, + const unsigned char *iv_enc, const unsigned char *iv_dec, + size_t ivlen, + const unsigned char *mac_enc, const unsigned char *mac_dec, + size_t maclen); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_activate)( - mbedtls_ssl_context *ssl, - int direction ); + mbedtls_ssl_context *ssl, + int direction); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_reset)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_write)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_read)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)( - mbedtls_ssl_context *ssl ); + mbedtls_ssl_context *ssl); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ @@ -1443,7 +1436,7 @@ MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)( * * \return a string containing the ciphersuite name */ -const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); +const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id); /** * \brief Return the ID of the ciphersuite associated with the @@ -1453,7 +1446,7 @@ const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ); * * \return the ID with the ciphersuite or 0 if not found */ -int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); +int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name); /** * \brief Initialize an SSL context @@ -1462,7 +1455,7 @@ int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ); * * \param ssl SSL context */ -void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_init(mbedtls_ssl_context *ssl); /** * \brief Set up an SSL context for use @@ -1484,8 +1477,8 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ); * \return 0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if * memory allocation failed */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf ); +int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, + const mbedtls_ssl_config *conf); /** * \brief Reset an already initialized SSL context for re-use @@ -1497,7 +1490,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or * MBEDTLS_ERR_SSL_COMPRESSION_FAILED */ -int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl); /** * \brief Set the current endpoint type @@ -1505,7 +1498,7 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ); * \param conf SSL configuration * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER */ -void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); +void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint); /** * \brief Set the transport type (TLS or DTLS). @@ -1521,7 +1514,7 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ); * MBEDTLS_SSL_TRANSPORT_STREAM for TLS, * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. */ -void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); +void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport); /** * \brief Set the certificate verification mode @@ -1549,7 +1542,7 @@ void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ); * the verification as soon as possible. For example, REQUIRED was protecting * against the "triple handshake" attack even before it was found. */ -void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); +void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -1567,9 +1560,9 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); * \param f_vrfy The verification callback to use during CRT verification. * \param p_vrfy The opaque context to be passed to the callback. */ -void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1579,9 +1572,9 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, * \param f_rng RNG function * \param p_rng RNG parameter */ -void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Set the debug callback @@ -1597,9 +1590,9 @@ void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, * \param f_dbg debug function * \param p_dbg debug parameter */ -void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg ); +void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, + void (*f_dbg)(void *, int, const char *, int, const char *), + void *p_dbg); /** * \brief Set the underlying BIO callbacks for write, read and @@ -1631,11 +1624,11 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, * \c mbedtls_net_recv_timeout() that are suitable to be used * here. */ -void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout ); +void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -1725,10 +1718,10 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, * applies to the next handshake. * \return A negative error code on failure. */ -int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len ); +int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, + int enable, + unsigned char const *own_cid, + size_t own_cid_len); /** * \brief Get information about the use of the CID extension @@ -1767,10 +1760,10 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], - size_t *peer_cid_len ); +int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, + int *enabled, + unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], + size_t *peer_cid_len); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -1816,7 +1809,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, * \param ssl SSL context * \param mtu Value of the path MTU in bytes */ -void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); +void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1838,9 +1831,9 @@ void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ); * \param f_vrfy The verification callback to use during CRT verification. * \param p_vrfy The opaque context to be passed to the callback. */ -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); #endif /* MBEDTLS_X509_CRT_PARSE_C */ /** @@ -1859,7 +1852,7 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, * \note With non-blocking I/O, you may also skip this function * altogether and handle timeouts at the application layer. */ -void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); +void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout); #if defined(MBEDTLS_SSL_RECORD_CHECKING) /** @@ -1906,9 +1899,9 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) * In this case, the SSL context becomes unusable and needs * to be freed or reset before reuse. */ -int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen ); +int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t buflen); #endif /* MBEDTLS_SSL_RECORD_CHECKING */ /** @@ -1931,10 +1924,10 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, * \note See also the "DTLS tutorial" article in our knowledge base. * https://tls.mbed.org/kb/how-to/dtls-tutorial */ -void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer ); +void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, + void *p_timer, + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer); /** * \brief Callback type: generate and write session ticket @@ -1955,12 +1948,12 @@ void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. */ -typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *lifetime ); +typedef int mbedtls_ssl_ticket_write_t(void *p_ticket, + const mbedtls_ssl_session *session, + unsigned char *start, + const unsigned char *end, + size_t *tlen, + uint32_t *lifetime); #if defined(MBEDTLS_SSL_EXPORT_KEYS) /** @@ -1983,12 +1976,12 @@ typedef int mbedtls_ssl_ticket_write_t( void *p_ticket, * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. */ -typedef int mbedtls_ssl_export_keys_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen ); +typedef int mbedtls_ssl_export_keys_t(void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen); /** * \brief Callback type: Export key block, master secret, @@ -2015,15 +2008,15 @@ typedef int mbedtls_ssl_export_keys_t( void *p_expkey, * \return 0 if successful, or * a specific MBEDTLS_ERR_XXX code. */ -typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, - const unsigned char *ms, - const unsigned char *kb, - size_t maclen, - size_t keylen, - size_t ivlen, - const unsigned char client_random[32], - const unsigned char server_random[32], - mbedtls_tls_prf_types tls_prf_type ); +typedef int mbedtls_ssl_export_keys_ext_t(void *p_expkey, + const unsigned char *ms, + const unsigned char *kb, + size_t maclen, + size_t keylen, + size_t ivlen, + const unsigned char client_random[32], + const unsigned char server_random[32], + mbedtls_tls_prf_types tls_prf_type); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ /** @@ -2049,10 +2042,10 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, * MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or * any other non-zero code for other failures. */ -typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len ); +typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket, + mbedtls_ssl_session *session, + unsigned char *buf, + size_t len); #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) /** @@ -2069,10 +2062,10 @@ typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket, * \param f_ticket_parse Callback for parsing a ticket * \param p_ticket Context shared by the two callbacks */ -void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket ); +void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_ticket_write_t *f_ticket_write, + mbedtls_ssl_ticket_parse_t *f_ticket_parse, + void *p_ticket); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) @@ -2086,9 +2079,9 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, * \param f_export_keys Callback for exporting keys * \param p_export_keys Context for the callback */ -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ); +void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_t *f_export_keys, + void *p_export_keys); /** * \brief Configure extended key export callback. @@ -2102,9 +2095,9 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, * \param f_export_keys_ext Callback for exporting keys * \param p_export_keys Context for the callback */ -void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, - void *p_export_keys ); +void mbedtls_ssl_conf_export_keys_ext_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, + void *p_export_keys); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) @@ -2138,12 +2131,12 @@ void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, * mbedtls_ssl_conf_get_async_config_data(). The * library stores this value without dereferencing it. */ -void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_async_sign_t *f_async_sign, - mbedtls_ssl_async_decrypt_t *f_async_decrypt, - mbedtls_ssl_async_resume_t *f_async_resume, - mbedtls_ssl_async_cancel_t *f_async_cancel, - void *config_data ); +void mbedtls_ssl_conf_async_private_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_async_sign_t *f_async_sign, + mbedtls_ssl_async_decrypt_t *f_async_decrypt, + mbedtls_ssl_async_resume_t *f_async_resume, + mbedtls_ssl_async_cancel_t *f_async_cancel, + void *config_data); /** * \brief Retrieve the configuration data set by @@ -2153,7 +2146,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, * \return The configuration data set by * mbedtls_ssl_conf_async_private_cb(). */ -void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ); +void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf); /** * \brief Retrieve the asynchronous operation user context. @@ -2169,7 +2162,7 @@ void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ); * called during the current handshake, this function returns * \c NULL. */ -void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ); +void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl); /** * \brief Retrieve the asynchronous operation user context. @@ -2182,8 +2175,8 @@ void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ); * Call mbedtls_ssl_get_async_operation_data() later during the * same handshake to retrieve this value. */ -void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, - void *ctx ); +void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, + void *ctx); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /** @@ -2200,9 +2193,9 @@ void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, * \return The callback must return 0 on success, * or a negative error code. */ -typedef int mbedtls_ssl_cookie_write_t( void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *info, size_t ilen ); +typedef int mbedtls_ssl_cookie_write_t(void *ctx, + unsigned char **p, unsigned char *end, + const unsigned char *info, size_t ilen); /** * \brief Callback type: verify a cookie @@ -2217,9 +2210,9 @@ typedef int mbedtls_ssl_cookie_write_t( void *ctx, * \return The callback must return 0 if cookie is valid, * or a negative error code. */ -typedef int mbedtls_ssl_cookie_check_t( void *ctx, - const unsigned char *cookie, size_t clen, - const unsigned char *info, size_t ilen ); +typedef int mbedtls_ssl_cookie_check_t(void *ctx, + const unsigned char *cookie, size_t clen, + const unsigned char *info, size_t ilen); #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /** @@ -2250,10 +2243,10 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx, * \param f_cookie_check Cookie check callback * \param p_cookie Context for both callbacks */ -void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie ); +void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, + mbedtls_ssl_cookie_write_t *f_cookie_write, + mbedtls_ssl_cookie_check_t *f_cookie_check, + void *p_cookie); /** * \brief Set client's transport-level identification info. @@ -2274,9 +2267,9 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client, * MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory. */ -int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen ); +int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, + const unsigned char *info, + size_t ilen); #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ @@ -2296,7 +2289,7 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, * packets and needs information about them to adjust its * transmission strategy, then you'll want to disable this. */ -void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); +void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode); #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) @@ -2323,7 +2316,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ); * might make us waste resources checking authentication on * many bogus packets. */ -void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ); +void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit); #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -2356,8 +2349,8 @@ void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limi * are currently always sent in separate datagrams. * */ -void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, - unsigned allow_packing ); +void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, + unsigned allow_packing); /** * \brief Set retransmit timeout values for the DTLS handshake. @@ -2390,7 +2383,7 @@ void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, * goes: send ... 1s -> resend ... 2s -> resend ... 4s -> * resend ... 5s -> give up and return a timeout error. */ -void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max ); +void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, uint32_t min, uint32_t max); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_SRV_C) @@ -2431,10 +2424,10 @@ void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, * \param f_get_cache session get callback * \param f_set_cache session set callback */ -void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, - void *p_cache, - int (*f_get_cache)(void *, mbedtls_ssl_session *), - int (*f_set_cache)(void *, const mbedtls_ssl_session *) ); +void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, + void *p_cache, + int (*f_get_cache)(void *, mbedtls_ssl_session *), + int (*f_set_cache)(void *, const mbedtls_ssl_session *)); #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_CLI_C) @@ -2452,7 +2445,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, * * \sa mbedtls_ssl_get_session() */ -int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); +int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session); #endif /* MBEDTLS_SSL_CLI_C */ /** @@ -2487,9 +2480,9 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session * \return Another negative value for other kinds of errors (for * example, unsupported features in the embedded certificate). */ -int mbedtls_ssl_session_load( mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len ); +int mbedtls_ssl_session_load(mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len); /** * \brief Save session structure as serialized data in a buffer. @@ -2517,10 +2510,10 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session, * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. */ -int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen ); +int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len, + size_t *olen); /** * \brief Get a pointer to the current session structure, for example @@ -2537,7 +2530,7 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, * \return A pointer to the current session if successful. * \return \c NULL if no session is active. */ -const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ); +const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_context *ssl); /** * \brief Set the list of allowed ciphersuites and the preference @@ -2554,8 +2547,8 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites */ -void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, - const int *ciphersuites ); +void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, + const int *ciphersuites); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 @@ -2592,8 +2585,8 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len * is too large. */ -int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, - int ignore_other_cids ); +int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len, + int ignore_other_cids); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /** @@ -2615,9 +2608,9 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 */ -void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, - const int *ciphersuites, - int major, int minor ); +void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, + const int *ciphersuites, + int major, int minor); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -2630,8 +2623,8 @@ void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, * \param conf SSL configuration * \param profile Profile to use */ -void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile ); +void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, + const mbedtls_x509_crt_profile *profile); /** * \brief Set the data required to verify peer certificate @@ -2644,9 +2637,9 @@ void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_crl trusted CA CRLs */ -void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, +void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ); + mbedtls_x509_crl *ca_crl); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /** @@ -2700,9 +2693,9 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, * to guarantee this (for example through a mutex * contained in the callback context pointed to by \p p_ca_cb). */ -void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb ); +void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb); #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ /** @@ -2741,9 +2734,9 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, * * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED */ -int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, +int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ); + mbedtls_pk_context *pk_key); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) @@ -2778,9 +2771,9 @@ int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len ); +int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, + const unsigned char *psk, size_t psk_len, + const unsigned char *psk_identity, size_t psk_identity_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -2819,10 +2812,10 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len ); +int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, + psa_key_id_t psk, + const unsigned char *psk_identity, + size_t psk_identity_len); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -2841,8 +2834,8 @@ int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len ); +int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, + const unsigned char *psk, size_t psk_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** @@ -2865,8 +2858,8 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, * \return \c 0 if successful. * \return An \c MBEDTLS_ERR_SSL_XXX error code on failure. */ -int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_id_t psk ); +int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, + psa_key_id_t psk); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /** @@ -2907,10 +2900,10 @@ int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, * \param p_psk A pointer to an opaque structure to be passed to * the callback, for example a PSK store. */ -void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk ); +void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, + int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_psk); #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) @@ -2936,9 +2929,9 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, * * \return 0 if successful */ -MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, - const char *dhm_P, - const char *dhm_G ); +MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param(mbedtls_ssl_config *conf, + const char *dhm_P, + const char *dhm_G); #endif /* MBEDTLS_DEPRECATED_REMOVED */ @@ -2955,9 +2948,9 @@ MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, * * \return 0 if successful */ -int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len ); +int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, + const unsigned char *dhm_P, size_t P_len, + const unsigned char *dhm_G, size_t G_len); /** * \brief Set the Diffie-Hellman public P and G values, @@ -2968,7 +2961,7 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, * * \return 0 if successful */ -int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ); +int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx); #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) @@ -2980,8 +2973,8 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context * \param conf SSL configuration * \param bitlen Minimum bit length of the DHM prime */ -void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, - unsigned int bitlen ); +void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, + unsigned int bitlen); #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_ECP_C) @@ -3012,8 +3005,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * \param curves Ordered list of allowed curves, * terminated by MBEDTLS_ECP_DP_NONE. */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curves ); +void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curves); #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -3035,8 +3028,8 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, * \param hashes Ordered list of allowed signature hashes, * terminated by \c MBEDTLS_MD_NONE. */ -void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, - const int *hashes ); +void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, + const int *hashes); #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -3058,7 +3051,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. */ -int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); +int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3074,9 +3067,9 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); * * \return 0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED */ -int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ); +int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *own_cert, + mbedtls_pk_context *pk_key); /** * \brief Set the data required to verify peer certificate for the @@ -3089,9 +3082,9 @@ int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs) * \param ca_crl trusted CA CRLs */ -void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ); +void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *ca_chain, + mbedtls_x509_crl *ca_crl); /** * \brief Set authmode for the current handshake. @@ -3103,8 +3096,8 @@ void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or * MBEDTLS_SSL_VERIFY_REQUIRED */ -void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, - int authmode ); +void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, + int authmode); /** * \brief Set server side ServerName TLS extension callback @@ -3129,10 +3122,10 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, * \param f_sni verification function * \param p_sni verification parameter */ -void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_sni ); +void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, + int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_sni); #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -3153,9 +3146,9 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, * * \return 0 on success, or a negative error code. */ -int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len ); +int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, + const unsigned char *pw, + size_t pw_len); #endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) @@ -3171,7 +3164,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. */ -int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ); +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos); /** * \brief Get the name of the negotiated Application Layer Protocol. @@ -3182,26 +3175,25 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot * * \return Protcol name, or NULL if no protocol was negotiated. */ -const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); +const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_DEBUG_C) -static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile ) -{ - switch( profile ) - { +static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile) { + switch (profile) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: - return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ); + return ("MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80"); case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: - return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ); + return ("MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32"); case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: - return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ); + return ("MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80"); case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: - return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ); - default: break; + return ("MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32"); + default: + break; } - return( "" ); + return (""); } #endif /* MBEDTLS_DEBUG_C */ /** @@ -3217,8 +3209,8 @@ static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_sr * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. */ -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, - int support_mki_value ); +void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, + int support_mki_value); /** * \brief Set the supported DTLS-SRTP protection profiles. @@ -3240,8 +3232,8 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles - ( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles ); +(mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles); /** * \brief Set the mki_value for the current DTLS-SRTP session. @@ -3259,9 +3251,9 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE */ -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len ); +int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, + unsigned char *mki_value, + uint16_t mki_len); /** * \brief Get the negotiated DTLS-SRTP informations: * Protection profile and MKI value. @@ -3280,8 +3272,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * or peer's Hello packet was not parsed yet. * - mki size and value( if size is > 0 ). */ -void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info ); +void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /** @@ -3300,7 +3292,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor); /** * \brief Set the minimum accepted SSL/TLS protocol version @@ -3320,7 +3312,7 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_3 supported) */ -void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); +void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor); #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) /** @@ -3342,7 +3334,7 @@ void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int mino * \param conf SSL configuration * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK */ -void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ); +void mbedtls_ssl_conf_fallback(mbedtls_ssl_config *conf, char fallback); #endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -3357,7 +3349,7 @@ void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ); * \param conf SSL configuration * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED */ -void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); +void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm); #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) @@ -3372,7 +3364,7 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ); * \param conf SSL configuration * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED */ -void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ); +void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems); #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_ARC4_C) @@ -3391,7 +3383,7 @@ void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems * \param conf SSL configuration * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED */ -void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); +void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4); #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_SSL_SRV_C) @@ -3404,8 +3396,8 @@ void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ); * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED */ -void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, - char cert_req_ca_list ); +void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, + char cert_req_ca_list); #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) @@ -3443,7 +3435,7 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, * * \return 0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA */ -int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ); +int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) @@ -3455,7 +3447,7 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or * MBEDTLS_SSL_TRUNC_HMAC_DISABLED) */ -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); +void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate); #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) @@ -3470,7 +3462,7 @@ void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ); * \param split MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or * MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED */ -void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ); +void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split); #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) @@ -3484,7 +3476,7 @@ void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split * \param use_tickets Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or * MBEDTLS_SSL_SESSION_TICKETS_DISABLED) */ -void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ); +void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets); #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -3505,7 +3497,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or * MBEDTLS_SSL_RENEGOTIATION_DISABLED) */ -void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ); +void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -3535,7 +3527,7 @@ void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation * SSL_ALLOW_LEGACY_RENEGOTIATION or * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) */ -void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ); +void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy); #if defined(MBEDTLS_SSL_RENEGOTIATION) /** @@ -3575,7 +3567,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_ * enforce renegotiation, or a non-negative value to enforce * it but allow for a grace period of max_records records. */ -void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ); +void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records); /** * \brief Set record counter threshold for periodic renegotiation. @@ -3602,8 +3594,8 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * \param conf SSL configuration * \param period The threshold value: a big-endian 64-bit number. */ -void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, - const unsigned char period[8] ); +void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, + const unsigned char period[8]); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -3644,7 +3636,7 @@ void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, * that all internal data has been processed. * */ -int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); +int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl); /** * \brief Return the number of application data bytes @@ -3661,7 +3653,7 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ); * amount of data fitting into the input buffer. * */ -size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl); /** * \brief Return the result of the certificate verification @@ -3675,7 +3667,7 @@ size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ); * \return A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX * and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h. */ -uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); +uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl); /** * \brief Return the name of the current ciphersuite @@ -3684,7 +3676,7 @@ uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ); * * \return a string containing the ciphersuite name */ -const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); +const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl); /** * \brief Return the current SSL version (SSLv3/TLSv1/etc) @@ -3693,7 +3685,7 @@ const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ); * * \return a string containing the SSL version */ -const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); +const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl); /** * \brief Return the (maximum) number of bytes added by the record @@ -3708,7 +3700,7 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); * MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is * enabled, which makes expansion much less predictable */ -int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); +int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) /** @@ -3724,7 +3716,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); * * \return Current maximum fragment length for the output buffer. */ -size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl); /** * \brief Return the maximum fragment length (payload, in bytes) for @@ -3740,7 +3732,7 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); * * \return Current maximum fragment length for the output buffer. */ -size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); +size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl); #if !defined(MBEDTLS_DEPRECATED_REMOVED) @@ -3765,7 +3757,7 @@ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); * \return Current maximum fragment length for the output buffer. */ MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( - const mbedtls_ssl_context *ssl ); + const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ @@ -3796,7 +3788,7 @@ MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( * \return Current maximum payload for an outgoing record, * or a negative error code. */ -int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); +int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl); #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -3829,7 +3821,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); * If you want to use the certificate across API calls, * you must make a copy. */ -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ); +const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl); #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_CLI_C) @@ -3859,7 +3851,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * * \sa mbedtls_ssl_set_session() */ -int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session ); +int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session); #endif /* MBEDTLS_SSL_CLI_C */ /** @@ -3912,7 +3904,7 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session * currently being processed might or might not contain further * DTLS records. */ -int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); /** * \brief Perform a single step of the SSL handshake @@ -3934,7 +3926,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); * re-using it for a new connection; the current connection * must be closed. */ -int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_RENEGOTIATION) /** @@ -3960,7 +3952,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ); * must be closed. * */ -int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** @@ -4040,7 +4032,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ); * \c mbedtls_ssl_check_pending to check for remaining records. * */ -int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ); +int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); /** * \brief Try to write exactly 'len' application data bytes @@ -4102,7 +4094,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * \note Attempting to write 0 bytes will result in an empty TLS * application record being sent. */ -int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ); +int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len); /** * \brief Send an alert message @@ -4120,9 +4112,9 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ * call \c mbedtls_ssl_session_reset() on it before re-using it * for a new connection; the current connection must be closed. */ -int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message ); +int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, + unsigned char level, + unsigned char message); /** * \brief Notify the peer that the connection is being closed * @@ -4136,14 +4128,14 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, * call \c mbedtls_ssl_session_reset() on it before re-using it * for a new connection; the current connection must be closed. */ -int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); /** * \brief Free referenced items in an SSL context and clear memory * * \param ssl SSL context */ -void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_free(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) /** @@ -4194,10 +4186,10 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * or the connection does not use DTLS 1.2 with an AEAD * ciphersuite, or renegotiation is enabled. */ -int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen ); +int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t buf_len, + size_t *olen); /** * \brief Load serialized connection data to an SSL context. @@ -4264,9 +4256,9 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * comes from a different Mbed TLS version or build. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. */ -int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ); +int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len); #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /** @@ -4279,7 +4271,7 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl, * * \param conf SSL configuration context */ -void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); +void mbedtls_ssl_config_init(mbedtls_ssl_config *conf); /** * \brief Load reasonnable default SSL configuration values. @@ -4296,22 +4288,22 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ); * \return 0 if successful, or * MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error. */ -int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, - int endpoint, int transport, int preset ); +int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, + int endpoint, int transport, int preset); /** * \brief Free an SSL configuration context * * \param conf SSL configuration context */ -void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ); +void mbedtls_ssl_config_free(mbedtls_ssl_config *conf); /** * \brief Initialize SSL session structure * * \param session SSL session */ -void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); +void mbedtls_ssl_session_init(mbedtls_ssl_session *session); /** * \brief Free referenced items in an SSL session including the @@ -4322,7 +4314,7 @@ void mbedtls_ssl_session_init( mbedtls_ssl_session *session ); * * \param session SSL session */ -void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); +void mbedtls_ssl_session_free(mbedtls_ssl_session *session); /** * \brief TLS-PRF function for key derivation. @@ -4339,11 +4331,11 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); * * \return 0 on sucess. An SSL specific error on failure. */ -int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); +int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen); #ifdef __cplusplus } diff --git a/common/mbedtls/ssl_cache.c b/common/mbedtls/ssl_cache.c index 7e9d4da05..16818b391 100644 --- a/common/mbedtls/ssl_cache.c +++ b/common/mbedtls/ssl_cache.c @@ -38,58 +38,54 @@ #include -void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) -{ - memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); +void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache) { + memset(cache, 0, sizeof(mbedtls_ssl_cache_context)); cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT; cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES; #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &cache->mutex ); + mbedtls_mutex_init(&cache->mutex); #endif } -int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) -{ +int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time( NULL ); + mbedtls_time_t t = mbedtls_time(NULL); #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_entry *cur, *entry; #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &cache->mutex ) != 0 ) - return( 1 ); + if (mbedtls_mutex_lock(&cache->mutex) != 0) + return (1); #endif cur = cache->chain; entry = NULL; - while( cur != NULL ) - { + while (cur != NULL) { entry = cur; cur = cur->next; #if defined(MBEDTLS_HAVE_TIME) - if( cache->timeout != 0 && - (int) ( t - entry->timestamp ) > cache->timeout ) + if (cache->timeout != 0 && + (int)(t - entry->timestamp) > cache->timeout) continue; #endif - if( session->ciphersuite != entry->session.ciphersuite || - session->compression != entry->session.compression || - session->id_len != entry->session.id_len ) + if (session->ciphersuite != entry->session.ciphersuite || + session->compression != entry->session.compression || + session->id_len != entry->session.id_len) continue; - if( memcmp( session->id, entry->session.id, - entry->session.id_len ) != 0 ) + if (memcmp(session->id, entry->session.id, + entry->session.id_len) != 0) continue; - ret = mbedtls_ssl_session_copy( session, &entry->session ); - if( ret != 0 ) - { + ret = mbedtls_ssl_session_copy(session, &entry->session); + if (ret != 0) { ret = 1; goto exit; } @@ -99,24 +95,21 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) /* * Restore peer certificate (without rest of the original chain) */ - if( entry->peer_cert.p != NULL ) - { + if (entry->peer_cert.p != NULL) { /* `session->peer_cert` is NULL after the call to * mbedtls_ssl_session_copy(), because cache entries * have the `peer_cert` field set to NULL. */ - if( ( session->peer_cert = mbedtls_calloc( 1, - sizeof(mbedtls_x509_crt) ) ) == NULL ) - { + if ((session->peer_cert = mbedtls_calloc(1, + sizeof(mbedtls_x509_crt))) == NULL) { ret = 1; goto exit; } - mbedtls_x509_crt_init( session->peer_cert ); - if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p, - entry->peer_cert.len ) != 0 ) - { - mbedtls_free( session->peer_cert ); + mbedtls_x509_crt_init(session->peer_cert); + if (mbedtls_x509_crt_parse(session->peer_cert, entry->peer_cert.p, + entry->peer_cert.len) != 0) { + mbedtls_free(session->peer_cert); session->peer_cert = NULL; ret = 1; goto exit; @@ -130,18 +123,17 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ) exit: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &cache->mutex ) != 0 ) + if (mbedtls_mutex_unlock(&cache->mutex) != 0) ret = 1; #endif - return( ret ); + return (ret); } -int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) -{ +int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0; + mbedtls_time_t t = mbedtls_time(NULL), oldest = 0; mbedtls_ssl_cache_entry *old = NULL; #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; @@ -149,32 +141,29 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) int count = 0; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&cache->mutex)) != 0) + return (ret); #endif cur = cache->chain; prv = NULL; - while( cur != NULL ) - { + while (cur != NULL) { count++; #if defined(MBEDTLS_HAVE_TIME) - if( cache->timeout != 0 && - (int) ( t - cur->timestamp ) > cache->timeout ) - { + if (cache->timeout != 0 && + (int)(t - cur->timestamp) > cache->timeout) { cur->timestamp = t; break; /* expired, reuse this slot, update timestamp */ } #endif - if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 ) + if (memcmp(session->id, cur->session.id, cur->session.id_len) == 0) break; /* client reconnected, keep timestamp for session id */ #if defined(MBEDTLS_HAVE_TIME) - if( oldest == 0 || cur->timestamp < oldest ) - { + if (oldest == 0 || cur->timestamp < oldest) { oldest = cur->timestamp; old = cur; } @@ -184,16 +173,13 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) cur = cur->next; } - if( cur == NULL ) - { + if (cur == NULL) { #if defined(MBEDTLS_HAVE_TIME) /* * Reuse oldest entry if max_entries reached */ - if( count >= cache->max_entries ) - { - if( old == NULL ) - { + if (count >= cache->max_entries) { + if (old == NULL) { ret = 1; goto exit; } @@ -205,10 +191,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) * Reuse first entry in chain if max_entries reached, * but move to last place */ - if( count >= cache->max_entries ) - { - if( cache->chain == NULL ) - { + if (count >= cache->max_entries) { + if (cache->chain == NULL) { ret = 1; goto exit; } @@ -219,19 +203,17 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) prv->next = cur; } #endif /* MBEDTLS_HAVE_TIME */ - else - { + else { /* * max_entries not reached, create new entry */ - cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) ); - if( cur == NULL ) - { + cur = mbedtls_calloc(1, sizeof(mbedtls_ssl_cache_entry)); + if (cur == NULL) { ret = 1; goto exit; } - if( prv == NULL ) + if (prv == NULL) cache->chain = cur; else prv->next = cur; @@ -247,10 +229,9 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) /* * If we're reusing an entry, free its certificate first */ - if( cur->peer_cert.p != NULL ) - { - mbedtls_free( cur->peer_cert.p ); - memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) ); + if (cur->peer_cert.p != NULL) { + mbedtls_free(cur->peer_cert.p); + memset(&cur->peer_cert, 0, sizeof(mbedtls_x509_buf)); } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -259,9 +240,8 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) * This inefficiency will go away as soon as we implement on-demand * parsing of CRTs, in which case there's no need for the `peer_cert` * field anymore in the first place, and we're done after this call. */ - ret = mbedtls_ssl_session_copy( &cur->session, session ); - if( ret != 0 ) - { + ret = mbedtls_ssl_session_copy(&cur->session, session); + if (ret != 0) { ret = 1; goto exit; } @@ -269,23 +249,21 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* If present, free the X.509 structure and only store the raw CRT data. */ - if( cur->session.peer_cert != NULL ) - { + if (cur->session.peer_cert != NULL) { cur->peer_cert.p = - mbedtls_calloc( 1, cur->session.peer_cert->raw.len ); - if( cur->peer_cert.p == NULL ) - { + mbedtls_calloc(1, cur->session.peer_cert->raw.len); + if (cur->peer_cert.p == NULL) { ret = 1; goto exit; } - memcpy( cur->peer_cert.p, - cur->session.peer_cert->raw.p, - cur->session.peer_cert->raw.len ); + memcpy(cur->peer_cert.p, + cur->session.peer_cert->raw.p, + cur->session.peer_cert->raw.len); cur->peer_cert.len = session->peer_cert->raw.len; - mbedtls_x509_crt_free( cur->session.peer_cert ); - mbedtls_free( cur->session.peer_cert ); + mbedtls_x509_crt_free(cur->session.peer_cert); + mbedtls_free(cur->session.peer_cert); cur->session.peer_cert = NULL; } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -294,52 +272,48 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) exit: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &cache->mutex ) != 0 ) + if (mbedtls_mutex_unlock(&cache->mutex) != 0) ret = 1; #endif - return( ret ); + return (ret); } #if defined(MBEDTLS_HAVE_TIME) -void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ) -{ - if( timeout < 0 ) timeout = 0; +void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout) { + if (timeout < 0) timeout = 0; cache->timeout = timeout; } #endif /* MBEDTLS_HAVE_TIME */ -void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ) -{ - if( max < 0 ) max = 0; +void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max) { + if (max < 0) max = 0; cache->max_entries = max; } -void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ) -{ +void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache) { mbedtls_ssl_cache_entry *cur, *prv; cur = cache->chain; - while( cur != NULL ) - { + while (cur != NULL) { prv = cur; cur = cur->next; - mbedtls_ssl_session_free( &prv->session ); + mbedtls_ssl_session_free(&prv->session); #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_free( prv->peer_cert.p ); + mbedtls_free(prv->peer_cert.p); #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - mbedtls_free( prv ); + mbedtls_free(prv); } #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &cache->mutex ); + mbedtls_mutex_free(&cache->mutex); #endif cache->chain = NULL; } diff --git a/common/mbedtls/ssl_cache.h b/common/mbedtls/ssl_cache.h index c6ef2960f..331e3beae 100644 --- a/common/mbedtls/ssl_cache.h +++ b/common/mbedtls/ssl_cache.h @@ -62,8 +62,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; /** * \brief This structure is used for storing cache entries */ -struct mbedtls_ssl_cache_entry -{ +struct mbedtls_ssl_cache_entry { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t timestamp; /*!< entry timestamp */ #endif @@ -78,8 +77,7 @@ struct mbedtls_ssl_cache_entry /** * \brief Cache context */ -struct mbedtls_ssl_cache_context -{ +struct mbedtls_ssl_cache_context { mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ int timeout; /*!< cache entry timeout */ int max_entries; /*!< maximum entries */ @@ -93,7 +91,7 @@ struct mbedtls_ssl_cache_context * * \param cache SSL cache context */ -void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); +void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache); /** * \brief Cache get callback implementation @@ -102,7 +100,7 @@ void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ); * \param data SSL cache context * \param session session to retrieve entry for */ -int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); +int mbedtls_ssl_cache_get(void *data, mbedtls_ssl_session *session); /** * \brief Cache set callback implementation @@ -111,7 +109,7 @@ int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session ); * \param data SSL cache context * \param session session to store entry for */ -int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); +int mbedtls_ssl_cache_set(void *data, const mbedtls_ssl_session *session); #if defined(MBEDTLS_HAVE_TIME) /** @@ -123,7 +121,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ); * \param cache SSL cache context * \param timeout cache entry timeout in seconds */ -void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout ); +void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache, int timeout); #endif /* MBEDTLS_HAVE_TIME */ /** @@ -133,14 +131,14 @@ void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeou * \param cache SSL cache context * \param max cache entry maximum */ -void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max ); +void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache, int max); /** * \brief Free referenced items in a cache context and clear memory * * \param cache SSL cache context */ -void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ); +void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache); #ifdef __cplusplus } diff --git a/common/mbedtls/ssl_ciphersuites.c b/common/mbedtls/ssl_ciphersuites.c index 6985fe5f3..54af7f556 100644 --- a/common/mbedtls/ssl_ciphersuites.c +++ b/common/mbedtls/ssl_ciphersuites.c @@ -46,8 +46,7 @@ * 4. By hash function used when relevant * 5. By key exchange/auth again: EC > non-EC */ -static const int ciphersuite_preference[] = -{ +static const int ciphersuite_preference[] = { #if defined(MBEDTLS_SSL_CIPHERSUITES) MBEDTLS_SSL_CIPHERSUITES, #else @@ -308,73 +307,86 @@ static const int ciphersuite_preference[] = 0 }; -static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = -{ +static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_CHACHAPOLY_C) && \ defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, + "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, + "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, + "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", - MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, - MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, + "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", + MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, + MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_SHA256_C && @@ -383,106 +395,134 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -490,32 +530,38 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ @@ -524,48 +570,60 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_AES_C */ @@ -573,35 +631,43 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -609,32 +675,38 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ @@ -642,121 +714,153 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -764,11 +868,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ @@ -777,122 +883,154 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, + { + MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, + { + MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -900,30 +1038,36 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_MD5_C) - { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif #endif /* MBEDTLS_ARC4_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ @@ -932,48 +1076,60 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_AES_C */ @@ -981,35 +1137,43 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1017,32 +1181,38 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ @@ -1051,48 +1221,60 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_AES_C */ @@ -1100,35 +1282,43 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1136,32 +1326,38 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ @@ -1170,111 +1366,139 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, + { + MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, + { + MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1282,22 +1506,26 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ @@ -1306,111 +1534,139 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", - MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", + MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, + { + MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1418,22 +1674,26 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -1443,33 +1703,41 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_AES_C */ @@ -1477,19 +1745,23 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1497,22 +1769,26 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -1521,51 +1797,63 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", - MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", - MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", - MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", - MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_AES_C */ @@ -1573,37 +1861,45 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CAMELLIA_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", - MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", + MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", - MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", + MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_GCM_C */ #endif /* MBEDTLS_CAMELLIA_C */ @@ -1611,22 +1907,26 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", - MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA", - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_NODTLS }, + { + MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_ARC4_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ @@ -1634,11 +1934,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", - MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_SHORT_TAG }, + { + MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", + MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_SHORT_TAG + }, #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -1647,131 +1949,161 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_MD5_C) - { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", - MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", + MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ @@ -1780,21 +2112,25 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", - MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", + MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", - MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_CIPHERSUITE_WEAK }, + { + MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", + MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_WEAK + }, #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ @@ -1806,36 +2142,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ @@ -1843,36 +2187,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ @@ -1880,36 +2232,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS-PSK-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ @@ -1917,36 +2277,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ @@ -1954,36 +2322,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ @@ -1991,20 +2367,24 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ @@ -2012,36 +2392,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ @@ -2049,36 +2437,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ @@ -2086,36 +2482,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ @@ -2123,36 +2527,44 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", + MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", + MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", + MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, + { + MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", + MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + 0 + }, #endif #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -2160,15 +2572,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_ARIA_C */ - { 0, "", - MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, - 0, 0, 0, 0, 0 } + { + 0, "", + MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, + 0, 0, 0, 0, 0 + } }; #if defined(MBEDTLS_SSL_CIPHERSUITES) -const int *mbedtls_ssl_list_ciphersuites( void ) -{ - return( ciphersuite_preference ); +const int *mbedtls_ssl_list_ciphersuites(void) { + return (ciphersuite_preference); } #else #define MAX_CIPHERSUITES sizeof( ciphersuite_definitions ) / \ @@ -2176,45 +2589,39 @@ const int *mbedtls_ssl_list_ciphersuites( void ) static int supported_ciphersuites[MAX_CIPHERSUITES]; static int supported_init = 0; -static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info ) -{ +static int ciphersuite_is_removed(const mbedtls_ssl_ciphersuite_t *cs_info) { (void)cs_info; #if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES) - if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - return( 1 ); + if (cs_info->cipher == MBEDTLS_CIPHER_ARC4_128) + return (1); #endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */ #if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) - if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || - cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC ) - { - return( 1 ); + if (cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB || + cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC) { + return (1); } #endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ - return( 0 ); + return (0); } -const int *mbedtls_ssl_list_ciphersuites( void ) -{ +const int *mbedtls_ssl_list_ciphersuites(void) { /* * On initial call filter out all ciphersuites not supported by current * build based on presence in the ciphersuite_definitions. */ - if( supported_init == 0 ) - { + if (supported_init == 0) { const int *p; int *q; - for( p = ciphersuite_preference, q = supported_ciphersuites; - *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; - p++ ) - { + for (p = ciphersuite_preference, q = supported_ciphersuites; + *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1; + p++) { const mbedtls_ssl_ciphersuite_t *cs_info; - if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL && - !ciphersuite_is_removed( cs_info ) ) - { + if ((cs_info = mbedtls_ssl_ciphersuite_from_id(*p)) != NULL && + !ciphersuite_is_removed(cs_info)) { *(q++) = *p; } } @@ -2223,105 +2630,95 @@ const int *mbedtls_ssl_list_ciphersuites( void ) supported_init = 1; } - return( supported_ciphersuites ); + return (supported_ciphersuites); } #endif /* MBEDTLS_SSL_CIPHERSUITES */ const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( - const char *ciphersuite_name ) -{ + const char *ciphersuite_name) { const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - if( NULL == ciphersuite_name ) - return( NULL ); + if (NULL == ciphersuite_name) + return (NULL); - while( cur->id != 0 ) - { - if( 0 == strcmp( cur->name, ciphersuite_name ) ) - return( cur ); + while (cur->id != 0) { + if (0 == strcmp(cur->name, ciphersuite_name)) + return (cur); cur++; } - return( NULL ); + return (NULL); } -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite ) -{ +const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite) { const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions; - while( cur->id != 0 ) - { - if( cur->id == ciphersuite ) - return( cur ); + while (cur->id != 0) { + if (cur->id == ciphersuite) + return (cur); cur++; } - return( NULL ); + return (NULL); } -const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id ) -{ +const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id) { const mbedtls_ssl_ciphersuite_t *cur; - cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + cur = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if( cur == NULL ) - return( "unknown" ); + if (cur == NULL) + return ("unknown"); - return( cur->name ); + return (cur->name); } -int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name ) -{ +int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name) { const mbedtls_ssl_ciphersuite_t *cur; - cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name ); + cur = mbedtls_ssl_ciphersuite_from_string(ciphersuite_name); - if( cur == NULL ) - return( 0 ); + if (cur == NULL) + return (0); - return( cur->id ); + return (cur->id); } #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - return( MBEDTLS_PK_RSA ); + return (MBEDTLS_PK_RSA); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( MBEDTLS_PK_ECDSA ); + return (MBEDTLS_PK_ECDSA); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( MBEDTLS_PK_ECKEY ); + return (MBEDTLS_PK_ECKEY); default: - return( MBEDTLS_PK_NONE ); + return (MBEDTLS_PK_NONE); } } -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - return( MBEDTLS_PK_RSA ); + return (MBEDTLS_PK_RSA); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( MBEDTLS_PK_ECDSA ); + return (MBEDTLS_PK_ECDSA); default: - return( MBEDTLS_PK_NONE ); + return (MBEDTLS_PK_NONE); } } @@ -2329,37 +2726,33 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ diff --git a/common/mbedtls/ssl_ciphersuites.h b/common/mbedtls/ssl_ciphersuites.h index 93c32a5ed..c058d7ad2 100644 --- a/common/mbedtls/ssl_ciphersuites.h +++ b/common/mbedtls/ssl_ciphersuites.h @@ -385,10 +385,9 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; /** * \brief This structure is used for storing ciphersuite information */ -struct mbedtls_ssl_ciphersuite_t -{ +struct mbedtls_ssl_ciphersuite_t { int id; - const char * name; + const char *name; mbedtls_cipher_type_t cipher; mbedtls_md_type_t mac; @@ -402,92 +401,82 @@ struct mbedtls_ssl_ciphersuite_t unsigned char flags; }; -const int *mbedtls_ssl_list_ciphersuites( void ); +const int *mbedtls_ssl_list_ciphersuites(void); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name ); -const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id ); +const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name); +const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id); #if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info ); -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); #endif -int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); -int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); +int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ -static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } -static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: @@ -495,56 +484,50 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { +static inline int mbedtls_ssl_ciphersuite_uses_server_signature(const mbedtls_ssl_ciphersuite_t *info) { + switch (info->key_exchange) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( 1 ); + return (1); default: - return( 0 ); + return (0); } } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ diff --git a/common/mbedtls/ssl_cli.c b/common/mbedtls/ssl_cli.c index 55a8e6134..b41b01167 100644 --- a/common/mbedtls/ssl_cli.c +++ b/common/mbedtls/ssl_cli.c @@ -51,64 +51,59 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf ) -{ - if( conf->psk_identity == NULL || - conf->psk_identity_len == 0 ) - { - return( 0 ); +static int ssl_conf_has_static_psk(mbedtls_ssl_config const *conf) { + if (conf->psk_identity == NULL || + conf->psk_identity_len == 0) { + return (0); } - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); + if (conf->psk != NULL && conf->psk_len != 0) + return (1); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - return( 1 ); + if (! mbedtls_svc_key_id_is_null(conf->psk_opaque)) + return (1); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( 0 ); + return (0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) -static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) -{ - if( conf->psk_identity == NULL || - conf->psk_identity_len == 0 ) - { - return( 0 ); +static int ssl_conf_has_static_raw_psk(mbedtls_ssl_config const *conf) { + if (conf->psk_identity == NULL || + conf->psk_identity_len == 0) { + return (0); } - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); + if (conf->psk != NULL && conf->psk_len != 0) + return (1); - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t hostname_len; *olen = 0; - if( ssl->hostname == NULL ) - return( 0 ); + if (ssl->hostname == NULL) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding server name extension: %s", - ssl->hostname ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding server name extension: %s", + ssl->hostname)); - hostname_len = strlen( ssl->hostname ); + hostname_len = strlen(ssl->hostname); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); /* * Sect. 3, RFC 6066 (TLS Extensions Definitions) @@ -136,33 +131,32 @@ static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * } ServerNameList; * */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SERVERNAME >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SERVERNAME) & 0xFF); - *p++ = (unsigned char)( ( (hostname_len + 5) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 5) ) & 0xFF ); + *p++ = (unsigned char)(((hostname_len + 5) >> 8) & 0xFF); + *p++ = (unsigned char)(((hostname_len + 5)) & 0xFF); - *p++ = (unsigned char)( ( (hostname_len + 3) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( (hostname_len + 3) ) & 0xFF ); + *p++ = (unsigned char)(((hostname_len + 3) >> 8) & 0xFF); + *p++ = (unsigned char)(((hostname_len + 3)) & 0xFF); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( hostname_len ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) & 0xFF); + *p++ = (unsigned char)((hostname_len >> 8) & 0xFF); + *p++ = (unsigned char)((hostname_len) & 0xFF); - memcpy( p, ssl->hostname, hostname_len ); + memcpy(p, ssl->hostname, hostname_len); *olen = hostname_len + 9; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) -static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; @@ -170,31 +164,31 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the * initial ClientHello, in which case also adding the renegotiation * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ - if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - return( 0 ); + if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding renegotiation extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5 + ssl->verify_data_len); /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) - & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8) + & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_RENEGOTIATION_INFO) + & 0xFF); *p++ = 0x00; - *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; + *p++ = (ssl->verify_data_len + 1) & 0xFF; *p++ = ssl->verify_data_len & 0xFF; - memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); + memcpy(p, ssl->own_verify_data, ssl->verify_data_len); *olen = 5 + ssl->verify_data_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -203,11 +197,10 @@ static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_signature_algorithms_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t sig_alg_len = 0; const int *md; @@ -218,50 +211,47 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *olen = 0; - if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return( 0 ); + if (ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding signature_algorithms extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding signature_algorithms extension")); - if( ssl->conf->sig_hashes == NULL ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (ssl->conf->sig_hashes == NULL) + return (MBEDTLS_ERR_SSL_BAD_CONFIG); - for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) - { + for (md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++) { #if defined(MBEDTLS_ECDSA_C) sig_alg_len += 2; #endif #if defined(MBEDTLS_RSA_C) sig_alg_len += 2; #endif - if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "length in bytes of sig-hash-alg extension too big" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("length in bytes of sig-hash-alg extension too big")); + return (MBEDTLS_ERR_SSL_BAD_CONFIG); } } /* Empty signature algorithms list, this is a configuration error. */ - if( sig_alg_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (sig_alg_len == 0) + return (MBEDTLS_ERR_SSL_BAD_CONFIG); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, sig_alg_len + 6); /* * Prepare signature_algorithms extension (TLS 1.2) */ sig_alg_len = 0; - for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) - { + for (md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++) { #if defined(MBEDTLS_ECDSA_C) - sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); + sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg(*md); sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA; #endif #if defined(MBEDTLS_RSA_C) - sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md ); + sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg(*md); sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA; #endif } @@ -283,29 +273,28 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, * SignatureAndHashAlgorithm * supported_signature_algorithms<2..2^16-2>; */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SIG_ALG ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SIG_ALG >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SIG_ALG) & 0xFF); - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( sig_alg_len + 2 ) ) & 0xFF ); + *p++ = (unsigned char)(((sig_alg_len + 2) >> 8) & 0xFF); + *p++ = (unsigned char)(((sig_alg_len + 2)) & 0xFF); - *p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); + *p++ = (unsigned char)((sig_alg_len >> 8) & 0xFF); + *p++ = (unsigned char)((sig_alg_len) & 0xFF); *olen = 6 + sig_alg_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_supported_elliptic_curves_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; @@ -314,84 +303,79 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding supported_elliptic_curves extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding supported_elliptic_curves extension")); - if( ssl->conf->curve_list == NULL ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (ssl->conf->curve_list == NULL) + return (MBEDTLS_ERR_SSL_BAD_CONFIG); - for( grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) - { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); - if( info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "invalid curve in ssl configuration" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for (grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++) { + info = mbedtls_ecp_curve_info_from_grp_id(*grp_id); + if (info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("invalid curve in ssl configuration")); + return (MBEDTLS_ERR_SSL_BAD_CONFIG); } elliptic_curve_len += 2; - if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "malformed supported_elliptic_curves extension in config" ) ); - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("malformed supported_elliptic_curves extension in config")); + return (MBEDTLS_ERR_SSL_BAD_CONFIG); } } /* Empty elliptic curve list, this is a configuration error. */ - if( elliptic_curve_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + if (elliptic_curve_len == 0) + return (MBEDTLS_ERR_SSL_BAD_CONFIG); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6 + elliptic_curve_len); elliptic_curve_len = 0; - for( grp_id = ssl->conf->curve_list; - *grp_id != MBEDTLS_ECP_DP_NONE; - grp_id++ ) - { - info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); + for (grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++) { + info = mbedtls_ecp_curve_info_from_grp_id(*grp_id); elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) - & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8) + & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES) + & 0xFF); - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); + *p++ = (unsigned char)(((elliptic_curve_len + 2) >> 8) & 0xFF); + *p++ = (unsigned char)(((elliptic_curve_len + 2)) & 0xFF); - *p++ = (unsigned char)( ( ( elliptic_curve_len ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); + *p++ = (unsigned char)(((elliptic_curve_len) >> 8) & 0xFF); + *p++ = (unsigned char)(((elliptic_curve_len)) & 0xFF); *olen = 6 + elliptic_curve_len; - return( 0 ); + return (0); } -static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; (void) ssl; /* ssl used for debugging only */ *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding supported_point_formats extension" ) ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding supported_point_formats extension")); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) - & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8) + & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS) + & 0xFF); *p++ = 0x00; *p++ = 2; @@ -401,17 +385,16 @@ static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *olen = 6; - return( 0 ); + return (0); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; size_t kkpp_len; @@ -419,72 +402,66 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ - if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return( 0 ); + if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding ecjpake_kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding ecjpake_kkpp extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ECJPAKE_KKPP) & 0xFF); /* * We may need to send ClientHello multiple times for Hello verification. * We don't want to compute fresh values every time (both for performance * and consistency reasons), so cache the extension content. */ - if( ssl->handshake->ecjpake_cache == NULL || - ssl->handshake->ecjpake_cache_len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); + if (ssl->handshake->ecjpake_cache == NULL || + ssl->handshake->ecjpake_cache_len == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("generating new ecjpake parameters")); - ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1 , - "mbedtls_ecjpake_write_round_one", ret ); - return( ret ); + ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, + "mbedtls_ecjpake_write_round_one", ret); + return (ret); } - ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); - if( ssl->handshake->ecjpake_cache == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + ssl->handshake->ecjpake_cache = mbedtls_calloc(1, kkpp_len); + if (ssl->handshake->ecjpake_cache == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("allocation failed")); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } - memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); + memcpy(ssl->handshake->ecjpake_cache, p + 2, kkpp_len); ssl->handshake->ecjpake_cache_len = kkpp_len; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("re-using cached ecjpake parameters")); kkpp_len = ssl->handshake->ecjpake_cache_len; - MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p + 2, end, kkpp_len); - memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); + memcpy(p + 2, ssl->handshake->ecjpake_cache, kkpp_len); } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + *p++ = (unsigned char)((kkpp_len >> 8) & 0xFF); + *p++ = (unsigned char)((kkpp_len) & 0xFF); *olen = kkpp_len + 4; - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_cid_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t ext_len; @@ -498,55 +475,53 @@ static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, */ *olen = 0; - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) - { - return( 0 ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding CID extension")); /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX * which is at most 255, so the increment cannot overflow. */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, (unsigned)(ssl->own_cid_len + 5)); /* Add extension ID + size */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_CID >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_CID) & 0xFF); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + *p++ = (unsigned char)((ext_len >> 8) & 0xFF); + *p++ = (unsigned char)((ext_len) & 0xFF); *p++ = (uint8_t) ssl->own_cid_len; - memcpy( p, ssl->own_cid, ssl->own_cid_len ); + memcpy(p, ssl->own_cid, ssl->own_cid_len); *olen = ssl->own_cid_len + 5; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) - return( 0 ); + if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding max_fragment_length extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 5); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) - & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8) + & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH) + & 0xFF); *p++ = 0x00; *p++ = 1; @@ -555,170 +530,165 @@ static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, *olen = 5; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_truncated_hmac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - return( 0 ); + if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding truncated_hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding truncated_hmac extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_TRUNCATED_HMAC) & 0xFF); *p++ = 0x00; *p++ = 0x00; *olen = 4; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - return( 0 ); + if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || + ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding encrypt_then_mac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding encrypt_then_mac extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC) & 0xFF); *p++ = 0x00; *p++ = 0x00; *olen = 4; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; *olen = 0; - if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - return( 0 ); + if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding extended_master_secret extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding extended_master_secret extension")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) - & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) - & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8) + & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET) + & 0xFF); *p++ = 0x00; *p++ = 0x00; *olen = 4; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t tlen = ssl->session_negotiate->ticket_len; *olen = 0; - if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) - return( 0 ); + if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, adding session ticket extension")); /* The addition is safe here since the ticket length is 16 bit. */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + tlen); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SESSION_TICKET >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SESSION_TICKET) & 0xFF); - *p++ = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( tlen ) & 0xFF ); + *p++ = (unsigned char)((tlen >> 8) & 0xFF); + *p++ = (unsigned char)((tlen) & 0xFF); *olen = 4; - if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) - return( 0 ); + if (ssl->session_negotiate->ticket == NULL || tlen == 0) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen)); - memcpy( p, ssl->session_negotiate->ticket, tlen ); + memcpy(p, ssl->session_negotiate->ticket, tlen); *olen += tlen; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) -static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t alpnlen = 0; const char **cur; *olen = 0; - if( ssl->conf->alpn_list == NULL ) - return( 0 ); + if (ssl->conf->alpn_list == NULL) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding alpn extension")); - for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - alpnlen += strlen( *cur ) + 1; + for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) + alpnlen += strlen(*cur) + 1; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 6 + alpnlen); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ALPN >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ALPN) & 0xFF); /* * opaque ProtocolName<1..2^8-1>; @@ -731,48 +701,45 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Skip writing extension and list length for now */ p += 4; - for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - { + for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { /* * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of * protocol names is less than 255. */ - *p = (unsigned char)strlen( *cur ); - memcpy( p + 1, *cur, *p ); + *p = (unsigned char)strlen(*cur); + memcpy(p + 1, *cur, *p); p += 1 + *p; } *olen = p - buf; /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */ - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + buf[4] = (unsigned char)(((*olen - 6) >> 8) & 0xFF); + buf[5] = (unsigned char)(((*olen - 6)) & 0xFF); /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + buf[2] = (unsigned char)(((*olen - 4) >> 8) & 0xFF); + buf[3] = (unsigned char)(((*olen - 4)) & 0xFF); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - const unsigned char *end, - size_t *olen ) -{ +static int ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen) { unsigned char *p = buf; size_t protection_profiles_index = 0, ext_len = 0; uint16_t mki_len = 0, profile_value = 0; *olen = 0; - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) - { - return( 0 ); + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0)) { + return (0); } /* RFC 5764 section 4.1.1 @@ -784,30 +751,29 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * } UseSRTPData; * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { mki_len = ssl->dtls_srtp_info.mki_len; } /* Extension length = 2 bytes for profiles length, * ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ), * 1 byte for srtp_mki vector length and the mki_len value */ - ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len; + ext_len = 2 + 2 * (ssl->conf->dtls_srtp_profile_list_len) + 1 + mki_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, adding use_srtp extension")); /* Check there is room in the buffer for the extension + 4 bytes * - the extension tag (2 bytes) * - the extension length (2 bytes) */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, ext_len + 4); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_USE_SRTP >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_USE_SRTP) & 0xFF); - *p++ = (unsigned char)( ( ( ext_len & 0xFF00 ) >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ext_len & 0xFF ); + *p++ = (unsigned char)(((ext_len & 0xFF00) >> 8) & 0xFF); + *p++ = (unsigned char)(ext_len & 0xFF); /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */ /* micro-optimization: @@ -818,48 +784,43 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * >> 8 ) & 0xFF ); */ *p++ = 0; - *p++ = (unsigned char)( ( 2 * ssl->conf->dtls_srtp_profile_list_len ) - & 0xFF ); + *p++ = (unsigned char)((2 * ssl->conf->dtls_srtp_profile_list_len) + & 0xFF); - for( protection_profiles_index=0; - protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; - protection_profiles_index++ ) - { + for (protection_profiles_index = 0; + protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len; + protection_profiles_index++) { profile_value = mbedtls_ssl_check_srtp_profile_value - ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ); - if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x", - profile_value ) ); - *p++ = ( ( profile_value >> 8 ) & 0xFF ); - *p++ = ( profile_value & 0xFF ); - } - else - { + (ssl->conf->dtls_srtp_profile_list[protection_profiles_index]); + if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_write_use_srtp_ext, add profile: %04x", + profile_value)); + *p++ = ((profile_value >> 8) & 0xFF); + *p++ = (profile_value & 0xFF); + } else { /* * Note: we shall never arrive here as protection profiles * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function */ - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, " - "illegal DTLS-SRTP protection profile %d", - ssl->conf->dtls_srtp_profile_list[protection_profiles_index] - ) ); - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, " + "illegal DTLS-SRTP protection profile %d", + ssl->conf->dtls_srtp_profile_list[protection_profiles_index] + )); + return (MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED); } } *p++ = mki_len & 0xFF; - if( mki_len != 0 ) - { - memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len ); + if (mki_len != 0) { + memcpy(p, ssl->dtls_srtp_info.mki_value, mki_len); /* * Increment p to point to the current position. */ p += mki_len; - MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "sending mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } /* @@ -872,15 +833,14 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, */ *olen = p - buf; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* * Generate random bytes for ClientHello */ -static int ssl_generate_random( mbedtls_ssl_context *ssl ) -{ +static int ssl_generate_random(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = ssl->handshake->randbytes; #if defined(MBEDTLS_HAVE_TIME) @@ -891,33 +851,32 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->verify_cookie != NULL ) - { - return( 0 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->verify_cookie != NULL) { + return (0); } #endif #if defined(MBEDTLS_HAVE_TIME) - t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + t = mbedtls_time(NULL); + *p++ = (unsigned char)(t >> 24); + *p++ = (unsigned char)(t >> 16); + *p++ = (unsigned char)(t >> 8); + *p++ = (unsigned char)(t); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) t ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t)); #else - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) + return (ret); p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) + return (ret); - return( 0 ); + return (0); } /** @@ -931,50 +890,47 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * \return 0 if valid, else 1 */ static int ssl_validate_ciphersuite( - const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl, - int min_minor_ver, int max_minor_ver ) -{ + const mbedtls_ssl_ciphersuite_t *suite_info, + const mbedtls_ssl_context *ssl, + int min_minor_ver, int max_minor_ver) { (void) ssl; - if( suite_info == NULL ) - return( 1 ); + if (suite_info == NULL) + return (1); - if( suite_info->min_minor_ver > max_minor_ver || - suite_info->max_minor_ver < min_minor_ver ) - return( 1 ); + if (suite_info->min_minor_ver > max_minor_ver || + suite_info->max_minor_ver < min_minor_ver) + return (1); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) - return( 1 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS)) + return (1); #endif #if defined(MBEDTLS_ARC4_C) - if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && - suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - return( 1 ); + if (ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && + suite_info->cipher == MBEDTLS_CIPHER_ARC4_128) + return (1); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return( 1 ); + if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) + return (1); #endif /* Don't suggest PSK-based ciphersuite if no PSK is available. */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) && - ssl_conf_has_static_psk( ssl->conf ) == 0 ) - { - return( 1 ); + if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && + ssl_conf_has_static_psk(ssl->conf) == 0) { + return (1); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ - return( 0 ); + return (0); } -static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_client_hello(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, olen, ext_len = 0; @@ -990,27 +946,25 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) int uses_ec = 0; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client hello")); - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); - return( MBEDTLS_ERR_SSL_NO_RNG ); + if (ssl->conf->f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); + return (MBEDTLS_ERR_SSL_NO_RNG); } #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) #endif { ssl->major_ver = ssl->conf->min_major_ver; ssl->minor_ver = ssl->conf->min_minor_ver; } - if( ssl->conf->max_major_ver == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->max_major_ver == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("configured max major version is invalid, consider using mbedtls_ssl_config_defaults()")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } buf = ssl->out_msg; @@ -1024,7 +978,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * Use static upper bounds instead of the actual values * to allow the compiler to optimize this away. */ - MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 ); + MBEDTLS_SSL_CHK_BUF_PTR(buf, end, 38 + 1 + 32); /* * The 38 first bytes of the ClientHello: @@ -1040,22 +994,21 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) */ p = buf + 4; - mbedtls_ssl_write_version( ssl->conf->max_major_ver, - ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version(ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", - buf[4], buf[5] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, max version: [%d:%d]", + buf[4], buf[5])); - if( ( ret = ssl_generate_random( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret ); - return( ret ); + if ((ret = ssl_generate_random(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_generate_random", ret); + return (ret); } - memcpy( p, ssl->handshake->randbytes, 32 ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 ); + memcpy(p, ssl->handshake->randbytes, 32); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", p, 32); p += 32; /* @@ -1072,12 +1025,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) */ n = ssl->session_negotiate->id_len; - if( n < 16 || n > 32 || + if (n < 16 || n > 32 || #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || + ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || #endif - ssl->handshake->resume == 0 ) - { + ssl->handshake->resume == 0) { n = 0; } @@ -1087,17 +1039,16 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * generate and include a Session ID in the TLS ClientHello." */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) #endif { - if( ssl->session_negotiate->ticket != NULL && - ssl->session_negotiate->ticket_len != 0 ) - { - ret = ssl->conf->f_rng( ssl->conf->p_rng, - ssl->session_negotiate->id, 32 ); + if (ssl->session_negotiate->ticket != NULL && + ssl->session_negotiate->ticket_len != 0) { + ret = ssl->conf->f_rng(ssl->conf->p_rng, + ssl->session_negotiate->id, 32); - if( ret != 0 ) - return( ret ); + if (ret != 0) + return (ret); ssl->session_negotiate->id_len = n = 32; } @@ -1112,11 +1063,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) */ *p++ = (unsigned char) n; - for( i = 0; i < n; i++ ) + for (i = 0; i < n; i++) *p++ = ssl->session_negotiate->id[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 39, n); /* * With 'n' being the length of the session identifier @@ -1135,27 +1086,23 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * DTLS cookie */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 1); - if( ssl->handshake->verify_cookie == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); + if (ssl->handshake->verify_cookie == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("no verify cookie to send")); *p++ = 0; - } - else - { - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", - ssl->handshake->verify_cookie, - ssl->handshake->verify_cookie_len ); + } else { + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", + ssl->handshake->verify_cookie, + ssl->handshake->verify_cookie_len); *p++ = ssl->handshake->verify_cookie_len; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, - ssl->handshake->verify_cookie_len ); - memcpy( p, ssl->handshake->verify_cookie, - ssl->handshake->verify_cookie_len ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, + ssl->handshake->verify_cookie_len); + memcpy(p, ssl->handshake->verify_cookie, + ssl->handshake->verify_cookie_len); p += ssl->handshake->verify_cookie_len; } } @@ -1170,65 +1117,63 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) n = 0; q = p; - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); p += 2; - for( i = 0; ciphersuites[i] != 0; i++ ) - { - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] ); + for (i = 0; ciphersuites[i] != 0; i++) { + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuites[i]); - if( ssl_validate_ciphersuite( ciphersuite_info, ssl, - ssl->conf->min_minor_ver, - ssl->conf->max_minor_ver ) != 0 ) + if (ssl_validate_ciphersuite(ciphersuite_info, ssl, + ssl->conf->min_minor_ver, + ssl->conf->max_minor_ver) != 0) continue; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)", - (unsigned int)ciphersuites[i], ciphersuite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, add ciphersuite: %#04x (%s)", + (unsigned int)ciphersuites[i], ciphersuite_info->name)); #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info ); + uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); #endif - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); n++; - *p++ = (unsigned char)( ciphersuites[i] >> 8 ); - *p++ = (unsigned char)( ciphersuites[i] ); + *p++ = (unsigned char)(ciphersuites[i] >> 8); + *p++ = (unsigned char)(ciphersuites[i]); } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n)); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) #endif { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); + MBEDTLS_SSL_DEBUG_MSG(3, ("adding EMPTY_RENEGOTIATION_INFO_SCSV")); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); + *p++ = (unsigned char)(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8); + *p++ = (unsigned char)(MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO); n++; } /* Some versions of OpenSSL don't handle it correctly if not at end */ #if defined(MBEDTLS_SSL_FALLBACK_SCSV) - if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); + if (ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK) { + MBEDTLS_SSL_DEBUG_MSG(3, ("adding FALLBACK_SCSV")); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); - *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); + *p++ = (unsigned char)(MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8); + *p++ = (unsigned char)(MBEDTLS_SSL_FALLBACK_SCSV_VALUE); n++; } #endif - *q++ = (unsigned char)( n >> 7 ); - *q++ = (unsigned char)( n << 1 ); + *q++ = (unsigned char)(n >> 7); + *q++ = (unsigned char)(n << 1); #if defined(MBEDTLS_ZLIB_SUPPORT) offer_compress = 1; @@ -1243,43 +1188,39 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * an actual need for it. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) offer_compress = 0; #endif - if( offer_compress ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d", - MBEDTLS_SSL_COMPRESS_DEFLATE, - MBEDTLS_SSL_COMPRESS_NULL ) ); + if (offer_compress) { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress len.: %d", 2)); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress alg.: %d %d", + MBEDTLS_SSL_COMPRESS_DEFLATE, + MBEDTLS_SSL_COMPRESS_NULL)); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 3); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; *p++ = MBEDTLS_SSL_COMPRESS_NULL; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", - MBEDTLS_SSL_COMPRESS_NULL ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress len.: %d", 1)); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, compress alg.: %d", + MBEDTLS_SSL_COMPRESS_NULL)); - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); *p++ = 1; *p++ = MBEDTLS_SSL_COMPRESS_NULL; } /* First write extensions, then the total length */ - MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + MBEDTLS_SSL_CHK_BUF_PTR(p, end, 2); #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); - return( ret ); + if ((ret = ssl_write_hostname_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_hostname_ext", ret); + return (ret); } ext_len += olen; #endif @@ -1287,133 +1228,119 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret ); - return( ret ); + if ((ret = ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_renegotiation_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret ); - return( ret ); + if ((ret = ssl_write_signature_algorithms_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_signature_algorithms_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( uses_ec ) - { - if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret ); - return( ret ); + if (uses_ec) { + if ((ret = ssl_write_supported_elliptic_curves_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_elliptic_curves_ext", ret); + return (ret); } ext_len += olen; - if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret ); - return( ret ); + if ((ret = ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_supported_point_formats_ext", ret); + return (ret); } ext_len += olen; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); - return( ret ); + if ((ret = ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_ecjpake_kkpp_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret ); - return( ret ); + if ((ret = ssl_write_cid_ext(ssl, p + 2 + ext_len, end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_cid_ext", ret); + return (ret); } ext_len += olen; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret ); - return( ret ); + if ((ret = ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_max_fragment_length_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); - return( ret ); + if ((ret = ssl_write_truncated_hmac_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_truncated_hmac_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret ); - return( ret ); + if ((ret = ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_encrypt_then_mac_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret ); - return( ret ); + if ((ret = ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_extended_ms_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret ); - return( ret ); + if ((ret = ssl_write_alpn_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_alpn_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret ); - return( ret ); + if ((ret = ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_use_srtp_ext", ret); + return (ret); } ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, - end, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret ); - return( ret ); + if ((ret = ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, + end, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_session_ticket_ext", ret); + return (ret); } ext_len += olen; #endif @@ -1421,15 +1348,14 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* olen unused if all extensions are disabled */ ((void) olen); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len)); - if( ext_len > 0 ) - { + if (ext_len > 0) { /* No need to check for space here, because the extension * writing functions already took care of that. */ - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + *p++ = (unsigned char)((ext_len >> 8) & 0xFF); + *p++ = (unsigned char)((ext_len) & 0xFF); p += ext_len; } @@ -1440,353 +1366,322 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + mbedtls_ssl_send_flight_completed(ssl); #endif - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client hello")); - return( 0 ); + return (0); } -static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { /* Check verify-data in constant-time. The length OTOH is no secret */ - if( len != 1 + ssl->verify_data_len * 2 || - buf[0] != ssl->verify_data_len * 2 || - mbedtls_ssl_safer_memcmp( buf + 1, - ssl->own_verify_data, ssl->verify_data_len ) != 0 || - mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len, - ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); + if (len != 1 + ssl->verify_data_len * 2 || + buf[0] != ssl->verify_data_len * 2 || + mbedtls_ssl_safer_memcmp(buf + 1, + ssl->own_verify_data, ssl->verify_data_len) != 0 || + mbedtls_ssl_safer_memcmp(buf + 1 + ssl->verify_data_len, + ssl->peer_verify_data, ssl->verify_data_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { - if( len != 1 || buf[0] != 0x00 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-zero length renegotiation info" ) ); + if (len != 1 || buf[0] != 0x00) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-zero length renegotiation info")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; } - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { /* * server should use the extension only if we did, * and if so the server's value should match ours (and len is always 1) */ - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || - len != 1 || - buf[0] != ssl->conf->mfl_code ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching max fragment length extension" ) ); + if (ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE || + len != 1 || + buf[0] != ssl->conf->mfl_code) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching max fragment length extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching truncated HMAC extension" ) ); +static int ssl_parse_truncated_hmac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching truncated HMAC extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ((void) buf); ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t peer_cid_len; - if( /* CID extension only makes sense in DTLS */ + if (/* CID extension only makes sense in DTLS */ ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || /* The server must only send the CID extension if we have offered it. */ - ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension unexpected")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - if( len == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } peer_cid_len = *buf++; len--; - if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - if( len != peer_cid_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len != peer_cid_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("CID extension invalid")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); + MBEDTLS_SSL_DEBUG_BUF(3, "Server CID", buf, peer_cid_len); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching encrypt-then-MAC extension" ) ); +static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching encrypt-then-MAC extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ((void) buf); ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching extended master secret extension" ) ); +static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching extended master secret extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ((void) buf); ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || - len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-matching session ticket extension" ) ); +static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || + len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-matching session ticket extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ((void) buf); ssl->handshake->new_session_ticket = 1; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t list_size; const unsigned char *p; - if( len == 0 || (size_t)( buf[0] + 1 ) != len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len == 0 || (size_t)(buf[0] + 1) != len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } list_size = buf[0]; p = buf + 1; - while( list_size > 0 ) - { - if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED ) - { + while (list_size > 0) { + if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || + p[0] == MBEDTLS_ECP_PF_COMPRESSED) { #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ssl->handshake->ecjpake_ctx.point_format = p[0]; #endif - MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); + return (0); } list_size--; p++; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_DEBUG_MSG(1, ("no point format in common")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); - return( 0 ); + if (ssl->handshake->ciphersuite_info->key_exchange != + MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); + return (0); } /* If we got here, we no longer need our cached extension */ - mbedtls_free( ssl->handshake->ecjpake_cache ); + mbedtls_free(ssl->handshake->ecjpake_cache); ssl->handshake->ecjpake_cache = NULL; ssl->handshake->ecjpake_cache_len = 0; - if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, - buf, len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); + if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, + buf, len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) -static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ +static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { size_t list_len, name_len; const char **p; /* If we didn't send it, the server shouldn't send it */ - if( ssl->conf->alpn_list == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) ); + if (ssl->conf->alpn_list == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching ALPN extension")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } /* @@ -1800,61 +1695,55 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, */ /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if( len < 4 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len < 4) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - list_len = ( buf[0] << 8 ) | buf[1]; - if( list_len != len - 2 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + list_len = (buf[0] << 8) | buf[1]; + if (list_len != len - 2) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } name_len = buf[2]; - if( name_len != list_len - 1 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (name_len != list_len - 1) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } /* Check that the server chosen protocol was in our list and save it */ - for( p = ssl->conf->alpn_list; *p != NULL; p++ ) - { - if( name_len == strlen( *p ) && - memcmp( buf + 3, *p, name_len ) == 0 ) - { + for (p = ssl->conf->alpn_list; *p != NULL; p++) { + if (name_len == strlen(*p) && + memcmp(buf + 3, *p, name_len) == 0) { ssl->alpn_chosen = *p; - return( 0 ); + return (0); } } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_DEBUG_MSG(1, ("ALPN extension: no matching protocol")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET; size_t i, mki_len = 0; uint16_t server_protection_profile_value = 0; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) - return( 0 ); + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0)) + return (0); /* RFC 5764 section 4.1.1 * uint8 SRTPProtectionProfile[2]; @@ -1867,8 +1756,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; * */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { mki_len = ssl->dtls_srtp_info.mki_len; } @@ -1878,8 +1766,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * + mki_len(1 byte) * and optional srtp_mki */ - if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if ((len < 5) || (len != (buf[4] + 5u))) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); /* * get the server protection profile @@ -1889,17 +1777,16 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * protection profile length must be 0x0002 as we must have only * one protection profile in server Hello */ - if( ( buf[0] != 0 ) || ( buf[1] != 2 ) ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if ((buf[0] != 0) || (buf[1] != 2)) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); - server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; + server_protection_profile_value = (buf[2] << 8) | buf[3]; server_protection = mbedtls_ssl_check_srtp_profile_value( - server_protection_profile_value ); - if( server_protection != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - server_protection ) ) ); + server_protection_profile_value); + if (server_protection != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + server_protection))); } ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; @@ -1907,30 +1794,26 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, /* * Check we have the server profile in our list */ - for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++) - { - if( server_protection == ssl->conf->dtls_srtp_profile_list[i] ) - { + for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { + if (server_protection == ssl->conf->dtls_srtp_profile_list[i]) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", + MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", mbedtls_ssl_get_srtp_profile_as_string( - server_protection ) ) ); + server_protection))); break; } } /* If no match was found : server problem, it shall never answer with incompatible profile */ - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } /* If server does not use mki in its reply, make sure the client won't keep * one as negotiated */ - if( len == 5 ) - { + if (len == 5) { ssl->dtls_srtp_info.mki_len = 0; } @@ -1940,21 +1823,19 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * that is different than the one the client offered, then the client * MUST abort the handshake and SHOULD send an invalid_parameter alert. */ - if( len > 5 && ( buf[4] != mki_len || - ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (len > 5 && (buf[4] != mki_len || + (memcmp(ssl->dtls_srtp_info.mki_value, &buf[5], mki_len)))) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } #if defined (MBEDTLS_DEBUG_C) - if( len > 5 ) - { - MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + if (len > 5) { + MBEDTLS_SSL_DEBUG_BUF(3, "received mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } #endif - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -1962,25 +1843,23 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Parse HelloVerifyRequest. Only called after verifying the HS type. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) -static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) -{ - const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); +static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) { + const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); int major_ver, minor_ver; unsigned char cookie_len; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse hello verify request")); /* Check that there is enough room for: * - 2 bytes of version * - 1 byte of cookie_len */ - if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "incoming HelloVerifyRequest message is too short" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (mbedtls_ssl_hs_hdr_len(ssl) + 3 > ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("incoming HelloVerifyRequest message is too short")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } /* @@ -1989,64 +1868,60 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) * opaque cookie<0..2^8-1>; * } HelloVerifyRequest; */ - MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); - mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p ); + MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); + mbedtls_ssl_read_version(&major_ver, &minor_ver, ssl->conf->transport, p); p += 2; /* * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1) * even is lower than our min version. */ - if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || - minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || - major_ver > ssl->conf->max_major_ver || - minor_ver > ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) ); + if (major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || + minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 || + major_ver > ssl->conf->max_major_ver || + minor_ver > ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server version")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return (MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION); } cookie_len = *p++; - if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "cookie length does not match incoming message size" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if ((ssl->in_msg + ssl->in_msglen) - p < cookie_len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("cookie length does not match incoming message size")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "cookie", p, cookie_len); - mbedtls_free( ssl->handshake->verify_cookie ); + mbedtls_free(ssl->handshake->verify_cookie); - ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len ); - if( ssl->handshake->verify_cookie == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + ssl->handshake->verify_cookie = mbedtls_calloc(1, cookie_len); + if (ssl->handshake->verify_cookie == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc failed (%d bytes)", cookie_len)); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } - memcpy( ssl->handshake->verify_cookie, p, cookie_len ); + memcpy(ssl->handshake->verify_cookie, p, cookie_len); ssl->handshake->verify_cookie_len = cookie_len; /* Start over at ClientHello */ ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - mbedtls_ssl_reset_checksum( ssl ); + mbedtls_ssl_reset_checksum(ssl); - mbedtls_ssl_recv_flight_completed( ssl ); + mbedtls_ssl_recv_flight_completed(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse hello verify request")); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) { int ret, i; size_t n; size_t ext_len; @@ -2061,74 +1936,65 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) int handshake_failure = 0; const mbedtls_ssl_ciphersuite_t *suite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } buf = ssl->in_msg; - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { ssl->renego_records_seen++; - if( ssl->conf->renego_max_records >= 0 && - ssl->renego_records_seen > ssl->conf->renego_max_records ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "renegotiation requested, but not honored by server" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->conf->renego_max_records >= 0 && + ssl->renego_records_seen > ssl->conf->renego_max_records) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("renegotiation requested, but not honored by server")); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "non-handshake message during renegotiation" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, + ("non-handshake message during renegotiation")); ssl->keep_current_message = 1; - return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); + return (MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); - return( ssl_parse_hello_verify_request( ssl ) ); - } - else - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received hello verify request")); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); + return (ssl_parse_hello_verify_request(ssl)); + } else { /* We made it through the verification process */ - mbedtls_free( ssl->handshake->verify_cookie ); + mbedtls_free(ssl->handshake->verify_cookie); ssl->handshake->verify_cookie = NULL; ssl->handshake->verify_cookie_len = 0; } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) || - buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len(ssl) || + buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } /* @@ -2142,81 +2008,73 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * 38+n . 39+n extensions length (optional) * 40+n . .. extensions */ - buf += mbedtls_ssl_hs_hdr_len( ssl ); + buf += mbedtls_ssl_hs_hdr_len(ssl); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 ); - mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, - ssl->conf->transport, buf + 0 ); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, version", buf + 0, 2); + mbedtls_ssl_read_version(&ssl->major_ver, &ssl->minor_ver, + ssl->conf->transport, buf + 0); - if( ssl->major_ver < ssl->conf->min_major_ver || - ssl->minor_ver < ssl->conf->min_minor_ver || - ssl->major_ver > ssl->conf->max_major_ver || - ssl->minor_ver > ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", - ssl->conf->min_major_ver, - ssl->conf->min_minor_ver, - ssl->major_ver, ssl->minor_ver, - ssl->conf->max_major_ver, - ssl->conf->max_minor_ver ) ); + if (ssl->major_ver < ssl->conf->min_major_ver || + ssl->minor_ver < ssl->conf->min_minor_ver || + ssl->major_ver > ssl->conf->max_major_ver || + ssl->minor_ver > ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", + ssl->conf->min_major_ver, + ssl->conf->min_minor_ver, + ssl->major_ver, ssl->minor_ver, + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver)); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return (MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", - ( (unsigned long) buf[2] << 24 ) | - ( (unsigned long) buf[3] << 16 ) | - ( (unsigned long) buf[4] << 8 ) | - ( (unsigned long) buf[5] ) ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %lu", + ((unsigned long) buf[2] << 24) | + ((unsigned long) buf[3] << 16) | + ((unsigned long) buf[4] << 8) | + ((unsigned long) buf[5]))); - memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); + memcpy(ssl->handshake->randbytes + 32, buf + 2, 32); n = buf[34]; - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 2, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 2, 32); - if( n > 32 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (n > 32) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) - { - ext_len = ( ( buf[38 + n] << 8 ) - | ( buf[39 + n] ) ); + if (ssl->in_hslen > mbedtls_ssl_hs_hdr_len(ssl) + 39 + n) { + ext_len = ((buf[38 + n] << 8) + | (buf[39 + n])); - if( ( ext_len > 0 && ext_len < 4 ) || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + if ((ext_len > 0 && ext_len < 4) || + ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 40 + n + ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - } - else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n ) - { + } else if (ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl) + 38 + n) { ext_len = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } /* ciphersuite (used later) */ - i = ( buf[35 + n] << 8 ) | buf[36 + n]; + i = (buf[35 + n] << 8) | buf[36 + n]; /* * Read and check compression @@ -2226,389 +2084,358 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ZLIB_SUPPORT) /* See comments in ssl_write_client_hello() */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) accept_comp = 0; else #endif accept_comp = 1; - if( comp != MBEDTLS_SSL_COMPRESS_NULL && - ( comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0 ) ) + if (comp != MBEDTLS_SSL_COMPRESS_NULL && + (comp != MBEDTLS_SSL_COMPRESS_DEFLATE || accept_comp == 0)) #else /* MBEDTLS_ZLIB_SUPPORT */ - if( comp != MBEDTLS_SSL_COMPRESS_NULL ) + if (comp != MBEDTLS_SSL_COMPRESS_NULL) #endif/* MBEDTLS_ZLIB_SUPPORT */ { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server hello, bad compression: %d", comp ) ); + MBEDTLS_SSL_DEBUG_MSG(1, + ("server hello, bad compression: %d", comp)); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } /* * Initialize update checksum functions */ - ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); - if( ssl->handshake->ciphersuite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "ciphersuite info for %04x not found", (unsigned int)i ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(i); + if (ssl->handshake->ciphersuite_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("ciphersuite info for %04x not found", (unsigned int)i)); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info ); + mbedtls_ssl_optimize_checksum(ssl, ssl->handshake->ciphersuite_info); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 35, n); /* * Check if the session can be resumed */ - if( ssl->handshake->resume == 0 || n == 0 || + if (ssl->handshake->resume == 0 || n == 0 || #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || + ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE || #endif - ssl->session_negotiate->ciphersuite != i || - ssl->session_negotiate->compression != comp || - ssl->session_negotiate->id_len != n || - memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 ) - { + ssl->session_negotiate->ciphersuite != i || + ssl->session_negotiate->compression != comp || + ssl->session_negotiate->id_len != n || + memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) { ssl->state++; ssl->handshake->resume = 0; #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time( NULL ); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif ssl->session_negotiate->ciphersuite = i; ssl->session_negotiate->compression = comp; ssl->session_negotiate->id_len = n; - memcpy( ssl->session_negotiate->id, buf + 35, n ); - } - else - { + memcpy(ssl->session_negotiate->id, buf + 35, n); + } else { ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return (ret); } } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", - ssl->handshake->resume ? "a" : "no" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", + ssl->handshake->resume ? "a" : "no")); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", - buf[37 + n] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %04x", (unsigned) i)); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: %d", + buf[37 + n])); /* * Perform cipher suite validation in same way as in ssl_write_client_hello. */ i = 0; - while( 1 ) - { - if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + while (1) { + if (ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == - ssl->session_negotiate->ciphersuite ) - { + if (ssl->conf->ciphersuite_list[ssl->minor_ver][i++] == + ssl->session_negotiate->ciphersuite) { break; } } suite_info = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, - ssl->minor_ver ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + ssl->session_negotiate->ciphersuite); + if (ssl_validate_ciphersuite(suite_info, ssl, ssl->minor_ver, + ssl->minor_ver) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(3, + ("server hello, chosen ciphersuite: %s", suite_info->name)); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { ssl->handshake->ecrs_enabled = 1; } #endif - if( comp != MBEDTLS_SSL_COMPRESS_NULL + if (comp != MBEDTLS_SSL_COMPRESS_NULL #if defined(MBEDTLS_ZLIB_SUPPORT) - && comp != MBEDTLS_SSL_COMPRESS_DEFLATE + && comp != MBEDTLS_SSL_COMPRESS_DEFLATE #endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + ) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } ssl->session_negotiate->compression = comp; ext = buf + 40 + n; - MBEDTLS_SSL_DEBUG_MSG( 2, - ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG(2, + ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len)); - while( ext_len ) - { - unsigned int ext_id = ( ( ext[0] << 8 ) - | ( ext[1] ) ); - unsigned int ext_size = ( ( ext[2] << 8 ) - | ( ext[3] ) ); + while (ext_len) { + unsigned int ext_id = ((ext[0] << 8) + | (ext[1])); + unsigned int ext_size = ((ext[2] << 8) + | (ext[3])); - if( ext_size + 4 > ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); + if (ext_size + 4 > ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - switch( ext_id ) - { - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + switch (ext_id) { + case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: + MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; + renegotiation_info_seen = 1; #endif - if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4, - ext_size ) ) != 0 ) - return( ret ); + if ((ret = ssl_parse_renegotiation_info(ssl, ext + 4, + ext_size)) != 0) + return (ret); - break; + break; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "found max_fragment_length extension" ) ); + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + MBEDTLS_SSL_DEBUG_MSG(3, + ("found max_fragment_length extension")); - if( ( ret = ssl_parse_max_fragment_length_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_max_fragment_length_ext(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) ); + case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("found truncated_hmac extension")); - if( ( ret = ssl_parse_truncated_hmac_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_truncated_hmac_ext(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - if( ( ret = ssl_parse_cid_ext( ssl, - ext + 4, - ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_cid_ext(ssl, + ext + 4, + ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) ); + case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt_then_mac extension")); - if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_encrypt_then_mac_ext(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "found extended_master_secret extension" ) ); + case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: + MBEDTLS_SSL_DEBUG_MSG(3, + ("found extended_master_secret extension")); - if( ( ret = ssl_parse_extended_ms_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_extended_ms_ext(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) ); + case MBEDTLS_TLS_EXT_SESSION_TICKET: + MBEDTLS_SSL_DEBUG_MSG(3, ("found session_ticket extension")); - if( ( ret = ssl_parse_session_ticket_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_session_ticket_ext(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "found supported_point_formats extension" ) ); + case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: + MBEDTLS_SSL_DEBUG_MSG(3, + ("found supported_point_formats extension")); - if( ( ret = ssl_parse_supported_point_formats_ext( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_supported_point_formats_ext(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) ); + case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: + MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake_kkpp extension")); - if( ( ret = ssl_parse_ecjpake_kkpp( ssl, - ext + 4, ext_size ) ) != 0 ) - { - return( ret ); - } + if ((ret = ssl_parse_ecjpake_kkpp(ssl, + ext + 4, ext_size)) != 0) { + return (ret); + } - break; + break; #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + case MBEDTLS_TLS_EXT_ALPN: + MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); + if ((ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size)) != 0) + return (ret); - break; + break; #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 ) - return( ret ); + if ((ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size)) != 0) + return (ret); - break; + break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown extension found: %u (ignoring)", ext_id ) ); + default: + MBEDTLS_SSL_DEBUG_MSG(3, + ("unknown extension found: %u (ignoring)", ext_id)); } ext_len -= 4 + ext_size; ext += 4 + ext_size; - if( ext_len > 0 && ext_len < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + if (ext_len > 0 && ext_len < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } } /* * Renegotiation security checks */ - if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "legacy renegotiation, breaking off handshake" ) ); + if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("legacy renegotiation, breaking off handshake")); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "renegotiation_info extension missing (secure)" ) ); + renegotiation_info_seen == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("renegotiation_info extension missing (secure)")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "renegotiation_info extension present (legacy)" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + renegotiation_info_seen == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("renegotiation_info extension present (legacy)")); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - if( handshake_failure == 1 ) - { + if (handshake_failure == 1) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello")); - return( 0 ); + return (0); } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) -{ +static int ssl_parse_server_dh_params(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; /* @@ -2620,26 +2447,24 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, - p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret ); - return( ret ); + if ((ret = mbedtls_dhm_read_params(&ssl->handshake->dhm_ctx, + p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(2, ("mbedtls_dhm_read_params"), ret); + return (ret); } - if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", - ssl->handshake->dhm_ctx.len * 8, - ssl->conf->dhm_min_bitlen ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", + ssl->handshake->dhm_ctx.len * 8, + ssl->conf->dhm_min_bitlen)); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -2649,8 +2474,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) -{ +static int ssl_check_server_ecdh_params(const mbedtls_ssl_context *ssl) { const mbedtls_ecp_curve_info *curve_info; mbedtls_ecp_group_id grp_id; #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) @@ -2659,27 +2483,26 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) grp_id = ssl->handshake->ecdh_ctx.grp_id; #endif - curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id ); - if( curve_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); + if (curve_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDH curve: %s", curve_info->name)); #if defined(MBEDTLS_ECP_C) - if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 ) + if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) #else - if( ssl->handshake->ecdh_ctx.grp.nbits < 163 || - ssl->handshake->ecdh_ctx.grp.nbits > 521 ) + if (ssl->handshake->ecdh_ctx.grp.nbits < 163 || + ssl->handshake->ecdh_ctx.grp.nbits > 521) #endif - return( -1 ); + return (-1); - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP); - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || @@ -2690,10 +2513,9 @@ static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) -static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) -{ +static int ssl_parse_server_ecdh_params_psa(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { uint16_t tls_id; size_t ecdh_bits = 0; uint8_t ecpoint_len; @@ -2703,12 +2525,12 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, * Parse ECC group */ - if( end - *p < 4 ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (end - *p < 4) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); /* First byte is curve_type; only named_curve is handled */ - if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (*(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); /* Next two bytes are the namedcurve value */ tls_id = *(*p)++; @@ -2716,13 +2538,12 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, tls_id |= *(*p)++; /* Convert EC group to PSA key type. */ - if( ( handshake->ecdh_psa_type = - mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) - { - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((handshake->ecdh_psa_type = + mbedtls_psa_parse_tls_ecc_group(tls_id, &ecdh_bits)) == 0) { + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - if( ecdh_bits > 0xffff ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (ecdh_bits > 0xffff) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); handshake->ecdh_bits = (uint16_t) ecdh_bits; /* @@ -2730,20 +2551,19 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, */ ecpoint_len = *(*p)++; - if( (size_t)( end - *p ) < ecpoint_len ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((size_t)(end - *p) < ecpoint_len) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); - if( mbedtls_psa_tls_ecpoint_to_psa_ec( - *p, ecpoint_len, - handshake->ecdh_psa_peerkey, - sizeof( handshake->ecdh_psa_peerkey ), - &handshake->ecdh_psa_peerkey_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_psa_tls_ecpoint_to_psa_ec( + *p, ecpoint_len, + handshake->ecdh_psa_peerkey, + sizeof(handshake->ecdh_psa_peerkey), + &handshake->ecdh_psa_peerkey_len) != 0) { + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } *p += ecpoint_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -2752,10 +2572,9 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) -static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) -{ +static int ssl_parse_server_ecdh_params(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; /* @@ -2766,35 +2585,32 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, * ECPoint public; * } ServerECDHParams; */ - if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx, - (const unsigned char **) p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret ); + if ((ret = mbedtls_ecdh_read_params(&ssl->handshake->ecdh_ctx, + (const unsigned char **) p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_read_params"), ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif - return( ret ); + return (ret); } - if( ssl_check_server_ecdh_params( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message (ECDHE curve)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (ssl_check_server_ecdh_params(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message (ECDHE curve)")); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end ) -{ +static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; uint16_t len; ((void) ssl); @@ -2804,20 +2620,18 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, * * opaque psk_identity_hint<0..2^16-1>; */ - if( end - (*p) < 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message (psk_identity_hint length)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (end - (*p) < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message (psk_identity_hint length)")); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } len = (*p)[0] << 8 | (*p)[1]; *p += 2; - if( end - (*p) < len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message (psk_identity_hint length)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (end - (*p) < len) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message (psk_identity_hint length)")); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } /* @@ -2828,7 +2642,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, *p += len; ret = 0; - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ @@ -2837,19 +2651,17 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, /* * Generate a pre-master secret and encrypt it with the server's RSA key */ -static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, - size_t offset, size_t *olen, - size_t pms_offset ) -{ +static int ssl_write_encrypted_pms(mbedtls_ssl_context *ssl, + size_t offset, size_t *olen, + size_t pms_offset) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; unsigned char *p = ssl->handshake->premaster + pms_offset; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; - if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small for encrypted pms")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); } /* @@ -2859,14 +2671,13 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, * opaque random[46]; * } PreMasterSecret; */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, - ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version(ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p); - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret ); - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p + 2, 46)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret); + return (ret); } ssl->handshake->pmslen = 48; @@ -2874,11 +2685,10 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -2886,37 +2696,34 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, /* * Now write it out, encrypted */ - if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + if (! mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_RSA)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("certificate key type mismatch")); + return (MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH); } - if( ( ret = mbedtls_pk_encrypt( peer_pk, - p, ssl->handshake->pmslen, - ssl->out_msg + offset + len_bytes, olen, - MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret ); - return( ret ); + if ((ret = mbedtls_pk_encrypt(peer_pk, + p, ssl->handshake->pmslen, + ssl->out_msg + offset + len_bytes, olen, + MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_rsa_pkcs1_encrypt", ret); + return (ret); } #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( len_bytes == 2 ) - { - ssl->out_msg[offset+0] = (unsigned char)( *olen >> 8 ); - ssl->out_msg[offset+1] = (unsigned char)( *olen ); + if (len_bytes == 2) { + ssl->out_msg[offset + 0] = (unsigned char)(*olen >> 8); + ssl->out_msg[offset + 1] = (unsigned char)(*olen); *olen += 2; } #endif #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it. */ - mbedtls_pk_free( peer_pk ); + mbedtls_pk_free(peer_pk); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ @@ -2925,64 +2732,59 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, - unsigned char **p, - unsigned char *end, - mbedtls_md_type_t *md_alg, - mbedtls_pk_type_t *pk_alg ) -{ +static int ssl_parse_signature_algorithm(mbedtls_ssl_context *ssl, + unsigned char **p, + unsigned char *end, + mbedtls_md_type_t *md_alg, + mbedtls_pk_type_t *pk_alg) { ((void) ssl); *md_alg = MBEDTLS_MD_NONE; *pk_alg = MBEDTLS_PK_NONE; /* Only in TLS 1.2 */ - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { - return( 0 ); + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { + return (0); } - if( (*p) + 2 > end ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((*p) + 2 > end) + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); /* * Get hash algorithm */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) - == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((*md_alg = mbedtls_ssl_md_alg_from_hash((*p)[0])) + == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("Server used unsupported HashAlgorithm %d", *(p)[0])); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } /* * Get signature algorithm */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) - == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if ((*pk_alg = mbedtls_ssl_pk_alg_from_sig((*p)[1])) + == MBEDTLS_PK_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("server used unsupported SignatureAlgorithm %d", (*p)[1])); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } /* * Check if the hash is acceptable */ - if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + if (mbedtls_ssl_check_sig_hash(ssl, *md_alg) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("server used HashAlgorithm %d that was not offered", *(p)[0])); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", - (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", - (*p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used SignatureAlgorithm %d", + (*p)[1])); + MBEDTLS_SSL_DEBUG_MSG(2, ("Server used HashAlgorithm %d", + (*p)[0])); *p += 2; - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || @@ -2991,72 +2793,65 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) -{ +static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ecp_keypair *peer_key; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + if (! mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); + return (MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH); } - peer_key = mbedtls_pk_ec( *peer_pk ); + peer_key = mbedtls_pk_ec(*peer_pk); - if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key, - MBEDTLS_ECDH_THEIRS ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); - return( ret ); + if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, + MBEDTLS_ECDH_THEIRS)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); + return (ret); } - if( ssl_check_server_ecdh_params( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl_check_server_ecdh_params(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive * operations like ECDHE. */ - mbedtls_pk_free( peer_pk ); + mbedtls_pk_free(peer_pk); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ -static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; unsigned char *p = NULL, *end = NULL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); ssl->state++; - return( 0 ); + return (0); } ((void) p); ((void) end); @@ -3064,22 +2859,20 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { - if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( ret ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange")); ssl->state++; - return( 0 ); + return (0); } ((void) p); ((void) end); @@ -3087,305 +2880,272 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing ) - { + if (ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) { goto start_processing; } #endif - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } /* * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server * doesn't use a psk_identity_hint */ - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE ) - { - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE) { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { /* Current message is probably either * CertificateRequest or ServerHelloDone */ ssl->keep_current_message = 1; goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "server key exchange message must not be skipped" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, + ("server key exchange message must not be skipped")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing; start_processing: #endif - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); end = ssl->in_msg + ssl->in_hslen; - MBEDTLS_SSL_DEBUG_BUF( 3, "server key exchange", p, end - p ); + MBEDTLS_SSL_DEBUG_BUF(3, "server key exchange", p, end - p); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { - if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { + if (ssl_parse_server_psk_hint(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } } /* FALLTROUGH */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) ; /* nothing more to do */ else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { - if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { + if (ssl_parse_server_dh_params(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { + if (ssl_parse_server_ecdh_params_psa(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); + } + } else #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { + if (ssl_parse_server_ecdh_params(ssl, &p, end) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, - p, end - p ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, + p, end - p); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { size_t sig_len, hashlen; unsigned char hash[64]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; - unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = p - params; void *rs_ctx = NULL; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; /* * Handle the digitally-signed structure */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - if( ssl_parse_signature_algorithm( ssl, &p, end, - &md_alg, &pk_alg ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message" ) ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + if (ssl_parse_signature_algorithm(ssl, &p, end, + &md_alg, &pk_alg) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - if( pk_alg != - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "bad server key exchange message" ) ); + if (pk_alg != + mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) - { - pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { + pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); - /* Default hash for ECDSA is SHA-1 */ - if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE ) - md_alg = MBEDTLS_MD_SHA1; - } - else + /* Default hash for ECDSA is SHA-1 */ + if (pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE) + md_alg = MBEDTLS_MD_SHA1; + } else #endif - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } /* * Read signature */ - if( p > end - 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (p > end - 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - sig_len = ( p[0] << 8 ) | p[1]; + sig_len = (p[0] << 8) | p[1]; p += 2; - if( p != end - sig_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (p != end - sig_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); } - MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "signature", p, sig_len); /* * Compute the hash that has been signed */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( md_alg == MBEDTLS_MD_NONE ) - { + if (md_alg == MBEDTLS_MD_NONE) { hashlen = 36; - ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params, - params_len ); - if( ret != 0 ) - return( ret ); - } - else + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls(ssl, hash, params, + params_len); + if (ret != 0) + return (ret); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( md_alg != MBEDTLS_MD_NONE ) - { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, - params, params_len, - md_alg ); - if( ret != 0 ) - return( ret ); - } - else + if (md_alg != MBEDTLS_MD_NONE) { + ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, + params, params_len, + md_alg); + if (ret != 0) + return (ret); + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -3393,44 +3153,42 @@ start_processing: /* * Verify signature */ - if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif - if( ( ret = mbedtls_pk_verify_restartable( peer_pk, - md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 ) - { + if ((ret = mbedtls_pk_verify_restartable(peer_pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx)) != 0) { #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) #endif mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif - return( ret ); + return (ret); } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive * operations like ECDHE. */ - mbedtls_pk_free( peer_pk ); + mbedtls_pk_free(peer_pk); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ @@ -3438,32 +3196,29 @@ start_processing: exit: ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange")); - return( 0 ); + return (0); } #if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) ); + if (! mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); ssl->state++; - return( 0 ); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_certificate_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; size_t n = 0; @@ -3471,39 +3226,35 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate request")); - if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) ); + if (! mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request")); ssl->state++; - return( 0 ); + return (0); } - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } ssl->state++; - ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST ); + ssl->client_auth = (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request", - ssl->client_auth ? "a" : "no" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("got %s certificate request", + ssl->client_auth ? "a" : "no")); - if( ssl->client_auth == 0 ) - { + if (ssl->client_auth == 0) { /* Current message is probably the ServerHelloDone */ ssl->keep_current_message = 1; goto exit; @@ -3536,14 +3287,13 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) buf = ssl->in_msg; /* certificate_types */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST); } - cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; + cert_type_len = buf[mbedtls_ssl_hs_hdr_len(ssl)]; n = cert_type_len; /* @@ -3556,23 +3306,21 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * therefore the buffer length at this point must be greater than that * regardless of the actual code path. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + 2 + n) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST); } /* supported_signature_algorithms */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { size_t sig_alg_len = - ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8) + | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n])); #if defined(MBEDTLS_DEBUG_C) - unsigned char* sig_alg; + unsigned char *sig_alg; size_t i; #endif @@ -3588,24 +3336,22 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * buf[...hdr_len + 3 + n + sig_alg_len], * which is one less than we need the buf to be. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) - + 3 + n + sig_alg_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); + if (ssl->in_hslen <= mbedtls_ssl_hs_hdr_len(ssl) + + 3 + n + sig_alg_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST); } #if defined(MBEDTLS_DEBUG_C) - sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; - for( i = 0; i < sig_alg_len; i += 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "Supported Signature Algorithm found: %d,%d", - sig_alg[i], sig_alg[i + 1] ) ); + sig_alg = buf + mbedtls_ssl_hs_hdr_len(ssl) + 3 + n; + for (i = 0; i < sig_alg_len; i += 2) { + MBEDTLS_SSL_DEBUG_MSG(3, + ("Supported Signature Algorithm found: %d,%d", + sig_alg[i], sig_alg[i + 1])); } #endif @@ -3614,66 +3360,60 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* certificate_authorities */ - dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + dn_len = ((buf[mbedtls_ssl_hs_hdr_len(ssl) + 1 + n] << 8) + | (buf[mbedtls_ssl_hs_hdr_len(ssl) + 2 + n])); n += dn_len; - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + 3 + n) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate request message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST); } exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate request")); - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_server_hello_done(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server hello done")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } - if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) || - ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE ); + if (ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) || + ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad server hello done message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE); } ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + mbedtls_ssl_recv_flight_completed(ssl); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server hello done")); - return( 0 ); + return (0); } -static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t header_len; @@ -3681,131 +3421,124 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { /* * DHM key exchange -- send G^X mod P */ content_len = ssl->handshake->dhm_ctx.len; - ssl->out_msg[4] = (unsigned char)( content_len >> 8 ); - ssl->out_msg[5] = (unsigned char)( content_len ); + ssl->out_msg[4] = (unsigned char)(content_len >> 8); + ssl->out_msg[5] = (unsigned char)(content_len); header_len = 6; - ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); - return( ret ); + ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, + (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( ret ); + if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - psa_status_t status; - psa_key_attributes_t key_attributes; + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { + psa_status_t status; + psa_key_attributes_t key_attributes; - mbedtls_ssl_handshake_params *handshake = ssl->handshake; + mbedtls_ssl_handshake_params *handshake = ssl->handshake; - unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t own_pubkey_len; - unsigned char *own_pubkey_ecpoint; - size_t own_pubkey_ecpoint_len; + unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t own_pubkey_len; + unsigned char *own_pubkey_ecpoint; + size_t own_pubkey_ecpoint_len; - header_len = 4; + header_len = 4; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("Perform PSA-based ECDH computation.")); - /* - * Generate EC private key for ECDHE exchange. - */ + /* + * Generate EC private key for ECDHE exchange. + */ - /* The master secret is obtained from the shared ECDH secret by - * applying the TLS 1.2 PRF with a specific salt and label. While - * the PSA Crypto API encourages combining key agreement schemes - * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not - * yet support the provisioning of salt + label to the KDF. - * For the time being, we therefore need to split the computation - * of the ECDH secret and the application of the TLS 1.2 PRF. */ - key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH ); - psa_set_key_type( &key_attributes, handshake->ecdh_psa_type ); - psa_set_key_bits( &key_attributes, handshake->ecdh_bits ); + /* The master secret is obtained from the shared ECDH secret by + * applying the TLS 1.2 PRF with a specific salt and label. While + * the PSA Crypto API encourages combining key agreement schemes + * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not + * yet support the provisioning of salt + label to the KDF. + * For the time being, we therefore need to split the computation + * of the ECDH secret and the application of the TLS 1.2 PRF. */ + key_attributes = psa_key_attributes_init(); + psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH); + psa_set_key_type(&key_attributes, handshake->ecdh_psa_type); + psa_set_key_bits(&key_attributes, handshake->ecdh_bits); - /* Generate ECDH private key. */ - status = psa_generate_key( &key_attributes, - &handshake->ecdh_psa_privkey ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + /* Generate ECDH private key. */ + status = psa_generate_key(&key_attributes, + &handshake->ecdh_psa_privkey); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); - /* Export the public part of the ECDH private key from PSA - * and convert it to ECPoint format used in ClientKeyExchange. */ - status = psa_export_public_key( handshake->ecdh_psa_privkey, - own_pubkey, sizeof( own_pubkey ), - &own_pubkey_len ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + /* Export the public part of the ECDH private key from PSA + * and convert it to ECPoint format used in ClientKeyExchange. */ + status = psa_export_public_key(handshake->ecdh_psa_privkey, + own_pubkey, sizeof(own_pubkey), + &own_pubkey_len); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); - if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey, - own_pubkey_len, - &own_pubkey_ecpoint, - &own_pubkey_ecpoint_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } + if (mbedtls_psa_tls_psa_ec_to_ecpoint(own_pubkey, + own_pubkey_len, + &own_pubkey_ecpoint, + &own_pubkey_ecpoint_len) != 0) { + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); + } - /* Copy ECPoint structure to outgoing message buffer. */ - ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len; - memcpy( ssl->out_msg + header_len + 1, - own_pubkey_ecpoint, own_pubkey_ecpoint_len ); - content_len = own_pubkey_ecpoint_len + 1; + /* Copy ECPoint structure to outgoing message buffer. */ + ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len; + memcpy(ssl->out_msg + header_len + 1, + own_pubkey_ecpoint, own_pubkey_ecpoint_len); + content_len = own_pubkey_ecpoint_len + 1; - /* The ECDH secret is the premaster secret used for key derivation. */ + /* The ECDH secret is the premaster secret used for key derivation. */ - /* Compute ECDH shared secret. */ - status = psa_raw_key_agreement( PSA_ALG_ECDH, - handshake->ecdh_psa_privkey, - handshake->ecdh_psa_peerkey, - handshake->ecdh_psa_peerkey_len, - ssl->handshake->premaster, - sizeof( ssl->handshake->premaster ), - &ssl->handshake->pmslen ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + /* Compute ECDH shared secret. */ + status = psa_raw_key_agreement(PSA_ALG_ECDH, + handshake->ecdh_psa_privkey, + handshake->ecdh_psa_peerkey, + handshake->ecdh_psa_peerkey_len, + ssl->handshake->premaster, + sizeof(ssl->handshake->premaster), + &ssl->handshake->pmslen); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); - status = psa_destroy_key( handshake->ecdh_psa_privkey ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - } - else + status = psa_destroy_key(handshake->ecdh_psa_privkey); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); + handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; + } else #endif /* MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */ @@ -3813,264 +3546,234 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { - /* - * ECDH key exchange -- send client public value - */ - header_len = 4; + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + /* + * ECDH key exchange -- send client public value + */ + header_len = 4; #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) - { - if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret ) - goto ecdh_calc_secret; + if (ssl->handshake->ecrs_enabled) { + if (ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret) + goto ecdh_calc_secret; - mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx ); - } + mbedtls_ecdh_enable_restart(&ssl->handshake->ecdh_ctx); + } #endif - ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], 1000, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); + ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, + &content_len, + &ssl->out_msg[header_len], 1000, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif - return( ret ); - } + return (ret); + } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) - { - ssl->handshake->ecrs_n = content_len; - ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; - } + if (ssl->handshake->ecrs_enabled) { + ssl->handshake->ecrs_n = content_len; + ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret; + } ecdh_calc_secret: - if( ssl->handshake->ecrs_enabled ) - content_len = ssl->handshake->ecrs_n; + if (ssl->handshake->ecrs_enabled) + content_len = ssl->handshake->ecrs_n; #endif - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); + if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) + ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif - return( ret ); - } + return (ret); + } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) ) - { - /* - * opaque psk_identity<0..2^16-1>; - */ - if( ssl_conf_has_static_psk( ssl->conf ) == 0 ) - { - /* We don't offer PSK suites if we don't have a PSK, - * and we check that the server's choice is among the - * ciphersuites we offered, so this should never happen. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + if (mbedtls_ssl_ciphersuite_uses_psk(ciphersuite_info)) { + /* + * opaque psk_identity<0..2^16-1>; + */ + if (ssl_conf_has_static_psk(ssl->conf) == 0) { + /* We don't offer PSK suites if we don't have a PSK, + * and we check that the server's choice is among the + * ciphersuites we offered, so this should never happen. */ + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - header_len = 4; - content_len = ssl->conf->psk_identity_len; + header_len = 4; + content_len = ssl->conf->psk_identity_len; - if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "psk identity too long or SSL buffer too short" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } + if (header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("psk identity too long or SSL buffer too short")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + } - ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); - ssl->out_msg[header_len++] = (unsigned char)( content_len ); + ssl->out_msg[header_len++] = (unsigned char)(content_len >> 8); + ssl->out_msg[header_len++] = (unsigned char)(content_len); - memcpy( ssl->out_msg + header_len, - ssl->conf->psk_identity, - ssl->conf->psk_identity_len ); - header_len += ssl->conf->psk_identity_len; + memcpy(ssl->out_msg + header_len, + ssl->conf->psk_identity, + ssl->conf->psk_identity_len); + header_len += ssl->conf->psk_identity_len; #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ) - { - content_len = 0; - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { + content_len = 0; + } else #endif #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* Opaque PSKs are currently only supported for PSK-only suites. */ + if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = ssl_write_encrypted_pms( ssl, header_len, - &content_len, 2 ) ) != 0 ) - return( ret ); - } - else + if ((ret = ssl_write_encrypted_pms(ssl, header_len, + &content_len, 2)) != 0) + return (ret); + } else #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* Opaque PSKs are currently only supported for PSK-only suites. */ + if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * ClientDiffieHellmanPublic public (DHM send G^X mod P) - */ - content_len = ssl->handshake->dhm_ctx.len; + /* + * ClientDiffieHellmanPublic public (DHM send G^X mod P) + */ + content_len = ssl->handshake->dhm_ctx.len; - if( header_len + 2 + content_len > - MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "psk identity or DHM size too long or SSL buffer too short" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } + if (header_len + 2 + content_len > + MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("psk identity or DHM size too long or SSL buffer too short")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + } - ssl->out_msg[header_len++] = (unsigned char)( content_len >> 8 ); - ssl->out_msg[header_len++] = (unsigned char)( content_len ); + ssl->out_msg[header_len++] = (unsigned char)(content_len >> 8); + ssl->out_msg[header_len++] = (unsigned char)(content_len); - ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); - return( ret ); - } - } - else + ret = mbedtls_dhm_make_public(&ssl->handshake->dhm_ctx, + (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_public", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only suites. */ - if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* Opaque PSKs are currently only supported for PSK-only suites. */ + if (ssl_conf_has_static_raw_psk(ssl->conf) == 0) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * ClientECDiffieHellmanPublic public; - */ - ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx, - &content_len, - &ssl->out_msg[header_len], - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret ); - return( ret ); - } + /* + * ClientECDiffieHellmanPublic public; + */ + ret = mbedtls_ecdh_make_public(&ssl->handshake->ecdh_ctx, + &content_len, + &ssl->out_msg[header_len], + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_public", ret); + return (ret); + } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "skip PMS generation for opaque PSK" ) ); - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + ssl_conf_has_static_raw_psk(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("skip PMS generation for opaque PSK")); + } else #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, - "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); - } - } - else + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, + "mbedtls_ssl_psk_derive_premaster", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) - { - header_len = 4; - if( ( ret = ssl_write_encrypted_pms( ssl, header_len, - &content_len, 0 ) ) != 0 ) - return( ret ); - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { + header_len = 4; + if ((ret = ssl_write_encrypted_pms(ssl, header_len, + &content_len, 0)) != 0) + return (ret); + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - header_len = 4; + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + header_len = 4; - ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, - ssl->out_msg + header_len, - MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, - &content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); - return( ret ); - } + ret = mbedtls_ecjpake_write_round_two(&ssl->handshake->ecjpake_ctx, + ssl->out_msg + header_len, + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, + &content_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); + return (ret); + } - ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); - return( ret ); - } - } - else + ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, + ssl->handshake->premaster, 32, &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - { - ((void) ciphersuite_info); - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + ((void) ciphersuite_info); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } ssl->out_msglen = header_len + content_len; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4078,45 +3781,40 @@ ecdh_calc_secret: ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write client key exchange")); - return( 0 ); + return (0); } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return (ret); } - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); ssl->state++; - return( 0 ); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -4127,58 +3825,52 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) size_t hashlen; void *rs_ctx = NULL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate verify")); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign ) - { + if (ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign) { goto sign; } #endif - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return (ret); } - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); ssl->state++; - return( 0 ); + return (0); } - if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) ); + if (ssl->client_auth == 0 || mbedtls_ssl_own_cert(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify")); ssl->state++; - return( 0 ); + return (0); } - if( mbedtls_ssl_own_key( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (mbedtls_ssl_own_key(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key for certificate")); + return (MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED); } /* * Make a signature of the handshake digests */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign; sign: #endif - ssl->handshake->calc_verify( ssl, hash, &hashlen ); + ssl->handshake->calc_verify(ssl, hash, &hashlen); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { /* * digitally-signed struct { * opaque md5_hash[16]; @@ -4196,78 +3888,70 @@ sign: /* * For ECDSA, default hash is SHA-1 only */ - if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) ) - { + if (mbedtls_pk_can_do(mbedtls_ssl_own_key(ssl), MBEDTLS_PK_ECDSA)) { hash_start += 16; hashlen -= 16; md_alg = MBEDTLS_MD_SHA1; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - /* - * digitally-signed struct { - * opaque handshake_messages[handshake_messages_length]; - * }; - * - * Taking shortcut here. We assume that the server always allows the - * PRF Hash function and has sent it in the allowed signature - * algorithms list received in the Certificate Request message. - * - * Until we encounter a server that does not, we will take this - * shortcut. - * - * Reason: Otherwise we should have running hashes for SHA512 and - * SHA224 in order to satisfy 'weird' needs from the server - * side. - */ - if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - { - md_alg = MBEDTLS_MD_SHA384; - ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; - } - else - { - md_alg = MBEDTLS_MD_SHA256; - ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; - } - ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + /* + * digitally-signed struct { + * opaque handshake_messages[handshake_messages_length]; + * }; + * + * Taking shortcut here. We assume that the server always allows the + * PRF Hash function and has sent it in the allowed signature + * algorithms list received in the Certificate Request message. + * + * Until we encounter a server that does not, we will take this + * shortcut. + * + * Reason: Otherwise we should have running hashes for SHA512 and + * SHA224 in order to satisfy 'weird' needs from the server + * side. + */ + if (ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384) { + md_alg = MBEDTLS_MD_SHA384; + ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384; + } else { + md_alg = MBEDTLS_MD_SHA256; + ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256; + } + ssl->out_msg[5] = mbedtls_ssl_sig_from_pk(mbedtls_ssl_own_key(ssl)); - /* Info from md_alg will be used instead */ - hashlen = 0; - offset = 2; - } - else + /* Info from md_alg will be used instead */ + hashlen = 0; + offset = 2; + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled ) + if (ssl->handshake->ecrs_enabled) rs_ctx = &ssl->handshake->ecrs_ctx.pk; #endif - if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ), - md_alg, hash_start, hashlen, - ssl->out_msg + 6 + offset, &n, - ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); + if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), + md_alg, hash_start, hashlen, + ssl->out_msg + 6 + offset, &n, + ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS; #endif - return( ret ); + return (ret); } - ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 ); - ssl->out_msg[5 + offset] = (unsigned char)( n ); + ssl->out_msg[4 + offset] = (unsigned char)(n >> 8); + ssl->out_msg[5 + offset] = (unsigned char)(n); ssl->out_msglen = 6 + n + offset; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -4275,43 +3959,39 @@ sign: ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate verify")); - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_new_session_ticket(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t lifetime; size_t ticket_len; unsigned char *ticket; const unsigned char *msg; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse new session ticket")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } /* @@ -4324,31 +4004,29 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) * 4 . 5 ticket_len (n) * 6 . 5+n ticket content */ - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || - ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET || + ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET); } - msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); - lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) | - ( msg[2] << 8 ) | ( msg[3] ); + lifetime = (((uint32_t) msg[0]) << 24) | (msg[1] << 16) | + (msg[2] << 8) | (msg[3]); - ticket_len = ( msg[4] << 8 ) | ( msg[5] ); + ticket_len = (msg[4] << 8) | (msg[5]); - if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); + if (ticket_len + 6 + mbedtls_ssl_hs_hdr_len(ssl) != ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad new session ticket message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len)); /* We're not waiting for a NewSessionTicket message any more */ ssl->handshake->new_session_ticket = 0; @@ -4358,33 +4036,31 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) * Zero-length ticket means the server changed his mind and doesn't want * to send a ticket after all, so just forget it */ - if( ticket_len == 0 ) - return( 0 ); + if (ticket_len == 0) + return (0); - if( ssl->session != NULL && ssl->session->ticket != NULL ) - { - mbedtls_platform_zeroize( ssl->session->ticket, - ssl->session->ticket_len ); - mbedtls_free( ssl->session->ticket ); + if (ssl->session != NULL && ssl->session->ticket != NULL) { + mbedtls_platform_zeroize(ssl->session->ticket, + ssl->session->ticket_len); + mbedtls_free(ssl->session->ticket); ssl->session->ticket = NULL; ssl->session->ticket_len = 0; } - mbedtls_platform_zeroize( ssl->session_negotiate->ticket, - ssl->session_negotiate->ticket_len ); - mbedtls_free( ssl->session_negotiate->ticket ); + mbedtls_platform_zeroize(ssl->session_negotiate->ticket, + ssl->session_negotiate->ticket_len); + mbedtls_free(ssl->session_negotiate->ticket); ssl->session_negotiate->ticket = NULL; ssl->session_negotiate->ticket_len = 0; - if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((ticket = mbedtls_calloc(1, ticket_len)) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("ticket alloc failed")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } - memcpy( ticket, msg + 6, ticket_len ); + memcpy(ticket, msg + 6, ticket_len); ssl->session_negotiate->ticket = ticket; ssl->session_negotiate->ticket_len = ticket_len; @@ -4395,149 +4071,145 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) * "If the client receives a session ticket from the server, then it * discards any Session ID that was sent in the ServerHello." */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket in use, discarding session id")); ssl->session_negotiate->id_len = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse new session ticket")); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ /* * SSL handshake -- client side -- single step */ -int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("client state: %d", ssl->state)); - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) + return (ret); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) + return (ret); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Change state now, so that it is right in mbedtls_ssl_read_record(), used * by DTLS for dropping out-of-sequence ChangeCipherSpec records */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && - ssl->handshake->new_session_ticket != 0 ) - { + if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC && + ssl->handshake->new_session_ticket != 0) { ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET; } #endif - switch( ssl->state ) - { + switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; break; - /* - * ==> ClientHello - */ - case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_write_client_hello( ssl ); - break; + /* + * ==> ClientHello + */ + case MBEDTLS_SSL_CLIENT_HELLO: + ret = ssl_write_client_hello(ssl); + break; - /* - * <== ServerHello - * Certificate - * ( ServerKeyExchange ) - * ( CertificateRequest ) - * ServerHelloDone - */ - case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_parse_server_hello( ssl ); - break; + /* + * <== ServerHello + * Certificate + * ( ServerKeyExchange ) + * ( CertificateRequest ) + * ServerHelloDone + */ + case MBEDTLS_SSL_SERVER_HELLO: + ret = ssl_parse_server_hello(ssl); + break; - case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate( ssl ); - break; + case MBEDTLS_SSL_SERVER_CERTIFICATE: + ret = mbedtls_ssl_parse_certificate(ssl); + break; - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_parse_server_key_exchange( ssl ); - break; + case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: + ret = ssl_parse_server_key_exchange(ssl); + break; - case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_parse_certificate_request( ssl ); - break; + case MBEDTLS_SSL_CERTIFICATE_REQUEST: + ret = ssl_parse_certificate_request(ssl); + break; - case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_parse_server_hello_done( ssl ); - break; + case MBEDTLS_SSL_SERVER_HELLO_DONE: + ret = ssl_parse_server_hello_done(ssl); + break; - /* - * ==> ( Certificate/Alert ) - * ClientKeyExchange - * ( CertificateVerify ) - * ChangeCipherSpec - * Finished - */ - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_write_certificate( ssl ); - break; + /* + * ==> ( Certificate/Alert ) + * ClientKeyExchange + * ( CertificateVerify ) + * ChangeCipherSpec + * Finished + */ + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + ret = mbedtls_ssl_write_certificate(ssl); + break; - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_write_client_key_exchange( ssl ); - break; + case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: + ret = ssl_write_client_key_exchange(ssl); + break; - case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_write_certificate_verify( ssl ); - break; + case MBEDTLS_SSL_CERTIFICATE_VERIFY: + ret = ssl_write_certificate_verify(ssl); + break; - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_write_change_cipher_spec( ssl ); - break; + case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: + ret = mbedtls_ssl_write_change_cipher_spec(ssl); + break; - case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_write_finished( ssl ); - break; + case MBEDTLS_SSL_CLIENT_FINISHED: + ret = mbedtls_ssl_write_finished(ssl); + break; - /* - * <== ( NewSessionTicket ) - * ChangeCipherSpec - * Finished - */ + /* + * <== ( NewSessionTicket ) + * ChangeCipherSpec + * Finished + */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: - ret = ssl_parse_new_session_ticket( ssl ); - break; + case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: + ret = ssl_parse_new_session_ticket(ssl); + break; #endif - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); - break; + case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: + ret = mbedtls_ssl_parse_change_cipher_spec(ssl); + break; - case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_parse_finished( ssl ); - break; + case MBEDTLS_SSL_SERVER_FINISHED: + ret = mbedtls_ssl_parse_finished(ssl); + break; - case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); - ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; - break; + case MBEDTLS_SSL_FLUSH_BUFFERS: + MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); + ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; + break; - case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup( ssl ); - break; + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: + mbedtls_ssl_handshake_wrapup(ssl); + break; - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } + default: + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + } - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/common/mbedtls/ssl_cookie.c b/common/mbedtls/ssl_cookie.c index c8bd1bd52..98b180e0d 100644 --- a/common/mbedtls/ssl_cookie.c +++ b/common/mbedtls/ssl_cookie.c @@ -66,184 +66,176 @@ */ #define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN ) -void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ) -{ - mbedtls_md_init( &ctx->hmac_ctx ); +void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx) { + mbedtls_md_init(&ctx->hmac_ctx); #if !defined(MBEDTLS_HAVE_TIME) ctx->serial = 0; #endif ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT; #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } -void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ) -{ +void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay) { ctx->timeout = delay; } -void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ) -{ - mbedtls_md_free( &ctx->hmac_ctx ); +void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) { + mbedtls_md_free(&ctx->hmac_ctx); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx)); } -int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char key[COOKIE_MD_OUTLEN]; - if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) - return( ret ); + if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) + return (ret); - ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1); + if (ret != 0) + return (ret); - ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key)); + if (ret != 0) + return (ret); - mbedtls_platform_zeroize( key, sizeof( key ) ); + mbedtls_platform_zeroize(key, sizeof(key)); - return( 0 ); + return (0); } /* * Generate the HMAC part of a cookie */ -static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, - const unsigned char time[4], - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len ) -{ +static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx, + const unsigned char time[4], + unsigned char **p, unsigned char *end, + const unsigned char *cli_id, size_t cli_id_len) { unsigned char hmac_out[COOKIE_MD_OUTLEN]; - MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN); - if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 || - mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 || - mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 || - mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (mbedtls_md_hmac_reset(hmac_ctx) != 0 || + mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 || + mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 || + mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) { + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - memcpy( *p, hmac_out, COOKIE_HMAC_LEN ); + memcpy(*p, hmac_out, COOKIE_HMAC_LEN); *p += COOKIE_HMAC_LEN; - return( 0 ); + return (0); } /* * Generate cookie for DTLS ClientHello verification */ -int mbedtls_ssl_cookie_write( void *p_ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len ) -{ +int mbedtls_ssl_cookie_write(void *p_ctx, + unsigned char **p, unsigned char *end, + const unsigned char *cli_id, size_t cli_id_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long t; - if( ctx == NULL || cli_id == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || cli_id == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_LEN); #if defined(MBEDTLS_HAVE_TIME) - t = (unsigned long) mbedtls_time( NULL ); + t = (unsigned long) mbedtls_time(NULL); #else t = ctx->serial++; #endif - (*p)[0] = (unsigned char)( t >> 24 ); - (*p)[1] = (unsigned char)( t >> 16 ); - (*p)[2] = (unsigned char)( t >> 8 ); - (*p)[3] = (unsigned char)( t ); + (*p)[0] = (unsigned char)(t >> 24); + (*p)[1] = (unsigned char)(t >> 16); + (*p)[2] = (unsigned char)(t >> 8); + (*p)[3] = (unsigned char)(t); *p += 4; #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret); #endif - ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4, - p, end, cli_id, cli_id_len ); + ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4, + p, end, cli_id, cli_id_len); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + - MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR + + MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } /* * Check a cookie */ -int mbedtls_ssl_cookie_check( void *p_ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len ) -{ +int mbedtls_ssl_cookie_check(void *p_ctx, + const unsigned char *cookie, size_t cookie_len, + const unsigned char *cli_id, size_t cli_id_len) { unsigned char ref_hmac[COOKIE_HMAC_LEN]; int ret = 0; unsigned char *p = ref_hmac; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long cur_time, cookie_time; - if( ctx == NULL || cli_id == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || cli_id == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( cookie_len != COOKIE_LEN ) - return( -1 ); + if (cookie_len != COOKIE_LEN) + return (-1); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret); #endif - if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie, - &p, p + sizeof( ref_hmac ), - cli_id, cli_id_len ) != 0 ) + if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie, + &p, p + sizeof(ref_hmac), + cli_id, cli_id_len) != 0) ret = -1; #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + - MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR + + MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - if( ret != 0 ) - return( ret ); + if (ret != 0) + return (ret); - if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 ) - return( -1 ); + if (mbedtls_ssl_safer_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) + return (-1); #if defined(MBEDTLS_HAVE_TIME) - cur_time = (unsigned long) mbedtls_time( NULL ); + cur_time = (unsigned long) mbedtls_time(NULL); #else cur_time = ctx->serial; #endif - cookie_time = ( (unsigned long) cookie[0] << 24 ) | - ( (unsigned long) cookie[1] << 16 ) | - ( (unsigned long) cookie[2] << 8 ) | - ( (unsigned long) cookie[3] ); + cookie_time = ((unsigned long) cookie[0] << 24) | + ((unsigned long) cookie[1] << 16) | + ((unsigned long) cookie[2] << 8) | + ((unsigned long) cookie[3]); - if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout ) - return( -1 ); + if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) + return (-1); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_COOKIE_C */ diff --git a/common/mbedtls/ssl_cookie.h b/common/mbedtls/ssl_cookie.h index 0a238708e..b2e9f0afa 100644 --- a/common/mbedtls/ssl_cookie.h +++ b/common/mbedtls/ssl_cookie.h @@ -54,8 +54,7 @@ extern "C" { /** * \brief Context for the default cookie functions. */ -typedef struct mbedtls_ssl_cookie_ctx -{ +typedef struct mbedtls_ssl_cookie_ctx { mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */ #if !defined(MBEDTLS_HAVE_TIME) unsigned long serial; /*!< serial number for expiration */ @@ -71,14 +70,14 @@ typedef struct mbedtls_ssl_cookie_ctx /** * \brief Initialize cookie context */ -void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx ); +void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Setup cookie context (generate keys) */ -int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); /** * \brief Set expiration delay for cookies @@ -89,12 +88,12 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, * issued in the meantime. * 0 to disable expiration (NOT recommended) */ -void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay ); +void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay); /** * \brief Free cookie context */ -void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx ); +void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx); /** * \brief Generate cookie, see \c mbedtls_ssl_cookie_write_t diff --git a/common/mbedtls/ssl_internal.h b/common/mbedtls/ssl_internal.h index 2097a6dd9..6e95605e3 100644 --- a/common/mbedtls/ssl_internal.h +++ b/common/mbedtls/ssl_internal.h @@ -275,27 +275,25 @@ #endif #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) -{ +static inline size_t mbedtls_ssl_get_output_buflen(const mbedtls_ssl_context *ctx) { #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_output_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_OUT_LEN_MAX; + return mbedtls_ssl_get_output_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + + MBEDTLS_SSL_CID_OUT_LEN_MAX; #else - return mbedtls_ssl_get_output_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + return mbedtls_ssl_get_output_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } -static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx ) -{ +static inline size_t mbedtls_ssl_get_input_buflen(const mbedtls_ssl_context *ctx) { #if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID) - return mbedtls_ssl_get_input_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD - + MBEDTLS_SSL_CID_IN_LEN_MAX; + return mbedtls_ssl_get_input_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD + + MBEDTLS_SSL_CID_IN_LEN_MAX; #else - return mbedtls_ssl_get_input_max_frag_len( ctx ) - + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; + return mbedtls_ssl_get_input_max_frag_len(ctx) + + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD; #endif } #endif @@ -328,10 +326,9 @@ static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ct * \return Zero if the needed space is available in the buffer, non-zero * otherwise. */ -static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, - const uint8_t *end, size_t need ) -{ - return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); +static inline int mbedtls_ssl_chk_buf_ptr(const uint8_t *cur, + const uint8_t *end, size_t need) { + return ((cur > end) || (need > (size_t)(end - cur))); } /** @@ -361,8 +358,7 @@ extern "C" { /* * Abstraction for a grid of allowed signature-hash-algorithm pairs. */ -struct mbedtls_ssl_sig_hash_set_t -{ +struct mbedtls_ssl_sig_hash_set_t { /* At the moment, we only need to remember a single suitable * hash algorithm per signature algorithm. As long as that's * the case - and we don't need a general lookup function - @@ -374,10 +370,10 @@ struct mbedtls_ssl_sig_hash_set_t #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); +typedef int mbedtls_ssl_tls_prf_cb(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen); /* cipher.h exports the maximum IV, key and block length from * all ciphers enabled in the config, regardless of whether those @@ -403,8 +399,7 @@ typedef int mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen, * \brief The data structure holding the cryptographic material (key and IV) * used for record protection in TLS 1.3. */ -struct mbedtls_ssl_key_set -{ +struct mbedtls_ssl_key_set { /*! The key for client->server records. */ unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ]; /*! The key for server->client records. */ @@ -424,8 +419,7 @@ typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set; /* * This structure contains the parameters only needed during handshake. */ -struct mbedtls_ssl_handshake_params -{ +struct mbedtls_ssl_handshake_params { /* * Handshake specific crypto variables */ @@ -437,11 +431,11 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_DHM_C) mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */ #endif -/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due - * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap - * in functionality that access to ecdh_ctx structure is needed for - * MBEDTLS_ECDSA_C which does not seem correct. - */ + /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due + * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap + * in functionality that access to ecdh_ctx structure is needed for + * MBEDTLS_ECDSA_C which does not seem correct. + */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */ @@ -531,16 +525,14 @@ struct mbedtls_ssl_handshake_params * \c peer_cid. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - struct - { + struct { size_t total_bytes_buffered; /*!< Cumulative size of heap allocated * buffers used for message buffering. */ uint8_t seen_ccs; /*!< Indicates if a CCS message has * been seen in the current flight. */ - struct mbedtls_ssl_hs_buffer - { + struct mbedtls_ssl_hs_buffer { unsigned is_valid : 1; unsigned is_fragmented : 1; unsigned is_complete : 1; @@ -548,8 +540,7 @@ struct mbedtls_ssl_handshake_params size_t data_len; } hs[MBEDTLS_SSL_MAX_BUFFERED_HS]; - struct - { + struct { unsigned char *data; size_t len; unsigned epoch; @@ -565,8 +556,8 @@ struct mbedtls_ssl_handshake_params */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_context fin_md5; - mbedtls_sha1_context fin_sha1; + mbedtls_md5_context fin_md5; + mbedtls_sha1_context fin_sha1; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) @@ -596,7 +587,7 @@ struct mbedtls_ssl_handshake_params unsigned char randbytes[64]; /*!< random bytes */ unsigned char premaster[MBEDTLS_PREMASTER_SIZE]; - /*!< premaster secret */ + /*!< premaster secret */ int resume; /*!< session resume indicator*/ int max_major_ver; /*!< max. major version client*/ @@ -725,8 +716,7 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * in other transformations. * */ -struct mbedtls_ssl_transform -{ +struct mbedtls_ssl_transform { /* * Session specific crypto layer */ @@ -787,13 +777,12 @@ struct mbedtls_ssl_transform * Equivalently, return 0 if a separate MAC is used, 1 otherwise. */ static inline int mbedtls_ssl_transform_uses_aead( - const mbedtls_ssl_transform *transform ) -{ + const mbedtls_ssl_transform *transform) { #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - return( transform->maclen == 0 && transform->taglen != 0 ); + return (transform->maclen == 0 && transform->taglen != 0); #else (void) transform; - return( 1 ); + return (1); #endif } @@ -823,8 +812,7 @@ static inline int mbedtls_ssl_transform_uses_aead( #define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX #endif -typedef struct -{ +typedef struct { uint8_t ctr[8]; /* In TLS: The implicit record sequence number. * In DTLS: The 2-byte epoch followed by * the 6-byte sequence number. @@ -855,8 +843,7 @@ typedef struct /* * List of certificate + private key pairs */ -struct mbedtls_ssl_key_cert -{ +struct mbedtls_ssl_key_cert { mbedtls_x509_crt *cert; /*!< cert */ mbedtls_pk_context *key; /*!< private key */ mbedtls_ssl_key_cert *next; /*!< next key/cert pair */ @@ -867,8 +854,7 @@ struct mbedtls_ssl_key_cert /* * List of handshake messages kept around for resending */ -struct mbedtls_ssl_flight_item -{ +struct mbedtls_ssl_flight_item { unsigned char *p; /*!< message, including handshake headers */ size_t len; /*!< length of p */ unsigned char type; /*!< type of the message: handshake or CCS */ @@ -880,20 +866,19 @@ struct mbedtls_ssl_flight_item defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ); +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg); /* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ); +void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg, + mbedtls_md_type_t md_alg); /* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ); +void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_md_type_t md_alg); /* Setup an empty signature-hash set */ -static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set ) -{ - mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE ); +static inline void mbedtls_ssl_sig_hash_set_init(mbedtls_ssl_sig_hash_set_t *set) { + mbedtls_ssl_sig_hash_set_const_hash(set, MBEDTLS_MD_NONE); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2) && @@ -905,7 +890,7 @@ static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *se * * \param transform SSL transform context */ -void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); +void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform); /** * \brief Free referenced items in an SSL handshake context and clear @@ -913,20 +898,20 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ); * * \param ssl SSL context */ -void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl); -int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handshake_client_step(mbedtls_ssl_context *ssl); +int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl); +void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl); -int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); +int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl); -int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl); +int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl); /** * \brief Update record layer @@ -1004,28 +989,28 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ); * following the above definition. * */ -int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, - unsigned update_hs_digest ); -int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ); +int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, + unsigned update_hs_digest); +int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want); -int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ); -int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl); +int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush); +int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl); -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl); +int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl); -int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl); +int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl); -int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl); +int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl); -void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info ); +void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ); +int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex); /** * Get the first defined PSK by order of precedence: @@ -1033,29 +1018,25 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch * 2. static PSK configured by \c mbedtls_ssl_conf_psk() * Return a code and update the pair (PSK, PSK length) passed to this function */ -static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, - const unsigned char **psk, size_t *psk_len ) -{ - if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 ) - { +static inline int mbedtls_ssl_get_psk(const mbedtls_ssl_context *ssl, + const unsigned char **psk, size_t *psk_len) { + if (ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0) { *psk = ssl->handshake->psk; *psk_len = ssl->handshake->psk_len; } - else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 ) - { + else if (ssl->conf->psk != NULL && ssl->conf->psk_len > 0) { *psk = ssl->conf->psk; *psk_len = ssl->conf->psk_len; } - else - { + else { *psk = NULL; *psk_len = 0; - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + return (MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED); } - return( 0 ); + return (0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1067,79 +1048,75 @@ static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl, * Return an opaque PSK */ static inline psa_key_id_t mbedtls_ssl_get_opaque_psk( - const mbedtls_ssl_context *ssl ) -{ - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( ssl->handshake->psk_opaque ); + const mbedtls_ssl_context *ssl) { + if (! mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) + return (ssl->handshake->psk_opaque); - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( ssl->conf->psk_opaque ); + if (! mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) + return (ssl->conf->psk_opaque); - return( MBEDTLS_SVC_KEY_ID_INIT ); + return (MBEDTLS_SVC_KEY_ID_INIT); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_PK_C) -unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ); -unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ); -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ); +unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk); +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type); +mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig); #endif -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ); -unsigned char mbedtls_ssl_hash_from_md_alg( int md ); -int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ); +mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash); +unsigned char mbedtls_ssl_hash_from_md_alg(int md); +int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md); #if defined(MBEDTLS_ECP_C) -int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ); +int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id); #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, - mbedtls_md_type_t md ); +int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, + mbedtls_md_type_t md); #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value - ( const uint16_t srtp_profile_value ) -{ - switch( srtp_profile_value ) - { +(const uint16_t srtp_profile_value) { + switch (srtp_profile_value) { case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32: return srtp_profile_value; - default: break; + default: + break; } - return( MBEDTLS_TLS_SRTP_UNSET ); + return (MBEDTLS_TLS_SRTP_UNSET); } #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) -static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl ) -{ +static inline mbedtls_pk_context *mbedtls_ssl_own_key(mbedtls_ssl_context *ssl) { mbedtls_ssl_key_cert *key_cert; - if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) + if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) key_cert = ssl->handshake->key_cert; else key_cert = ssl->conf->key_cert; - return( key_cert == NULL ? NULL : key_cert->key ); + return (key_cert == NULL ? NULL : key_cert->key); } -static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) -{ +static inline mbedtls_x509_crt *mbedtls_ssl_own_cert(mbedtls_ssl_context *ssl) { mbedtls_ssl_key_cert *key_cert; - if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL ) + if (ssl->handshake != NULL && ssl->handshake->key_cert != NULL) key_cert = ssl->handshake->key_cert; else key_cert = ssl->conf->key_cert; - return( key_cert == NULL ? NULL : key_cert->cert ); + return (key_cert == NULL ? NULL : key_cert->cert); } /* @@ -1151,77 +1128,70 @@ static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl ) * * Return 0 if everything is OK, -1 if not. */ -int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int cert_endpoint, - uint32_t *flags ); +int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, + const mbedtls_ssl_ciphersuite_t *ciphersuite, + int cert_endpoint, + uint32_t *flags); #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_write_version( int major, int minor, int transport, - unsigned char ver[2] ); -void mbedtls_ssl_read_version( int *major, int *minor, int transport, - const unsigned char ver[2] ); +void mbedtls_ssl_write_version(int major, int minor, int transport, + unsigned char ver[2]); +void mbedtls_ssl_read_version(int *major, int *minor, int transport, + const unsigned char ver[2]); -static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl ) -{ +static inline size_t mbedtls_ssl_in_hdr_len(const mbedtls_ssl_context *ssl) { #if !defined(MBEDTLS_SSL_PROTO_DTLS) ((void) ssl); #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - return( 13 ); - } - else + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + return (13); + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { - return( 5 ); + return (5); } } -static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl ) -{ - return( (size_t) ( ssl->out_iv - ssl->out_hdr ) ); +static inline size_t mbedtls_ssl_out_hdr_len(const mbedtls_ssl_context *ssl) { + return ((size_t)(ssl->out_iv - ssl->out_hdr)); } -static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl ) -{ +static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( 12 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + return (12); #else ((void) ssl); #endif - return( 4 ); + return (4); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ); -int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl); +void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl); +int mbedtls_ssl_resend(mbedtls_ssl_context *ssl); +int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl); #endif /* Visible for testing purposes only */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ); -void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl); +void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl); #endif -int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src ); +int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, + const mbedtls_ssl_session *src); /* constant-time buffer comparison */ -static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) -{ +static inline int mbedtls_ssl_safer_memcmp(const void *a, const void *b, size_t n) { size_t i; volatile const unsigned char *A = (volatile const unsigned char *) a; volatile const unsigned char *B = (volatile const unsigned char *) b; volatile unsigned char diff = 0; - for( i = 0; i < n; i++ ) - { + for (i = 0; i < n; i++) { /* Read volatile data in order before computing diff. * This avoids IAR compiler warning: * 'the order of volatile accesses is undefined ..' */ @@ -1229,24 +1199,24 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t diff |= x ^ y; } - return( diff ); + return (diff); } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, - unsigned char *output, - unsigned char *data, size_t data_len ); +int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len); #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) /* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */ -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ); +int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg); #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1254,56 +1224,55 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, } #endif -void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ); -int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); -int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec ); +void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform); +int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); +int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec); /* Length of the "epoch" field in the record header */ -static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl ) -{ +static inline size_t mbedtls_ssl_ep_len(const mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( 2 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + return (2); #else ((void) ssl); #endif - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_PROTO_DTLS */ -void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ); -int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs); +int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform ); -void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl); +void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform); +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl); -int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ); +int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl); #endif -void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ); +void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_RENEGOTIATION) -int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ); +int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl); #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ); -void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ); -void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ); +size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl); +void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl); +void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight); #endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* ssl_internal.h */ diff --git a/common/mbedtls/ssl_invasive.h b/common/mbedtls/ssl_invasive.h index babbc2768..2637d88d4 100644 --- a/common/mbedtls/ssl_invasive.h +++ b/common/mbedtls/ssl_invasive.h @@ -66,11 +66,11 @@ * The hardware accelerator failed. */ int mbedtls_ssl_cf_hmac( - mbedtls_md_context_t *ctx, - const unsigned char *add_data, size_t add_data_len, - const unsigned char *data, size_t data_len_secret, - size_t min_data_len, size_t max_data_len, - unsigned char *output ); + mbedtls_md_context_t *ctx, + const unsigned char *add_data, size_t add_data_len, + const unsigned char *data, size_t data_len_secret, + size_t min_data_len, size_t max_data_len, + unsigned char *output); /** \brief Copy data from a secret position with constant flow. * @@ -90,11 +90,11 @@ int mbedtls_ssl_cf_hmac( * \param offset_max The maximal value of \p offset_secret. * \param len The number of bytes to copy. */ -void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst, - const unsigned char *src_base, - size_t offset_secret, - size_t offset_min, size_t offset_max, - size_t len ); +void mbedtls_ssl_cf_memcpy_offset(unsigned char *dst, + const unsigned char *src_base, + size_t offset_secret, + size_t offset_min, size_t offset_max, + size_t len); #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ #endif /* MBEDTLS_SSL_INVASIVE_H */ diff --git a/common/mbedtls/ssl_msg.c b/common/mbedtls/ssl_msg.c index 54a7be011..d13be766f 100644 --- a/common/mbedtls/ssl_msg.c +++ b/common/mbedtls/ssl_msg.c @@ -58,80 +58,71 @@ #include "mbedtls/oid.h" #endif -static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ); +static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); /* * Start a timer. * Passing millisecs = 0 cancels a running timer. */ -void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs ) -{ - if( ssl->f_set_timer == NULL ) +void mbedtls_ssl_set_timer(mbedtls_ssl_context *ssl, uint32_t millisecs) { + if (ssl->f_set_timer == NULL) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) ); - ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs ); + MBEDTLS_SSL_DEBUG_MSG(3, ("set_timer to %d ms", (int) millisecs)); + ssl->f_set_timer(ssl->p_timer, millisecs / 4, millisecs); } /* * Return -1 is timer is expired, 0 if it isn't. */ -int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) -{ - if( ssl->f_get_timer == NULL ) - return( 0 ); +int mbedtls_ssl_check_timer(mbedtls_ssl_context *ssl) { + if (ssl->f_get_timer == NULL) + return (0); - if( ssl->f_get_timer( ssl->p_timer ) == 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) ); - return( -1 ); + if (ssl->f_get_timer(ssl->p_timer) == 2) { + MBEDTLS_SSL_DEBUG_MSG(3, ("timer expired")); + return (-1); } - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_RECORD_CHECKING) -static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec ); +static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t len, + mbedtls_record *rec); -int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t buflen ) -{ +int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t buflen) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen ); + MBEDTLS_SSL_DEBUG_MSG(1, ("=> mbedtls_ssl_check_record")); + MBEDTLS_SSL_DEBUG_BUF(3, "record buffer", buf, buflen); /* We don't support record checking in TLS because * (a) there doesn't seem to be a usecase for it, and * (b) In SSLv3 and TLS 1.0, CBC record decryption has state * and we'd need to backup the transform here. */ - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) { ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; goto exit; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - else - { + else { mbedtls_record rec; - ret = ssl_parse_record_header( ssl, buf, buflen, &rec ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret ); + ret = ssl_parse_record_header(ssl, buf, buflen, &rec); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(3, "ssl_parse_record_header", ret); goto exit; } - if( ssl->transform_in != NULL ) - { - ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret ); + if (ssl->transform_in != NULL) { + ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, &rec); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(3, "mbedtls_ssl_decrypt_buf", ret); goto exit; } } @@ -141,18 +132,17 @@ int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, exit: /* On success, we have decrypted the buffer in-place, so make * sure we don't leak any plaintext data. */ - mbedtls_platform_zeroize( buf, buflen ); + mbedtls_platform_zeroize(buf, buflen); /* For the purpose of this API, treat messages with unexpected CID * as well as such from future epochs as unexpected. */ - if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || - ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) - { + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID || + ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(1, ("<= mbedtls_ssl_check_record")); + return (ret); } #endif /* MBEDTLS_SSL_RECORD_CHECKING */ @@ -162,57 +152,53 @@ exit: #if defined(MBEDTLS_SSL_PROTO_DTLS) /* Forward declarations for functions related to message buffering. */ -static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, - uint8_t slot ); -static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ); -static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ); -static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ); -static int ssl_buffer_message( mbedtls_ssl_context *ssl ); -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, - mbedtls_record const *rec ); -static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ); +static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, + uint8_t slot); +static void ssl_free_buffered_record(mbedtls_ssl_context *ssl); +static int ssl_load_buffered_message(mbedtls_ssl_context *ssl); +static int ssl_load_buffered_record(mbedtls_ssl_context *ssl); +static int ssl_buffer_message(mbedtls_ssl_context *ssl); +static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, + mbedtls_record const *rec); +static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl); -static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl ) -{ - size_t mtu = mbedtls_ssl_get_current_mtu( ssl ); +static size_t ssl_get_maximum_datagram_size(mbedtls_ssl_context const *ssl) { + size_t mtu = mbedtls_ssl_get_current_mtu(ssl); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t out_buf_len = ssl->out_buf_len; #else size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - if( mtu != 0 && mtu < out_buf_len ) - return( mtu ); + if (mtu != 0 && mtu < out_buf_len) + return (mtu); - return( out_buf_len ); + return (out_buf_len); } -static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) -{ +static int ssl_get_remaining_space_in_datagram(mbedtls_ssl_context const *ssl) { size_t const bytes_written = ssl->out_left; - size_t const mtu = ssl_get_maximum_datagram_size( ssl ); + size_t const mtu = ssl_get_maximum_datagram_size(ssl); /* Double-check that the write-index hasn't gone * past what we can transmit in a single datagram. */ - if( bytes_written > mtu ) - { + if (bytes_written > mtu) { /* Should never happen... */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - return( (int) ( mtu - bytes_written ) ); + return ((int)(mtu - bytes_written)); } -static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) -{ +static int ssl_get_remaining_payload_in_datagram(mbedtls_ssl_context const *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t remaining, expansion; size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - if( max_len > mfl ) + if (max_len > mfl) max_len = mfl; /* By the standard (RFC 6066 Sect. 4), the MFL extension @@ -224,42 +210,41 @@ static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl * The following reduction of max_len makes sure that we never * write datagrams larger than MFL + Record Expansion Overhead. */ - if( max_len <= ssl->out_left ) - return( 0 ); + if (max_len <= ssl->out_left) + return (0); max_len -= ssl->out_left; #endif - ret = ssl_get_remaining_space_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); + ret = ssl_get_remaining_space_in_datagram(ssl); + if (ret < 0) + return (ret); remaining = (size_t) ret; - ret = mbedtls_ssl_get_record_expansion( ssl ); - if( ret < 0 ) - return( ret ); + ret = mbedtls_ssl_get_record_expansion(ssl); + if (ret < 0) + return (ret); expansion = (size_t) ret; - if( remaining <= expansion ) - return( 0 ); + if (remaining <= expansion) + return (0); remaining -= expansion; - if( remaining >= max_len ) + if (remaining >= max_len) remaining = max_len; - return( (int) remaining ); + return ((int) remaining); } /* * Double the retransmit timeout value, within the allowed range, * returning -1 if the maximum value has already been reached. */ -static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) -{ +static int ssl_double_retransmit_timeout(mbedtls_ssl_context *ssl) { uint32_t new_timeout; - if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max ) - return( -1 ); + if (ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max) + return (-1); /* Implement the final paragraph of RFC 6347 section 4.1.1.1 * in the following way: after the initial transmission and a first @@ -267,49 +252,46 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl ) * This value is guaranteed to be deliverable (if not guaranteed to be * delivered) of any compliant IPv4 (and IPv6) network, and should work * on most non-IP stacks too. */ - if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min ) - { + if (ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min) { ssl->handshake->mtu = 508; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("mtu autoreduction to %d bytes", ssl->handshake->mtu)); } new_timeout = 2 * ssl->handshake->retransmit_timeout; /* Avoid arithmetic overflow and range overflow */ - if( new_timeout < ssl->handshake->retransmit_timeout || - new_timeout > ssl->conf->hs_timeout_max ) - { + if (new_timeout < ssl->handshake->retransmit_timeout || + new_timeout > ssl->conf->hs_timeout_max) { new_timeout = ssl->conf->hs_timeout_max; } ssl->handshake->retransmit_timeout = new_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout)); - return( 0 ); + return (0); } -static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl ) -{ +static void ssl_reset_retransmit_timeout(mbedtls_ssl_context *ssl) { ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs", - (unsigned long) ssl->handshake->retransmit_timeout ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("update timeout value to %lu millisecs", + (unsigned long) ssl->handshake->retransmit_timeout)); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) -int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl, - const unsigned char *key_enc, const unsigned char *key_dec, - size_t keylen, - const unsigned char *iv_enc, const unsigned char *iv_dec, - size_t ivlen, - const unsigned char *mac_enc, const unsigned char *mac_dec, - size_t maclen ) = NULL; -int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL; -int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL; -int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL; -int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL; -int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; +int (*mbedtls_ssl_hw_record_init)(mbedtls_ssl_context *ssl, + const unsigned char *key_enc, const unsigned char *key_dec, + size_t keylen, + const unsigned char *iv_enc, const unsigned char *iv_dec, + size_t ivlen, + const unsigned char *mac_enc, const unsigned char *mac_dec, + size_t maclen) = NULL; +int (*mbedtls_ssl_hw_record_activate)(mbedtls_ssl_context *ssl, int direction) = NULL; +int (*mbedtls_ssl_hw_record_reset)(mbedtls_ssl_context *ssl) = NULL; +int (*mbedtls_ssl_hw_record_write)(mbedtls_ssl_context *ssl) = NULL; +int (*mbedtls_ssl_hw_record_read)(mbedtls_ssl_context *ssl) = NULL; +int (*mbedtls_ssl_hw_record_finish)(mbedtls_ssl_context *ssl) = NULL; #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ /* @@ -319,10 +301,9 @@ int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \ defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) -static size_t ssl_compute_padding_length( size_t len, - size_t granularity ) -{ - return( ( granularity - ( len + 1 ) % granularity ) % granularity ); +static size_t ssl_compute_padding_length(size_t len, + size_t granularity) { + return ((granularity - (len + 1) % granularity) % granularity); } /* This functions transforms a (D)TLS plaintext fragment and a record content @@ -353,62 +334,58 @@ static size_t ssl_compute_padding_length( size_t len, * - A negative error code if `max_len` didn't offer enough space * for the expansion. */ -static int ssl_build_inner_plaintext( unsigned char *content, - size_t *content_size, - size_t remaining, - uint8_t rec_type, - size_t pad ) -{ +static int ssl_build_inner_plaintext(unsigned char *content, + size_t *content_size, + size_t remaining, + uint8_t rec_type, + size_t pad) { size_t len = *content_size; /* Write real content type */ - if( remaining == 0 ) - return( -1 ); + if (remaining == 0) + return (-1); content[ len ] = rec_type; len++; remaining--; - if( remaining < pad ) - return( -1 ); - memset( content + len, 0, pad ); + if (remaining < pad) + return (-1); + memset(content + len, 0, pad); len += pad; remaining -= pad; *content_size = len; - return( 0 ); + return (0); } /* This function parses a (D)TLSInnerPlaintext structure. * See ssl_build_inner_plaintext() for details. */ -static int ssl_parse_inner_plaintext( unsigned char const *content, - size_t *content_size, - uint8_t *rec_type ) -{ +static int ssl_parse_inner_plaintext(unsigned char const *content, + size_t *content_size, + uint8_t *rec_type) { size_t remaining = *content_size; /* Determine length of padding by skipping zeroes from the back. */ - do - { - if( remaining == 0 ) - return( -1 ); + do { + if (remaining == 0) + return (-1); remaining--; - } while( content[ remaining ] == 0 ); + } while (content[ remaining ] == 0); *content_size = remaining; *rec_type = content[ remaining ]; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* `add_data` must have size 13 Bytes if the CID extension is disabled, * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */ -static void ssl_extract_add_data_from_record( unsigned char* add_data, - size_t *add_data_len, - mbedtls_record *rec, - unsigned minor_ver ) -{ +static void ssl_extract_add_data_from_record(unsigned char *add_data, + size_t *add_data_len, + mbedtls_record *rec, + unsigned minor_ver) { /* Quoting RFC 5246 (TLS 1.2): * * additional_data = seq_num + TLSCompressed.type + @@ -431,38 +408,36 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, unsigned char *cur = add_data; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) + if (minor_ver != MBEDTLS_SSL_MINOR_VERSION_4) #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ { ((void) minor_ver); - memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); - cur += sizeof( rec->ctr ); + memcpy(cur, rec->ctr, sizeof(rec->ctr)); + cur += sizeof(rec->ctr); } *cur = rec->type; cur++; - memcpy( cur, rec->ver, sizeof( rec->ver ) ); - cur += sizeof( rec->ver ); + memcpy(cur, rec->ver, sizeof(rec->ver)); + cur += sizeof(rec->ver); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( rec->cid_len != 0 ) - { - memcpy( cur, rec->cid, rec->cid_len ); + if (rec->cid_len != 0) { + memcpy(cur, rec->cid, rec->cid_len); cur += rec->cid_len; *cur = rec->cid_len; cur++; - cur[0] = ( rec->data_len >> 8 ) & 0xFF; - cur[1] = ( rec->data_len >> 0 ) & 0xFF; + cur[0] = (rec->data_len >> 8) & 0xFF; + cur[1] = (rec->data_len >> 0) & 0xFF; cur += 2; - } - else + } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - cur[0] = ( rec->data_len >> 8 ) & 0xFF; - cur[1] = ( rec->data_len >> 0 ) & 0xFF; + cur[0] = (rec->data_len >> 8) & 0xFF; + cur[1] = (rec->data_len >> 0) & 0xFF; cur += 2; } @@ -476,43 +451,42 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, /* * SSLv3.0 MAC functions */ -static void ssl_mac( mbedtls_md_context_t *md_ctx, - const unsigned char *secret, - const unsigned char *buf, size_t len, - const unsigned char *ctr, int type, - unsigned char out[SSL3_MAC_MAX_BYTES] ) -{ +static void ssl_mac(mbedtls_md_context_t *md_ctx, + const unsigned char *secret, + const unsigned char *buf, size_t len, + const unsigned char *ctr, int type, + unsigned char out[SSL3_MAC_MAX_BYTES]) { unsigned char header[11]; unsigned char padding[48]; int padlen; - int md_size = mbedtls_md_get_size( md_ctx->md_info ); - int md_type = mbedtls_md_get_type( md_ctx->md_info ); + int md_size = mbedtls_md_get_size(md_ctx->md_info); + int md_type = mbedtls_md_get_type(md_ctx->md_info); /* Only MD5 and SHA-1 supported */ - if( md_type == MBEDTLS_MD_MD5 ) + if (md_type == MBEDTLS_MD_MD5) padlen = 48; else padlen = 40; - memcpy( header, ctr, 8 ); + memcpy(header, ctr, 8); header[ 8] = (unsigned char) type; - header[ 9] = (unsigned char)( len >> 8 ); - header[10] = (unsigned char)( len ); + header[ 9] = (unsigned char)(len >> 8); + header[10] = (unsigned char)(len); - memset( padding, 0x36, padlen ); - mbedtls_md_starts( md_ctx ); - mbedtls_md_update( md_ctx, secret, md_size ); - mbedtls_md_update( md_ctx, padding, padlen ); - mbedtls_md_update( md_ctx, header, 11 ); - mbedtls_md_update( md_ctx, buf, len ); - mbedtls_md_finish( md_ctx, out ); + memset(padding, 0x36, padlen); + mbedtls_md_starts(md_ctx); + mbedtls_md_update(md_ctx, secret, md_size); + mbedtls_md_update(md_ctx, padding, padlen); + mbedtls_md_update(md_ctx, header, 11); + mbedtls_md_update(md_ctx, buf, len); + mbedtls_md_finish(md_ctx, out); - memset( padding, 0x5C, padlen ); - mbedtls_md_starts( md_ctx ); - mbedtls_md_update( md_ctx, secret, md_size ); - mbedtls_md_update( md_ctx, padding, padlen ); - mbedtls_md_update( md_ctx, out, md_size ); - mbedtls_md_finish( md_ctx, out ); + memset(padding, 0x5C, padlen); + mbedtls_md_starts(md_ctx); + mbedtls_md_update(md_ctx, secret, md_size); + mbedtls_md_update(md_ctx, padding, padlen); + mbedtls_md_update(md_ctx, out, md_size); + mbedtls_md_finish(md_ctx, out); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -520,9 +494,8 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) static int ssl_transform_aead_dynamic_iv_is_explicit( - mbedtls_ssl_transform const *transform ) -{ - return( transform->ivlen != transform->fixed_ivlen ); + mbedtls_ssl_transform const *transform) { + return (transform->ivlen != transform->fixed_ivlen); } /* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV ) @@ -548,34 +521,32 @@ static int ssl_transform_aead_dynamic_iv_is_explicit( * which has to be ensured by the caller. If this precondition * violated, the behavior of this function is undefined. */ -static void ssl_build_record_nonce( unsigned char *dst_iv, - size_t dst_iv_len, - unsigned char const *fixed_iv, - size_t fixed_iv_len, - unsigned char const *dynamic_iv, - size_t dynamic_iv_len ) -{ +static void ssl_build_record_nonce(unsigned char *dst_iv, + size_t dst_iv_len, + unsigned char const *fixed_iv, + size_t fixed_iv_len, + unsigned char const *dynamic_iv, + size_t dynamic_iv_len) { size_t i; /* Start with Fixed IV || 0 */ - memset( dst_iv, 0, dst_iv_len ); - memcpy( dst_iv, fixed_iv, fixed_iv_len ); + memset(dst_iv, 0, dst_iv_len); + memcpy(dst_iv, fixed_iv, fixed_iv_len); dst_iv += dst_iv_len - dynamic_iv_len; - for( i = 0; i < dynamic_iv_len; i++ ) + for (i = 0; i < dynamic_iv_len; i++) dst_iv[i] ^= dynamic_iv[i]; } #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ -int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { mbedtls_cipher_mode_t mode; int auth_done = 0; - unsigned char * data; + unsigned char *data; unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ]; size_t add_data_len; size_t post_avail; @@ -594,40 +565,37 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ((void) p_rng); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf")); - if( transform == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (transform == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no transform provided to encrypt_buf")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - if( rec == NULL - || rec->buf == NULL - || rec->buf_len < rec->data_offset - || rec->buf_len - rec->data_offset < rec->data_len + if (rec == NULL + || rec->buf == NULL + || rec->buf_len < rec->data_offset + || rec->buf_len - rec->data_offset < rec->data_len #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - || rec->cid_len != 0 + || rec->cid_len != 0 #endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + ) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to encrypt_buf")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } data = rec->buf + rec->data_offset; - post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); - MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload", - data, rec->data_len ); + post_avail = rec->buf_len - (rec->data_len + rec->data_offset); + MBEDTLS_SSL_DEBUG_BUF(4, "before encrypt: output payload", + data, rec->data_len); - mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ); + mode = mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc); - if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET - " too large, maximum %" MBEDTLS_PRINTF_SIZET, - rec->data_len, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Record content %" MBEDTLS_PRINTF_SIZET + " too large, maximum %" MBEDTLS_PRINTF_SIZET, + rec->data_len, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* The following two code paths implement the (D)TLSInnerPlaintext @@ -643,18 +611,16 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * is hence no risk of double-addition of the inner plaintext. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { size_t padding = - ssl_compute_padding_length( rec->data_len, - MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY ); - if( ssl_build_inner_plaintext( data, - &rec->data_len, - post_avail, - rec->type, - padding ) != 0 ) - { - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + ssl_compute_padding_length(rec->data_len, + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY); + if (ssl_build_inner_plaintext(data, + &rec->data_len, + post_avail, + rec->type, + padding) != 0) { + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); } rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA; @@ -666,14 +632,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Add CID information */ rec->cid_len = transform->out_cid_len; - memcpy( rec->cid, transform->out_cid, transform->out_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len ); + memcpy(rec->cid, transform->out_cid, transform->out_cid_len); + MBEDTLS_SSL_DEBUG_BUF(3, "CID", rec->cid, rec->cid_len); - if( rec->cid_len != 0 ) - { + if (rec->cid_len != 0) { size_t padding = - ssl_compute_padding_length( rec->data_len, - MBEDTLS_SSL_CID_PADDING_GRANULARITY ); + ssl_compute_padding_length(rec->data_len, + MBEDTLS_SSL_CID_PADDING_GRANULARITY); /* * Wrap plaintext into DTLSInnerPlaintext structure. * See ssl_build_inner_plaintext() for more information. @@ -681,75 +646,68 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Note that this changes `rec->data_len`, and hence * `post_avail` needs to be recalculated afterwards. */ - if( ssl_build_inner_plaintext( data, - &rec->data_len, - post_avail, - rec->type, - padding ) != 0 ) - { - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (ssl_build_inner_plaintext(data, + &rec->data_len, + post_avail, + rec->type, + padding) != 0) { + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); } rec->type = MBEDTLS_SSL_MSG_CID; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - post_avail = rec->buf_len - ( rec->data_len + rec->data_offset ); + post_avail = rec->buf_len - (rec->data_len + rec->data_offset); /* * Add MAC before if needed */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if( mode == MBEDTLS_MODE_STREAM || - ( mode == MBEDTLS_MODE_CBC + if (mode == MBEDTLS_MODE_STREAM || + (mode == MBEDTLS_MODE_CBC #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED + && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED #endif - ) ) - { - if( post_avail < transform->maclen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + )) { + if (post_avail < transform->maclen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); } #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { unsigned char mac[SSL3_MAC_MAX_BYTES]; - ssl_mac( &transform->md_ctx_enc, transform->mac_enc, - data, rec->data_len, rec->ctr, rec->type, mac ); - memcpy( data + rec->data_len, mac, transform->maclen ); - } - else + ssl_mac(&transform->md_ctx_enc, transform->mac_enc, + data, rec->data_len, rec->ctr, rec->type, mac); + memcpy(data + rec->data_len, mac, transform->maclen); + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) - { - unsigned char mac[MBEDTLS_SSL_MAC_ADD]; + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) { + unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); - mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, - add_data_len ); - mbedtls_md_hmac_update( &transform->md_ctx_enc, - data, rec->data_len ); - mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac ); - mbedtls_md_hmac_reset( &transform->md_ctx_enc ); + mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, + add_data_len); + mbedtls_md_hmac_update(&transform->md_ctx_enc, + data, rec->data_len); + mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); + mbedtls_md_hmac_reset(&transform->md_ctx_enc); - memcpy( data + rec->data_len, mac, transform->maclen ); - } - else + memcpy(data + rec->data_len, mac, transform->maclen); + } else #endif - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len, - transform->maclen ); + MBEDTLS_SSL_DEBUG_BUF(4, "computed mac", data + rec->data_len, + transform->maclen); rec->data_len += transform->maclen; post_avail -= transform->maclen; @@ -761,289 +719,266 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * Encrypt */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) - if( mode == MBEDTLS_MODE_STREAM ) - { + if (mode == MBEDTLS_MODE_STREAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %d bytes of padding", - rec->data_len, 0 ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including %d bytes of padding", + rec->data_len, 0)); - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, - transform->iv_enc, transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, + transform->iv_enc, transform->ivlen, + data, rec->data_len, + data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return (ret); } - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - } - else + } else #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( mode == MBEDTLS_MODE_GCM || - mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char iv[12]; - unsigned char *dynamic_iv; - size_t dynamic_iv_len; - int dynamic_iv_is_explicit = - ssl_transform_aead_dynamic_iv_is_explicit( transform ); + if (mode == MBEDTLS_MODE_GCM || + mode == MBEDTLS_MODE_CCM || + mode == MBEDTLS_MODE_CHACHAPOLY) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + unsigned char iv[12]; + unsigned char *dynamic_iv; + size_t dynamic_iv_len; + int dynamic_iv_is_explicit = + ssl_transform_aead_dynamic_iv_is_explicit(transform); - /* Check that there's space for the authentication tag. */ - if( post_avail < transform->taglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - - /* - * Build nonce for AEAD encryption. - * - * Note: In the case of CCM and GCM in TLS 1.2, the dynamic - * part of the IV is prepended to the ciphertext and - * can be chosen freely - in particular, it need not - * agree with the record sequence number. - * However, since ChaChaPoly as well as all AEAD modes - * in TLS 1.3 use the record sequence number as the - * dynamic part of the nonce, we uniformly use the - * record sequence number here in all cases. - */ - dynamic_iv = rec->ctr; - dynamic_iv_len = sizeof( rec->ctr ); - - ssl_build_record_nonce( iv, sizeof( iv ), - transform->iv_enc, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len ); - - /* - * Build additional data for AEAD encryption. - * This depends on the TLS version. - */ - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); - - MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", - iv, transform->ivlen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", - dynamic_iv, - dynamic_iv_is_explicit ? dynamic_iv_len : 0 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", - add_data, add_data_len ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including 0 bytes of padding", - rec->data_len ) ); - - /* - * Encrypt and authenticate - */ - - if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len, /* src */ - data, rec->buf_len - (data - rec->buf), /* dst */ - &rec->data_len, - transform->taglen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); - return( ret ); - } - MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", - data + rec->data_len - transform->taglen, - transform->taglen ); - /* Account for authentication tag. */ - post_avail -= transform->taglen; - - /* - * Prefix record content with dynamic IV in case it is explicit. - */ - if( dynamic_iv_is_explicit != 0 ) - { - if( rec->data_offset < dynamic_iv_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + /* Check that there's space for the authentication tag. */ + if (post_avail < transform->taglen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); } - memcpy( data - dynamic_iv_len, dynamic_iv, dynamic_iv_len ); - rec->data_offset -= dynamic_iv_len; - rec->data_len += dynamic_iv_len; - } + /* + * Build nonce for AEAD encryption. + * + * Note: In the case of CCM and GCM in TLS 1.2, the dynamic + * part of the IV is prepended to the ciphertext and + * can be chosen freely - in particular, it need not + * agree with the record sequence number. + * However, since ChaChaPoly as well as all AEAD modes + * in TLS 1.3 use the record sequence number as the + * dynamic part of the nonce, we uniformly use the + * record sequence number here in all cases. + */ + dynamic_iv = rec->ctr; + dynamic_iv_len = sizeof(rec->ctr); - auth_done++; - } - else + ssl_build_record_nonce(iv, sizeof(iv), + transform->iv_enc, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len); + + /* + * Build additional data for AEAD encryption. + * This depends on the TLS version. + */ + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); + + MBEDTLS_SSL_DEBUG_BUF(4, "IV used (internal)", + iv, transform->ivlen); + MBEDTLS_SSL_DEBUG_BUF(4, "IV used (transmitted)", + dynamic_iv, + dynamic_iv_is_explicit ? dynamic_iv_len : 0); + MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", + add_data, add_data_len); + MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including 0 bytes of padding", + rec->data_len)); + + /* + * Encrypt and authenticate + */ + + if ((ret = mbedtls_cipher_auth_encrypt_ext(&transform->cipher_ctx_enc, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len, /* src */ + data, rec->buf_len - (data - rec->buf), /* dst */ + &rec->data_len, + transform->taglen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_encrypt", ret); + return (ret); + } + MBEDTLS_SSL_DEBUG_BUF(4, "after encrypt: tag", + data + rec->data_len - transform->taglen, + transform->taglen); + /* Account for authentication tag. */ + post_avail -= transform->taglen; + + /* + * Prefix record content with dynamic IV in case it is explicit. + */ + if (dynamic_iv_is_explicit != 0) { + if (rec->data_offset < dynamic_iv_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + } + + memcpy(data - dynamic_iv_len, dynamic_iv, dynamic_iv_len); + rec->data_offset -= dynamic_iv_len; + rec->data_len += dynamic_iv_len; + } + + auth_done++; + } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if( mode == MBEDTLS_MODE_CBC ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t padlen, i; - size_t olen; + if (mode == MBEDTLS_MODE_CBC) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t padlen, i; + size_t olen; - /* Currently we're always using minimal padding - * (up to 255 bytes would be allowed). */ - padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen; - if( padlen == transform->ivlen ) - padlen = 0; + /* Currently we're always using minimal padding + * (up to 255 bytes would be allowed). */ + padlen = transform->ivlen - (rec->data_len + 1) % transform->ivlen; + if (padlen == transform->ivlen) + padlen = 0; - /* Check there's enough space in the buffer for the padding. */ - if( post_avail < padlen + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } + /* Check there's enough space in the buffer for the padding. */ + if (post_avail < padlen + 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + } - for( i = 0; i <= padlen; i++ ) - data[rec->data_len + i] = (unsigned char) padlen; + for (i = 0; i <= padlen; i++) + data[rec->data_len + i] = (unsigned char) padlen; - rec->data_len += padlen + 1; - post_avail -= padlen + 1; + rec->data_len += padlen + 1; + post_avail -= padlen + 1; #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Prepend per-record IV for block cipher in TLS v1.1 and up as per - * Method 1 (6.2.3.2. in RFC4346 and RFC5246) - */ - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { - if( f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + /* + * Prepend per-record IV for block cipher in TLS v1.1 and up as per + * Method 1 (6.2.3.2. in RFC4346 and RFC5246) + */ + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { + if (f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - if( rec->data_offset < transform->ivlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } + if (rec->data_offset < transform->ivlen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + } - /* - * Generate IV - */ - ret = f_rng( p_rng, transform->iv_enc, transform->ivlen ); - if( ret != 0 ) - return( ret ); + /* + * Generate IV + */ + ret = f_rng(p_rng, transform->iv_enc, transform->ivlen); + if (ret != 0) + return (ret); - memcpy( data - transform->ivlen, transform->iv_enc, - transform->ivlen ); + memcpy(data - transform->ivlen, transform->iv_enc, + transform->ivlen); - } + } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " - "including %" MBEDTLS_PRINTF_SIZET - " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", - rec->data_len, transform->ivlen, - padlen + 1 ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " + "including %" MBEDTLS_PRINTF_SIZET + " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding", + rec->data_len, transform->ivlen, + padlen + 1)); - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc, - transform->iv_enc, - transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); - } + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_enc, + transform->iv_enc, + transform->ivlen, + data, rec->data_len, + data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return (ret); + } - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) - { - /* - * Save IV in SSL3 and TLS1 - */ - memcpy( transform->iv_enc, transform->cipher_ctx_enc.iv, - transform->ivlen ); - } - else + if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) { + /* + * Save IV in SSL3 and TLS1 + */ + memcpy(transform->iv_enc, transform->cipher_ctx_enc.iv, + transform->ivlen); + } else #endif - { - data -= transform->ivlen; - rec->data_offset -= transform->ivlen; - rec->data_len += transform->ivlen; - } + { + data -= transform->ivlen; + rec->data_offset -= transform->ivlen; + rec->data_len += transform->ivlen; + } #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( auth_done == 0 ) - { - unsigned char mac[MBEDTLS_SSL_MAC_ADD]; + if (auth_done == 0) { + unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - /* - * MAC(MAC_write_key, seq_num + - * TLSCipherText.type + - * TLSCipherText.version + - * length_of( (IV +) ENC(...) ) + - * IV + // except for TLS 1.0 - * ENC(content + padding + padding_length)); - */ + /* + * MAC(MAC_write_key, seq_num + + * TLSCipherText.type + + * TLSCipherText.version + + * length_of( (IV +) ENC(...) ) + + * IV + // except for TLS 1.0 + * ENC(content + padding + padding_length)); + */ - if( post_avail < transform->maclen) + if (post_avail < transform->maclen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough")); + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); + } + + ssl_extract_add_data_from_record(add_data, &add_data_len, + rec, transform->minor_ver); + + MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); + MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, + add_data_len); + + mbedtls_md_hmac_update(&transform->md_ctx_enc, add_data, + add_data_len); + mbedtls_md_hmac_update(&transform->md_ctx_enc, + data, rec->data_len); + mbedtls_md_hmac_finish(&transform->md_ctx_enc, mac); + mbedtls_md_hmac_reset(&transform->md_ctx_enc); + + memcpy(data + rec->data_len, mac, transform->maclen); + + rec->data_len += transform->maclen; + post_avail -= transform->maclen; + auth_done++; + } +#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ + } else +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - ssl_extract_add_data_from_record( add_data, &add_data_len, - rec, transform->minor_ver ); - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, - add_data_len ); - - mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, - add_data_len ); - mbedtls_md_hmac_update( &transform->md_ctx_enc, - data, rec->data_len ); - mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac ); - mbedtls_md_hmac_reset( &transform->md_ctx_enc ); - - memcpy( data + rec->data_len, mac, transform->maclen ); - - rec->data_len += transform->maclen; - post_avail -= transform->maclen; - auth_done++; - } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - } - else -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC) */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - /* Make extra sure authentication was performed, exactly once */ - if( auth_done != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (auth_done != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= encrypt buf")); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) @@ -1058,8 +993,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) -{ +static size_t mbedtls_ssl_cf_mask_from_bit(size_t bit) { /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ #if defined(_MSC_VER) @@ -1083,18 +1017,17 @@ static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) -{ +static size_t mbedtls_ssl_cf_mask_lt(size_t x, size_t y) { /* This has the most significant bit set if and only if x < y */ const size_t sub = x - y; /* sub1 = (x < y) ? 1 : 0 */ - const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); + const size_t sub1 = sub >> (sizeof(sub) * 8 - 1); /* mask = (x < y) ? 0xff... : 0x00... */ - const size_t mask = mbedtls_ssl_cf_mask_from_bit( sub1 ); + const size_t mask = mbedtls_ssl_cf_mask_from_bit(sub1); - return( mask ); + return (mask); } /* @@ -1108,9 +1041,8 @@ static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) -{ - return( ~mbedtls_ssl_cf_mask_lt( x, y ) ); +static size_t mbedtls_ssl_cf_mask_ge(size_t x, size_t y) { + return (~mbedtls_ssl_cf_mask_lt(x, y)); } /* @@ -1124,8 +1056,7 @@ static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) -{ +static size_t mbedtls_ssl_cf_bool_eq(size_t x, size_t y) { /* diff = 0 if x == y, non-zero otherwise */ const size_t diff = x ^ y; @@ -1137,16 +1068,16 @@ static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) #endif /* diff_msb's most significant bit is equal to x != y */ - const size_t diff_msb = ( diff | -diff ); + const size_t diff_msb = (diff | -diff); #if defined(_MSC_VER) #pragma warning( pop ) #endif /* diff1 = (x != y) ? 1 : 0 */ - const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); + const size_t diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1); - return( 1 ^ diff1 ); + return (1 ^ diff1); } /* @@ -1158,18 +1089,17 @@ static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, - const unsigned char *src, - size_t len, - size_t c1, size_t c2 ) -{ +static void mbedtls_ssl_cf_memcpy_if_eq(unsigned char *dst, + const unsigned char *src, + size_t len, + size_t c1, size_t c2) { /* mask = c1 == c2 ? 0xff : 0x00 */ - const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 ); - const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal ); + const size_t equal = mbedtls_ssl_cf_bool_eq(c1, c2); + const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit(equal); /* dst[i] = c1 == c2 ? src[i] : dst[i] */ - for( size_t i = 0; i < len; i++ ) - dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask ); + for (size_t i = 0; i < len; i++) + dst[i] = (src[i] & mask) | (dst[i] & ~mask); } /* @@ -1179,12 +1109,11 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, * (Otherwise, computation of block_size needs to be adapted.) */ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( - mbedtls_md_context_t *ctx, - const unsigned char *add_data, size_t add_data_len, - const unsigned char *data, size_t data_len_secret, - size_t min_data_len, size_t max_data_len, - unsigned char *output ) -{ + mbedtls_md_context_t *ctx, + const unsigned char *add_data, size_t add_data_len, + const unsigned char *data, size_t data_len_secret, + size_t min_data_len, size_t max_data_len, + unsigned char *output) { /* * This function breaks the HMAC abstraction and uses the md_clone() * extension to the MD API in order to get constant-flow behaviour. @@ -1199,20 +1128,20 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( * * Then we only need to compute HASH(okey + inner_hash) and we're done. */ - const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info ); + const mbedtls_md_type_t md_alg = mbedtls_md_get_type(ctx->md_info); /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5, * all of which have the same block size except SHA-384. */ const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64; - const unsigned char * const ikey = ctx->hmac_ctx; - const unsigned char * const okey = ikey + block_size; - const size_t hash_size = mbedtls_md_get_size( ctx->md_info ); + const unsigned char *const ikey = ctx->hmac_ctx; + const unsigned char *const okey = ikey + block_size; + const size_t hash_size = mbedtls_md_get_size(ctx->md_info); unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_context_t aux; size_t offset; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_init( &aux ); + mbedtls_md_init(&aux); #define MD_CHK( func_call ) \ do { \ @@ -1221,40 +1150,39 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( goto cleanup; \ } while( 0 ) - MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) ); + MD_CHK(mbedtls_md_setup(&aux, ctx->md_info, 0)); /* After hmac_start() of hmac_reset(), ikey has already been hashed, * so we can start directly with the message */ - MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) ); - MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) ); + MD_CHK(mbedtls_md_update(ctx, add_data, add_data_len)); + MD_CHK(mbedtls_md_update(ctx, data, min_data_len)); /* For each possible length, compute the hash up to that point */ - for( offset = min_data_len; offset <= max_data_len; offset++ ) - { - MD_CHK( mbedtls_md_clone( &aux, ctx ) ); - MD_CHK( mbedtls_md_finish( &aux, aux_out ) ); + for (offset = min_data_len; offset <= max_data_len; offset++) { + MD_CHK(mbedtls_md_clone(&aux, ctx)); + MD_CHK(mbedtls_md_finish(&aux, aux_out)); /* Keep only the correct inner_hash in the output buffer */ - mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size, - offset, data_len_secret ); + mbedtls_ssl_cf_memcpy_if_eq(output, aux_out, hash_size, + offset, data_len_secret); - if( offset < max_data_len ) - MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); + if (offset < max_data_len) + MD_CHK(mbedtls_md_update(ctx, data + offset, 1)); } /* Now compute HASH(okey + inner_hash) */ - MD_CHK( mbedtls_md_starts( ctx ) ); - MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); - MD_CHK( mbedtls_md_update( ctx, output, hash_size ) ); - MD_CHK( mbedtls_md_finish( ctx, output ) ); + MD_CHK(mbedtls_md_starts(ctx)); + MD_CHK(mbedtls_md_update(ctx, okey, block_size)); + MD_CHK(mbedtls_md_update(ctx, output, hash_size)); + MD_CHK(mbedtls_md_finish(ctx, output)); /* Done, get ready for next time */ - MD_CHK( mbedtls_md_hmac_reset( ctx ) ); + MD_CHK(mbedtls_md_hmac_reset(ctx)); #undef MD_CHK cleanup: - mbedtls_md_free( &aux ); - return( ret ); + mbedtls_md_free(&aux); + return (ret); } /* @@ -1263,33 +1191,30 @@ cleanup: * - but with execution flow independent from the value of offset_secret. */ MBEDTLS_STATIC_TESTABLE void mbedtls_ssl_cf_memcpy_offset( - unsigned char *dst, - const unsigned char *src_base, - size_t offset_secret, - size_t offset_min, size_t offset_max, - size_t len ) -{ + unsigned char *dst, + const unsigned char *src_base, + size_t offset_secret, + size_t offset_min, size_t offset_max, + size_t len) { size_t offset; - for( offset = offset_min; offset <= offset_max; offset++ ) - { - mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len, - offset, offset_secret ); + for (offset = offset_min; offset <= offset_max; offset++) { + mbedtls_ssl_cf_memcpy_if_eq(dst, src_base + offset, len, + offset, offset_secret); } } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ -int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, - mbedtls_ssl_transform *transform, - mbedtls_record *rec ) -{ +int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, + mbedtls_ssl_transform *transform, + mbedtls_record *rec) { size_t olen; mbedtls_cipher_mode_t mode; int ret, auth_done = 0; #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) size_t padlen = 0, correct = 1; #endif - unsigned char* data; + unsigned char *data; unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_IN_LEN_MAX ]; size_t add_data_len; @@ -1298,441 +1223,405 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ((void) ssl); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) ); - if( rec == NULL || - rec->buf == NULL || - rec->buf_len < rec->data_offset || - rec->buf_len - rec->data_offset < rec->data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to decrypt_buf" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> decrypt buf")); + if (rec == NULL || + rec->buf == NULL || + rec->buf_len < rec->data_offset || + rec->buf_len - rec->data_offset < rec->data_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad record structure provided to decrypt_buf")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } data = rec->buf + rec->data_offset; - mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_dec ); + mode = mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_dec); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* * Match record's CID with incoming CID. */ - if( rec->cid_len != transform->in_cid_len || - memcmp( rec->cid, transform->in_cid, rec->cid_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_UNEXPECTED_CID ); + if (rec->cid_len != transform->in_cid_len || + memcmp(rec->cid, transform->in_cid, rec->cid_len) != 0) { + return (MBEDTLS_ERR_SSL_UNEXPECTED_CID); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) - if( mode == MBEDTLS_MODE_STREAM ) - { + if (mode == MBEDTLS_MODE_STREAM) { padlen = 0; - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, - transform->iv_dec, - transform->ivlen, - data, rec->data_len, - data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, + transform->iv_dec, + transform->ivlen, + data, rec->data_len, + data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return (ret); } - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - } - else + } else #endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( mode == MBEDTLS_MODE_GCM || - mode == MBEDTLS_MODE_CCM || - mode == MBEDTLS_MODE_CHACHAPOLY ) - { - unsigned char iv[12]; - unsigned char *dynamic_iv; - size_t dynamic_iv_len; + if (mode == MBEDTLS_MODE_GCM || + mode == MBEDTLS_MODE_CCM || + mode == MBEDTLS_MODE_CHACHAPOLY) { + unsigned char iv[12]; + unsigned char *dynamic_iv; + size_t dynamic_iv_len; - /* - * Extract dynamic part of nonce for AEAD decryption. - * - * Note: In the case of CCM and GCM in TLS 1.2, the dynamic - * part of the IV is prepended to the ciphertext and - * can be chosen freely - in particular, it need not - * agree with the record sequence number. - */ - dynamic_iv_len = sizeof( rec->ctr ); - if( ssl_transform_aead_dynamic_iv_is_explicit( transform ) == 1 ) - { - if( rec->data_len < dynamic_iv_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - dynamic_iv_len ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + /* + * Extract dynamic part of nonce for AEAD decryption. + * + * Note: In the case of CCM and GCM in TLS 1.2, the dynamic + * part of the IV is prepended to the ciphertext and + * can be chosen freely - in particular, it need not + * agree with the record sequence number. + */ + dynamic_iv_len = sizeof(rec->ctr); + if (ssl_transform_aead_dynamic_iv_is_explicit(transform) == 1) { + if (rec->data_len < dynamic_iv_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + " ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ", + rec->data_len, + dynamic_iv_len)); + return (MBEDTLS_ERR_SSL_INVALID_MAC); + } + dynamic_iv = data; + + data += dynamic_iv_len; + rec->data_offset += dynamic_iv_len; + rec->data_len -= dynamic_iv_len; + } else { + dynamic_iv = rec->ctr; } - dynamic_iv = data; - data += dynamic_iv_len; - rec->data_offset += dynamic_iv_len; - rec->data_len -= dynamic_iv_len; - } - else - { - dynamic_iv = rec->ctr; - } + /* Check that there's space for the authentication tag. */ + if (rec->data_len < transform->taglen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", + rec->data_len, + transform->taglen)); + return (MBEDTLS_ERR_SSL_INVALID_MAC); + } + rec->data_len -= transform->taglen; - /* Check that there's space for the authentication tag. */ - if( rec->data_len < transform->taglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") < taglen (%" MBEDTLS_PRINTF_SIZET ") ", - rec->data_len, - transform->taglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - rec->data_len -= transform->taglen; + /* + * Prepare nonce from dynamic and static parts. + */ + ssl_build_record_nonce(iv, sizeof(iv), + transform->iv_dec, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len); - /* - * Prepare nonce from dynamic and static parts. - */ - ssl_build_record_nonce( iv, sizeof( iv ), - transform->iv_dec, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len ); + /* + * Build additional data for AEAD encryption. + * This depends on the TLS version. + */ + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); + MBEDTLS_SSL_DEBUG_BUF(4, "additional data used for AEAD", + add_data, add_data_len); - /* - * Build additional data for AEAD encryption. - * This depends on the TLS version. - */ - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); - MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", - add_data, add_data_len ); + /* Because of the check above, we know that there are + * explicit_iv_len Bytes preceeding data, and taglen + * bytes following data + data_len. This justifies + * the debug message and the invocation of + * mbedtls_cipher_auth_decrypt() below. */ - /* Because of the check above, we know that there are - * explicit_iv_len Bytes preceeding data, and taglen - * bytes following data + data_len. This justifies - * the debug message and the invocation of - * mbedtls_cipher_auth_decrypt() below. */ + MBEDTLS_SSL_DEBUG_BUF(4, "IV used", iv, transform->ivlen); + MBEDTLS_SSL_DEBUG_BUF(4, "TAG used", data + rec->data_len, + transform->taglen); - MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len, - transform->taglen ); + /* + * Decrypt and authenticate + */ + if ((ret = mbedtls_cipher_auth_decrypt_ext(&transform->cipher_ctx_dec, + iv, transform->ivlen, + add_data, add_data_len, + data, rec->data_len + transform->taglen, /* src */ + data, rec->buf_len - (data - rec->buf), &olen, /* dst */ + transform->taglen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_auth_decrypt", ret); - /* - * Decrypt and authenticate - */ - if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, - iv, transform->ivlen, - add_data, add_data_len, - data, rec->data_len + transform->taglen, /* src */ - data, rec->buf_len - (data - rec->buf), &olen, /* dst */ - transform->taglen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); + if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) + return (MBEDTLS_ERR_SSL_INVALID_MAC); - if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - - return( ret ); - } - auth_done++; - - /* Double-check that AEAD decryption doesn't change content length. */ - if( olen != rec->data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - } - else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) - if( mode == MBEDTLS_MODE_CBC ) - { - size_t minlen = 0; - - /* - * Check immediate ciphertext sanity - */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { - /* The ciphertext is prefixed with the CBC IV. */ - minlen += transform->ivlen; - } -#endif - - /* Size considerations: - * - * - The CBC cipher text must not be empty and hence - * at least of size transform->ivlen. - * - * Together with the potential IV-prefix, this explains - * the first of the two checks below. - * - * - The record must contain a MAC, either in plain or - * encrypted, depending on whether Encrypt-then-MAC - * is used or not. - * - If it is, the message contains the IV-prefix, - * the CBC ciphertext, and the MAC. - * - If it is not, the padded plaintext, and hence - * the CBC ciphertext, has at least length maclen + 1 - * because there is at least the padding length byte. - * - * As the CBC ciphertext is not empty, both cases give the - * lower bound minlen + maclen + 1 on the record size, which - * we test for in the second check below. - */ - if( rec->data_len < minlen + transform->ivlen || - rec->data_len < minlen + transform->maclen + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET - "), maclen (%" MBEDTLS_PRINTF_SIZET ") " - "+ 1 ) ( + expl IV )", rec->data_len, - transform->ivlen, - transform->maclen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } - - /* - * Authenticate before decrypt if enabled - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - { - unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; - - MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); - - /* Update data_len in tandem with add_data. - * - * The subtraction is safe because of the previous check - * data_len >= minlen + maclen + 1. - * - * Afterwards, we know that data + data_len is followed by at - * least maclen Bytes, which justifies the call to - * mbedtls_ssl_safer_memcmp() below. - * - * Further, we still know that data_len > minlen */ - rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); - - /* Calculate expected MAC. */ - MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, - add_data_len ); - mbedtls_md_hmac_update( &transform->md_ctx_dec, add_data, - add_data_len ); - mbedtls_md_hmac_update( &transform->md_ctx_dec, - data, rec->data_len ); - mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect ); - mbedtls_md_hmac_reset( &transform->md_ctx_dec ); - - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", data + rec->data_len, - transform->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, - transform->maclen ); - - /* Compare expected MAC with MAC at the end of the record. */ - if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect, - transform->maclen ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + return (ret); } auth_done++; - } + + /* Double-check that AEAD decryption doesn't change content length. */ + if (olen != rec->data_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } + } else +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) + if (mode == MBEDTLS_MODE_CBC) { + size_t minlen = 0; + + /* + * Check immediate ciphertext sanity + */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { + /* The ciphertext is prefixed with the CBC IV. */ + minlen += transform->ivlen; + } +#endif + + /* Size considerations: + * + * - The CBC cipher text must not be empty and hence + * at least of size transform->ivlen. + * + * Together with the potential IV-prefix, this explains + * the first of the two checks below. + * + * - The record must contain a MAC, either in plain or + * encrypted, depending on whether Encrypt-then-MAC + * is used or not. + * - If it is, the message contains the IV-prefix, + * the CBC ciphertext, and the MAC. + * - If it is not, the padded plaintext, and hence + * the CBC ciphertext, has at least length maclen + 1 + * because there is at least the padding length byte. + * + * As the CBC ciphertext is not empty, both cases give the + * lower bound minlen + maclen + 1 on the record size, which + * we test for in the second check below. + */ + if (rec->data_len < minlen + transform->ivlen || + rec->data_len < minlen + transform->maclen + 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") < max( ivlen(%" MBEDTLS_PRINTF_SIZET + "), maclen (%" MBEDTLS_PRINTF_SIZET ") " + "+ 1 ) ( + expl IV )", rec->data_len, + transform->ivlen, + transform->maclen)); + return (MBEDTLS_ERR_SSL_INVALID_MAC); + } + + /* + * Authenticate before decrypt if enabled + */ +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if (transform->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { + unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; + + MBEDTLS_SSL_DEBUG_MSG(3, ("using encrypt then mac")); + + /* Update data_len in tandem with add_data. + * + * The subtraction is safe because of the previous check + * data_len >= minlen + maclen + 1. + * + * Afterwards, we know that data + data_len is followed by at + * least maclen Bytes, which justifies the call to + * mbedtls_ssl_safer_memcmp() below. + * + * Further, we still know that data_len > minlen */ + rec->data_len -= transform->maclen; + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); + + /* Calculate expected MAC. */ + MBEDTLS_SSL_DEBUG_BUF(4, "MAC'd meta-data", add_data, + add_data_len); + mbedtls_md_hmac_update(&transform->md_ctx_dec, add_data, + add_data_len); + mbedtls_md_hmac_update(&transform->md_ctx_dec, + data, rec->data_len); + mbedtls_md_hmac_finish(&transform->md_ctx_dec, mac_expect); + mbedtls_md_hmac_reset(&transform->md_ctx_dec); + + MBEDTLS_SSL_DEBUG_BUF(4, "message mac", data + rec->data_len, + transform->maclen); + MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, + transform->maclen); + + /* Compare expected MAC with MAC at the end of the record. */ + if (mbedtls_ssl_safer_memcmp(data + rec->data_len, mac_expect, + transform->maclen) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); + return (MBEDTLS_ERR_SSL_INVALID_MAC); + } + auth_done++; + } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - /* - * Check length sanity - */ + /* + * Check length sanity + */ - /* We know from above that data_len > minlen >= 0, - * so the following check in particular implies that - * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ - if( rec->data_len % transform->ivlen != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", - rec->data_len, transform->ivlen ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); - } + /* We know from above that data_len > minlen >= 0, + * so the following check in particular implies that + * data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */ + if (rec->data_len % transform->ivlen != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0", + rec->data_len, transform->ivlen)); + return (MBEDTLS_ERR_SSL_INVALID_MAC); + } #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - /* - * Initialize for prepended IV for block cipher in TLS v1.1 and up - */ - if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { - /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ - memcpy( transform->iv_dec, data, transform->ivlen ); + /* + * Initialize for prepended IV for block cipher in TLS v1.1 and up + */ + if (transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) { + /* Safe because data_len >= minlen + ivlen = 2 * ivlen. */ + memcpy(transform->iv_dec, data, transform->ivlen); - data += transform->ivlen; - rec->data_offset += transform->ivlen; - rec->data_len -= transform->ivlen; - } + data += transform->ivlen; + rec->data_offset += transform->ivlen; + rec->data_len -= transform->ivlen; + } #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ + /* We still have data_len % ivlen == 0 and data_len >= ivlen here. */ - if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_dec, - transform->iv_dec, transform->ivlen, - data, rec->data_len, data, &olen ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret ); - return( ret ); - } + if ((ret = mbedtls_cipher_crypt(&transform->cipher_ctx_dec, + transform->iv_dec, transform->ivlen, + data, rec->data_len, data, &olen)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_crypt", ret); + return (ret); + } - /* Double-check that length hasn't changed during decryption. */ - if( rec->data_len != olen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + /* Double-check that length hasn't changed during decryption. */ + if (rec->data_len != olen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) - { - /* - * Save IV in SSL3 and TLS1, where CBC decryption of consecutive - * records is equivalent to CBC decryption of the concatenation - * of the records; in other words, IVs are maintained across - * record decryptions. - */ - memcpy( transform->iv_dec, transform->cipher_ctx_dec.iv, - transform->ivlen ); - } + if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) { + /* + * Save IV in SSL3 and TLS1, where CBC decryption of consecutive + * records is equivalent to CBC decryption of the concatenation + * of the records; in other words, IVs are maintained across + * record decryptions. + */ + memcpy(transform->iv_dec, transform->cipher_ctx_dec.iv, + transform->ivlen); + } #endif - /* Safe since data_len >= minlen + maclen + 1, so after having - * subtracted at most minlen and maclen up to this point, - * data_len > 0 (because of data_len % ivlen == 0, it's actually - * >= ivlen ). */ - padlen = data[rec->data_len - 1]; + /* Safe since data_len >= minlen + maclen + 1, so after having + * subtracted at most minlen and maclen up to this point, + * data_len > 0 (because of data_len % ivlen == 0, it's actually + * >= ivlen ). */ + padlen = data[rec->data_len - 1]; - if( auth_done == 1 ) - { - const size_t mask = mbedtls_ssl_cf_mask_ge( - rec->data_len, - padlen + 1 ); - correct &= mask; - padlen &= mask; - } - else - { -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if( rec->data_len < transform->maclen + padlen + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET - ") < maclen (%" MBEDTLS_PRINTF_SIZET - ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", + if (auth_done == 1) { + const size_t mask = mbedtls_ssl_cf_mask_ge( rec->data_len, - transform->maclen, - padlen + 1 ) ); - } + padlen + 1); + correct &= mask; + padlen &= mask; + } else { +#if defined(MBEDTLS_SSL_DEBUG_ALL) + if (rec->data_len < transform->maclen + padlen + 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("msglen (%" MBEDTLS_PRINTF_SIZET + ") < maclen (%" MBEDTLS_PRINTF_SIZET + ") + padlen (%" MBEDTLS_PRINTF_SIZET ")", + rec->data_len, + transform->maclen, + padlen + 1)); + } #endif - const size_t mask = mbedtls_ssl_cf_mask_ge( - rec->data_len, - transform->maclen + padlen + 1 ); - correct &= mask; - padlen &= mask; - } + const size_t mask = mbedtls_ssl_cf_mask_ge( + rec->data_len, + transform->maclen + padlen + 1); + correct &= mask; + padlen &= mask; + } - padlen++; + padlen++; - /* Regardless of the validity of the padding, - * we have data_len >= padlen here. */ + /* Regardless of the validity of the padding, + * we have data_len >= padlen here. */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - /* This is the SSL 3.0 path, we don't have to worry about Lucky - * 13, because there's a strictly worse padding attack built in - * the protocol (known as part of POODLE), so we don't care if the - * code is not constant-time, in particular branches are OK. */ - if( padlen > transform->ivlen ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + /* This is the SSL 3.0 path, we don't have to worry about Lucky + * 13, because there's a strictly worse padding attack built in + * the protocol (known as part of POODLE), so we don't care if the + * code is not constant-time, in particular branches are OK. */ + if (padlen > transform->ivlen) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", " - "should be no more than %" MBEDTLS_PRINTF_SIZET, - padlen, transform->ivlen ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding length: is %" MBEDTLS_PRINTF_SIZET ", " + "should be no more than %" MBEDTLS_PRINTF_SIZET, + padlen, transform->ivlen)); #endif - correct = 0; - } - } - else + correct = 0; + } + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) - { - /* The padding check involves a series of up to 256 - * consecutive memory reads at the end of the record - * plaintext buffer. In order to hide the length and - * validity of the padding, always perform exactly - * `min(256,plaintext_len)` reads (but take into account - * only the last `padlen` bytes for the padding check). */ - size_t pad_count = 0; - volatile unsigned char* const check = data; + if (transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0) { + /* The padding check involves a series of up to 256 + * consecutive memory reads at the end of the record + * plaintext buffer. In order to hide the length and + * validity of the padding, always perform exactly + * `min(256,plaintext_len)` reads (but take into account + * only the last `padlen` bytes for the padding check). */ + size_t pad_count = 0; + volatile unsigned char *const check = data; - /* Index of first padding byte; it has been ensured above - * that the subtraction is safe. */ - size_t const padding_idx = rec->data_len - padlen; - size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256; - size_t const start_idx = rec->data_len - num_checks; - size_t idx; + /* Index of first padding byte; it has been ensured above + * that the subtraction is safe. */ + size_t const padding_idx = rec->data_len - padlen; + size_t const num_checks = rec->data_len <= 256 ? rec->data_len : 256; + size_t const start_idx = rec->data_len - num_checks; + size_t idx; - for( idx = start_idx; idx < rec->data_len; idx++ ) - { - /* pad_count += (idx >= padding_idx) && - * (check[idx] == padlen - 1); - */ - const size_t mask = mbedtls_ssl_cf_mask_ge( idx, padding_idx ); - const size_t equal = mbedtls_ssl_cf_bool_eq( check[idx], - padlen - 1 ); - pad_count += mask & equal; - } - correct &= mbedtls_ssl_cf_bool_eq( pad_count, padlen ); + for (idx = start_idx; idx < rec->data_len; idx++) { + /* pad_count += (idx >= padding_idx) && + * (check[idx] == padlen - 1); + */ + const size_t mask = mbedtls_ssl_cf_mask_ge(idx, padding_idx); + const size_t equal = mbedtls_ssl_cf_bool_eq(check[idx], + padlen - 1); + pad_count += mask & equal; + } + correct &= mbedtls_ssl_cf_bool_eq(pad_count, padlen); #if defined(MBEDTLS_SSL_DEBUG_ALL) - if( padlen > 0 && correct == 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) ); + if (padlen > 0 && correct == 0) + MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); #endif - padlen &= mbedtls_ssl_cf_mask_from_bit( correct ); - } - else + padlen &= mbedtls_ssl_cf_mask_from_bit(correct); + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - /* If the padding was found to be invalid, padlen == 0 - * and the subtraction is safe. If the padding was found valid, - * padlen hasn't been changed and the previous assertion - * data_len >= padlen still holds. */ - rec->data_len -= padlen; - } - else + /* If the padding was found to be invalid, padlen == 0 + * and the subtraction is safe. If the padding was found valid, + * padlen hasn't been changed and the previous assertion + * data_len >= padlen still holds. */ + rec->data_len -= padlen; + } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF( 4, "raw buffer after decryption", - data, rec->data_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "raw buffer after decryption", + data, rec->data_len); #endif /* @@ -1740,8 +1629,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if( auth_done == 0 ) - { + if (auth_done == 0) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; unsigned char mac_peer[MBEDTLS_SSL_MAC_ADD]; @@ -1759,71 +1647,65 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * hence data_len >= maclen in any case. */ rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec, - transform->minor_ver ); + ssl_extract_add_data_from_record(add_data, &add_data_len, rec, + transform->minor_ver); #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - ssl_mac( &transform->md_ctx_dec, - transform->mac_dec, - data, rec->data_len, - rec->ctr, rec->type, - mac_expect ); - memcpy( mac_peer, data + rec->data_len, transform->maclen ); - } - else + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + ssl_mac(&transform->md_ctx_dec, + transform->mac_dec, + data, rec->data_len, + rec->ctr, rec->type, + mac_expect); + memcpy(mac_peer, data + rec->data_len, transform->maclen); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0 ) - { - /* - * The next two sizes are the minimum and maximum values of - * data_len over all padlen values. - * - * They're independent of padlen, since we previously did - * data_len -= padlen. - * - * Note that max_len + maclen is never more than the buffer - * length, as we previously did in_msglen -= maclen too. - */ - const size_t max_len = rec->data_len + padlen; - const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0; + if (transform->minor_ver > MBEDTLS_SSL_MINOR_VERSION_0) { + /* + * The next two sizes are the minimum and maximum values of + * data_len over all padlen values. + * + * They're independent of padlen, since we previously did + * data_len -= padlen. + * + * Note that max_len + maclen is never more than the buffer + * length, as we previously did in_msglen -= maclen too. + */ + const size_t max_len = rec->data_len + padlen; + const size_t min_len = (max_len > 256) ? max_len - 256 : 0; - ret = mbedtls_ssl_cf_hmac( &transform->md_ctx_dec, - add_data, add_data_len, - data, rec->data_len, min_len, max_len, - mac_expect ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cf_hmac", ret ); - return( ret ); - } + ret = mbedtls_ssl_cf_hmac(&transform->md_ctx_dec, + add_data, add_data_len, + data, rec->data_len, min_len, max_len, + mac_expect); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cf_hmac", ret); + return (ret); + } - mbedtls_ssl_cf_memcpy_offset( mac_peer, data, - rec->data_len, - min_len, max_len, - transform->maclen ); - } - else + mbedtls_ssl_cf_memcpy_offset(mac_peer, data, + rec->data_len, + min_len, max_len, + transform->maclen); + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_BUF( 4, "expected mac", mac_expect, transform->maclen ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, transform->maclen ); + MBEDTLS_SSL_DEBUG_BUF(4, "expected mac", mac_expect, transform->maclen); + MBEDTLS_SSL_DEBUG_BUF(4, "message mac", mac_peer, transform->maclen); #endif - if( mbedtls_ssl_safer_memcmp( mac_peer, mac_expect, - transform->maclen ) != 0 ) - { + if (mbedtls_ssl_safer_memcmp(mac_peer, mac_expect, + transform->maclen) != 0) { #if defined(MBEDTLS_SSL_DEBUG_ALL) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); #endif correct = 0; } @@ -1833,42 +1715,39 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Finally check the correct flag */ - if( correct == 0 ) - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (correct == 0) + return (MBEDTLS_ERR_SSL_INVALID_MAC); #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ /* Make extra sure authentication was performed, exactly once */ - if( auth_done != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (auth_done != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if (transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { /* Remove inner padding and infer true content type. */ - ret = ssl_parse_inner_plaintext( data, &rec->data_len, - &rec->type ); + ret = ssl_parse_inner_plaintext(data, &rec->data_len, + &rec->type); - if( ret != 0 ) - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ret != 0) + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( rec->cid_len != 0 ) - { - ret = ssl_parse_inner_plaintext( data, &rec->data_len, - &rec->type ); - if( ret != 0 ) - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (rec->cid_len != 0) { + ret = ssl_parse_inner_plaintext(data, &rec->data_len, + &rec->type); + if (ret != 0) + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= decrypt buf")); - return( 0 ); + return (0); } #undef MAC_NONE @@ -1879,8 +1758,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Compression/decompression functions */ -static int ssl_compress_buf( mbedtls_ssl_context *ssl ) -{ +static int ssl_compress_buf(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *msg_post = ssl->out_msg; ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf; @@ -1892,47 +1770,45 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> compress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> compress buf")); - if( len_pre == 0 ) - return( 0 ); + if (len_pre == 0) + return (0); - memcpy( msg_pre, ssl->out_msg, len_pre ); + memcpy(msg_pre, ssl->out_msg, len_pre); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->out_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload", - ssl->out_msg, ssl->out_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "before compression: output payload", + ssl->out_msg, ssl->out_msglen); ssl->transform_out->ctx_deflate.next_in = msg_pre; ssl->transform_out->ctx_deflate.avail_in = len_pre; ssl->transform_out->ctx_deflate.next_out = msg_post; ssl->transform_out->ctx_deflate.avail_out = out_buf_len - bytes_written; - ret = deflate( &ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH ); - if( ret != Z_OK ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform compression (%d)", ret ) ); - return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); + ret = deflate(&ssl->transform_out->ctx_deflate, Z_SYNC_FLUSH); + if (ret != Z_OK) { + MBEDTLS_SSL_DEBUG_MSG(1, ("failed to perform compression (%d)", ret)); + return (MBEDTLS_ERR_SSL_COMPRESSION_FAILED); } ssl->out_msglen = out_buf_len - ssl->transform_out->ctx_deflate.avail_out - bytes_written; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->out_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->out_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload", - ssl->out_msg, ssl->out_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "after compression: output payload", + ssl->out_msg, ssl->out_msglen); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= compress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= compress buf")); - return( 0 ); + return (0); } -static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) -{ +static int ssl_decompress_buf(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *msg_post = ssl->in_msg; ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf; @@ -1944,43 +1820,42 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> decompress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> decompress buf")); - if( len_pre == 0 ) - return( 0 ); + if (len_pre == 0) + return (0); - memcpy( msg_pre, ssl->in_msg, len_pre ); + memcpy(msg_pre, ssl->in_msg, len_pre); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->in_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->in_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload", - ssl->in_msg, ssl->in_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "before decompression: input payload", + ssl->in_msg, ssl->in_msglen); ssl->transform_in->ctx_inflate.next_in = msg_pre; ssl->transform_in->ctx_inflate.avail_in = len_pre; ssl->transform_in->ctx_inflate.next_out = msg_post; ssl->transform_in->ctx_inflate.avail_out = in_buf_len - header_bytes; - ret = inflate( &ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH ); - if( ret != Z_OK ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "failed to perform decompression (%d)", ret ) ); - return( MBEDTLS_ERR_SSL_COMPRESSION_FAILED ); + ret = inflate(&ssl->transform_in->ctx_inflate, Z_SYNC_FLUSH); + if (ret != Z_OK) { + MBEDTLS_SSL_DEBUG_MSG(1, ("failed to perform decompression (%d)", ret)); + return (MBEDTLS_ERR_SSL_COMPRESSION_FAILED); } ssl->in_msglen = in_buf_len - ssl->transform_in->ctx_inflate.avail_out - header_bytes; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", - ssl->in_msglen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ", + ssl->in_msglen)); - MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload", - ssl->in_msg, ssl->in_msglen ); + MBEDTLS_SSL_DEBUG_BUF(4, "after decompression: input payload", + ssl->in_msg, ssl->in_msglen); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= decompress buf" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= decompress buf")); - return( 0 ); + return (0); } #endif /* MBEDTLS_ZLIB_SUPPORT */ @@ -1999,8 +1874,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) * For DTLS, it is up to the caller to set ssl->next_record_offset when * they're done reading a record. */ -int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) -{ +int mbedtls_ssl_fetch_input(mbedtls_ssl_context *ssl, size_t nb_want) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) @@ -2009,24 +1883,21 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> fetch input" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> fetch input")); - if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio()" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->f_recv == NULL && ssl->f_recv_timeout == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() " + "or mbedtls_ssl_set_bio()")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( nb_want > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (nb_want > in_buf_len - (size_t)(ssl->in_hdr - ssl->in_buf)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("requesting more data than fits")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { uint32_t timeout; /* @@ -2039,40 +1910,36 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) /* * Move to the next record in the already read datagram if applicable */ - if( ssl->next_record_offset != 0 ) - { - if( ssl->in_left < ssl->next_record_offset ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->next_record_offset != 0) { + if (ssl->in_left < ssl->next_record_offset) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } ssl->in_left -= ssl->next_record_offset; - if( ssl->in_left != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %" - MBEDTLS_PRINTF_SIZET, - ssl->next_record_offset ) ); - memmove( ssl->in_hdr, - ssl->in_hdr + ssl->next_record_offset, - ssl->in_left ); + if (ssl->in_left != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("next record in same datagram, offset: %" + MBEDTLS_PRINTF_SIZET, + ssl->next_record_offset)); + memmove(ssl->in_hdr, + ssl->in_hdr + ssl->next_record_offset, + ssl->in_left); } ssl->next_record_offset = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, + ssl->in_left, nb_want)); /* * Done if we already have enough data. */ - if( nb_want <= ssl->in_left) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); - return( 0 ); + if (nb_want <= ssl->in_left) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); + return (0); } /* @@ -2080,10 +1947,9 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * are not at the beginning of a new record, the caller did something * wrong. */ - if( ssl->in_left != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->in_left != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } /* @@ -2091,196 +1957,173 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) * This avoids by-passing the timer when repeatedly receiving messages * that will end up being dropped. */ - if( mbedtls_ssl_check_timer( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "timer has expired" ) ); + if (mbedtls_ssl_check_timer(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("timer has expired")); ret = MBEDTLS_ERR_SSL_TIMEOUT; - } - else - { - len = in_buf_len - ( ssl->in_hdr - ssl->in_buf ); + } else { + len = in_buf_len - (ssl->in_hdr - ssl->in_buf); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) timeout = ssl->handshake->retransmit_timeout; else timeout = ssl->conf->read_timeout; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("f_recv_timeout: %lu ms", (unsigned long) timeout)); - if( ssl->f_recv_timeout != NULL ) - ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len, - timeout ); + if (ssl->f_recv_timeout != NULL) + ret = ssl->f_recv_timeout(ssl->p_bio, ssl->in_hdr, len, + timeout); else - ret = ssl->f_recv( ssl->p_bio, ssl->in_hdr, len ); + ret = ssl->f_recv(ssl->p_bio, ssl->in_hdr, len); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_CONN_EOF ); + if (ret == 0) + return (MBEDTLS_ERR_SSL_CONN_EOF); } - if( ret == MBEDTLS_ERR_SSL_TIMEOUT ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); - mbedtls_ssl_set_timer( ssl, 0 ); + if (ret == MBEDTLS_ERR_SSL_TIMEOUT) { + MBEDTLS_SSL_DEBUG_MSG(2, ("timeout")); + mbedtls_ssl_set_timer(ssl, 0); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ssl_double_retransmit_timeout( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake timeout" ) ); - return( MBEDTLS_ERR_SSL_TIMEOUT ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + if (ssl_double_retransmit_timeout(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake timeout")); + return (MBEDTLS_ERR_SSL_TIMEOUT); } - if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); - return( ret ); + if ((ret = mbedtls_ssl_resend(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); + return (ret); } - return( MBEDTLS_ERR_SSL_WANT_READ ); + return (MBEDTLS_ERR_SSL_WANT_READ); } #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request", - ret ); - return( ret ); + else if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", + ret); + return (ret); } - return( MBEDTLS_ERR_SSL_WANT_READ ); + return (MBEDTLS_ERR_SSL_WANT_READ); } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ } - if( ret < 0 ) - return( ret ); + if (ret < 0) + return (ret); ssl->in_left = ret; - } - else + } else #endif { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, + ssl->in_left, nb_want)); - while( ssl->in_left < nb_want ) - { + while (ssl->in_left < nb_want) { len = nb_want - ssl->in_left; - if( mbedtls_ssl_check_timer( ssl ) != 0 ) + if (mbedtls_ssl_check_timer(ssl) != 0) ret = MBEDTLS_ERR_SSL_TIMEOUT; - else - { - if( ssl->f_recv_timeout != NULL ) - { - ret = ssl->f_recv_timeout( ssl->p_bio, - ssl->in_hdr + ssl->in_left, len, - ssl->conf->read_timeout ); - } - else - { - ret = ssl->f_recv( ssl->p_bio, - ssl->in_hdr + ssl->in_left, len ); + else { + if (ssl->f_recv_timeout != NULL) { + ret = ssl->f_recv_timeout(ssl->p_bio, + ssl->in_hdr + ssl->in_left, len, + ssl->conf->read_timeout); + } else { + ret = ssl->f_recv(ssl->p_bio, + ssl->in_hdr + ssl->in_left, len); } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET - ", nb_want: %" MBEDTLS_PRINTF_SIZET, - ssl->in_left, nb_want ) ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret ); + MBEDTLS_SSL_DEBUG_MSG(2, ("in_left: %" MBEDTLS_PRINTF_SIZET + ", nb_want: %" MBEDTLS_PRINTF_SIZET, + ssl->in_left, nb_want)); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_recv(_timeout)", ret); - if( ret == 0 ) - return( MBEDTLS_ERR_SSL_CONN_EOF ); + if (ret == 0) + return (MBEDTLS_ERR_SSL_CONN_EOF); - if( ret < 0 ) - return( ret ); + if (ret < 0) + return (ret); - if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested", - ret, len ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ((size_t)ret > len || (INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested", + ret, len)); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } ssl->in_left += ret; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= fetch input" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= fetch input")); - return( 0 ); + return (0); } /* * Flush any data not yet written */ -int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_flush_output(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *buf; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> flush output")); - if( ssl->f_send == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " - "or mbedtls_ssl_set_bio()" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->f_send == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Bad usage of mbedtls_ssl_set_bio() " + "or mbedtls_ssl_set_bio()")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* Avoid incrementing counter if data is flushed */ - if( ssl->out_left == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); - return( 0 ); + if (ssl->out_left == 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); + return (0); } - while( ssl->out_left > 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET - ", out_left: %" MBEDTLS_PRINTF_SIZET, - mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) ); + while (ssl->out_left > 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("message length: %" MBEDTLS_PRINTF_SIZET + ", out_left: %" MBEDTLS_PRINTF_SIZET, + mbedtls_ssl_out_hdr_len(ssl) + ssl->out_msglen, ssl->out_left)); buf = ssl->out_hdr - ssl->out_left; - ret = ssl->f_send( ssl->p_bio, buf, ssl->out_left ); + ret = ssl->f_send(ssl->p_bio, buf, ssl->out_left); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", ret); - if( ret <= 0 ) - return( ret ); + if (ret <= 0) + return (ret); - if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent", - ret, ssl->out_left ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ((size_t)ret > ssl->out_left || (INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX)) { + MBEDTLS_SSL_DEBUG_MSG(1, + ("f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent", + ret, ssl->out_left)); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } ssl->out_left -= ret; } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; - } - else + } else #endif { ssl->out_hdr = ssl->out_buf + 8; } - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= flush output" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= flush output")); - return( 0 ); + return (0); } /* @@ -2290,64 +2133,58 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) /* * Append current handshake message to current outgoing flight */ -static int ssl_flight_append( mbedtls_ssl_context *ssl ) -{ +static int ssl_flight_append(mbedtls_ssl_context *ssl) { mbedtls_ssl_flight_item *msg; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_flight_append" ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "message appended to flight", - ssl->out_msg, ssl->out_msglen ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_flight_append")); + MBEDTLS_SSL_DEBUG_BUF(4, "message appended to flight", + ssl->out_msg, ssl->out_msglen); /* Allocate space for current message */ - if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - sizeof( mbedtls_ssl_flight_item ) ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((msg = mbedtls_calloc(1, sizeof(mbedtls_ssl_flight_item))) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", + sizeof(mbedtls_ssl_flight_item))); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } - if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", - ssl->out_msglen ) ); - mbedtls_free( msg ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((msg->p = mbedtls_calloc(1, ssl->out_msglen)) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc %" MBEDTLS_PRINTF_SIZET " bytes failed", + ssl->out_msglen)); + mbedtls_free(msg); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } /* Copy current handshake message with headers */ - memcpy( msg->p, ssl->out_msg, ssl->out_msglen ); + memcpy(msg->p, ssl->out_msg, ssl->out_msglen); msg->len = ssl->out_msglen; msg->type = ssl->out_msgtype; msg->next = NULL; /* Append to the current flight */ - if( ssl->handshake->flight == NULL ) + if (ssl->handshake->flight == NULL) ssl->handshake->flight = msg; - else - { + else { mbedtls_ssl_flight_item *cur = ssl->handshake->flight; - while( cur->next != NULL ) + while (cur->next != NULL) cur = cur->next; cur->next = msg; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_flight_append" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_flight_append")); + return (0); } /* * Free the current flight of handshake messages */ -void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) -{ +void mbedtls_ssl_flight_free(mbedtls_ssl_flight_item *flight) { mbedtls_ssl_flight_item *cur = flight; mbedtls_ssl_flight_item *next; - while( cur != NULL ) - { + while (cur != NULL) { next = cur->next; - mbedtls_free( cur->p ); - mbedtls_free( cur ); + mbedtls_free(cur->p); + mbedtls_free(cur); cur = next; } @@ -2356,18 +2193,16 @@ void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight ) /* * Swap transform_out and out_ctr with the alternative ones */ -static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) -{ +static int ssl_swap_epochs(mbedtls_ssl_context *ssl) { mbedtls_ssl_transform *tmp_transform; unsigned char tmp_out_ctr[8]; - if( ssl->transform_out == ssl->handshake->alt_transform_out ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip swap epochs" ) ); - return( 0 ); + if (ssl->transform_out == ssl->handshake->alt_transform_out) { + MBEDTLS_SSL_DEBUG_MSG(3, ("skip swap epochs")); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "swap epochs" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("swap epochs")); /* Swap transforms */ tmp_transform = ssl->transform_out; @@ -2375,42 +2210,39 @@ static int ssl_swap_epochs( mbedtls_ssl_context *ssl ) ssl->handshake->alt_transform_out = tmp_transform; /* Swap epoch + sequence_number */ - memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 ); - memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 ); - memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 ); + memcpy(tmp_out_ctr, ssl->cur_out_ctr, 8); + memcpy(ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8); + memcpy(ssl->handshake->alt_out_ctr, tmp_out_ctr, 8); /* Adjust to the newly activated transform */ - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_activate != NULL ) - { - int ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_activate != NULL) { + int ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } } #endif - return( 0 ); + return (0); } /* * Retransmit the current flight of messages. */ -int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_resend(mbedtls_ssl_context *ssl) { int ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_resend" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_resend")); - ret = mbedtls_ssl_flight_transmit( ssl ); + ret = mbedtls_ssl_flight_transmit(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_resend" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_resend")); - return( ret ); + return (ret); } /* @@ -2420,121 +2252,110 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) * WANT_WRITE, causing us to exit this function and come back later. * This function must be called until state is no longer SENDING. */ -int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_flight_transmit(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> mbedtls_ssl_flight_transmit")); - if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialise flight transmission" ) ); + if (ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING) { + MBEDTLS_SSL_DEBUG_MSG(2, ("initialise flight transmission")); ssl->handshake->cur_msg = ssl->handshake->flight; ssl->handshake->cur_msg_p = ssl->handshake->flight->p + 12; - ret = ssl_swap_epochs( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_swap_epochs(ssl); + if (ret != 0) + return (ret); ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_SENDING; } - while( ssl->handshake->cur_msg != NULL ) - { + while (ssl->handshake->cur_msg != NULL) { size_t max_frag_len; - const mbedtls_ssl_flight_item * const cur = ssl->handshake->cur_msg; + const mbedtls_ssl_flight_item *const cur = ssl->handshake->cur_msg; int const is_finished = - ( cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && - cur->p[0] == MBEDTLS_SSL_HS_FINISHED ); + (cur->type == MBEDTLS_SSL_MSG_HANDSHAKE && + cur->p[0] == MBEDTLS_SSL_HS_FINISHED); uint8_t const force_flush = ssl->disable_datagram_packing == 1 ? - SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; + SSL_FORCE_FLUSH : SSL_DONT_FORCE_FLUSH; /* Swap epochs before sending Finished: we can't do it after * sending ChangeCipherSpec, in case write returns WANT_READ. * Must be done before copying, may change out_msg pointer */ - if( is_finished && ssl->handshake->cur_msg_p == ( cur->p + 12 ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "swap epochs to send finished message" ) ); - ret = ssl_swap_epochs( ssl ); - if( ret != 0 ) - return( ret ); + if (is_finished && ssl->handshake->cur_msg_p == (cur->p + 12)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("swap epochs to send finished message")); + ret = ssl_swap_epochs(ssl); + if (ret != 0) + return (ret); } - ret = ssl_get_remaining_payload_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); + ret = ssl_get_remaining_payload_in_datagram(ssl); + if (ret < 0) + return (ret); max_frag_len = (size_t) ret; /* CCS is copied as is, while HS messages may need fragmentation */ - if( cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - if( max_frag_len == 0 ) - { - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if (cur->type == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { + if (max_frag_len == 0) { + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) + return (ret); continue; } - memcpy( ssl->out_msg, cur->p, cur->len ); + memcpy(ssl->out_msg, cur->p, cur->len); ssl->out_msglen = cur->len; ssl->out_msgtype = cur->type; /* Update position inside current message */ ssl->handshake->cur_msg_p += cur->len; - } - else - { - const unsigned char * const p = ssl->handshake->cur_msg_p; + } else { + const unsigned char *const p = ssl->handshake->cur_msg_p; const size_t hs_len = cur->len - 12; - const size_t frag_off = p - ( cur->p + 12 ); + const size_t frag_off = p - (cur->p + 12); const size_t rem_len = hs_len - frag_off; size_t cur_hs_frag_len, max_hs_frag_len; - if( ( max_frag_len < 12 ) || ( max_frag_len == 12 && hs_len != 0 ) ) - { - if( is_finished ) - { - ret = ssl_swap_epochs( ssl ); - if( ret != 0 ) - return( ret ); + if ((max_frag_len < 12) || (max_frag_len == 12 && hs_len != 0)) { + if (is_finished) { + ret = ssl_swap_epochs(ssl); + if (ret != 0) + return (ret); } - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) + return (ret); continue; } max_hs_frag_len = max_frag_len - 12; cur_hs_frag_len = rem_len > max_hs_frag_len ? - max_hs_frag_len : rem_len; + max_hs_frag_len : rem_len; - if( frag_off == 0 && cur_hs_frag_len != hs_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "fragmenting handshake message (%u > %u)", - (unsigned) cur_hs_frag_len, - (unsigned) max_hs_frag_len ) ); + if (frag_off == 0 && cur_hs_frag_len != hs_len) { + MBEDTLS_SSL_DEBUG_MSG(2, ("fragmenting handshake message (%u > %u)", + (unsigned) cur_hs_frag_len, + (unsigned) max_hs_frag_len)); } /* Messages are stored with handshake headers as if not fragmented, * copy beginning of headers then fill fragmentation fields. * Handshake headers: type(1) len(3) seq(2) f_off(3) f_len(3) */ - memcpy( ssl->out_msg, cur->p, 6 ); + memcpy(ssl->out_msg, cur->p, 6); - ssl->out_msg[6] = ( ( frag_off >> 16 ) & 0xff ); - ssl->out_msg[7] = ( ( frag_off >> 8 ) & 0xff ); - ssl->out_msg[8] = ( ( frag_off ) & 0xff ); + ssl->out_msg[6] = ((frag_off >> 16) & 0xff); + ssl->out_msg[7] = ((frag_off >> 8) & 0xff); + ssl->out_msg[8] = ((frag_off) & 0xff); - ssl->out_msg[ 9] = ( ( cur_hs_frag_len >> 16 ) & 0xff ); - ssl->out_msg[10] = ( ( cur_hs_frag_len >> 8 ) & 0xff ); - ssl->out_msg[11] = ( ( cur_hs_frag_len ) & 0xff ); + ssl->out_msg[ 9] = ((cur_hs_frag_len >> 16) & 0xff); + ssl->out_msg[10] = ((cur_hs_frag_len >> 8) & 0xff); + ssl->out_msg[11] = ((cur_hs_frag_len) & 0xff); - MBEDTLS_SSL_DEBUG_BUF( 3, "handshake header", ssl->out_msg, 12 ); + MBEDTLS_SSL_DEBUG_BUF(3, "handshake header", ssl->out_msg, 12); /* Copy the handshake message content and set records fields */ - memcpy( ssl->out_msg + 12, p, cur_hs_frag_len ); + memcpy(ssl->out_msg + 12, p, cur_hs_frag_len); ssl->out_msglen = cur_hs_frag_len + 12; ssl->out_msgtype = cur->type; @@ -2543,52 +2364,45 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) } /* If done with the current message move to the next one if any */ - if( ssl->handshake->cur_msg_p >= cur->p + cur->len ) - { - if( cur->next != NULL ) - { + if (ssl->handshake->cur_msg_p >= cur->p + cur->len) { + if (cur->next != NULL) { ssl->handshake->cur_msg = cur->next; ssl->handshake->cur_msg_p = cur->next->p + 12; - } - else - { + } else { ssl->handshake->cur_msg = NULL; ssl->handshake->cur_msg_p = NULL; } } /* Actually send the message out */ - if( ( ret = mbedtls_ssl_write_record( ssl, force_flush ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, force_flush)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); + return (ret); } } - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) + return (ret); /* Update state and set timer */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - else - { + else { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); + mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= mbedtls_ssl_flight_transmit" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= mbedtls_ssl_flight_transmit")); - return( 0 ); + return (0); } /* * To be called when the last message of an incoming flight is received. */ -void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl) { /* We won't need to resend that one any more */ - mbedtls_ssl_flight_free( ssl->handshake->flight ); + mbedtls_ssl_flight_free(ssl->handshake->flight); ssl->handshake->flight = NULL; ssl->handshake->cur_msg = NULL; @@ -2599,34 +2413,29 @@ void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl ) ssl->handshake->buffering.seen_ccs = 0; /* Clear future message buffering structure. */ - mbedtls_ssl_buffering_free( ssl ); + mbedtls_ssl_buffering_free(ssl); /* Cancel timer */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) - { + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } - else + } else ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; } /* * To be called when the last message of an outgoing flight is send. */ -void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) -{ - ssl_reset_retransmit_timeout( ssl ); - mbedtls_ssl_set_timer( ssl, ssl->handshake->retransmit_timeout ); +void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl) { + ssl_reset_retransmit_timeout(ssl); + mbedtls_ssl_set_timer(ssl, ssl->handshake->retransmit_timeout); - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED ) - { + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_FINISHED) { ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; - } - else + } else ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -2657,49 +2466,45 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) * (including handshake headers but excluding record headers) * - ssl->out_msg: the record contents (handshake headers + content) */ -int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t hs_len = ssl->out_msglen - 4; const unsigned char hs_type = ssl->out_msg[0]; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write handshake message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write handshake message")); /* * Sanity checks */ - if( ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { + if (ssl->out_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->out_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { /* In SSLv3, the client might send a NoCertificate alert. */ #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_CLI_C) - if( ! ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + if (!(ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && ssl->out_msgtype == MBEDTLS_SSL_MSG_ALERT && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ) + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT)) #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } } /* Whenever we send anything different from a * HelloRequest we should be in a handshake - double check. */ - if( ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) && - ssl->handshake == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (!(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST) && + ssl->handshake == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake != NULL && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #endif @@ -2711,24 +2516,22 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) * * Note: We deliberately do not check for the MTU or MFL here. */ - if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: " - "size %" MBEDTLS_PRINTF_SIZET - ", maximum %" MBEDTLS_PRINTF_SIZET, - ssl->out_msglen, - (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Record too large: " + "size %" MBEDTLS_PRINTF_SIZET + ", maximum %" MBEDTLS_PRINTF_SIZET, + ssl->out_msglen, + (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } /* * Fill handshake headers */ - if( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) - { - ssl->out_msg[1] = (unsigned char)( hs_len >> 16 ); - ssl->out_msg[2] = (unsigned char)( hs_len >> 8 ); - ssl->out_msg[3] = (unsigned char)( hs_len ); + if (ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { + ssl->out_msg[1] = (unsigned char)(hs_len >> 16); + ssl->out_msg[2] = (unsigned char)(hs_len >> 8); + ssl->out_msg[3] = (unsigned char)(hs_len); /* * DTLS has additional fields in the Handshake layer, @@ -2738,71 +2541,62 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) * uint24 fragment_length; */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Make room for the additional DTLS fields */ - if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: " - "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, - hs_len, - (size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS handshake message too large: " + "size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET, + hs_len, + (size_t)(MBEDTLS_SSL_OUT_CONTENT_LEN - 12))); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - memmove( ssl->out_msg + 12, ssl->out_msg + 4, hs_len ); + memmove(ssl->out_msg + 12, ssl->out_msg + 4, hs_len); ssl->out_msglen += 8; /* Write message_seq and update it, except for HelloRequest */ - if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) - { - ssl->out_msg[4] = ( ssl->handshake->out_msg_seq >> 8 ) & 0xFF; - ssl->out_msg[5] = ( ssl->handshake->out_msg_seq ) & 0xFF; - ++( ssl->handshake->out_msg_seq ); - } - else - { + if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) { + ssl->out_msg[4] = (ssl->handshake->out_msg_seq >> 8) & 0xFF; + ssl->out_msg[5] = (ssl->handshake->out_msg_seq) & 0xFF; + ++(ssl->handshake->out_msg_seq); + } else { ssl->out_msg[4] = 0; ssl->out_msg[5] = 0; } /* Handshake hashes are computed without fragmentation, * so set frag_offset = 0 and frag_len = hs_len for now */ - memset( ssl->out_msg + 6, 0x00, 3 ); - memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); + memset(ssl->out_msg + 6, 0x00, 3); + memcpy(ssl->out_msg + 9, ssl->out_msg + 1, 3); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Update running hashes of handshake messages seen */ - if( hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST ) - ssl->handshake->update_checksum( ssl, ssl->out_msg, ssl->out_msglen ); + if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST) + ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen); } /* Either send now, or just save to be sent (and resent) later */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ! ( ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST ) ) - { - if( ( ret = ssl_flight_append( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_flight_append", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + !(ssl->out_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + hs_type == MBEDTLS_SSL_HS_HELLO_REQUEST)) { + if ((ret = ssl_flight_append(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_flight_append", ret); + return (ret); } - } - else + } else #endif { - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_write_record", ret); + return (ret); } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write handshake message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write handshake message")); - return( 0 ); + return (0); } /* @@ -2817,22 +2611,19 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) * - ssl->out_msglen: length of the record content (excl headers) * - ssl->out_msg: record content */ -int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) -{ +int mbedtls_ssl_write_record(mbedtls_ssl_context *ssl, uint8_t force_flush) { int ret, done = 0; size_t len = ssl->out_msglen; uint8_t flush = force_flush; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write record")); #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->transform_out != NULL && - ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - if( ( ret = ssl_compress_buf( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compress_buf", ret ); - return( ret ); + if (ssl->transform_out != NULL && + ssl->session_out->compression == MBEDTLS_SSL_COMPRESS_DEFLATE) { + if ((ret = ssl_compress_buf(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_compress_buf", ret); + return (ret); } len = ssl->out_msglen; @@ -2840,23 +2631,20 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) #endif /*MBEDTLS_ZLIB_SUPPORT */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_write != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_write()" ) ); + if (mbedtls_ssl_hw_record_write != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_write()")); - ret = mbedtls_ssl_hw_record_write( ssl ); - if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_write", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ret = mbedtls_ssl_hw_record_write(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_write", ret); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - if( ret == 0 ) + if (ret == 0) done = 1; } #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ - if( !done ) - { + if (!done) { unsigned i; size_t protected_record_size; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) @@ -2867,25 +2655,24 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Skip writing the record content type to after the encryption, * as it may change when using the CID extension. */ - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, ssl->out_hdr + 1 ); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, ssl->out_hdr + 1); - memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 ); - ssl->out_len[0] = (unsigned char)( len >> 8 ); - ssl->out_len[1] = (unsigned char)( len ); + memcpy(ssl->out_ctr, ssl->cur_out_ctr, 8); + ssl->out_len[0] = (unsigned char)(len >> 8); + ssl->out_len[1] = (unsigned char)(len); - if( ssl->transform_out != NULL ) - { + if (ssl->transform_out != NULL) { mbedtls_record rec; rec.buf = ssl->out_iv; - rec.buf_len = out_buf_len - ( ssl->out_iv - ssl->out_buf ); + rec.buf_len = out_buf_len - (ssl->out_iv - ssl->out_buf); rec.data_len = ssl->out_msglen; rec.data_offset = ssl->out_msg - rec.buf; - memcpy( &rec.ctr[0], ssl->out_ctr, 8 ); - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, rec.ver ); + memcpy(&rec.ctr[0], ssl->out_ctr, 8); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, rec.ver); rec.type = ssl->out_msgtype; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -2893,44 +2680,40 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) rec.cid_len = 0; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if( ( ret = mbedtls_ssl_encrypt_buf( ssl, ssl->transform_out, &rec, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret ); - return( ret ); + if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret); + return (ret); } - if( rec.data_offset != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec.data_offset != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } /* Update the record content type and CID. */ ssl->out_msgtype = rec.type; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID ) - memcpy( ssl->out_cid, rec.cid, rec.cid_len ); + memcpy(ssl->out_cid, rec.cid, rec.cid_len); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_msglen = len = rec.data_len; - ssl->out_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->out_len[1] = (unsigned char)( rec.data_len ); + ssl->out_len[0] = (unsigned char)(rec.data_len >> 8); + ssl->out_len[1] = (unsigned char)(rec.data_len); } - protected_record_size = len + mbedtls_ssl_out_hdr_len( ssl ); + protected_record_size = len + mbedtls_ssl_out_hdr_len(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) /* In case of DTLS, double-check that we don't exceed * the remaining space in the datagram. */ - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - ret = ssl_get_remaining_space_in_datagram( ssl ); - if( ret < 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + ret = ssl_get_remaining_space_in_datagram(ssl); + if (ret < 0) + return (ret); - if( protected_record_size > (size_t) ret ) - { + if (protected_record_size > (size_t) ret) { /* Should never happen */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -2938,131 +2721,116 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush ) /* Now write the potentially updated record content type. */ ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, " - "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, - ssl->out_hdr[0], ssl->out_hdr[1], - ssl->out_hdr[2], len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("output record: msgtype = %u, " + "version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET, + ssl->out_hdr[0], ssl->out_hdr[1], + ssl->out_hdr[2], len)); - MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", - ssl->out_hdr, protected_record_size ); + MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", + ssl->out_hdr, protected_record_size); ssl->out_left += protected_record_size; ssl->out_hdr += protected_record_size; - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_out ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_out); - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) + for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) + if (++ssl->cur_out_ctr[i - 1] != 0) break; /* The loop goes to its end iff the counter is wrapping */ - if( i == mbedtls_ssl_ep_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + if (i == mbedtls_ssl_ep_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("outgoing message counter would wrap")); + return (MBEDTLS_ERR_SSL_COUNTER_WRAPPING); } } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - flush == SSL_DONT_FORCE_FLUSH ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + flush == SSL_DONT_FORCE_FLUSH) { size_t remaining; - ret = ssl_get_remaining_payload_in_datagram( ssl ); - if( ret < 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_remaining_payload_in_datagram", - ret ); - return( ret ); + ret = ssl_get_remaining_payload_in_datagram(ssl); + if (ret < 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_remaining_payload_in_datagram", + ret); + return (ret); } remaining = (size_t) ret; - if( remaining == 0 ) - { + if (remaining == 0) { flush = SSL_FORCE_FLUSH; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Still %u bytes available in current datagram", (unsigned) remaining ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Still %u bytes available in current datagram", (unsigned) remaining)); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( ( flush == SSL_FORCE_FLUSH ) && - ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); - return( ret ); + if ((flush == SSL_FORCE_FLUSH) && + (ret = mbedtls_ssl_flush_output(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write record")); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -static int ssl_hs_is_proper_fragment( mbedtls_ssl_context *ssl ) -{ - if( ssl->in_msglen < ssl->in_hslen || - memcmp( ssl->in_msg + 6, "\0\0\0", 3 ) != 0 || - memcmp( ssl->in_msg + 9, ssl->in_msg + 1, 3 ) != 0 ) - { - return( 1 ); +static int ssl_hs_is_proper_fragment(mbedtls_ssl_context *ssl) { + if (ssl->in_msglen < ssl->in_hslen || + memcmp(ssl->in_msg + 6, "\0\0\0", 3) != 0 || + memcmp(ssl->in_msg + 9, ssl->in_msg + 1, 3) != 0) { + return (1); } - return( 0 ); + return (0); } -static uint32_t ssl_get_hs_frag_len( mbedtls_ssl_context const *ssl ) -{ - return( ( ssl->in_msg[9] << 16 ) | - ( ssl->in_msg[10] << 8 ) | - ssl->in_msg[11] ); +static uint32_t ssl_get_hs_frag_len(mbedtls_ssl_context const *ssl) { + return ((ssl->in_msg[9] << 16) | + (ssl->in_msg[10] << 8) | + ssl->in_msg[11]); } -static uint32_t ssl_get_hs_frag_off( mbedtls_ssl_context const *ssl ) -{ - return( ( ssl->in_msg[6] << 16 ) | - ( ssl->in_msg[7] << 8 ) | - ssl->in_msg[8] ); +static uint32_t ssl_get_hs_frag_off(mbedtls_ssl_context const *ssl) { + return ((ssl->in_msg[6] << 16) | + (ssl->in_msg[7] << 8) | + ssl->in_msg[8]); } -static int ssl_check_hs_header( mbedtls_ssl_context const *ssl ) -{ +static int ssl_check_hs_header(mbedtls_ssl_context const *ssl) { uint32_t msg_len, frag_off, frag_len; - msg_len = ssl_get_hs_total_len( ssl ); - frag_off = ssl_get_hs_frag_off( ssl ); - frag_len = ssl_get_hs_frag_len( ssl ); + msg_len = ssl_get_hs_total_len(ssl); + frag_off = ssl_get_hs_frag_off(ssl); + frag_len = ssl_get_hs_frag_len(ssl); - if( frag_off > msg_len ) - return( -1 ); + if (frag_off > msg_len) + return (-1); - if( frag_len > msg_len - frag_off ) - return( -1 ); + if (frag_len > msg_len - frag_off) + return (-1); - if( frag_len + 12 > ssl->in_msglen ) - return( -1 ); + if (frag_len + 12 > ssl->in_msglen) + return (-1); - return( 0 ); + return (0); } /* * Mark bits in bitmask (used for DTLS HS reassembly) */ -static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) -{ +static void ssl_bitmask_set(unsigned char *mask, size_t offset, size_t len) { unsigned int start_bits, end_bits; - start_bits = 8 - ( offset % 8 ); - if( start_bits != 8 ) - { + start_bits = 8 - (offset % 8); + if (start_bits != 8) { size_t first_byte_idx = offset / 8; /* Special case */ - if( len <= start_bits ) - { - for( ; len != 0; len-- ) - mask[first_byte_idx] |= 1 << ( start_bits - len ); + if (len <= start_bits) { + for (; len != 0; len--) + mask[first_byte_idx] |= 1 << (start_bits - len); /* Avoid potential issues with offset or len becoming invalid */ return; @@ -3071,133 +2839,119 @@ static void ssl_bitmask_set( unsigned char *mask, size_t offset, size_t len ) offset += start_bits; /* Now offset % 8 == 0 */ len -= start_bits; - for( ; start_bits != 0; start_bits-- ) - mask[first_byte_idx] |= 1 << ( start_bits - 1 ); + for (; start_bits != 0; start_bits--) + mask[first_byte_idx] |= 1 << (start_bits - 1); } end_bits = len % 8; - if( end_bits != 0 ) - { - size_t last_byte_idx = ( offset + len ) / 8; + if (end_bits != 0) { + size_t last_byte_idx = (offset + len) / 8; len -= end_bits; /* Now len % 8 == 0 */ - for( ; end_bits != 0; end_bits-- ) - mask[last_byte_idx] |= 1 << ( 8 - end_bits ); + for (; end_bits != 0; end_bits--) + mask[last_byte_idx] |= 1 << (8 - end_bits); } - memset( mask + offset / 8, 0xFF, len / 8 ); + memset(mask + offset / 8, 0xFF, len / 8); } /* * Check that bitmask is full */ -static int ssl_bitmask_check( unsigned char *mask, size_t len ) -{ +static int ssl_bitmask_check(unsigned char *mask, size_t len) { size_t i; - for( i = 0; i < len / 8; i++ ) - if( mask[i] != 0xFF ) - return( -1 ); + for (i = 0; i < len / 8; i++) + if (mask[i] != 0xFF) + return (-1); - for( i = 0; i < len % 8; i++ ) - if( ( mask[len / 8] & ( 1 << ( 7 - i ) ) ) == 0 ) - return( -1 ); + for (i = 0; i < len % 8; i++) + if ((mask[len / 8] & (1 << (7 - i))) == 0) + return (-1); - return( 0 ); + return (0); } /* msg_len does not include the handshake header */ -static size_t ssl_get_reassembly_buffer_size( size_t msg_len, - unsigned add_bitmap ) -{ +static size_t ssl_get_reassembly_buffer_size(size_t msg_len, + unsigned add_bitmap) { size_t alloc_len; alloc_len = 12; /* Handshake header */ alloc_len += msg_len; /* Content buffer */ - if( add_bitmap ) - alloc_len += msg_len / 8 + ( msg_len % 8 != 0 ); /* Bitmap */ + if (add_bitmap) + alloc_len += msg_len / 8 + (msg_len % 8 != 0); /* Bitmap */ - return( alloc_len ); + return (alloc_len); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl ) -{ - return( ( ssl->in_msg[1] << 16 ) | - ( ssl->in_msg[2] << 8 ) | - ssl->in_msg[3] ); +static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl) { + return ((ssl->in_msg[1] << 16) | + (ssl->in_msg[2] << 8) | + ssl->in_msg[3]); } -int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) -{ - if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); +int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) { + if (ssl->in_msglen < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake message too short: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl ); + ssl->in_hslen = mbedtls_ssl_hs_hdr_len(ssl) + ssl_get_hs_total_len(ssl); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen =" - " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("handshake message: msglen =" + " %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen)); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned int recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5]; - if( ssl_check_hs_header( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid handshake header" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl_check_hs_header(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid handshake header")); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - if( ssl->handshake != NULL && - ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && - recv_msg_seq != ssl->handshake->in_msg_seq ) || - ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) - { - if( recv_msg_seq > ssl->handshake->in_msg_seq ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received future handshake message of sequence number %u (next %u)", - recv_msg_seq, - ssl->handshake->in_msg_seq ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + if (ssl->handshake != NULL && + ((ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && + recv_msg_seq != ssl->handshake->in_msg_seq) || + (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO))) { + if (recv_msg_seq > ssl->handshake->in_msg_seq) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received future handshake message of sequence number %u (next %u)", + recv_msg_seq, + ssl->handshake->in_msg_seq)); + return (MBEDTLS_ERR_SSL_EARLY_MESSAGE); } /* Retransmit only on last message from previous flight, to avoid * too many retransmissions. * Besides, No sane server ever retransmits HelloVerifyRequest */ - if( recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && - ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, " - "message_seq = %u, start_of_flight = %u", - recv_msg_seq, - ssl->handshake->in_flight_start_seq ) ); + if (recv_msg_seq == ssl->handshake->in_flight_start_seq - 1 && + ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received message from last flight, " + "message_seq = %u, start_of_flight = %u", + recv_msg_seq, + ssl->handshake->in_flight_start_seq)); - if( ( ret = mbedtls_ssl_resend( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend", ret ); - return( ret ); + if ((ret = mbedtls_ssl_resend(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend", ret); + return (ret); } - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: " - "message_seq = %u, expected = %u", - recv_msg_seq, - ssl->handshake->in_msg_seq ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("dropping out-of-sequence message: " + "message_seq = %u, expected = %u", + recv_msg_seq, + ssl->handshake->in_msg_seq)); } - return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + return (MBEDTLS_ERR_SSL_CONTINUE_PROCESSING); } /* Wait until message completion to increment in_msg_seq */ @@ -3205,38 +2959,32 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) * messages; the commonality is that both handshake fragments and * future messages cannot be forwarded immediately to the * handshake logic layer. */ - if( ssl_hs_is_proper_fragment( ssl ) == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "found fragmented DTLS handshake message" ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + if (ssl_hs_is_proper_fragment(ssl) == 1) { + MBEDTLS_SSL_DEBUG_MSG(2, ("found fragmented DTLS handshake message")); + return (MBEDTLS_ERR_SSL_EARLY_MESSAGE); } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - /* With TLS we don't handle fragmentation (for now) */ - if( ssl->in_msglen < ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLS handshake fragmentation not supported" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); - } + /* With TLS we don't handle fragmentation (for now) */ + if (ssl->in_msglen < ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("TLS handshake fragmentation not supported")); + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); + } - return( 0 ); + return (0); } -void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; +void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) { + mbedtls_ssl_handshake_params *const hs = ssl->handshake; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) - { - ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL) { + ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen); } /* Handshake message is complete, increment counter */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake != NULL ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake != NULL) { unsigned offset; mbedtls_ssl_hs_buffer *hs_buf; @@ -3248,18 +2996,17 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) */ /* Free first entry */ - ssl_buffering_free_slot( ssl, 0 ); + ssl_buffering_free_slot(ssl, 0); /* Shift all other entries */ - for( offset = 0, hs_buf = &hs->buffering.hs[0]; - offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; - offset++, hs_buf++ ) - { + for (offset = 0, hs_buf = &hs->buffering.hs[0]; + offset + 1 < MBEDTLS_SSL_MAX_BUFFERED_HS; + offset++, hs_buf++) { *hs_buf = *(hs_buf + 1); } /* Create a fresh last entry */ - memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); + memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); } #endif } @@ -3275,24 +3022,21 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) * not seen yet). */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_dtls_replay_reset(mbedtls_ssl_context *ssl) { ssl->in_window_top = 0; ssl->in_window = 0; } -static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) -{ - return( ( (uint64_t) buf[0] << 40 ) | - ( (uint64_t) buf[1] << 32 ) | - ( (uint64_t) buf[2] << 24 ) | - ( (uint64_t) buf[3] << 16 ) | - ( (uint64_t) buf[4] << 8 ) | - ( (uint64_t) buf[5] ) ); +static inline uint64_t ssl_load_six_bytes(unsigned char *buf) { + return (((uint64_t) buf[0] << 40) | + ((uint64_t) buf[1] << 32) | + ((uint64_t) buf[2] << 24) | + ((uint64_t) buf[3] << 16) | + ((uint64_t) buf[4] << 8) | + ((uint64_t) buf[5])); } -static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr ) -{ +static int mbedtls_ssl_dtls_record_replay_check(mbedtls_ssl_context *ssl, uint8_t *record_in_ctr) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *original_in_ctr; @@ -3302,7 +3046,7 @@ static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8 // use counter from record ssl->in_ctr = record_in_ctr; - ret = mbedtls_ssl_dtls_replay_check( (mbedtls_ssl_context const *) ssl ); + ret = mbedtls_ssl_dtls_replay_check((mbedtls_ssl_context const *) ssl); // restore the counter ssl->in_ctr = original_in_ctr; @@ -3313,59 +3057,53 @@ static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8 /* * Return 0 if sequence number is acceptable, -1 otherwise */ -int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl ) -{ - uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); +int mbedtls_ssl_dtls_replay_check(mbedtls_ssl_context const *ssl) { + uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); uint64_t bit; - if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) - return( 0 ); + if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) + return (0); - if( rec_seqnum > ssl->in_window_top ) - return( 0 ); + if (rec_seqnum > ssl->in_window_top) + return (0); bit = ssl->in_window_top - rec_seqnum; - if( bit >= 64 ) - return( -1 ); + if (bit >= 64) + return (-1); - if( ( ssl->in_window & ( (uint64_t) 1 << bit ) ) != 0 ) - return( -1 ); + if ((ssl->in_window & ((uint64_t) 1 << bit)) != 0) + return (-1); - return( 0 ); + return (0); } /* * Update replay window on new validated record */ -void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) -{ - uint64_t rec_seqnum = ssl_load_six_bytes( ssl->in_ctr + 2 ); +void mbedtls_ssl_dtls_replay_update(mbedtls_ssl_context *ssl) { + uint64_t rec_seqnum = ssl_load_six_bytes(ssl->in_ctr + 2); - if( ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED ) + if (ssl->conf->anti_replay == MBEDTLS_SSL_ANTI_REPLAY_DISABLED) return; - if( rec_seqnum > ssl->in_window_top ) - { + if (rec_seqnum > ssl->in_window_top) { /* Update window_top and the contents of the window */ uint64_t shift = rec_seqnum - ssl->in_window_top; - if( shift >= 64 ) + if (shift >= 64) ssl->in_window = 1; - else - { + else { ssl->in_window <<= shift; ssl->in_window |= 1; } ssl->in_window_top = rec_seqnum; - } - else - { + } else { /* Mark that number as seen in the current window */ uint64_t bit = ssl->in_window_top - rec_seqnum; - if( bit < 64 ) /* Always true, but be extra sure */ + if (bit < 64) /* Always true, but be extra sure */ ssl->in_window |= (uint64_t) 1 << bit; } } @@ -3384,13 +3122,12 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl ) * - otherwise return a specific error code */ static int ssl_check_dtls_clihlo_cookie( - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie, - const unsigned char *cli_id, size_t cli_id_len, - const unsigned char *in, size_t in_len, - unsigned char *obuf, size_t buf_len, size_t *olen ) -{ + mbedtls_ssl_cookie_write_t *f_cookie_write, + mbedtls_ssl_cookie_check_t *f_cookie_check, + void *p_cookie, + const unsigned char *cli_id, size_t cli_id_len, + const unsigned char *in, size_t in_len, + unsigned char *obuf, size_t buf_len, size_t *olen) { size_t sid_len, cookie_len; unsigned char *p; @@ -3420,27 +3157,25 @@ static int ssl_check_dtls_clihlo_cookie( * * Minimum length is 61 bytes. */ - if( in_len < 61 || - in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || - in[3] != 0 || in[4] != 0 || - in[19] != 0 || in[20] != 0 || in[21] != 0 ) - { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (in_len < 61 || + in[0] != MBEDTLS_SSL_MSG_HANDSHAKE || + in[3] != 0 || in[4] != 0 || + in[19] != 0 || in[20] != 0 || in[21] != 0) { + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } sid_len = in[59]; - if( sid_len > in_len - 61 ) - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (sid_len > in_len - 61) + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); cookie_len = in[60 + sid_len]; - if( cookie_len > in_len - 60 ) - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cookie_len > in_len - 60) + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); - if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, - cli_id, cli_id_len ) == 0 ) - { + if (f_cookie_check(p_cookie, in + sid_len + 61, cookie_len, + cli_id, cli_id_len) == 0) { /* Valid cookie */ - return( 0 ); + return (0); } /* @@ -3463,36 +3198,35 @@ static int ssl_check_dtls_clihlo_cookie( * * Minimum length is 28. */ - if( buf_len < 28 ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (buf_len < 28) + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); /* Copy most fields and adapt others */ - memcpy( obuf, in, 25 ); + memcpy(obuf, in, 25); obuf[13] = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST; obuf[25] = 0xfe; obuf[26] = 0xff; /* Generate and write actual cookie */ p = obuf + 28; - if( f_cookie_write( p_cookie, - &p, obuf + buf_len, cli_id, cli_id_len ) != 0 ) - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (f_cookie_write(p_cookie, + &p, obuf + buf_len, cli_id, cli_id_len) != 0) { + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } *olen = p - obuf; /* Go back and fill length fields */ - obuf[27] = (unsigned char)( *olen - 28 ); + obuf[27] = (unsigned char)(*olen - 28); - obuf[14] = obuf[22] = (unsigned char)( ( *olen - 25 ) >> 16 ); - obuf[15] = obuf[23] = (unsigned char)( ( *olen - 25 ) >> 8 ); - obuf[16] = obuf[24] = (unsigned char)( ( *olen - 25 ) ); + obuf[14] = obuf[22] = (unsigned char)((*olen - 25) >> 16); + obuf[15] = obuf[23] = (unsigned char)((*olen - 25) >> 8); + obuf[16] = obuf[24] = (unsigned char)((*olen - 25)); - obuf[11] = (unsigned char)( ( *olen - 13 ) >> 8 ); - obuf[12] = (unsigned char)( ( *olen - 13 ) ); + obuf[11] = (unsigned char)((*olen - 13) >> 8); + obuf[12] = (unsigned char)((*olen - 13)); - return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); + return (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED); } /* @@ -3515,74 +3249,67 @@ static int ssl_check_dtls_clihlo_cookie( * includes the case of MBEDTLS_ERR_SSL_CLIENT_RECONNECT and of unexpected * errors, and is the right thing to do in both cases). */ -static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) -{ +static int ssl_handle_possible_reconnect(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ssl->conf->f_cookie_write == NULL || - ssl->conf->f_cookie_check == NULL ) - { + if (ssl->conf->f_cookie_write == NULL || + ssl->conf->f_cookie_check == NULL) { /* If we can't use cookies to verify reachability of the peer, * drop the record. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no cookie callbacks, " - "can't check reconnect validity" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(1, ("no cookie callbacks, " + "can't check reconnect validity")); + return (0); } ret = ssl_check_dtls_clihlo_cookie( - ssl->conf->f_cookie_write, - ssl->conf->f_cookie_check, - ssl->conf->p_cookie, - ssl->cli_id, ssl->cli_id_len, - ssl->in_buf, ssl->in_left, - ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len ); + ssl->conf->f_cookie_write, + ssl->conf->f_cookie_check, + ssl->conf->p_cookie, + ssl->cli_id, ssl->cli_id_len, + ssl->in_buf, ssl->in_left, + ssl->out_buf, MBEDTLS_SSL_OUT_CONTENT_LEN, &len); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_dtls_clihlo_cookie", ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_dtls_clihlo_cookie", ret); - if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) - { + if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { int send_ret; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "sending HelloVerifyRequest" ) ); - MBEDTLS_SSL_DEBUG_BUF( 4, "output record sent to network", - ssl->out_buf, len ); + MBEDTLS_SSL_DEBUG_MSG(1, ("sending HelloVerifyRequest")); + MBEDTLS_SSL_DEBUG_BUF(4, "output record sent to network", + ssl->out_buf, len); /* Don't check write errors as we can't do anything here. * If the error is permanent we'll catch it later, * if it's not, then hopefully it'll work next time. */ - send_ret = ssl->f_send( ssl->p_bio, ssl->out_buf, len ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_send", send_ret ); + send_ret = ssl->f_send(ssl->p_bio, ssl->out_buf, len); + MBEDTLS_SSL_DEBUG_RET(2, "ssl->f_send", send_ret); (void) send_ret; - return( 0 ); + return (0); } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cookie is valid, resetting context" ) ); - if( ( ret = mbedtls_ssl_session_reset_int( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "reset", ret ); - return( ret ); + if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("cookie is valid, resetting context")); + if ((ret = mbedtls_ssl_session_reset_int(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "reset", ret); + return (ret); } - return( MBEDTLS_ERR_SSL_CLIENT_RECONNECT ); + return (MBEDTLS_ERR_SSL_CLIENT_RECONNECT); } - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ -static int ssl_check_record_type( uint8_t record_type ) -{ - if( record_type != MBEDTLS_SSL_MSG_HANDSHAKE && - record_type != MBEDTLS_SSL_MSG_ALERT && - record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && - record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); +static int ssl_check_record_type(uint8_t record_type) { + if (record_type != MBEDTLS_SSL_MSG_HANDSHAKE && + record_type != MBEDTLS_SSL_MSG_ALERT && + record_type != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC && + record_type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - return( 0 ); + return (0); } /* @@ -3604,11 +3331,10 @@ static int ssl_check_record_type( uint8_t record_type ) * Point 2 is needed when the peer is resending, and we have already received * the first record from a datagram but are still waiting for the others. */ -static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, - unsigned char *buf, - size_t len, - mbedtls_record *rec ) -{ +static int ssl_parse_record_header(mbedtls_ssl_context const *ssl, + unsigned char *buf, + size_t len, + mbedtls_record *rec) { int major_ver, minor_ver; size_t const rec_hdr_type_offset = 0; @@ -3639,22 +3365,19 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { rec_hdr_len_offset = rec_hdr_ctr_offset + rec_hdr_ctr_len; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { rec_hdr_len_offset = rec_hdr_version_offset + rec_hdr_version_len; } - if( len < rec_hdr_len_offset + rec_hdr_len_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header of length %u", - (unsigned) len, - (unsigned)( rec_hdr_len_len + rec_hdr_len_len ) ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (len < rec_hdr_len_offset + rec_hdr_len_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("datagram of length %u too small to hold DTLS record header of length %u", + (unsigned) len, + (unsigned)(rec_hdr_len_len + rec_hdr_len_len))); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } /* @@ -3667,10 +3390,9 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) rec->cid_len = 0; - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->cid_len != 0 && - rec->type == MBEDTLS_SSL_MSG_CID ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->conf->cid_len != 0 && + rec->type == MBEDTLS_SSL_MSG_CID) { /* Shift pointers to account for record header including CID * struct { * ContentType special_type = tls12_cid; @@ -3689,27 +3411,24 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, rec_hdr_cid_len = ssl->conf->cid_len; rec_hdr_len_offset += rec_hdr_cid_len; - if( len < rec_hdr_len_offset + rec_hdr_len_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "datagram of length %u too small to hold DTLS record header including CID, length %u", - (unsigned) len, - (unsigned)( rec_hdr_len_offset + rec_hdr_len_len ) ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (len < rec_hdr_len_offset + rec_hdr_len_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("datagram of length %u too small to hold DTLS record header including CID, length %u", + (unsigned) len, + (unsigned)(rec_hdr_len_offset + rec_hdr_len_len))); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } /* configured CID len is guaranteed at most 255, see * MBEDTLS_SSL_CID_OUT_LEN_MAX in check_config.h */ rec->cid_len = (uint8_t) rec_hdr_cid_len; - memcpy( rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len ); - } - else + memcpy(rec->cid, buf + rec_hdr_cid_offset, rec_hdr_cid_len); + } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - if( ssl_check_record_type( rec->type ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type %u", - (unsigned) rec->type ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl_check_record_type(rec->type)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type %u", + (unsigned) rec->type)); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } } @@ -3719,20 +3438,18 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, rec->ver[0] = buf[ rec_hdr_version_offset + 0 ]; rec->ver[1] = buf[ rec_hdr_version_offset + 1 ]; - mbedtls_ssl_read_version( &major_ver, &minor_ver, - ssl->conf->transport, - &rec->ver[0] ); + mbedtls_ssl_read_version(&major_ver, &minor_ver, + ssl->conf->transport, + &rec->ver[0]); - if( major_ver != ssl->major_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "major version mismatch" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (major_ver != ssl->major_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("major version mismatch")); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - if( minor_ver > ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (minor_ver > ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("minor version mismatch")); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } /* @@ -3740,17 +3457,15 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Copy explicit record sequence number from input buffer. */ - memcpy( &rec->ctr[0], buf + rec_hdr_ctr_offset, - rec_hdr_ctr_len ); - } - else + memcpy(&rec->ctr[0], buf + rec_hdr_ctr_offset, + rec_hdr_ctr_len); + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { /* Copy implicit record sequence number from SSL context structure. */ - memcpy( &rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len ); + memcpy(&rec->ctr[0], ssl->in_ctr, rec_hdr_ctr_len); } /* @@ -3758,20 +3473,20 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, */ rec->data_offset = rec_hdr_len_offset + rec_hdr_len_len; - rec->data_len = ( (size_t) buf[ rec_hdr_len_offset + 0 ] << 8 ) | - ( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset ); + rec->data_len = ((size_t) buf[ rec_hdr_len_offset + 0 ] << 8) | + ((size_t) buf[ rec_hdr_len_offset + 1 ] << 0); + MBEDTLS_SSL_DEBUG_BUF(4, "input record header", buf, rec->data_offset); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, " - "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, - rec->type, - major_ver, minor_ver, rec->data_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("input record: msgtype = %u, " + "version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET, + rec->type, + major_ver, minor_ver, rec->data_len)); rec->buf = buf; rec->buf_len = rec->data_offset + rec->data_len; - if( rec->data_len == 0 ) - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (rec->data_len == 0) + return (MBEDTLS_ERR_SSL_INVALID_RECORD); /* * DTLS-related tests. @@ -3786,60 +3501,54 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, * record leads to the entire datagram being dropped. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - rec_epoch = ( rec->ctr[0] << 8 ) | rec->ctr[1]; + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + rec_epoch = (rec->ctr[0] << 8) | rec->ctr[1]; /* Check that the datagram is large enough to contain a record * of the advertised length. */ - if( len < rec->data_offset + rec->data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Datagram of length %u too small to contain record of advertised length %u.", - (unsigned) len, - (unsigned)( rec->data_offset + rec->data_len ) ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (len < rec->data_offset + rec->data_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Datagram of length %u too small to contain record of advertised length %u.", + (unsigned) len, + (unsigned)(rec->data_offset + rec->data_len))); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } /* Records from other, non-matching epochs are silently discarded. * (The case of same-port Client reconnects must be considered in * the caller). */ - if( rec_epoch != ssl->in_epoch ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: " - "expected %u, received %lu", - ssl->in_epoch, (unsigned long) rec_epoch ) ); + if (rec_epoch != ssl->in_epoch) { + MBEDTLS_SSL_DEBUG_MSG(1, ("record from another epoch: " + "expected %u, received %lu", + ssl->in_epoch, (unsigned long) rec_epoch)); /* Records from the next epoch are considered for buffering * (concretely: early Finished messages). */ - if( rec_epoch == (unsigned) ssl->in_epoch + 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Consider record for buffering" ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + if (rec_epoch == (unsigned) ssl->in_epoch + 1) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Consider record for buffering")); + return (MBEDTLS_ERR_SSL_EARLY_MESSAGE); } - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + return (MBEDTLS_ERR_SSL_UNEXPECTED_RECORD); } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) /* For records from the correct epoch, check whether their * sequence number has been seen before. */ - else if( mbedtls_ssl_dtls_record_replay_check( (mbedtls_ssl_context *) ssl, - &rec->ctr[0] ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + else if (mbedtls_ssl_dtls_record_replay_check((mbedtls_ssl_context *) ssl, + &rec->ctr[0]) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record")); + return (MBEDTLS_ERR_SSL_UNEXPECTED_RECORD); } #endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) -static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) -{ - unsigned int rec_epoch = ( ssl->in_ctr[0] << 8 ) | ssl->in_ctr[1]; +static int ssl_check_client_reconnect(mbedtls_ssl_context *ssl) { + unsigned int rec_epoch = (ssl->in_ctr[0] << 8) | ssl->in_ctr[1]; /* * Check for an epoch 0 ClientHello. We can't use in_msg here to @@ -3847,79 +3556,71 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) * have an active transform (possibly iv_len != 0), so use the * fact that the record header len is 13 instead. */ - if( rec_epoch == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_left > 13 && - ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "possible client reconnect " - "from the same port" ) ); - return( ssl_handle_possible_reconnect( ssl ) ); + if (rec_epoch == 0 && + ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_left > 13 && + ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("possible client reconnect " + "from the same port")); + return (ssl_handle_possible_reconnect(ssl)); } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ /* * If applicable, decrypt record content */ -static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, - mbedtls_record *rec ) -{ +static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, + mbedtls_record *rec) { int ret, done = 0; - MBEDTLS_SSL_DEBUG_BUF( 4, "input record from network", - rec->buf, rec->buf_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "input record from network", + rec->buf, rec->buf_len); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_read != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_read()" ) ); + if (mbedtls_ssl_hw_record_read != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_read()")); - ret = mbedtls_ssl_hw_record_read( ssl ); - if( ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_read", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + ret = mbedtls_ssl_hw_record_read(ssl); + if (ret != 0 && ret != MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_read", ret); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - if( ret == 0 ) + if (ret == 0) done = 1; } #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ - if( !done && ssl->transform_in != NULL ) - { + if (!done && ssl->transform_in != NULL) { unsigned char const old_msg_type = rec->type; - if( ( ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, - rec ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret ); + if ((ret = mbedtls_ssl_decrypt_buf(ssl, ssl->transform_in, + rec)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && - ssl->conf->ignore_unexpected_cid - == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ignoring unexpected CID" ) ); + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && + ssl->conf->ignore_unexpected_cid + == MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ignoring unexpected CID")); ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - return( ret ); + return (ret); } - if( old_msg_type != rec->type ) - { - MBEDTLS_SSL_DEBUG_MSG( 4, ( "record type after decrypt (before %d): %d", - old_msg_type, rec->type ) ); + if (old_msg_type != rec->type) { + MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d", + old_msg_type, rec->type)); } - MBEDTLS_SSL_DEBUG_BUF( 4, "input payload after decrypt", - rec->buf + rec->data_offset, rec->data_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "input payload after decrypt", + rec->buf + rec->data_offset, rec->data_len); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* We have already checked the record content type @@ -3929,22 +3630,19 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, * Since with the use of CIDs, the record content type * might change during decryption, re-check the record * content type, but treat a failure as fatal this time. */ - if( ssl_check_record_type( rec->type ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl_check_record_type(rec->type)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("unknown record type")); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - if( rec->data_len == 0 ) - { + if (rec->data_len == 0) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 - && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 + && rec->type != MBEDTLS_SSL_MSG_APPLICATION_DATA) { /* TLS v1.2 explicitly disallows zero-length messages which are not application data */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid zero-length message type: %d", ssl->in_msgtype ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid zero-length message type: %d", ssl->in_msgtype)); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -3954,58 +3652,51 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, * Three or more empty messages may be a DoS attack * (excessive CPU consumption). */ - if( ssl->nb_zero > 3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received four consecutive empty " - "messages, possible DoS attack" ) ); + if (ssl->nb_zero > 3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received four consecutive empty " + "messages, possible DoS attack")); /* Treat the records as if they were not properly authenticated, * thereby failing the connection if we see more than allowed * by the configured bad MAC threshold. */ - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + return (MBEDTLS_ERR_SSL_INVALID_MAC); } - } - else + } else ssl->nb_zero = 0; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ; /* in_ctr read from peer, not maintained internally */ - } - else + } else #endif { unsigned i; - for( i = 8; i > mbedtls_ssl_ep_len( ssl ); i-- ) - if( ++ssl->in_ctr[i - 1] != 0 ) + for (i = 8; i > mbedtls_ssl_ep_len(ssl); i--) + if (++ssl->in_ctr[i - 1] != 0) break; /* The loop goes to its end iff the counter is wrapping */ - if( i == mbedtls_ssl_ep_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + if (i == mbedtls_ssl_ep_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("incoming message counter would wrap")); + return (MBEDTLS_ERR_SSL_COUNTER_WRAPPING); } } } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - mbedtls_ssl_dtls_replay_update( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + mbedtls_ssl_dtls_replay_update(ssl); } #endif /* Check actual (decrypted) record content length against * configured maximum. */ - if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length")); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - return( 0 ); + return (0); } /* @@ -4017,127 +3708,113 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl, */ /* Helper functions for mbedtls_ssl_read_record(). */ -static int ssl_consume_current_message( mbedtls_ssl_context *ssl ); -static int ssl_get_next_record( mbedtls_ssl_context *ssl ); -static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); +static int ssl_consume_current_message(mbedtls_ssl_context *ssl); +static int ssl_get_next_record(mbedtls_ssl_context *ssl); +static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl); -int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, - unsigned update_hs_digest ) -{ +int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, + unsigned update_hs_digest) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> read record")); - if( ssl->keep_current_message == 0 ) - { + if (ssl->keep_current_message == 0) { do { - ret = ssl_consume_current_message( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_consume_current_message(ssl); + if (ret != 0) + return (ret); - if( ssl_record_is_in_progress( ssl ) == 0 ) - { + if (ssl_record_is_in_progress(ssl) == 0) { #if defined(MBEDTLS_SSL_PROTO_DTLS) int have_buffered = 0; /* We only check for buffered messages if the * current datagram is fully consumed. */ - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl_next_record_is_in_datagram( ssl ) == 0 ) - { - if( ssl_load_buffered_message( ssl ) == 0 ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl_next_record_is_in_datagram(ssl) == 0) { + if (ssl_load_buffered_message(ssl) == 0) have_buffered = 1; } - if( have_buffered == 0 ) + if (have_buffered == 0) #endif /* MBEDTLS_SSL_PROTO_DTLS */ { - ret = ssl_get_next_record( ssl ); - if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ) + ret = ssl_get_next_record(ssl); + if (ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) continue; - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_get_next_record" ), ret ); - return( ret ); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_get_next_record"), ret); + return (ret); } } } - ret = mbedtls_ssl_handle_message_type( ssl ); + ret = mbedtls_ssl_handle_message_type(ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) - { + if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { /* Buffer future message */ - ret = ssl_buffer_message( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_buffer_message(ssl); + if (ret != 0) + return (ret); ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - } while( MBEDTLS_ERR_SSL_NON_FATAL == ret || - MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret ); + } while (MBEDTLS_ERR_SSL_NON_FATAL == ret || + MBEDTLS_ERR_SSL_CONTINUE_PROCESSING == ret); - if( 0 != ret ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_handle_message_type" ), ret ); - return( ret ); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_handle_message_type"), ret); + return (ret); } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - update_hs_digest == 1 ) - { - mbedtls_ssl_update_handshake_status( ssl ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + update_hs_digest == 1) { + mbedtls_ssl_update_handshake_status(ssl); } - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "reuse previously read message" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message")); ssl->keep_current_message = 0; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= read record")); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl ) -{ - if( ssl->in_left > ssl->next_record_offset ) - return( 1 ); +static int ssl_next_record_is_in_datagram(mbedtls_ssl_context *ssl) { + if (ssl->in_left > ssl->next_record_offset) + return (1); - return( 0 ); + return (0); } -static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer * hs_buf; +static int ssl_load_buffered_message(mbedtls_ssl_context *ssl) { + mbedtls_ssl_handshake_params *const hs = ssl->handshake; + mbedtls_ssl_hs_buffer *hs_buf; int ret = 0; - if( hs == NULL ) - return( -1 ); + if (hs == NULL) + return (-1); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_messsage")); - if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || - ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) - { + if (ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC || + ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { /* Check if we have seen a ChangeCipherSpec before. * If yes, synthesize a CCS record. */ - if( !hs->buffering.seen_ccs ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "CCS not seen in the current flight" ) ); + if (!hs->buffering.seen_ccs) { + MBEDTLS_SSL_DEBUG_MSG(2, ("CCS not seen in the current flight")); ret = -1; goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Injecting buffered CCS message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Injecting buffered CCS message")); ssl->in_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; ssl->in_msglen = 1; ssl->in_msg[0] = 1; @@ -4154,14 +3831,12 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) /* Debug only */ { unsigned offset; - for( offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ ) - { + for (offset = 1; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) { hs_buf = &hs->buffering.hs[offset]; - if( hs_buf->is_valid == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Future message with sequence number %u %s buffered.", - hs->in_msg_seq + offset, - hs_buf->is_complete ? "fully" : "partially" ) ); + if (hs_buf->is_valid == 1) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Future message with sequence number %u %s buffered.", + hs->in_msg_seq + offset, + hs_buf->is_complete ? "fully" : "partially")); } } } @@ -4170,217 +3845,195 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl ) /* Check if we have buffered and/or fully reassembled the * next handshake message. */ hs_buf = &hs->buffering.hs[0]; - if( ( hs_buf->is_valid == 1 ) && ( hs_buf->is_complete == 1 ) ) - { + if ((hs_buf->is_valid == 1) && (hs_buf->is_complete == 1)) { /* Synthesize a record containing the buffered HS message. */ - size_t msg_len = ( hs_buf->data[1] << 16 ) | - ( hs_buf->data[2] << 8 ) | - hs_buf->data[3]; + size_t msg_len = (hs_buf->data[1] << 16) | + (hs_buf->data[2] << 8) | + hs_buf->data[3]; /* Double-check that we haven't accidentally buffered * a message that doesn't fit into the input buffer. */ - if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message has been buffered - load" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered handshake message (incl. header)", - hs_buf->data, msg_len + 12 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message has been buffered - load")); + MBEDTLS_SSL_DEBUG_BUF(3, "Buffered handshake message (incl. header)", + hs_buf->data, msg_len + 12); ssl->in_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->in_hslen = msg_len + 12; ssl->in_msglen = msg_len + 12; - memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen ); + memcpy(ssl->in_msg, hs_buf->data, ssl->in_hslen); ret = 0; goto exit; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Next handshake message %u not or only partially bufffered", - hs->in_msg_seq ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Next handshake message %u not or only partially bufffered", + hs->in_msg_seq)); } ret = -1; exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_message" ) ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_message")); + return (ret); } -static int ssl_buffer_make_space( mbedtls_ssl_context *ssl, - size_t desired ) -{ +static int ssl_buffer_make_space(mbedtls_ssl_context *ssl, + size_t desired) { int offset; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Attempt to free buffered messages to have %u bytes available", - (unsigned) desired ) ); + mbedtls_ssl_handshake_params *const hs = ssl->handshake; + MBEDTLS_SSL_DEBUG_MSG(2, ("Attempt to free buffered messages to have %u bytes available", + (unsigned) desired)); /* Get rid of future records epoch first, if such exist. */ - ssl_free_buffered_record( ssl ); + ssl_free_buffered_record(ssl); /* Check if we have enough space available now. */ - if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing future epoch record" ) ); - return( 0 ); + if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing future epoch record")); + return (0); } /* We don't have enough space to buffer the next expected handshake * message. Remove buffers used for future messages to gain space, * starting with the most distant one. */ - for( offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; - offset >= 0; offset-- ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Free buffering slot %d to make space for reassembly of next handshake message", - offset ) ); + for (offset = MBEDTLS_SSL_MAX_BUFFERED_HS - 1; + offset >= 0; offset--) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Free buffering slot %d to make space for reassembly of next handshake message", + offset)); - ssl_buffering_free_slot( ssl, (uint8_t) offset ); + ssl_buffering_free_slot(ssl, (uint8_t) offset); /* Check if we have enough space available now. */ - if( desired <= ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Enough space available after freeing buffered HS messages" ) ); - return( 0 ); + if (desired <= (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Enough space available after freeing buffered HS messages")); + return (0); } } - return( -1 ); + return (-1); } -static int ssl_buffer_message( mbedtls_ssl_context *ssl ) -{ +static int ssl_buffer_message(mbedtls_ssl_context *ssl) { int ret = 0; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; + mbedtls_ssl_handshake_params *const hs = ssl->handshake; - if( hs == NULL ) - return( 0 ); + if (hs == NULL) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_buffer_message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_buffer_message")); - switch( ssl->in_msgtype ) - { + switch (ssl->in_msgtype) { case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Remember CCS message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Remember CCS message")); hs->buffering.seen_ccs = 1; break; - case MBEDTLS_SSL_MSG_HANDSHAKE: - { + case MBEDTLS_SSL_MSG_HANDSHAKE: { unsigned recv_msg_seq_offset; - unsigned recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; + unsigned recv_msg_seq = (ssl->in_msg[4] << 8) | ssl->in_msg[5]; mbedtls_ssl_hs_buffer *hs_buf; size_t msg_len = ssl->in_hslen - 12; /* We should never receive an old handshake * message - double-check nonetheless. */ - if( recv_msg_seq < ssl->handshake->in_msg_seq ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (recv_msg_seq < ssl->handshake->in_msg_seq) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } recv_msg_seq_offset = recv_msg_seq - ssl->handshake->in_msg_seq; - if( recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS ) - { + if (recv_msg_seq_offset >= MBEDTLS_SSL_MAX_BUFFERED_HS) { /* Silently ignore -- message too far in the future */ - MBEDTLS_SSL_DEBUG_MSG( 2, - ( "Ignore future HS message with sequence number %u, " - "buffering window %u - %u", - recv_msg_seq, ssl->handshake->in_msg_seq, - ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1 ) ); + MBEDTLS_SSL_DEBUG_MSG(2, + ("Ignore future HS message with sequence number %u, " + "buffering window %u - %u", + recv_msg_seq, ssl->handshake->in_msg_seq, + ssl->handshake->in_msg_seq + MBEDTLS_SSL_MAX_BUFFERED_HS - 1)); goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering HS message with sequence number %u, offset %u ", - recv_msg_seq, recv_msg_seq_offset ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering HS message with sequence number %u, offset %u ", + recv_msg_seq, recv_msg_seq_offset)); hs_buf = &hs->buffering.hs[ recv_msg_seq_offset ]; /* Check if the buffering for this seq nr has already commenced. */ - if( !hs_buf->is_valid ) - { + if (!hs_buf->is_valid) { size_t reassembly_buf_sz; hs_buf->is_fragmented = - ( ssl_hs_is_proper_fragment( ssl ) == 1 ); + (ssl_hs_is_proper_fragment(ssl) == 1); /* We copy the message back into the input buffer * after reassembly, so check that it's not too large. * This is an implementation-specific limitation * and not one from the standard, hence it is not * checked in ssl_check_hs_header(). */ - if( msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN ) - { + if (msg_len + 12 > MBEDTLS_SSL_IN_CONTENT_LEN) { /* Ignore message */ goto exit; } /* Check if we have enough space to buffer the message. */ - if( hs->buffering.total_bytes_buffered > - MBEDTLS_SSL_DTLS_MAX_BUFFERING ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (hs->buffering.total_bytes_buffered > + MBEDTLS_SSL_DTLS_MAX_BUFFERING) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - reassembly_buf_sz = ssl_get_reassembly_buffer_size( msg_len, - hs_buf->is_fragmented ); + reassembly_buf_sz = ssl_get_reassembly_buffer_size(msg_len, + hs_buf->is_fragmented); - if( reassembly_buf_sz > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - if( recv_msg_seq_offset > 0 ) - { + if (reassembly_buf_sz > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + if (recv_msg_seq_offset > 0) { /* If we can't buffer a future message because * of space limitations -- ignore. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future message of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); goto exit; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- attempt to make space by freeing buffered future messages\n", - msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future message of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- attempt to make space by freeing buffered future messages\n", + msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); } - if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET - " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed" - " the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- fail\n", - msg_len, - reassembly_buf_sz, - (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); + if (ssl_buffer_make_space(ssl, reassembly_buf_sz) != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET + " (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed" + " the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- fail\n", + msg_len, + reassembly_buf_sz, + (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; goto exit; } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET, - msg_len ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET, + msg_len)); - hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz ); - if( hs_buf->data == NULL ) - { + hs_buf->data = mbedtls_calloc(1, reassembly_buf_sz); + if (hs_buf->data == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } @@ -4388,29 +4041,25 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) /* Prepare final header: copy msg_type, length and message_seq, * then add standardised fragment_offset and fragment_length */ - memcpy( hs_buf->data, ssl->in_msg, 6 ); - memset( hs_buf->data + 6, 0, 3 ); - memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 ); + memcpy(hs_buf->data, ssl->in_msg, 6); + memset(hs_buf->data + 6, 0, 3); + memcpy(hs_buf->data + 9, hs_buf->data + 1, 3); hs_buf->is_valid = 1; hs->buffering.total_bytes_buffered += reassembly_buf_sz; - } - else - { + } else { /* Make sure msg_type and length are consistent */ - if( memcmp( hs_buf->data, ssl->in_msg, 4 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Fragment header mismatch - ignore" ) ); + if (memcmp(hs_buf->data, ssl->in_msg, 4) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Fragment header mismatch - ignore")); /* Ignore */ goto exit; } } - if( !hs_buf->is_complete ) - { + if (!hs_buf->is_complete) { size_t frag_len, frag_off; - unsigned char * const msg = hs_buf->data + 12; + unsigned char *const msg = hs_buf->data + 12; /* * Check and copy current fragment @@ -4418,28 +4067,25 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) /* Validation of header fields already done in * mbedtls_ssl_prepare_handshake_record(). */ - frag_off = ssl_get_hs_frag_off( ssl ); - frag_len = ssl_get_hs_frag_len( ssl ); + frag_off = ssl_get_hs_frag_off(ssl); + frag_len = ssl_get_hs_frag_len(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET - ", length = %" MBEDTLS_PRINTF_SIZET, - frag_off, frag_len ) ); - memcpy( msg + frag_off, ssl->in_msg + 12, frag_len ); + MBEDTLS_SSL_DEBUG_MSG(2, ("adding fragment, offset = %" MBEDTLS_PRINTF_SIZET + ", length = %" MBEDTLS_PRINTF_SIZET, + frag_off, frag_len)); + memcpy(msg + frag_off, ssl->in_msg + 12, frag_len); - if( hs_buf->is_fragmented ) - { - unsigned char * const bitmask = msg + msg_len; - ssl_bitmask_set( bitmask, frag_off, frag_len ); - hs_buf->is_complete = ( ssl_bitmask_check( bitmask, - msg_len ) == 0 ); - } - else - { + if (hs_buf->is_fragmented) { + unsigned char *const bitmask = msg + msg_len; + ssl_bitmask_set(bitmask, frag_off, frag_len); + hs_buf->is_complete = (ssl_bitmask_check(bitmask, + msg_len) == 0); + } else { hs_buf->is_complete = 1; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "message %scomplete", - hs_buf->is_complete ? "" : "not yet " ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("message %scomplete", + hs_buf->is_complete ? "" : "not yet ")); } break; @@ -4452,13 +4098,12 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_buffer_message" ) ); - return( ret ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_buffer_message")); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) -{ +static int ssl_consume_current_message(mbedtls_ssl_context *ssl) { /* * Consume last content-layer message and potentially * update in_msglen which keeps track of the contents' @@ -4482,15 +4127,13 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) */ /* Case (1): Handshake messages */ - if( ssl->in_hslen != 0 ) - { + if (ssl->in_hslen != 0) { /* Hard assertion to be sure that no application data * is in flight, as corrupting ssl->in_msglen during * ssl->in_offt != NULL is fatal. */ - if( ssl->in_offt != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->in_offt != NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } /* @@ -4514,66 +4157,57 @@ static int ssl_consume_current_message( mbedtls_ssl_context *ssl ) * bounds after handling a DTLS message with an unexpected * sequence number, see mbedtls_ssl_prepare_handshake_record. */ - if( ssl->in_hslen < ssl->in_msglen ) - { + if (ssl->in_hslen < ssl->in_msglen) { ssl->in_msglen -= ssl->in_hslen; - memmove( ssl->in_msg, ssl->in_msg + ssl->in_hslen, - ssl->in_msglen ); + memmove(ssl->in_msg, ssl->in_msg + ssl->in_hslen, + ssl->in_msglen); - MBEDTLS_SSL_DEBUG_BUF( 4, "remaining content in record", - ssl->in_msg, ssl->in_msglen ); - } - else - { + MBEDTLS_SSL_DEBUG_BUF(4, "remaining content in record", + ssl->in_msg, ssl->in_msglen); + } else { ssl->in_msglen = 0; } ssl->in_hslen = 0; } /* Case (4): Application data */ - else if( ssl->in_offt != NULL ) - { - return( 0 ); + else if (ssl->in_offt != NULL) { + return (0); } /* Everything else (CCS & Alerts) */ - else - { + else { ssl->in_msglen = 0; } - return( 0 ); + return (0); } -static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ) -{ - if( ssl->in_msglen > 0 ) - return( 1 ); +static int ssl_record_is_in_progress(mbedtls_ssl_context *ssl) { + if (ssl->in_msglen > 0) + return (1); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_free_buffered_record( mbedtls_ssl_context *ssl ) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( hs == NULL ) +static void ssl_free_buffered_record(mbedtls_ssl_context *ssl) { + mbedtls_ssl_handshake_params *const hs = ssl->handshake; + if (hs == NULL) return; - if( hs->buffering.future_record.data != NULL ) - { + if (hs->buffering.future_record.data != NULL) { hs->buffering.total_bytes_buffered -= hs->buffering.future_record.len; - mbedtls_free( hs->buffering.future_record.data ); + mbedtls_free(hs->buffering.future_record.data); hs->buffering.future_record.data = NULL; } } -static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - unsigned char * rec; +static int ssl_load_buffered_record(mbedtls_ssl_context *ssl) { + mbedtls_ssl_handshake_params *const hs = ssl->handshake; + unsigned char *rec; size_t rec_len; unsigned rec_epoch; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) @@ -4581,87 +4215,83 @@ static int ssl_load_buffered_record( mbedtls_ssl_context *ssl ) #else size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( 0 ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) + return (0); - if( hs == NULL ) - return( 0 ); + if (hs == NULL) + return (0); rec = hs->buffering.future_record.data; rec_len = hs->buffering.future_record.len; rec_epoch = hs->buffering.future_record.epoch; - if( rec == NULL ) - return( 0 ); + if (rec == NULL) + return (0); /* Only consider loading future records if the * input buffer is empty. */ - if( ssl_next_record_is_in_datagram( ssl ) == 1 ) - return( 0 ); + if (ssl_next_record_is_in_datagram(ssl) == 1) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_record" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> ssl_load_buffered_record")); - if( rec_epoch != ssl->in_epoch ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffered record not from current epoch." ) ); + if (rec_epoch != ssl->in_epoch) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffered record not from current epoch.")); goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Found buffered record from current epoch - load" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Found buffered record from current epoch - load")); /* Double-check that the record is not too large */ - if( rec_len > in_buf_len - (size_t)( ssl->in_hdr - ssl->in_buf ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (rec_len > in_buf_len - (size_t)(ssl->in_hdr - ssl->in_buf)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - memcpy( ssl->in_hdr, rec, rec_len ); + memcpy(ssl->in_hdr, rec, rec_len); ssl->in_left = rec_len; ssl->next_record_offset = 0; - ssl_free_buffered_record( ssl ); + ssl_free_buffered_record(ssl); exit: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= ssl_load_buffered_record" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= ssl_load_buffered_record")); + return (0); } -static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, - mbedtls_record const *rec ) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; +static int ssl_buffer_future_record(mbedtls_ssl_context *ssl, + mbedtls_record const *rec) { + mbedtls_ssl_handshake_params *const hs = ssl->handshake; /* Don't buffer future records outside handshakes. */ - if( hs == NULL ) - return( 0 ); + if (hs == NULL) + return (0); /* Only buffer handshake records (we are only interested * in Finished messages). */ - if( rec->type != MBEDTLS_SSL_MSG_HANDSHAKE ) - return( 0 ); + if (rec->type != MBEDTLS_SSL_MSG_HANDSHAKE) + return (0); /* Don't buffer more than one future epoch record. */ - if( hs->buffering.future_record.data != NULL ) - return( 0 ); + if (hs->buffering.future_record.data != NULL) + return (0); /* Don't buffer record if there's not enough buffering space remaining. */ - if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING - - hs->buffering.total_bytes_buffered ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET - " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET - " (already %" MBEDTLS_PRINTF_SIZET - " bytes buffered) -- ignore\n", - rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, - hs->buffering.total_bytes_buffered ) ); - return( 0 ); + if (rec->buf_len > (MBEDTLS_SSL_DTLS_MAX_BUFFERING - + hs->buffering.total_bytes_buffered)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET + " would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET + " (already %" MBEDTLS_PRINTF_SIZET + " bytes buffered) -- ignore\n", + rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING, + hs->buffering.total_bytes_buffered)); + return (0); } /* Buffer record */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u", - ssl->in_epoch + 1U ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len ); + MBEDTLS_SSL_DEBUG_MSG(2, ("Buffer record from epoch %u", + ssl->in_epoch + 1U)); + MBEDTLS_SSL_DEBUG_BUF(3, "Buffered record", rec->buf, rec->buf_len); /* ssl_parse_record_header() only considers records * of the next epoch as candidates for buffering. */ @@ -4669,24 +4299,22 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, hs->buffering.future_record.len = rec->buf_len; hs->buffering.future_record.data = - mbedtls_calloc( 1, hs->buffering.future_record.len ); - if( hs->buffering.future_record.data == NULL ) - { + mbedtls_calloc(1, hs->buffering.future_record.len); + if (hs->buffering.future_record.data == NULL) { /* If we run out of RAM trying to buffer a * record from the next epoch, just ignore. */ - return( 0 ); + return (0); } - memcpy( hs->buffering.future_record.data, rec->buf, rec->buf_len ); + memcpy(hs->buffering.future_record.data, rec->buf, rec->buf_len); hs->buffering.total_bytes_buffered += rec->buf_len; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -static int ssl_get_next_record( mbedtls_ssl_context *ssl ) -{ +static int ssl_get_next_record(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_record rec; @@ -4697,44 +4325,39 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) * the length of the buffered record, so that * the calls to ssl_fetch_input() below will * essentially be no-ops. */ - ret = ssl_load_buffered_record( ssl ); - if( ret != 0 ) - return( ret ); + ret = ssl_load_buffered_record(ssl); + if (ret != 0) + return (ret); #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* Ensure that we have enough space available for the default form * of TLS / DTLS record headers (5 Bytes for TLS, 13 Bytes for DTLS, * with no space for CIDs counted in). */ - ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_in_hdr_len( ssl ) ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl)); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return (ret); } - ret = ssl_parse_record_header( ssl, ssl->in_hdr, ssl->in_left, &rec ); - if( ret != 0 ) - { + ret = ssl_parse_record_header(ssl, ssl->in_hdr, ssl->in_left, &rec); + if (ret != 0) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE ) - { - ret = ssl_buffer_future_record( ssl, &rec ); - if( ret != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE) { + ret = ssl_buffer_future_record(ssl, &rec); + if (ret != 0) + return (ret); /* Fall through to handling of unexpected records */ ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD; } - if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ) - { + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_RECORD) { #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) /* Reset in pointers to default state for TLS/DTLS records, * assuming no CID and no offset between record content and * record plaintext. */ - mbedtls_ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers(ssl); /* Setup internal message pointers from record structure. */ ssl->in_msgtype = rec.type; @@ -4744,59 +4367,52 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_iv = ssl->in_msg = ssl->in_len + 2; ssl->in_msglen = rec.data_len; - ret = ssl_check_client_reconnect( ssl ); - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_check_client_reconnect", ret ); - if( ret != 0 ) - return( ret ); + ret = ssl_check_client_reconnect(ssl); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_check_client_reconnect", ret); + if (ret != 0) + return (ret); #endif /* Skip unexpected record (but not whole datagram) */ ssl->next_record_offset = rec.buf_len; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding unexpected record " - "(header)" ) ); - } - else - { + MBEDTLS_SSL_DEBUG_MSG(1, ("discarding unexpected record " + "(header)")); + } else { /* Skip invalid record and the rest of the datagram */ ssl->next_record_offset = 0; ssl->in_left = 0; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record " - "(header)" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record " + "(header)")); } /* Get next record */ - return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); - } - else + return (MBEDTLS_ERR_SSL_CONTINUE_PROCESSING); + } else #endif { - return( ret ); + return (ret); } } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Remember offset of next record within datagram. */ ssl->next_record_offset = rec.buf_len; - if( ssl->next_record_offset < ssl->in_left ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "more than one record within datagram" ) ); + if (ssl->next_record_offset < ssl->in_left) { + MBEDTLS_SSL_DEBUG_MSG(3, ("more than one record within datagram")); } - } - else + } else #endif { /* * Fetch record contents from underlying transport. */ - ret = mbedtls_ssl_fetch_input( ssl, rec.buf_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + ret = mbedtls_ssl_fetch_input(ssl, rec.buf_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return (ret); } ssl->in_left = 0; @@ -4806,37 +4422,31 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) * Decrypt record contents. */ - if( ( ret = ssl_prepare_record_content( ssl, &rec ) ) != 0 ) - { + if ((ret = ssl_prepare_record_content(ssl, &rec)) != 0) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Silently discard invalid records */ - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - { + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { /* Except when waiting for Finished as a bad mac here * probably means something went wrong in the handshake * (eg wrong psk used, mitm downgrade attempt, etc.) */ - if( ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || - ssl->state == MBEDTLS_SSL_SERVER_FINISHED ) - { + if (ssl->state == MBEDTLS_SSL_CLIENT_FINISHED || + ssl->state == MBEDTLS_SSL_SERVER_FINISHED) { #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - { - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); } #endif - return( ret ); + return (ret); } #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - if( ssl->conf->badmac_limit != 0 && - ++ssl->badmac_seen >= ssl->conf->badmac_limit ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "too many records with bad MAC" ) ); - return( MBEDTLS_ERR_SSL_INVALID_MAC ); + if (ssl->conf->badmac_limit != 0 && + ++ssl->badmac_seen >= ssl->conf->badmac_limit) { + MBEDTLS_SSL_DEBUG_MSG(1, ("too many records with bad MAC")); + return (MBEDTLS_ERR_SSL_INVALID_MAC); } #endif @@ -4846,25 +4456,23 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->next_record_offset = 0; ssl->in_left = 0; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "discarding invalid record (mac)" ) ); - return( MBEDTLS_ERR_SSL_CONTINUE_PROCESSING ); + MBEDTLS_SSL_DEBUG_MSG(1, ("discarding invalid record (mac)")); + return (MBEDTLS_ERR_SSL_CONTINUE_PROCESSING); } - return( ret ); - } - else + return (ret); + } else #endif { /* Error out (and send alert) on invalid records */ #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - { - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC ); + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC); } #endif - return( ret ); + return (ret); } } @@ -4872,7 +4480,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) /* Reset in pointers to default state for TLS/DTLS records, * assuming no CID and no offset between record content and * record plaintext. */ - mbedtls_ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->in_len = ssl->in_cid + rec.cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -4888,131 +4496,114 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) ssl->in_hdr[0] = rec.type; ssl->in_msg = rec.buf + rec.data_offset; ssl->in_msglen = rec.data_len; - ssl->in_len[0] = (unsigned char)( rec.data_len >> 8 ); - ssl->in_len[1] = (unsigned char)( rec.data_len ); + ssl->in_len[0] = (unsigned char)(rec.data_len >> 8); + ssl->in_len[1] = (unsigned char)(rec.data_len); #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->transform_in != NULL && - ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - if( ( ret = ssl_decompress_buf( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_decompress_buf", ret ); - return( ret ); + if (ssl->transform_in != NULL && + ssl->session_in->compression == MBEDTLS_SSL_COMPRESS_DEFLATE) { + if ((ret = ssl_decompress_buf(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_decompress_buf", ret); + return (ret); } /* Check actual (decompress) record content length against * configured maximum. */ - if( ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad message length" ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msglen > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad message length")); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } } #endif /* MBEDTLS_ZLIB_SUPPORT */ - return( 0 ); + return (0); } -int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * Handle particular types of records */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) - { - if( ( ret = mbedtls_ssl_prepare_handshake_record( ssl ) ) != 0 ) - { - return( ret ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { + if ((ret = mbedtls_ssl_prepare_handshake_record(ssl)) != 0) { + return (ret); } } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - if( ssl->in_msglen != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { + if (ssl->in_msglen != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - if( ssl->in_msg[0] != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, content: %02x", - ssl->in_msg[0] ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + if (ssl->in_msg[0] != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid CCS message, content: %02x", + ssl->in_msg[0])); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && - ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC ) - { - if( ssl->handshake == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping ChangeCipherSpec outside handshake" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_RECORD ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->state != MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC && + ssl->state != MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC) { + if (ssl->handshake == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("dropping ChangeCipherSpec outside handshake")); + return (MBEDTLS_ERR_SSL_UNEXPECTED_RECORD); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received out-of-order ChangeCipherSpec - remember" ) ); - return( MBEDTLS_ERR_SSL_EARLY_MESSAGE ); + MBEDTLS_SSL_DEBUG_MSG(1, ("received out-of-order ChangeCipherSpec - remember")); + return (MBEDTLS_ERR_SSL_EARLY_MESSAGE); } #endif } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) - { - if( ssl->in_msglen != 2 ) - { + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { + if (ssl->in_msglen != 2) { /* Note: Standard allows for more than one 2 byte alert to be packed in a single message, but Mbed TLS doesn't currently support this. */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, - ssl->in_msglen ) ); - return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid alert message, len: %" MBEDTLS_PRINTF_SIZET, + ssl->in_msglen)); + return (MBEDTLS_ERR_SSL_INVALID_RECORD); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]", - ssl->in_msg[0], ssl->in_msg[1] ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("got an alert message, type: [%u:%u]", + ssl->in_msg[0], ssl->in_msg[1])); /* * Ignore non-fatal alerts, except close_notify and no_renegotiation */ - if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "is a fatal alert message (msg %d)", - ssl->in_msg[1] ) ); - return( MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE ); + if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_FATAL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("is a fatal alert message (msg %d)", + ssl->in_msg[1])); + return (MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE); } - if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a close notify message" ) ); - return( MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ); + if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY) { + MBEDTLS_SSL_DEBUG_MSG(2, ("is a close notify message")); + return (MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY); } #if defined(MBEDTLS_SSL_RENEGOTIATION_ENABLED) - if( ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no renegotiation alert" ) ); + if (ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION) { + MBEDTLS_SSL_DEBUG_MSG(2, ("is a SSLv3 no renegotiation alert")); /* Will be handled when trying to parse ServerHello */ - return( 0 ); + return (0); } #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) && defined(MBEDTLS_SSL_SRV_C) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "is a SSLv3 no_cert" ) ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 && + ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT) { + MBEDTLS_SSL_DEBUG_MSG(2, ("is a SSLv3 no_cert")); /* Will be handled in mbedtls_ssl_parse_certificate() */ - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_PROTO_SSL3 && MBEDTLS_SSL_SRV_C */ @@ -5021,72 +4612,65 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* Drop unexpected ApplicationData records, * except at the beginning of renegotiations */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER #if defined(MBEDTLS_SSL_RENEGOTIATION) - && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->state == MBEDTLS_SSL_SERVER_HELLO ) + && !(ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->state == MBEDTLS_SSL_SERVER_HELLO) #endif - ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "dropping unexpected ApplicationData" ) ); - return( MBEDTLS_ERR_SSL_NON_FATAL ); + ) { + MBEDTLS_SSL_DEBUG_MSG(1, ("dropping unexpected ApplicationData")); + return (MBEDTLS_ERR_SSL_NON_FATAL); } - if( ssl->handshake != NULL && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - { - mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); + if (ssl->handshake != NULL && + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - return( 0 ); + return (0); } -int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl ) -{ - return( mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ) ); +int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl) { + return (mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE)); } -int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, - unsigned char level, - unsigned char message ) -{ +int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl, + unsigned char level, + unsigned char message) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "send alert level=%u message=%u", level, message )); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> send alert message")); + MBEDTLS_SSL_DEBUG_MSG(3, ("send alert level=%u message=%u", level, message)); ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; ssl->out_msglen = 2; ssl->out_msg[0] = level; ssl->out_msg[1] = message; - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= send alert message" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= send alert message")); - return( 0 ); + return (0); } -int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); ssl->out_msgtype = MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC; ssl->out_msglen = 1; @@ -5094,35 +4678,31 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); - return( 0 ); + return (0); } -int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_parse_change_cipher_spec(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse change cipher spec")); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad change cipher spec message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } /* CCS records are only accepted if they have length 1 and content '1', @@ -5132,50 +4712,45 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) * Switch to our negotiated transform and session parameters for inbound * data. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for inbound data" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for inbound data")); ssl->transform_in = ssl->transform_negotiate; ssl->session_in = ssl->session_negotiate; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset( ssl ); + mbedtls_ssl_dtls_replay_reset(ssl); #endif /* Increment epoch */ - if( ++ssl->in_epoch == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); + if (++ssl->in_epoch == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); /* This is highly unlikely to happen for legitimate reasons, so treat it as an attack and don't send an alert. */ - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + return (MBEDTLS_ERR_SSL_COUNTER_WRAPPING); } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->in_ctr, 0, 8 ); + memset(ssl->in_ctr, 0, 8); - mbedtls_ssl_update_in_pointers( ssl ); + mbedtls_ssl_update_in_pointers(ssl); #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_activate != NULL ) - { - if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_INBOUND ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_activate != NULL) { + if ((ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_INBOUND)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } } #endif ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec")); - return( 0 ); + return (0); } /* Once ssl->out_hdr as the address of the beginning of the @@ -5187,32 +4762,28 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) */ static size_t ssl_transform_get_explicit_iv_len( - mbedtls_ssl_transform const *transform ) -{ - if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) - return( 0 ); + mbedtls_ssl_transform const *transform) { + if (transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2) + return (0); - return( transform->ivlen - transform->fixed_ivlen ); + return (transform->ivlen - transform->fixed_ivlen); } -void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, - mbedtls_ssl_transform *transform ) -{ +void mbedtls_ssl_update_out_pointers(mbedtls_ssl_context *ssl, + mbedtls_ssl_transform *transform) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_ctr = ssl->out_hdr + 3; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ssl->out_cid = ssl->out_ctr + 8; ssl->out_len = ssl->out_cid; - if( transform != NULL ) + if (transform != NULL) ssl->out_len += transform->out_cid_len; #else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_len = ssl->out_ctr + 8; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->out_iv = ssl->out_len + 2; - } - else + } else #endif { ssl->out_ctr = ssl->out_hdr - 8; @@ -5225,8 +4796,8 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, ssl->out_msg = ssl->out_iv; /* Adjust out_msg to make space for explicit IV, if used. */ - if( transform != NULL ) - ssl->out_msg += ssl_transform_get_explicit_iv_len( transform ); + if (transform != NULL) + ssl->out_msg += ssl_transform_get_explicit_iv_len(transform); } /* Once ssl->in_hdr as the address of the beginning of the @@ -5237,8 +4808,7 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, * and the caller has to make sure there's space for this. */ -void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_update_in_pointers(mbedtls_ssl_context *ssl) { /* This function sets the pointers to match the case * of unprotected TLS/DTLS records, with both ssl->in_iv * and ssl->in_msg pointing to the beginning of the record @@ -5250,8 +4820,7 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* This sets the header pointers to match records * without CID. When we receive a record containing * a CID, the fields are shifted accordingly in @@ -5264,8 +4833,7 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) ssl->in_len = ssl->in_ctr + 8; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ ssl->in_iv = ssl->in_len + 2; - } - else + } else #endif { ssl->in_ctr = ssl->in_hdr - 8; @@ -5284,16 +4852,13 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl ) * Setup an SSL context */ -void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_reset_in_out_pointers(mbedtls_ssl_context *ssl) { /* Set the incoming and outgoing record pointers. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->out_hdr = ssl->out_buf; ssl->in_hdr = ssl->in_buf; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ { ssl->out_hdr = ssl->out_buf + 8; @@ -5301,29 +4866,26 @@ void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl ) } /* Derive other internal pointers. */ - mbedtls_ssl_update_out_pointers( ssl, NULL /* no transform enabled */ ); - mbedtls_ssl_update_in_pointers ( ssl ); + mbedtls_ssl_update_out_pointers(ssl, NULL /* no transform enabled */); + mbedtls_ssl_update_in_pointers(ssl); } /* * SSL get accessors */ -size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl ) -{ - return( ssl->in_offt == NULL ? 0 : ssl->in_msglen ); +size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl) { + return (ssl->in_offt == NULL ? 0 : ssl->in_msglen); } -int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl) { /* * Case A: We're currently holding back * a message for further processing. */ - if( ssl->keep_current_message == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: record held back for processing" ) ); - return( 1 ); + if (ssl->keep_current_message == 1) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: record held back for processing")); + return (1); } /* @@ -5331,11 +4893,10 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->in_left > ssl->next_record_offset ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more records within current datagram" ) ); - return( 1 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->in_left > ssl->next_record_offset) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more records within current datagram")); + return (1); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -5343,19 +4904,17 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * Case C: A handshake message is being processed. */ - if( ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: more handshake messages within current record" ) ); - return( 1 ); + if (ssl->in_hslen > 0 && ssl->in_hslen < ssl->in_msglen) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: more handshake messages within current record")); + return (1); } /* * Case D: An application data message is being processed */ - if( ssl->in_offt != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: application data record is being processed" ) ); - return( 1 ); + if (ssl->in_offt != NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: application data record is being processed")); + return (1); } /* @@ -5364,29 +4923,27 @@ int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl ) * we implement support for multiple alerts in single records. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_check_pending: nothing pending" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ssl_check_pending: nothing pending")); + return (0); } -int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl) { size_t transform_expansion = 0; const mbedtls_ssl_transform *transform = ssl->transform_out; unsigned block_size; - size_t out_hdr_len = mbedtls_ssl_out_hdr_len( ssl ); + size_t out_hdr_len = mbedtls_ssl_out_hdr_len(ssl); - if( transform == NULL ) - return( (int) out_hdr_len ); + if (transform == NULL) + return ((int) out_hdr_len); #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl->session_out->compression != MBEDTLS_SSL_COMPRESS_NULL) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif - switch( mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc ) ) - { + switch (mbedtls_cipher_get_cipher_mode(&transform->cipher_ctx_enc)) { case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_CCM: case MBEDTLS_MODE_CHACHAPOLY: @@ -5397,7 +4954,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) case MBEDTLS_MODE_CBC: block_size = mbedtls_cipher_get_block_size( - &transform->cipher_ctx_enc ); + &transform->cipher_ctx_enc); /* Expansion due to the addition of the MAC. */ transform_expansion += transform->maclen; @@ -5410,81 +4967,75 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) /* For TLS 1.1 or higher, an explicit IV is added * after the record header. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) + if (ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2) transform_expansion += block_size; #endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ break; default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( transform->out_cid_len != 0 ) + if (transform->out_cid_len != 0) transform_expansion += MBEDTLS_SSL_MAX_CID_EXPANSION; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - return( (int)( out_hdr_len + transform_expansion ) ); + return ((int)(out_hdr_len + transform_expansion)); } #if defined(MBEDTLS_SSL_RENEGOTIATION) /* * Check record counters and renegotiate if they're above the limit. */ -static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) -{ - size_t ep_len = mbedtls_ssl_ep_len( ssl ); +static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl) { + size_t ep_len = mbedtls_ssl_ep_len(ssl); int in_ctr_cmp; int out_ctr_cmp; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || - ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) - { - return( 0 ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || + ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED) { + return (0); } - in_ctr_cmp = memcmp( ssl->in_ctr + ep_len, - ssl->conf->renego_period + ep_len, 8 - ep_len ); - out_ctr_cmp = memcmp( ssl->cur_out_ctr + ep_len, - ssl->conf->renego_period + ep_len, 8 - ep_len ); + in_ctr_cmp = memcmp(ssl->in_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len); + out_ctr_cmp = memcmp(ssl->cur_out_ctr + ep_len, + ssl->conf->renego_period + ep_len, 8 - ep_len); - if( in_ctr_cmp <= 0 && out_ctr_cmp <= 0 ) - { - return( 0 ); + if (in_ctr_cmp <= 0 && out_ctr_cmp <= 0) { + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "record counter limit reached: renegotiate" ) ); - return( mbedtls_ssl_renegotiate( ssl ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("record counter limit reached: renegotiate")); + return (mbedtls_ssl_renegotiate(ssl)); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ /* * Receive application data decrypted from the SSL layer */ -int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) -{ +int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> read")); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) + return (ret); - if( ssl->handshake != NULL && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); + if (ssl->handshake != NULL && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) + return (ret); } } #endif @@ -5502,64 +5053,55 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - ret = ssl_check_ctr_renegotiate( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); - return( ret ); + ret = ssl_check_ctr_renegotiate(ssl); + if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); + return (ret); } #endif - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - ret = mbedtls_ssl_handshake( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + ret = mbedtls_ssl_handshake(ssl); + if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return (ret); } } /* Loop as long as no application data record is available */ - while( ssl->in_offt == NULL ) - { + while (ssl->in_offt == NULL) { /* Start timer if not already running */ - if( ssl->f_get_timer != NULL && - ssl->f_get_timer( ssl->p_timer ) == -1 ) - { - mbedtls_ssl_set_timer( ssl, ssl->conf->read_timeout ); + if (ssl->f_get_timer != NULL && + ssl->f_get_timer(ssl->p_timer) == -1) { + mbedtls_ssl_set_timer(ssl, ssl->conf->read_timeout); } - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) - return( 0 ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + if (ret == MBEDTLS_ERR_SSL_CONN_EOF) + return (0); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msglen == 0 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { + if (ssl->in_msglen == 0 && + ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { /* * OpenSSL sends empty messages to randomize the IV */ - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_SSL_CONN_EOF ) - return( 0 ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + if (ret == MBEDTLS_ERR_SSL_CONN_EOF) + return (0); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } } - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received handshake message")); /* * - For client-side, expect SERVER_HELLO_REQUEST. @@ -5568,106 +5110,93 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) */ #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ( ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + (ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_REQUEST || + ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl))) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not HelloRequest)")); /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { continue; } #endif - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake received (not ClientHello)" ) ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("handshake received (not ClientHello)")); /* With DTLS, drop the packet (probably from last handshake) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { continue; } #endif - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_RENEGOTIATION) /* Determine whether renegotiation attempt should be accepted */ - if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || - ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) ) - { + if (!(ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || + (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION))) { /* * Accept renegotiation request */ /* DTLS clients need to know renego is server-initiated */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; } #endif - ret = mbedtls_ssl_start_renegotiation( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", - ret ); - return( ret ); + ret = mbedtls_ssl_start_renegotiation(ssl); + if (ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", + ret); + return (ret); } - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { /* * Refuse renegotiation */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("refusing renegotiation, sending alert")); #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { /* SSLv3 does not have a "no_renegotiation" warning, so we send a fatal alert and abort the connection. */ - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); - } - else + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) - { - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 ) - { - return( ret ); - } - } - else + if (ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) { + if ((ret = mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_WARNING, + MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION)) != 0) { + return (ret); + } + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } } /* At this point, we don't know whether the renegotiation has been @@ -5691,84 +5220,74 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) continue; } #if defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ssl->conf->renego_max_records >= 0 ) - { - if( ++ssl->renego_records_seen > ssl->conf->renego_max_records ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " - "but not honored by client" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if (ssl->conf->renego_max_records >= 0) { + if (++ssl->renego_records_seen > ssl->conf->renego_max_records) { + MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation requested, " + "but not honored by client")); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } } } #endif /* MBEDTLS_SSL_RENEGOTIATION */ /* Fatal and closure alerts handled by mbedtls_ssl_read_record() */ - if( ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) ); - return( MBEDTLS_ERR_SSL_WANT_READ ); + if (ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT) { + MBEDTLS_SSL_DEBUG_MSG(2, ("ignoring non-fatal non-closure alert")); + return (MBEDTLS_ERR_SSL_WANT_READ); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad application data message" ) ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad application data message")); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } ssl->in_offt = ssl->in_msg; /* We're going to return something now, cancel timer, * except if handshake (renegotiation) is in progress */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - mbedtls_ssl_set_timer( ssl, 0 ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) + mbedtls_ssl_set_timer(ssl, 0); #if defined(MBEDTLS_SSL_PROTO_DTLS) /* If we requested renego but received AppData, resend HelloRequest. * Do it now, after setting in_offt, to avoid taking this branch * again if ssl_write_hello_request() returns WANT_WRITE */ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ( ret = mbedtls_ssl_resend_hello_request( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_resend_hello_request", - ret ); - return( ret ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if ((ret = mbedtls_ssl_resend_hello_request(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_resend_hello_request", + ret); + return (ret); } } #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ } - n = ( len < ssl->in_msglen ) + n = (len < ssl->in_msglen) ? len : ssl->in_msglen; - memcpy( buf, ssl->in_offt, n ); + memcpy(buf, ssl->in_offt, n); ssl->in_msglen -= n; /* Zeroising the plaintext buffer to erase unused application data from the memory. */ - mbedtls_platform_zeroize( ssl->in_offt, n ); + mbedtls_platform_zeroize(ssl->in_offt, n); - if( ssl->in_msglen == 0 ) - { + if (ssl->in_msglen == 0) { /* all bytes consumed */ ssl->in_offt = NULL; ssl->keep_current_message = 0; - } - else - { + } else { /* more data available */ ssl->in_offt += n; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= read" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= read")); - return( (int) n ); + return ((int) n); } /* @@ -5783,50 +5302,41 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * Therefore, it is possible that the input message length is 0 and the * corresponding return code is 0 on success. */ -static int ssl_write_real( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ - int ret = mbedtls_ssl_get_max_out_record_payload( ssl ); +static int ssl_write_real(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { + int ret = mbedtls_ssl_get_max_out_record_payload(ssl); const size_t max_len = (size_t) ret; - if( ret < 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_get_max_out_record_payload", ret ); - return( ret ); + if (ret < 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_max_out_record_payload", ret); + return (ret); } - if( len > max_len ) - { + if (len > max_len) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) " - "maximum fragment length: %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - len, max_len ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - } - else + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_DEBUG_MSG(1, ("fragment larger than the (negotiated) " + "maximum fragment length: %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + len, max_len)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + } else #endif len = max_len; } - if( ssl->out_left != 0 ) - { + if (ssl->out_left != 0) { /* * The user has previously tried to send the data and * MBEDTLS_ERR_SSL_WANT_WRITE or the message was only partially * written. In this case, we expect the high-level write function * (e.g. mbedtls_ssl_write()) to be called with the same parameters */ - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flush_output", ret ); - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); + return (ret); } - } - else - { + } else { /* * The user is trying to send a message the first time, so we need to * copy the data into the internal buffers and setup the data structure @@ -5834,16 +5344,15 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, */ ssl->out_msglen = len; ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - memcpy( ssl->out_msg, buf, len ); + memcpy(ssl->out_msg, buf, len); - if( ( ret = mbedtls_ssl_write_record( ssl, SSL_FORCE_FLUSH ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); + return (ret); } } - return( (int) len ); + return ((int) len); } /* @@ -5854,159 +5363,145 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, * remember whether we already did the split or not. */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) -static int ssl_write_split( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ +static int ssl_write_split(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl->conf->cbc_record_splitting == + if (ssl->conf->cbc_record_splitting == MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || - len <= 1 || - ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || - mbedtls_cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc ) - != MBEDTLS_MODE_CBC ) - { - return( ssl_write_real( ssl, buf, len ) ); + len <= 1 || + ssl->minor_ver > MBEDTLS_SSL_MINOR_VERSION_1 || + mbedtls_cipher_get_cipher_mode(&ssl->transform_out->cipher_ctx_enc) + != MBEDTLS_MODE_CBC) { + return (ssl_write_real(ssl, buf, len)); } - if( ssl->split_done == 0 ) - { - if( ( ret = ssl_write_real( ssl, buf, 1 ) ) <= 0 ) - return( ret ); + if (ssl->split_done == 0) { + if ((ret = ssl_write_real(ssl, buf, 1)) <= 0) + return (ret); ssl->split_done = 1; } - if( ( ret = ssl_write_real( ssl, buf + 1, len - 1 ) ) <= 0 ) - return( ret ); + if ((ret = ssl_write_real(ssl, buf + 1, len - 1)) <= 0) + return (ret); ssl->split_done = 0; - return( ret + 1 ); + return (ret + 1); } #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ /* * Write application data (public-facing wrapper) */ -int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) -{ +int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write")); - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_check_ctr_renegotiate", ret ); - return( ret ); + if ((ret = ssl_check_ctr_renegotiate(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_check_ctr_renegotiate", ret); + return (ret); } #endif - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return (ret); } } #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - ret = ssl_write_split( ssl, buf, len ); + ret = ssl_write_split(ssl, buf, len); #else - ret = ssl_write_real( ssl, buf, len ); + ret = ssl_write_real(ssl, buf, len); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write")); - return( ret ); + return (ret); } /* * Notify the peer that the connection is being closed */ -int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write close notify")); - if( ssl->out_left != 0 ) - return( mbedtls_ssl_flush_output( ssl ) ); + if (ssl->out_left != 0) + return (mbedtls_ssl_flush_output(ssl)); - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) - { - if( ( ret = mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_WARNING, - MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_send_alert_message", ret ); - return( ret ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + if ((ret = mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_WARNING, + MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_send_alert_message", ret); + return (ret); } } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write close notify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write close notify")); - return( 0 ); + return (0); } -void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) -{ - if( transform == NULL ) +void mbedtls_ssl_transform_free(mbedtls_ssl_transform *transform) { + if (transform == NULL) return; #if defined(MBEDTLS_ZLIB_SUPPORT) - deflateEnd( &transform->ctx_deflate ); - inflateEnd( &transform->ctx_inflate ); + deflateEnd(&transform->ctx_deflate); + inflateEnd(&transform->ctx_inflate); #endif - mbedtls_cipher_free( &transform->cipher_ctx_enc ); - mbedtls_cipher_free( &transform->cipher_ctx_dec ); + mbedtls_cipher_free(&transform->cipher_ctx_enc); + mbedtls_cipher_free(&transform->cipher_ctx_dec); #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - mbedtls_md_free( &transform->md_ctx_enc ); - mbedtls_md_free( &transform->md_ctx_dec ); + mbedtls_md_free(&transform->md_ctx_enc); + mbedtls_md_free(&transform->md_ctx_dec); #endif - mbedtls_platform_zeroize( transform, sizeof( mbedtls_ssl_transform ) ); + mbedtls_platform_zeroize(transform, sizeof(mbedtls_ssl_transform)); } #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_buffering_free(mbedtls_ssl_context *ssl) { unsigned offset; - mbedtls_ssl_handshake_params * const hs = ssl->handshake; + mbedtls_ssl_handshake_params *const hs = ssl->handshake; - if( hs == NULL ) + if (hs == NULL) return; - ssl_free_buffered_record( ssl ); + ssl_free_buffered_record(ssl); - for( offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++ ) - ssl_buffering_free_slot( ssl, offset ); + for (offset = 0; offset < MBEDTLS_SSL_MAX_BUFFERED_HS; offset++) + ssl_buffering_free_slot(ssl, offset); } -static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, - uint8_t slot ) -{ - mbedtls_ssl_handshake_params * const hs = ssl->handshake; - mbedtls_ssl_hs_buffer * const hs_buf = &hs->buffering.hs[slot]; +static void ssl_buffering_free_slot(mbedtls_ssl_context *ssl, + uint8_t slot) { + mbedtls_ssl_handshake_params *const hs = ssl->handshake; + mbedtls_ssl_hs_buffer *const hs_buf = &hs->buffering.hs[slot]; - if( slot >= MBEDTLS_SSL_MAX_BUFFERED_HS ) + if (slot >= MBEDTLS_SSL_MAX_BUFFERED_HS) return; - if( hs_buf->is_valid == 1 ) - { + if (hs_buf->is_valid == 1) { hs->buffering.total_bytes_buffered -= hs_buf->data_len; - mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len ); - mbedtls_free( hs_buf->data ); - memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); + mbedtls_platform_zeroize(hs_buf->data, hs_buf->data_len); + mbedtls_free(hs_buf->data); + memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); } } @@ -6021,19 +5516,16 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, * 1.0 <-> 3.2 (DTLS 1.0 is based on TLS 1.1) * 1.x <-> 3.x+1 for x != 0 (DTLS 1.2 based on TLS 1.2) */ -void mbedtls_ssl_write_version( int major, int minor, int transport, - unsigned char ver[2] ) -{ +void mbedtls_ssl_write_version(int major, int minor, int transport, + unsigned char ver[2]) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - if( minor == MBEDTLS_SSL_MINOR_VERSION_2 ) + if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + if (minor == MBEDTLS_SSL_MINOR_VERSION_2) --minor; /* DTLS 1.0 stored as TLS 1.1 internally */ - ver[0] = (unsigned char)( 255 - ( major - 2 ) ); - ver[1] = (unsigned char)( 255 - ( minor - 1 ) ); - } - else + ver[0] = (unsigned char)(255 - (major - 2)); + ver[1] = (unsigned char)(255 - (minor - 1)); + } else #else ((void) transport); #endif @@ -6043,19 +5535,16 @@ void mbedtls_ssl_write_version( int major, int minor, int transport, } } -void mbedtls_ssl_read_version( int *major, int *minor, int transport, - const unsigned char ver[2] ) -{ +void mbedtls_ssl_read_version(int *major, int *minor, int transport, + const unsigned char ver[2]) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { *major = 255 - ver[0] + 2; *minor = 255 - ver[1] + 1; - if( *minor == MBEDTLS_SSL_MINOR_VERSION_1 ) + if (*minor == MBEDTLS_SSL_MINOR_VERSION_1) ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */ - } - else + } else #else ((void) transport); #endif diff --git a/common/mbedtls/ssl_srv.c b/common/mbedtls/ssl_srv.c index 807fb187b..3d15931aa 100644 --- a/common/mbedtls/ssl_srv.c +++ b/common/mbedtls/ssl_srv.c @@ -46,29 +46,27 @@ #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl, - const unsigned char *info, - size_t ilen ) -{ - if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl, + const unsigned char *info, + size_t ilen) { + if (ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - mbedtls_free( ssl->cli_id ); + mbedtls_free(ssl->cli_id); - if( ( ssl->cli_id = mbedtls_calloc( 1, ilen ) ) == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((ssl->cli_id = mbedtls_calloc(1, ilen)) == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - memcpy( ssl->cli_id, info, ilen ); + memcpy(ssl->cli_id, info, ilen); ssl->cli_id_len = ilen; - return( 0 ); + return (0); } -void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, - mbedtls_ssl_cookie_write_t *f_cookie_write, - mbedtls_ssl_cookie_check_t *f_cookie_check, - void *p_cookie ) -{ +void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf, + mbedtls_ssl_cookie_write_t *f_cookie_write, + mbedtls_ssl_cookie_check_t *f_cookie_check, + void *p_cookie) { conf->f_cookie_write = f_cookie_write; conf->f_cookie_check = f_cookie_check; conf->p_cookie = p_cookie; @@ -76,150 +74,134 @@ void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_servername_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t servername_list_size, hostname_len; const unsigned char *p; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("parse ServerName extension")); - if( len < 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( servername_list_size + 2 != len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + servername_list_size = ((buf[0] << 8) | (buf[1])); + if (servername_list_size + 2 != len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } p = buf + 2; - while( servername_list_size > 2 ) - { - hostname_len = ( ( p[1] << 8 ) | p[2] ); - if( hostname_len + 3 > servername_list_size ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + while (servername_list_size > 2) { + hostname_len = ((p[1] << 8) | p[2]); + if (hostname_len + 3 > servername_list_size) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) - { - ret = ssl->conf->f_sni( ssl->conf->p_sni, - ssl, p + 3, hostname_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME) { + ret = ssl->conf->f_sni(ssl->conf->p_sni, + ssl, p + 3, hostname_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_sni_wrapper", ret); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - return( 0 ); + return (0); } servername_list_size -= hostname_len + 3; p += hostname_len + 3; } - if( servername_list_size != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (servername_list_size != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf ) -{ - if( conf->f_psk != NULL ) - return( 1 ); +static int ssl_conf_has_psk_or_cb(mbedtls_ssl_config const *conf) { + if (conf->f_psk != NULL) + return (1); - if( conf->psk_identity_len == 0 || conf->psk_identity == NULL ) - return( 0 ); + if (conf->psk_identity_len == 0 || conf->psk_identity == NULL) + return (0); - if( conf->psk != NULL && conf->psk_len != 0 ) - return( 1 ); + if (conf->psk != NULL && conf->psk_len != 0) + return (1); #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - return( 1 ); + if (! mbedtls_svc_key_id_is_null(conf->psk_opaque)) + return (1); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return( 0 ); + return (0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) -static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) -{ - if( ssl->conf->f_psk != NULL ) - { +static int ssl_use_opaque_psk(mbedtls_ssl_context const *ssl) { + if (ssl->conf->f_psk != NULL) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( 1 ); + if (! mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) + return (1); - return( 0 ); + return (0); } - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( 1 ); + if (! mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) + return (1); - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { /* Check verify-data in constant-time. The length OTOH is no secret */ - if( len != 1 + ssl->verify_data_len || - buf[0] != ssl->verify_data_len || - mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data, - ssl->verify_data_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 1 + ssl->verify_data_len || + buf[0] != ssl->verify_data_len || + mbedtls_ssl_safer_memcmp(buf + 1, ssl->peer_verify_data, + ssl->verify_data_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-matching renegotiation info")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { - if( len != 1 || buf[0] != 0x0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != 1 || buf[0] != 0x0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("non-zero length renegotiation info")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; } - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ @@ -237,10 +219,9 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, * This needs to be done at a later stage. * */ -static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_signature_algorithms_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t sig_alg_list_size; const unsigned char *p; @@ -249,20 +230,19 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, mbedtls_md_type_t md_cur; mbedtls_pk_type_t sig_cur; - if ( len < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( sig_alg_list_size + 2 != len || - sig_alg_list_size % 2 != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + sig_alg_list_size = ((buf[0] << 8) | (buf[1])); + if (sig_alg_list_size + 2 != len || + sig_alg_list_size % 2 != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* Currently we only guarantee signing the ServerKeyExchange message according @@ -274,102 +254,90 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, * pair list from the extension. */ - for( p = buf + 2; p < end; p += 2 ) - { + for (p = buf + 2; p < end; p += 2) { /* Silently ignore unknown signature or hash algorithms. */ - if( ( sig_cur = mbedtls_ssl_pk_alg_from_sig( p[1] ) ) == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext" - " unknown sig alg encoding %d", p[1] ) ); + if ((sig_cur = mbedtls_ssl_pk_alg_from_sig(p[1])) == MBEDTLS_PK_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext" + " unknown sig alg encoding %d", p[1])); continue; } /* Check if we support the hash the user proposes */ - md_cur = mbedtls_ssl_md_alg_from_hash( p[0] ); - if( md_cur == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " unknown hash alg encoding %d", p[0] ) ); + md_cur = mbedtls_ssl_md_alg_from_hash(p[0]); + if (md_cur == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext:" + " unknown hash alg encoding %d", p[0])); continue; } - if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 ) - { - mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:" - " match sig %u and hash %u", - (unsigned) sig_cur, (unsigned) md_cur ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: " - "hash alg %u not supported", (unsigned) md_cur ) ); + if (mbedtls_ssl_check_sig_hash(ssl, md_cur) == 0) { + mbedtls_ssl_sig_hash_set_add(&ssl->handshake->hash_algs, sig_cur, md_cur); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext:" + " match sig %u and hash %u", + (unsigned) sig_cur, (unsigned) md_cur)); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: " + "hash alg %u not supported", (unsigned) md_cur)); } } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_supported_elliptic_curves(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t list_size, our_size; const unsigned char *p; const mbedtls_ecp_curve_info *curve_info, **curves; - if ( len < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); - if( list_size + 2 != len || - list_size % 2 != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + list_size = ((buf[0] << 8) | (buf[1])); + if (list_size + 2 != len || + list_size % 2 != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* Should never happen unless client duplicates the extension */ - if( ssl->handshake->curves != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->handshake->curves != NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* Don't allow our peer to make us allocate too much memory, * and leave room for a final 0 */ our_size = list_size / 2 + 1; - if( our_size > MBEDTLS_ECP_DP_MAX ) + if (our_size > MBEDTLS_ECP_DP_MAX) our_size = MBEDTLS_ECP_DP_MAX; - if( ( curves = mbedtls_calloc( our_size, sizeof( *curves ) ) ) == NULL ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((curves = mbedtls_calloc(our_size, sizeof(*curves))) == NULL) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } ssl->handshake->curves = curves; p = buf + 2; - while( list_size > 0 && our_size > 1 ) - { - curve_info = mbedtls_ecp_curve_info_from_tls_id( ( p[0] << 8 ) | p[1] ); + while (list_size > 0 && our_size > 1) { + curve_info = mbedtls_ecp_curve_info_from_tls_id((p[0] << 8) | p[1]); - if( curve_info != NULL ) - { + if (curve_info != NULL) { *curves++ = curve_info; our_size--; } @@ -378,112 +346,101 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, p += 2; } - return( 0 ); + return (0); } -static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t list_size; const unsigned char *p; - if( len == 0 || (size_t)( buf[0] + 1 ) != len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len == 0 || (size_t)(buf[0] + 1) != len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } list_size = buf[0]; p = buf + 1; - while( list_size > 0 ) - { - if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || - p[0] == MBEDTLS_ECP_PF_COMPRESSED ) - { + while (list_size > 0) { + if (p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED || + p[0] == MBEDTLS_ECP_PF_COMPRESSED) { #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) ssl->handshake->ecjpake_ctx.point_format = p[0]; #endif - MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(4, ("point format selected: %d", p[0])); + return (0); } list_size--; p++; } - return( 0 ); + return (0); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_ecjpake_kkpp(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); - return( 0 ); + if (mbedtls_ecjpake_check(&ssl->handshake->ecjpake_ctx) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("skip ecjpake kkpp extension")); + return (0); } - if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, - buf, len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( ret ); + if ((ret = mbedtls_ecjpake_read_round_one(&ssl->handshake->ecjpake_ctx, + buf, len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_one", ret); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (ret); } /* Only mark the extension as OK when we're sure it is */ ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); +static int ssl_parse_max_fragment_length_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (len != 1 || buf[0] >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ssl->session_negotiate->mfl_code = buf[0]; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_cid_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { size_t peer_cid_len; /* CID extension only makes sense in DTLS */ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* @@ -495,173 +452,157 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, * } ConnectionId; */ - if( len < 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } peer_cid_len = *buf++; len--; - if( len != peer_cid_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len != peer_cid_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* Ignore CID if the user has disabled its use. */ - if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) - { + if (ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED) { /* Leave ssl->handshake->cid_in_use in its default * value of MBEDTLS_SSL_CID_DISABLED. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Client sent CID extension, but CID disabled")); + return (0); } - if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; - memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + memcpy(ssl->handshake->peer_cid, buf, peer_cid_len); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Use of CID extension negotiated")); + MBEDTLS_SSL_DEBUG_BUF(3, "Client CID", buf, peer_cid_len); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); +static int ssl_parse_truncated_hmac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ((void) buf); - if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) + if (ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED) ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); +static int ssl_parse_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ((void) buf); - if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && - ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED && + ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) { ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED; } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); +static int ssl_parse_extended_ms_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { + if (len != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ((void) buf); - if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && - ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED && + ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) { ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t len ) -{ +static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_session session; - mbedtls_ssl_session_init( &session ); + mbedtls_ssl_session_init(&session); - if( ssl->conf->f_ticket_parse == NULL || - ssl->conf->f_ticket_write == NULL ) - { - return( 0 ); + if (ssl->conf->f_ticket_parse == NULL || + ssl->conf->f_ticket_write == NULL) { + return (0); } /* Remember the client asked us to send a new ticket */ ssl->handshake->new_session_ticket = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket length: %" MBEDTLS_PRINTF_SIZET, len)); - if( len == 0 ) - return( 0 ); + if (len == 0) + return (0); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket rejected: renegotiating" ) ); - return( 0 ); + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket rejected: renegotiating")); + return (0); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ /* * Failures are ok: just ignore the ticket and proceed. */ - if( ( ret = ssl->conf->f_ticket_parse( ssl->conf->p_ticket, &session, - buf, len ) ) != 0 ) - { - mbedtls_ssl_session_free( &session ); + if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, &session, + buf, len)) != 0) { + mbedtls_ssl_session_free(&session); - if( ret == MBEDTLS_ERR_SSL_INVALID_MAC ) - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is not authentic" ) ); - else if( ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED ) - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket is expired" ) ); + if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); + else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); else - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_parse", ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_parse", ret); - return( 0 ); + return (0); } /* @@ -669,36 +610,35 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, * inform them we're accepting the ticket (RFC 5077 section 3.4) */ session.id_len = ssl->session_negotiate->id_len; - memcpy( &session.id, ssl->session_negotiate->id, session.id_len ); + memcpy(&session.id, ssl->session_negotiate->id, session.id_len); - mbedtls_ssl_session_free( ssl->session_negotiate ); - memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_ssl_session_free(ssl->session_negotiate); + memcpy(ssl->session_negotiate, &session, sizeof(mbedtls_ssl_session)); /* Zeroize instead of free as we copied the content */ - mbedtls_platform_zeroize( &session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize(&session, sizeof(mbedtls_ssl_session)); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from ticket")); ssl->handshake->resume = 1; /* Don't send a new ticket after all, this one is OK */ ssl->handshake->new_session_ticket = 0; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) -static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ +static int ssl_parse_alpn_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { size_t list_len, cur_len, ours_len; const unsigned char *theirs, *start, *end; const char **ours; /* If ALPN not configured, just ignore the extension */ - if( ssl->conf->alpn_list == NULL ) - return( 0 ); + if (ssl->conf->alpn_list == NULL) + return (0); /* * opaque ProtocolName<1..2^8-1>; @@ -709,19 +649,17 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, */ /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */ - if( len < 4 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < 4) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - list_len = ( buf[0] << 8 ) | buf[1]; - if( list_len != len - 2 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + list_len = (buf[0] << 8) | buf[1]; + if (list_len != len - 2) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* @@ -729,71 +667,63 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, */ start = buf + 2; end = buf + len; - for( theirs = start; theirs != end; theirs += cur_len ) - { + for (theirs = start; theirs != end; theirs += cur_len) { cur_len = *theirs++; /* Current identifier must fit in list */ - if( cur_len > (size_t)( end - theirs ) ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cur_len > (size_t)(end - theirs)) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* Empty strings MUST NOT be included */ - if( cur_len == 0 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cur_len == 0) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } } /* * Use our order of preference */ - for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ ) - { - ours_len = strlen( *ours ); - for( theirs = start; theirs != end; theirs += cur_len ) - { + for (ours = ssl->conf->alpn_list; *ours != NULL; ours++) { + ours_len = strlen(*ours); + for (theirs = start; theirs != end; theirs += cur_len) { cur_len = *theirs++; - if( cur_len == ours_len && - memcmp( theirs, *ours, cur_len ) == 0 ) - { + if (cur_len == ours_len && + memcmp(theirs, *ours, cur_len) == 0) { ssl->alpn_chosen = *ours; - return( 0 ); + return (0); } } } /* If we get there, no match was found */ - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { mbedtls_ssl_srtp_profile client_protection = MBEDTLS_TLS_SRTP_UNSET; - size_t i,j; + size_t i, j; size_t profile_length; uint16_t mki_length; /*! 2 bytes for profile length and 1 byte for mki len */ const size_t size_of_lengths = 3; /* If use_srtp is not configured, just ignore the extension */ - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->conf->dtls_srtp_profile_list == NULL ) || - ( ssl->conf->dtls_srtp_profile_list_len == 0 ) ) - { - return( 0 ); + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->conf->dtls_srtp_profile_list == NULL) || + (ssl->conf->dtls_srtp_profile_list_len == 0)) { + return (0); } /* RFC5764 section 4.1.1 @@ -813,86 +743,76 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Check here that we have at least 2 bytes of protection profiles length * and one of srtp_mki length */ - if( len < size_of_lengths ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (len < size_of_lengths) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; + ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; /* first 2 bytes are protection profile length(in bytes) */ - profile_length = ( buf[0] << 8 ) | buf[1]; + profile_length = (buf[0] << 8) | buf[1]; buf += 2; /* The profile length cannot be bigger than input buffer size - lengths fields */ - if( profile_length > len - size_of_lengths || - profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */ - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (profile_length > len - size_of_lengths || + profile_length % 2 != 0) { /* profiles are 2 bytes long, so the length must be even */ + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* * parse the extension list values are defined in * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ - for( j = 0; j < profile_length; j += 2 ) - { + for (j = 0; j < profile_length; j += 2) { uint16_t protection_profile_value = buf[j] << 8 | buf[j + 1]; - client_protection = mbedtls_ssl_check_srtp_profile_value( protection_profile_value ); + client_protection = mbedtls_ssl_check_srtp_profile_value(protection_profile_value); - if( client_protection != MBEDTLS_TLS_SRTP_UNSET ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection ) ) ); - } - else - { + if (client_protection != MBEDTLS_TLS_SRTP_UNSET) { + MBEDTLS_SSL_DEBUG_MSG(3, ("found srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection))); + } else { continue; } /* check if suggested profile is in our list */ - for( i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) - { - if( client_protection == ssl->conf->dtls_srtp_profile_list[i] ) - { + for (i = 0; i < ssl->conf->dtls_srtp_profile_list_len; i++) { + if (client_protection == ssl->conf->dtls_srtp_profile_list[i]) { ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s", - mbedtls_ssl_get_srtp_profile_as_string( - client_protection ) ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("selected srtp profile: %s", + mbedtls_ssl_get_srtp_profile_as_string( + client_protection))); break; } } - if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET ) + if (ssl->dtls_srtp_info.chosen_dtls_srtp_profile != MBEDTLS_TLS_SRTP_UNSET) break; } buf += profile_length; /* buf points to the mki length */ mki_length = *buf; buf++; - if( mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || - mki_length + profile_length + size_of_lengths != len ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (mki_length > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH || + mki_length + profile_length + size_of_lengths != len) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* Parse the mki only if present and mki is supported locally */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - mki_length > 0 ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && + mki_length > 0) { ssl->dtls_srtp_info.mki_len = mki_length; - memcpy( ssl->dtls_srtp_info.mki_value, buf, mki_length ); + memcpy(ssl->dtls_srtp_info.mki_value, buf, mki_length); - MBEDTLS_SSL_DEBUG_BUF( 3, "using mki", ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "using mki", ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -905,20 +825,18 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * Return 0 if the given key uses one of the acceptable curves, -1 otherwise */ #if defined(MBEDTLS_ECDSA_C) -static int ssl_check_key_curve( mbedtls_pk_context *pk, - const mbedtls_ecp_curve_info **curves ) -{ +static int ssl_check_key_curve(mbedtls_pk_context *pk, + const mbedtls_ecp_curve_info **curves) { const mbedtls_ecp_curve_info **crv = curves; - mbedtls_ecp_group_id grp_id = mbedtls_pk_ec( *pk )->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id; - while( *crv != NULL ) - { - if( (*crv)->grp_id == grp_id ) - return( 0 ); + while (*crv != NULL) { + if ((*crv)->grp_id == grp_id) + return (0); crv++; } - return( -1 ); + return (-1); } #endif /* MBEDTLS_ECDSA_C */ @@ -926,41 +844,37 @@ static int ssl_check_key_curve( mbedtls_pk_context *pk, * Try picking a certificate for this ciphersuite, * return 0 on success and -1 on failure. */ -static int ssl_pick_cert( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t * ciphersuite_info ) -{ +static int ssl_pick_cert(mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info) { mbedtls_ssl_key_cert *cur, *list, *fallback = NULL; mbedtls_pk_type_t pk_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); + mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); uint32_t flags; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_key_cert != NULL ) + if (ssl->handshake->sni_key_cert != NULL) list = ssl->handshake->sni_key_cert; else #endif list = ssl->conf->key_cert; - if( pk_alg == MBEDTLS_PK_NONE ) - return( 0 ); + if (pk_alg == MBEDTLS_PK_NONE) + return (0); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite requires certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite requires certificate")); - if( list == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server has no certificate" ) ); - return( -1 ); + if (list == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("server has no certificate")); + return (-1); } - for( cur = list; cur != NULL; cur = cur->next ) - { + for (cur = list; cur != NULL; cur = cur->next) { flags = 0; - MBEDTLS_SSL_DEBUG_CRT( 3, "candidate certificate chain, certificate", - cur->cert ); + MBEDTLS_SSL_DEBUG_CRT(3, "candidate certificate chain, certificate", + cur->cert); - if( ! mbedtls_pk_can_do( &cur->cert->pk, pk_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: key type" ) ); + if (! mbedtls_pk_can_do(&cur->cert->pk, pk_alg)) { + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type")); continue; } @@ -972,19 +886,17 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * different uses based on keyUsage, eg if they want to avoid signing * and decrypting with the same RSA key. */ - if( mbedtls_ssl_check_cert_usage( cur->cert, ciphersuite_info, - MBEDTLS_SSL_IS_SERVER, &flags ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: " - "(extended) key usage extension" ) ); + if (mbedtls_ssl_check_cert_usage(cur->cert, ciphersuite_info, + MBEDTLS_SSL_IS_SERVER, &flags) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: " + "(extended) key usage extension")); continue; } #if defined(MBEDTLS_ECDSA_C) - if( pk_alg == MBEDTLS_PK_ECDSA && - ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) ); + if (pk_alg == MBEDTLS_PK_ECDSA && + ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: elliptic curve")); continue; } #endif @@ -994,15 +906,14 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * present them a SHA-higher cert rather than failing if it's the only * one we got that satisfies the other conditions. */ - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && - cur->cert->sig_md != MBEDTLS_MD_SHA1 ) - { - if( fallback == NULL ) + if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 && + cur->cert->sig_md != MBEDTLS_MD_SHA1) { + if (fallback == NULL) fallback = cur; { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate not preferred: " - "sha-2 with pre-TLS 1.2 client" ) ); - continue; + MBEDTLS_SSL_DEBUG_MSG(3, ("certificate not preferred: " + "sha-2 with pre-TLS 1.2 client")); + continue; } } @@ -1010,19 +921,18 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, break; } - if( cur == NULL ) + if (cur == NULL) cur = fallback; /* Do not update ssl->handshake->key_cert unless there is a match */ - if( cur != NULL ) - { + if (cur != NULL) { ssl->handshake->key_cert = cur; - MBEDTLS_SSL_DEBUG_CRT( 3, "selected certificate chain, certificate", - ssl->handshake->key_cert->cert ); - return( 0 ); + MBEDTLS_SSL_DEBUG_CRT(3, "selected certificate chain, certificate", + ssl->handshake->key_cert->cert); + return (0); } - return( -1 ); + return (-1); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -1030,9 +940,8 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, * Check if a given ciphersuite is suitable for use with our config/keys/etc * Sets ciphersuite_info only if the suite matches. */ -static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, - const mbedtls_ssl_ciphersuite_t **ciphersuite_info ) -{ +static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, + const mbedtls_ssl_ciphersuite_t **ciphersuite_info) { const mbedtls_ssl_ciphersuite_t *suite_info; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ @@ -1040,68 +949,62 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, mbedtls_pk_type_t sig_type; #endif - suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id ); - if( suite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + suite_info = mbedtls_ssl_ciphersuite_from_id(suite_id); + if (suite_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)", - (unsigned int) suite_id, suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("trying ciphersuite: %#04x (%s)", + (unsigned int) suite_id, suite_info->name)); - if( suite_info->min_minor_ver > ssl->minor_ver || - suite_info->max_minor_ver < ssl->minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: version" ) ); - return( 0 ); + if (suite_info->min_minor_ver > ssl->minor_ver || + suite_info->max_minor_ver < ssl->minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: version")); + return (0); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) ) - return( 0 ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS)) + return (0); #endif #if defined(MBEDTLS_ARC4_C) - if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && - suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) ); - return( 0 ); + if (ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED && + suite_info->cipher == MBEDTLS_CIPHER_ARC4_128) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: rc4")); + return (0); } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && - ( ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: ecjpake " - "not configured or ext missing" ) ); - return( 0 ); + if (suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + (ssl->handshake->cli_exts & MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK) == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: ecjpake " + "not configured or ext missing")); + return (0); } #endif #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) - if( mbedtls_ssl_ciphersuite_uses_ec( suite_info ) && - ( ssl->handshake->curves == NULL || - ssl->handshake->curves[0] == NULL ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: " - "no common elliptic curve" ) ); - return( 0 ); + if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && + (ssl->handshake->curves == NULL || + ssl->handshake->curves[0] == NULL)) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " + "no common elliptic curve")); + return (0); } #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /* If the ciphersuite requires a pre-shared key and we don't * have one, skip it now rather than failing later */ - if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) && - ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) ); - return( 0 ); + if (mbedtls_ssl_ciphersuite_uses_psk(suite_info) && + ssl_conf_has_psk_or_cb(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no pre-shared key")); + return (0); } #endif @@ -1109,15 +1012,13 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* If the ciphersuite requires signing, check whether * a suitable hash algorithm is present. */ - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info ); - if( sig_type != MBEDTLS_PK_NONE && - mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm " - "for signature algorithm %u", (unsigned) sig_type ) ); - return( 0 ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + sig_type = mbedtls_ssl_get_ciphersuite_sig_alg(suite_info); + if (sig_type != MBEDTLS_PK_NONE && + mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs, sig_type) == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: no suitable hash algorithm " + "for signature algorithm %u", (unsigned) sig_type)); + return (0); } } @@ -1132,21 +1033,19 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id, * - try the next ciphersuite if we don't * This must be done last since we modify the key_cert list. */ - if( ssl_pick_cert( ssl, suite_info ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: " - "no suitable certificate" ) ); - return( 0 ); + if (ssl_pick_cert(ssl, suite_info) != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite mismatch: " + "no suitable certificate")); + return (0); } #endif *ciphersuite_info = suite_info; - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) -static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_client_hello_v2(mbedtls_ssl_context *ssl) { int ret, got_common_suite; unsigned int i, j; size_t n; @@ -1155,28 +1054,27 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) const int *ciphersuites; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello v2" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello v2")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client hello v2 illegal for renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client hello v2 illegal for renegotiation")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ buf = ssl->in_hdr; - MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, 5 ); + MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, 5); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message type: %d", - buf[2] ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, message len.: %d", - ( ( buf[0] & 0x7F ) << 8 ) | buf[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v2, max. version: [%d:%d]", - buf[3], buf[4] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, message type: %d", + buf[2])); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, message len.: %d", + ((buf[0] & 0x7F) << 8) | buf[1])); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v2, max. version: [%d:%d]", + buf[3], buf[4])); /* * SSLv2 Client Hello @@ -1188,47 +1086,43 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) * 2 . 2 message type * 3 . 4 protocol version */ - if( buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO || - buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[2] != MBEDTLS_SSL_HS_CLIENT_HELLO || + buf[3] != MBEDTLS_SSL_MAJOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - n = ( ( buf[0] << 8 ) | buf[1] ) & 0x7FFF; + n = ((buf[0] << 8) | buf[1]) & 0x7FFF; - if( n < 17 || n > 512 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (n < 17 || n > 512) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; - ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver ) + ssl->minor_ver = (buf[4] <= ssl->conf->max_minor_ver) ? buf[4] : ssl->conf->max_minor_ver; - if( ssl->minor_ver < ssl->conf->min_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" - " [%d:%d] < [%d:%d]", - ssl->major_ver, ssl->minor_ver, - ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); + if (ssl->minor_ver < ssl->conf->min_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client only supports ssl smaller than minimum" + " [%d:%d] < [%d:%d]", + ssl->major_ver, ssl->minor_ver, + ssl->conf->min_major_ver, ssl->conf->min_minor_ver)); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); + return (MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION); } ssl->handshake->max_major_ver = buf[3]; ssl->handshake->max_minor_ver = buf[4]; - if( ( ret = mbedtls_ssl_fetch_input( ssl, 2 + n ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + if ((ret = mbedtls_ssl_fetch_input(ssl, 2 + n)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return (ret); } - ssl->handshake->update_checksum( ssl, buf + 2, n ); + ssl->handshake->update_checksum(ssl, buf + 2, n); buf = ssl->in_msg; n = ssl->in_left - 5; @@ -1241,76 +1135,69 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) * .. . .. session id * .. . .. challenge */ - MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, n ); + MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, n); - ciph_len = ( buf[0] << 8 ) | buf[1]; - sess_len = ( buf[2] << 8 ) | buf[3]; - chal_len = ( buf[4] << 8 ) | buf[5]; + ciph_len = (buf[0] << 8) | buf[1]; + sess_len = (buf[2] << 8) | buf[3]; + chal_len = (buf[4] << 8) | buf[5]; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u", - ciph_len, sess_len, chal_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ciph_len: %u, sess_len: %u, chal_len: %u", + ciph_len, sess_len, chal_len)); /* * Make sure each parameter length is valid */ - if( ciph_len < 3 || ( ciph_len % 3 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ciph_len < 3 || (ciph_len % 3) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - if( sess_len > 32 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (sess_len > 32) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - if( chal_len < 8 || chal_len > 32 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (chal_len < 8 || chal_len > 32) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - if( n != 6 + ciph_len + sess_len + chal_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (n != 6 + ciph_len + sess_len + chal_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", - buf + 6, ciph_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", - buf + 6 + ciph_len, sess_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, challenge", - buf + 6 + ciph_len + sess_len, chal_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", + buf + 6, ciph_len); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", + buf + 6 + ciph_len, sess_len); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, challenge", + buf + 6 + ciph_len + sess_len, chal_len); p = buf + 6 + ciph_len; ssl->session_negotiate->id_len = sess_len; - memset( ssl->session_negotiate->id, 0, - sizeof( ssl->session_negotiate->id ) ); - memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len ); + memset(ssl->session_negotiate->id, 0, + sizeof(ssl->session_negotiate->id)); + memcpy(ssl->session_negotiate->id, p, ssl->session_negotiate->id_len); p += sess_len; - memset( ssl->handshake->randbytes, 0, 64 ); - memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len ); + memset(ssl->handshake->randbytes, 0, 64); + memcpy(ssl->handshake->randbytes + 32 - chal_len, p, chal_len); /* * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 ) - { - if( p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) ); + for (i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3) { + if (p[0] == 0 && p[1] == 0 && p[2] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { + MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO ")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV " - "during renegotiation" ) ); + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV " + "during renegotiation")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -1319,22 +1206,19 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) } #if defined(MBEDTLS_SSL_FALLBACK_SCSV) - for( i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3 ) - { - if( p[0] == 0 && - p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) && - p[2] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) & 0xff ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) ); + for (i = 0, p = buf + 6; i < ciph_len; i += 3, p += 3) { + if (p[0] == 0 && + p[1] == (unsigned char)((MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8) & 0xff) && + p[2] == (unsigned char)((MBEDTLS_SSL_FALLBACK_SCSV_VALUE) & 0xff)) { + MBEDTLS_SSL_DEBUG_MSG(3, ("received FALLBACK_SCSV")); - if( ssl->minor_ver < ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); + if (ssl->minor_ver < ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("inapropriate fallback")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } break; @@ -1346,42 +1230,39 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; ciphersuite_info = NULL; #if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 ) - for( i = 0; ciphersuites[i] != 0; i++ ) + for (j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3) + for (i = 0; ciphersuites[i] != 0; i++) #else - for( i = 0; ciphersuites[i] != 0; i++ ) - for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 ) + for (i = 0; ciphersuites[i] != 0; i++) + for (j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3) #endif { - if( p[0] != 0 || - p[1] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || - p[2] != ( ( ciphersuites[i] ) & 0xFF ) ) + if (p[0] != 0 || + p[1] != ((ciphersuites[i] >> 8) & 0xFF) || + p[2] != ((ciphersuites[i]) & 0xFF)) continue; got_common_suite = 1; - if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], - &ciphersuite_info ) ) != 0 ) - return( ret ); + if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], + &ciphersuite_info)) != 0) + return (ret); - if( ciphersuite_info != NULL ) + if (ciphersuite_info != NULL) goto have_ciphersuite_v2; } - if( got_common_suite ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, " - "but none of them usable" ) ); - return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); + if (got_common_suite) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, " + "but none of them usable")); + return (MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common")); + return (MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN); } have_ciphersuite_v2: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name)); ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; @@ -1389,29 +1270,27 @@ have_ciphersuite_v2: /* * SSLv2 Client Hello relevant renegotiation security checks */ - if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ssl->in_left = 0; ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello v2" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello v2")); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */ /* This function doesn't alert on errors that happen early during ClientHello parsing because they might indicate that the client is not talking SSL/TLS at all and would not understand our alert. */ -static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_client_hello(mbedtls_ssl_context *ssl) { int ret, got_common_suite; size_t i, j; size_t ciph_offset, comp_offset, ext_offset; @@ -1437,7 +1316,7 @@ static int ssl_parse_client_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client hello")); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) read_record_header: @@ -1448,14 +1327,13 @@ read_record_header: * ClientHello, which doesn't use the same record layer format. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE ) + if (ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE) #endif { - if( ( ret = mbedtls_ssl_fetch_input( ssl, 5 ) ) != 0 ) - { + if ((ret = mbedtls_ssl_fetch_input(ssl, 5)) != 0) { /* No alert on a read error. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return (ret); } } @@ -1463,13 +1341,13 @@ read_record_header: #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM) #endif - if( ( buf[0] & 0x80 ) != 0 ) - return( ssl_parse_client_hello_v2( ssl ) ); + if ((buf[0] & 0x80) != 0) + return (ssl_parse_client_hello_v2(ssl)); #endif - MBEDTLS_SSL_DEBUG_BUF( 4, "record header", buf, mbedtls_ssl_in_hdr_len( ssl ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "record header", buf, mbedtls_ssl_in_hdr_len(ssl)); /* * SSLv3/TLS Client Hello @@ -1480,94 +1358,85 @@ read_record_header: * 3 . 11 DTLS: epoch + record sequence number * 3 . 4 message length */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message type: %d", - buf[0] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, message type: %d", + buf[0])); - if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, message len.: %d", - ( ssl->in_len[0] << 8 ) | ssl->in_len[1] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, message len.: %d", + (ssl->in_len[0] << 8) | ssl->in_len[1])); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]", - buf[1], buf[2] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, protocol version: [%d:%d]", + buf[1], buf[2])); - mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 ); + mbedtls_ssl_read_version(&major, &minor, ssl->conf->transport, buf + 1); /* According to RFC 5246 Appendix E.1, the version here is typically * "{03,00}, the lowest version number supported by the client, [or] the * value of ClientHello.client_version", so the only meaningful check here * is the major version shouldn't be less than 3 */ - if( major < MBEDTLS_SSL_MAJOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (major < MBEDTLS_SSL_MAJOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* For DTLS if this is the initial handshake, remember the client sequence * number to use it in our next message (RFC 6347 4.2.1) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM #if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE + && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE #endif - ) - { + ) { /* Epoch should be 0 for initial handshakes */ - if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 ); + memcpy(ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6); #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( mbedtls_ssl_dtls_replay_check( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "replayed record, discarding" ) ); + if (mbedtls_ssl_dtls_replay_check(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("replayed record, discarding")); ssl->next_record_offset = 0; ssl->in_left = 0; goto read_record_header; } /* No MAC to check yet, so we can update right now */ - mbedtls_ssl_dtls_replay_update( ssl ); + mbedtls_ssl_dtls_replay_update(ssl); #endif } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - msg_len = ( ssl->in_len[0] << 8 ) | ssl->in_len[1]; + msg_len = (ssl->in_len[0] << 8) | ssl->in_len[1]; #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { /* Set by mbedtls_ssl_read_record() */ msg_len = ssl->in_hslen; - } - else + } else #endif { - if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len > MBEDTLS_SSL_IN_CONTENT_LEN) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - if( ( ret = mbedtls_ssl_fetch_input( ssl, - mbedtls_ssl_in_hdr_len( ssl ) + msg_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret ); - return( ret ); + if ((ret = mbedtls_ssl_fetch_input(ssl, + mbedtls_ssl_in_hdr_len(ssl) + msg_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_fetch_input", ret); + return (ret); } - /* Done reading this record, get ready for the next one */ + /* Done reading this record, get ready for the next one */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + ssl->next_record_offset = msg_len + mbedtls_ssl_in_hdr_len(ssl); else #endif ssl->in_left = 0; @@ -1575,9 +1444,9 @@ read_record_header: buf = ssl->in_msg; - MBEDTLS_SSL_DEBUG_BUF( 4, "record contents", buf, msg_len ); + MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len); - ssl->handshake->update_checksum( ssl, buf, msg_len ); + ssl->handshake->update_checksum(ssl, buf, msg_len); /* * Handshake layer: @@ -1587,60 +1456,53 @@ read_record_header: * 6 . 8 DTLS only: fragment offset * 9 . 11 DTLS only: fragment length */ - if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len < mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake type: %d", buf[0])); - if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", - ( buf[1] << 16 ) | ( buf[2] << 8 ) | buf[3] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, handshake len.: %d", + (buf[1] << 16) | (buf[2] << 8) | buf[3])); /* We don't support fragmentation of ClientHello (yet?) */ - if( buf[1] != 0 || - msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (buf[1] != 0 || + msg_len != mbedtls_ssl_hs_hdr_len(ssl) + ((buf[2] << 8) | buf[3])) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { /* * Copy the client's handshake message_seq on initial handshakes, * check sequence number on renego. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { /* This couldn't be done in ssl_prepare_handshake_record() */ - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) | + ssl->in_msg[5]; - if( cli_msg_seq != ssl->handshake->in_msg_seq ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: " - "%u (expected %u)", cli_msg_seq, - ssl->handshake->in_msg_seq ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cli_msg_seq != ssl->handshake->in_msg_seq) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: " + "%u (expected %u)", cli_msg_seq, + ssl->handshake->in_msg_seq)); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } ssl->handshake->in_msg_seq++; - } - else + } else #endif { - unsigned int cli_msg_seq = ( ssl->in_msg[4] << 8 ) | - ssl->in_msg[5]; + unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) | + ssl->in_msg[5]; ssl->handshake->out_msg_seq = cli_msg_seq; ssl->handshake->in_msg_seq = cli_msg_seq + 1; } @@ -1649,17 +1511,16 @@ read_record_header: * For now we don't support fragmentation, so make sure * fragment_offset == 0 and fragment_length == length */ - if( ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || - memcmp( ssl->in_msg + 1, ssl->in_msg + 9, 3 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ClientHello fragmentation not supported" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl->in_msg[6] != 0 || ssl->in_msg[7] != 0 || ssl->in_msg[8] != 0 || + memcmp(ssl->in_msg + 1, ssl->in_msg + 9, 3) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("ClientHello fragmentation not supported")); + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - buf += mbedtls_ssl_hs_hdr_len( ssl ); - msg_len -= mbedtls_ssl_hs_hdr_len( ssl ); + buf += mbedtls_ssl_hs_hdr_len(ssl); + msg_len -= mbedtls_ssl_hs_hdr_len(ssl); /* * ClientHello layer: @@ -1682,150 +1543,135 @@ read_record_header: * 2 + 32 + 1 + 2 + 1 = 38 bytes. Check that first, so that we can * read at least up to session id length without worrying. */ - if( msg_len < 38 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len < 38) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* * Check and save the protocol version */ - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, version", buf, 2); - mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver, - ssl->conf->transport, buf ); + mbedtls_ssl_read_version(&ssl->major_ver, &ssl->minor_ver, + ssl->conf->transport, buf); ssl->handshake->max_major_ver = ssl->major_ver; ssl->handshake->max_minor_ver = ssl->minor_ver; - if( ssl->major_ver < ssl->conf->min_major_ver || - ssl->minor_ver < ssl->conf->min_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum" - " [%d:%d] < [%d:%d]", - ssl->major_ver, ssl->minor_ver, - ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + if (ssl->major_ver < ssl->conf->min_major_ver || + ssl->minor_ver < ssl->conf->min_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("client only supports ssl smaller than minimum" + " [%d:%d] < [%d:%d]", + ssl->major_ver, ssl->minor_ver, + ssl->conf->min_major_ver, ssl->conf->min_minor_ver)); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); + return (MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION); } - if( ssl->major_ver > ssl->conf->max_major_ver ) - { + if (ssl->major_ver > ssl->conf->max_major_ver) { ssl->major_ver = ssl->conf->max_major_ver; ssl->minor_ver = ssl->conf->max_minor_ver; - } - else if( ssl->minor_ver > ssl->conf->max_minor_ver ) + } else if (ssl->minor_ver > ssl->conf->max_minor_ver) ssl->minor_ver = ssl->conf->max_minor_ver; /* * Save client random (inc. Unix time) */ - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", buf + 2, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, random bytes", buf + 2, 32); - memcpy( ssl->handshake->randbytes, buf + 2, 32 ); + memcpy(ssl->handshake->randbytes, buf + 2, 32); /* * Check the session ID length and save session ID */ sess_len = buf[34]; - if( sess_len > sizeof( ssl->session_negotiate->id ) || - sess_len + 34 + 2 > msg_len ) /* 2 for cipherlist length field */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (sess_len > sizeof(ssl->session_negotiate->id) || + sess_len + 34 + 2 > msg_len) { /* 2 for cipherlist length field */ + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, session id", buf + 35, sess_len); ssl->session_negotiate->id_len = sess_len; - memset( ssl->session_negotiate->id, 0, - sizeof( ssl->session_negotiate->id ) ); - memcpy( ssl->session_negotiate->id, buf + 35, - ssl->session_negotiate->id_len ); + memset(ssl->session_negotiate->id, 0, + sizeof(ssl->session_negotiate->id)); + memcpy(ssl->session_negotiate->id, buf + 35, + ssl->session_negotiate->id_len); /* * Check the cookie length and content */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { cookie_offset = 35 + sess_len; cookie_len = buf[cookie_offset]; - if( cookie_offset + 1 + cookie_len + 2 > msg_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (cookie_offset + 1 + cookie_len + 2 > msg_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", - buf + cookie_offset + 1, cookie_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, cookie", + buf + cookie_offset + 1, cookie_len); #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if( ssl->conf->f_cookie_check != NULL + if (ssl->conf->f_cookie_check != NULL #if defined(MBEDTLS_SSL_RENEGOTIATION) - && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE + && ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE #endif - ) - { - if( ssl->conf->f_cookie_check( ssl->conf->p_cookie, - buf + cookie_offset + 1, cookie_len, - ssl->cli_id, ssl->cli_id_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification failed" ) ); + ) { + if (ssl->conf->f_cookie_check(ssl->conf->p_cookie, + buf + cookie_offset + 1, cookie_len, + ssl->cli_id, ssl->cli_id_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification failed")); ssl->handshake->verify_cookie_len = 1; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification passed" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification passed")); ssl->handshake->verify_cookie_len = 0; } - } - else + } else #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ { /* We know we didn't send a cookie, so it should be empty */ - if( cookie_len != 0 ) - { + if (cookie_len != 0) { /* This may be an attacker's probe, so don't send an alert */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("cookie verification skipped")); } - /* - * Check the ciphersuitelist length (will be parsed later) - */ + /* + * Check the ciphersuitelist length (will be parsed later) + */ ciph_offset = cookie_offset + 1 + cookie_len; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ ciph_offset = 35 + sess_len; - ciph_len = ( buf[ciph_offset + 0] << 8 ) - | ( buf[ciph_offset + 1] ); + ciph_len = (buf[ciph_offset + 0] << 8) + | (buf[ciph_offset + 1]); - if( ciph_len < 2 || - ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ - ( ciph_len % 2 ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ciph_len < 2 || + ciph_len + 2 + ciph_offset + 1 > msg_len || /* 1 for comp. alg. len */ + (ciph_len % 2) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", - buf + ciph_offset + 2, ciph_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, ciphersuitelist", + buf + ciph_offset + 2, ciph_len); /* * Check the compression algorithms length and pick one @@ -1834,25 +1680,22 @@ read_record_header: comp_len = buf[comp_offset]; - if( comp_len < 1 || - comp_len > 16 || - comp_len + comp_offset + 1 > msg_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (comp_len < 1 || + comp_len > 16 || + comp_len + comp_offset + 1 > msg_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression", - buf + comp_offset + 1, comp_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello, compression", + buf + comp_offset + 1, comp_len); ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; #if defined(MBEDTLS_ZLIB_SUPPORT) - for( i = 0; i < comp_len; ++i ) - { - if( buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { + for (i = 0; i < comp_len; ++i) { + if (buf[comp_offset + 1 + i] == MBEDTLS_SSL_COMPRESS_DEFLATE) { ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_DEFLATE; break; } @@ -1861,231 +1704,222 @@ read_record_header: /* See comments in ssl_write_client_hello() */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL; #endif /* Do not parse the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) - { + if ((ssl->major_ver != 3) || (ssl->minor_ver != 0)) { #endif /* * Check the extension length */ ext_offset = comp_offset + 1 + comp_len; - if( msg_len > ext_offset ) - { - if( msg_len < ext_offset + 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (msg_len > ext_offset) { + if (msg_len < ext_offset + 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - ext_len = ( buf[ext_offset + 0] << 8 ) - | ( buf[ext_offset + 1] ); + ext_len = (buf[ext_offset + 0] << 8) + | (buf[ext_offset + 1]); - if( ( ext_len > 0 && ext_len < 4 ) || - msg_len != ext_offset + 2 + ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if ((ext_len > 0 && ext_len < 4) || + msg_len != ext_offset + 2 + ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - } - else + } else ext_len = 0; ext = buf + ext_offset + 2; - MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", ext, ext_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len); - while( ext_len != 0 ) - { + while (ext_len != 0) { unsigned int ext_id; unsigned int ext_size; - if ( ext_len < 4 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ext_len < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); - ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); + ext_id = ((ext[0] << 8) | (ext[1])); + ext_size = ((ext[2] << 8) | (ext[3])); - if( ext_size + 4 > ext_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ext_size + 4 > ext_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } - switch( ext_id ) - { + switch (ext_id) { #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - case MBEDTLS_TLS_EXT_SERVERNAME: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) ); - if( ssl->conf->f_sni == NULL ) - break; + case MBEDTLS_TLS_EXT_SERVERNAME: + MBEDTLS_SSL_DEBUG_MSG(3, ("found ServerName extension")); + if (ssl->conf->f_sni == NULL) + break; - ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_servername_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) ); + case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO: + MBEDTLS_SSL_DEBUG_MSG(3, ("found renegotiation extension")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - renegotiation_info_seen = 1; + renegotiation_info_seen = 1; #endif - ret = ssl_parse_renegotiation_info( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_renegotiation_info(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + case MBEDTLS_TLS_EXT_SIG_ALG: + MBEDTLS_SSL_DEBUG_MSG(3, ("found signature_algorithms extension")); - ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); + ret = ssl_parse_signature_algorithms_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); - sig_hash_alg_ext_present = 1; - break; + sig_hash_alg_ext_present = 1; + break; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported elliptic curves extension" ) ); + case MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES: + MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); - ret = ssl_parse_supported_elliptic_curves( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_supported_elliptic_curves(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; - case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported point formats extension" ) ); - ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; + case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: + MBEDTLS_SSL_DEBUG_MSG(3, ("found supported point formats extension")); + ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT; - ret = ssl_parse_supported_point_formats( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_supported_point_formats(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake kkpp extension" ) ); + case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: + MBEDTLS_SSL_DEBUG_MSG(3, ("found ecjpake kkpp extension")); - ret = ssl_parse_ecjpake_kkpp( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_ecjpake_kkpp(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max fragment length extension" ) ); + case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: + MBEDTLS_SSL_DEBUG_MSG(3, ("found max fragment length extension")); - ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_max_fragment_length_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated hmac extension" ) ); + case MBEDTLS_TLS_EXT_TRUNCATED_HMAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("found truncated hmac extension")); - ret = ssl_parse_truncated_hmac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_truncated_hmac_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - case MBEDTLS_TLS_EXT_CID: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG(3, ("found CID extension")); - ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_cid_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); + case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("found encrypt then mac extension")); - ret = ssl_parse_encrypt_then_mac_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_encrypt_then_mac_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended master secret extension" ) ); + case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: + MBEDTLS_SSL_DEBUG_MSG(3, ("found extended master secret extension")); - ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_extended_ms_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_TLS_EXT_SESSION_TICKET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session ticket extension" ) ); + case MBEDTLS_TLS_EXT_SESSION_TICKET: + MBEDTLS_SSL_DEBUG_MSG(3, ("found session ticket extension")); - ret = ssl_parse_session_ticket_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_session_ticket_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) - case MBEDTLS_TLS_EXT_ALPN: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) ); + case MBEDTLS_TLS_EXT_ALPN: + MBEDTLS_SSL_DEBUG_MSG(3, ("found alpn extension")); - ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_alpn_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_DTLS_SRTP) - case MBEDTLS_TLS_EXT_USE_SRTP: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) ); + case MBEDTLS_TLS_EXT_USE_SRTP: + MBEDTLS_SSL_DEBUG_MSG(3, ("found use_srtp extension")); - ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ); - if( ret != 0 ) - return( ret ); - break; + ret = ssl_parse_use_srtp_ext(ssl, ext + 4, ext_size); + if (ret != 0) + return (ret); + break; #endif /* MBEDTLS_SSL_DTLS_SRTP */ - default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)", - ext_id ) ); + default: + MBEDTLS_SSL_DEBUG_MSG(3, ("unknown extension found: %u (ignoring)", + ext_id)); } ext_len -= 4 + ext_size; ext += 4 + ext_size; - if( ext_len > 0 && ext_len < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ext_len > 0 && ext_len < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } } #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -2093,21 +1927,18 @@ read_record_header: #endif #if defined(MBEDTLS_SSL_FALLBACK_SCSV) - for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 ) - { - if( p[0] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ) & 0xff ) && - p[1] == (unsigned char)( ( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ) & 0xff ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "received FALLBACK_SCSV" ) ); + for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) { + if (p[0] == (unsigned char)((MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8) & 0xff) && + p[1] == (unsigned char)((MBEDTLS_SSL_FALLBACK_SCSV_VALUE) & 0xff)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("received FALLBACK_SCSV")); - if( ssl->minor_ver < ssl->conf->max_minor_ver ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) ); + if (ssl->minor_ver < ssl->conf->max_minor_ver) { + MBEDTLS_SSL_DEBUG_MSG(1, ("inapropriate fallback")); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } break; @@ -2122,14 +1953,13 @@ read_record_header: * Try to fall back to default hash SHA1 if the client * hasn't provided any preferred signature-hash combinations. */ - if( sig_hash_alg_ext_present == 0 ) - { + if (sig_hash_alg_ext_present == 0) { mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1; - if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 ) + if (mbedtls_ssl_check_sig_hash(ssl, md_default) != 0) md_default = MBEDTLS_MD_NONE; - mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default ); + mbedtls_ssl_sig_hash_set_const_hash(&ssl->handshake->hash_algs, md_default); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && @@ -2138,19 +1968,16 @@ read_record_header: /* * Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - for( i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2 ) - { - if( p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "received TLS_EMPTY_RENEGOTIATION_INFO " ) ); + for (i = 0, p = buf + ciph_offset + 2; i < ciph_len; i += 2, p += 2) { + if (p[0] == 0 && p[1] == MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO) { + MBEDTLS_SSL_DEBUG_MSG(3, ("received TLS_EMPTY_RENEGOTIATION_INFO ")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV " - "during renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + MBEDTLS_SSL_DEBUG_MSG(1, ("received RENEGOTIATION SCSV " + "during renegotiation")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } #endif ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -2161,41 +1988,34 @@ read_record_header: /* * Renegotiation security checks */ - if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); + if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation, breaking off handshake")); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && - renegotiation_info_seen == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) ); + renegotiation_info_seen == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension missing (secure)")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION) { + MBEDTLS_SSL_DEBUG_MSG(1, ("legacy renegotiation not allowed")); handshake_failure = 1; - } - else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && - ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - renegotiation_info_seen == 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) ); + } else if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && + ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + renegotiation_info_seen == 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("renegotiation_info extension present (legacy)")); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ - if( handshake_failure == 1 ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + if (handshake_failure == 1) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO); } /* @@ -2207,45 +2027,42 @@ read_record_header: ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver]; ciphersuite_info = NULL; #if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) - for( i = 0; ciphersuites[i] != 0; i++ ) + for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) + for (i = 0; ciphersuites[i] != 0; i++) #else - for( i = 0; ciphersuites[i] != 0; i++ ) - for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) + for (i = 0; ciphersuites[i] != 0; i++) + for (j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2) #endif { - if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || - p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) + if (p[0] != ((ciphersuites[i] >> 8) & 0xFF) || + p[1] != ((ciphersuites[i]) & 0xFF)) continue; got_common_suite = 1; - if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], - &ciphersuite_info ) ) != 0 ) - return( ret ); + if ((ret = ssl_ciphersuite_match(ssl, ciphersuites[i], + &ciphersuite_info)) != 0) + return (ret); - if( ciphersuite_info != NULL ) + if (ciphersuite_info != NULL) goto have_ciphersuite; } - if( got_common_suite ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got ciphersuites in common, " - "but none of them usable" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); + if (got_common_suite) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got ciphersuites in common, " + "but none of them usable")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no ciphersuites in common")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); + return (MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN); } have_ciphersuite: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %s", ciphersuite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %s", ciphersuite_info->name)); ssl->session_negotiate->ciphersuite = ciphersuites[i]; ssl->handshake->ciphersuite_info = ciphersuite_info; @@ -2253,54 +2070,48 @@ have_ciphersuite: ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + mbedtls_ssl_recv_flight_completed(ssl); #endif /* Debugging-only output for testsuite */ #if defined(MBEDTLS_DEBUG_C) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info ); - if( sig_alg != MBEDTLS_PK_NONE ) - { - mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, - sig_alg ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d", - mbedtls_ssl_hash_from_md_alg( md_alg ) ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm " - "%u - should not happen", (unsigned) sig_alg ) ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg(ciphersuite_info); + if (sig_alg != MBEDTLS_PK_NONE) { + mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs, + sig_alg); + MBEDTLS_SSL_DEBUG_MSG(3, ("client hello v3, signature_algorithm ext: %d", + mbedtls_ssl_hash_from_md_alg(md_alg))); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("no hash algorithm for signature algorithm " + "%u - should not happen", (unsigned) sig_alg)); } } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client hello")); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_truncated_hmac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { + if (ssl->session_negotiate->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding truncated hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding truncated hmac extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_TRUNCATED_HMAC) & 0xFF); *p++ = 0x00; *p++ = 0x00; @@ -2310,10 +2121,9 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_cid_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; size_t ext_len; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; @@ -2322,18 +2132,17 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, /* Skip writing the extension if we don't want to use it or if * the client hasn't offered it. */ - if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED ) + if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED) return; /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX * which is at most 255, so the increment cannot overflow. */ - if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + if (end < p || (size_t)(end - p) < (unsigned)(ssl->own_cid_len + 5)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding CID extension")); /* * Quoting draft-ietf-tls-dtls-connection-id-05 @@ -2344,31 +2153,29 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, * } ConnectionId; */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_CID >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_CID) & 0xFF); ext_len = (size_t) ssl->own_cid_len + 1; - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + *p++ = (unsigned char)((ext_len >> 8) & 0xFF); + *p++ = (unsigned char)((ext_len) & 0xFF); *p++ = (uint8_t) ssl->own_cid_len; - memcpy( p, ssl->own_cid, ssl->own_cid_len ); + memcpy(p, ssl->own_cid, ssl->own_cid_len); *olen = ssl->own_cid_len + 5; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_encrypt_then_mac_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; const mbedtls_ssl_ciphersuite_t *suite = NULL; const mbedtls_cipher_info_t *cipher = NULL; - if( ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->session_negotiate->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { *olen = 0; return; } @@ -2379,19 +2186,18 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, * with Associated Data (AEAD) ciphersuite, it MUST NOT send an * encrypt-then-MAC response extension back to the client." */ - if( ( suite = mbedtls_ssl_ciphersuite_from_id( - ssl->session_negotiate->ciphersuite ) ) == NULL || - ( cipher = mbedtls_cipher_info_from_type( suite->cipher ) ) == NULL || - cipher->mode != MBEDTLS_MODE_CBC ) - { + if ((suite = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite)) == NULL || + (cipher = mbedtls_cipher_info_from_type(suite->cipher)) == NULL || + cipher->mode != MBEDTLS_MODE_CBC) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding encrypt then mac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding encrypt then mac extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC) & 0xFF); *p++ = 0x00; *p++ = 0x00; @@ -2401,24 +2207,22 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_extended_ms_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (ssl->handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding extended master secret " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding extended master secret " + "extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET) & 0xFF); *p++ = 0x00; *p++ = 0x00; @@ -2428,22 +2232,20 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_session_ticket_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->handshake->new_session_ticket == 0 ) - { + if (ssl->handshake->new_session_ticket == 0) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding session ticket extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SESSION_TICKET >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SESSION_TICKET) & 0xFF); *p++ = 0x00; *p++ = 0x00; @@ -2452,36 +2254,32 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ -static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION ) - { + if (ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, secure renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, secure renegotiation extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_RENEGOTIATION_INFO) & 0xFF); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ) - { + if (ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE) { *p++ = 0x00; - *p++ = ( ssl->verify_data_len * 2 + 1 ) & 0xFF; + *p++ = (ssl->verify_data_len * 2 + 1) & 0xFF; *p++ = ssl->verify_data_len * 2 & 0xFF; - memcpy( p, ssl->peer_verify_data, ssl->verify_data_len ); + memcpy(p, ssl->peer_verify_data, ssl->verify_data_len); p += ssl->verify_data_len; - memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); + memcpy(p, ssl->own_verify_data, ssl->verify_data_len); p += ssl->verify_data_len; - } - else + } else #endif /* MBEDTLS_SSL_RENEGOTIATION */ { *p++ = 0x00; @@ -2493,22 +2291,20 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; - if( ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) - { + if (ssl->session_negotiate->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, max_fragment_length extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH) & 0xFF); *p++ = 0x00; *p++ = 1; @@ -2521,24 +2317,22 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { unsigned char *p = buf; ((void) ssl); - if( ( ssl->handshake->cli_exts & - MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT ) == 0 ) - { + if ((ssl->handshake->cli_exts & + MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT) == 0) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, supported_point_formats extension")); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS) & 0xFF); *p++ = 0x00; *p++ = 2; @@ -2551,10 +2345,9 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_ecjpake_kkpp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; @@ -2563,48 +2356,44 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *olen = 0; /* Skip costly computation if not needed */ - if( ssl->handshake->ciphersuite_info->key_exchange != - MBEDTLS_KEY_EXCHANGE_ECJPAKE ) + if (ssl->handshake->ciphersuite_info->key_exchange != + MBEDTLS_KEY_EXCHANGE_ECJPAKE) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, ecjpake kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, ecjpake kkpp extension")); - if( end - p < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + if (end - p < 4) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8) & 0xFF); + *p++ = (unsigned char)((MBEDTLS_TLS_EXT_ECJPAKE_KKPP) & 0xFF); - ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); + ret = mbedtls_ecjpake_write_round_one(&ssl->handshake->ecjpake_ctx, + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_one", ret); return; } - *p++ = (unsigned char)( ( kkpp_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); + *p++ = (unsigned char)((kkpp_len >> 8) & 0xFF); + *p++ = (unsigned char)((kkpp_len) & 0xFF); *olen = kkpp_len + 4; } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_ALPN ) -static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) -{ - if( ssl->alpn_chosen == NULL ) - { +static void ssl_write_alpn_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, size_t *olen) { + if (ssl->alpn_chosen == NULL) { *olen = 0; return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding alpn extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding alpn extension")); /* * 0 . 1 ext identifier @@ -2613,44 +2402,41 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, * 6 . 6 protocol name length * 7 . 7+n protocol name */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); + buf[0] = (unsigned char)((MBEDTLS_TLS_EXT_ALPN >> 8) & 0xFF); + buf[1] = (unsigned char)((MBEDTLS_TLS_EXT_ALPN) & 0xFF); - *olen = 7 + strlen( ssl->alpn_chosen ); + *olen = 7 + strlen(ssl->alpn_chosen); - buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + buf[2] = (unsigned char)(((*olen - 4) >> 8) & 0xFF); + buf[3] = (unsigned char)(((*olen - 4)) & 0xFF); - buf[4] = (unsigned char)( ( ( *olen - 6 ) >> 8 ) & 0xFF ); - buf[5] = (unsigned char)( ( ( *olen - 6 ) ) & 0xFF ); + buf[4] = (unsigned char)(((*olen - 6) >> 8) & 0xFF); + buf[5] = (unsigned char)(((*olen - 6)) & 0xFF); - buf[6] = (unsigned char)( ( ( *olen - 7 ) ) & 0xFF ); + buf[6] = (unsigned char)(((*olen - 7)) & 0xFF); - memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 ); + memcpy(buf + 7, ssl->alpn_chosen, *olen - 7); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_SSL_DTLS_SRTP ) && defined(MBEDTLS_SSL_PROTO_DTLS) -static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) -{ +static void ssl_write_use_srtp_ext(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen) { size_t mki_len = 0, ext_len = 0; uint16_t profile_value = 0; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; - if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) || - ( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) - { + if ((ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET)) { return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding use_srtp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, adding use_srtp extension")); - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) - { + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED) { mki_len = ssl->dtls_srtp_info.mki_len; } @@ -2662,54 +2448,49 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * - 1 byte for the mki length * + the actual mki length * Check we have enough room in the output buffer */ - if( (size_t)( end - buf ) < mki_len + 9 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + if ((size_t)(end - buf) < mki_len + 9) { + MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return; } /* extension */ - buf[0] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP >> 8 ) & 0xFF ); - buf[1] = (unsigned char)( ( MBEDTLS_TLS_EXT_USE_SRTP ) & 0xFF ); + buf[0] = (unsigned char)((MBEDTLS_TLS_EXT_USE_SRTP >> 8) & 0xFF); + buf[1] = (unsigned char)((MBEDTLS_TLS_EXT_USE_SRTP) & 0xFF); /* * total length 5 and mki value: only one profile(2 bytes) * and length(2 bytes) and srtp_mki ) */ ext_len = 5 + mki_len; - buf[2] = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - buf[3] = (unsigned char)( ext_len & 0xFF ); + buf[2] = (unsigned char)((ext_len >> 8) & 0xFF); + buf[3] = (unsigned char)(ext_len & 0xFF); /* protection profile length: 2 */ buf[4] = 0x00; buf[5] = 0x02; profile_value = mbedtls_ssl_check_srtp_profile_value( - ssl->dtls_srtp_info.chosen_dtls_srtp_profile ); - if( profile_value != MBEDTLS_TLS_SRTP_UNSET ) - { - buf[6] = (unsigned char)( ( profile_value >> 8 ) & 0xFF ); - buf[7] = (unsigned char)( profile_value & 0xFF ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "use_srtp extension invalid profile" ) ); + ssl->dtls_srtp_info.chosen_dtls_srtp_profile); + if (profile_value != MBEDTLS_TLS_SRTP_UNSET) { + buf[6] = (unsigned char)((profile_value >> 8) & 0xFF); + buf[7] = (unsigned char)(profile_value & 0xFF); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("use_srtp extension invalid profile")); return; } buf[8] = mki_len & 0xFF; - memcpy( &buf[9], ssl->dtls_srtp_info.mki_value, mki_len ); + memcpy(&buf[9], ssl->dtls_srtp_info.mki_value, mki_len); *olen = 9 + mki_len; } #endif /* MBEDTLS_SSL_DTLS_SRTP */ #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) -static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = ssl->out_msg + 4; unsigned char *cookie_len_byte; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello verify request")); /* * struct { @@ -2720,32 +2501,30 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) /* The RFC is not clear on this point, but sending the actual negotiated * version looks like the most interoperable thing to do. */ - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, p ); - MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 ); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, p); + MBEDTLS_SSL_DEBUG_BUF(3, "server version", p, 2); p += 2; /* If we get here, f_cookie_check is not null */ - if( ssl->conf->f_cookie_write == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (ssl->conf->f_cookie_write == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("inconsistent cookie callbacks")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } /* Skip length byte until we know the length */ cookie_len_byte = p++; - if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie, - &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, - ssl->cli_id, ssl->cli_id_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "f_cookie_write", ret ); - return( ret ); + if ((ret = ssl->conf->f_cookie_write(ssl->conf->p_cookie, + &p, ssl->out_buf + MBEDTLS_SSL_OUT_BUFFER_LEN, + ssl->cli_id, ssl->cli_id_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "f_cookie_write", ret); + return (ret); } - *cookie_len_byte = (unsigned char)( p - ( cookie_len_byte + 1 ) ); + *cookie_len_byte = (unsigned char)(p - (cookie_len_byte + 1)); - MBEDTLS_SSL_DEBUG_BUF( 3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte ); + MBEDTLS_SSL_DEBUG_BUF(3, "cookie sent", cookie_len_byte + 1, *cookie_len_byte); ssl->out_msglen = p - ssl->out_msg; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -2753,29 +2532,26 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello verify request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello verify request")); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ -static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_server_hello(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t t; #endif @@ -2783,23 +2559,21 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) size_t olen, ext_len = 0, n; unsigned char *buf, *p; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello")); #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->verify_cookie_len != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->verify_cookie_len != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("client hello was not authenticated")); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - return( ssl_write_hello_verify_request( ssl ) ); + return (ssl_write_hello_verify_request(ssl)); } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - if( ssl->conf->f_rng == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") ); - return( MBEDTLS_ERR_SSL_NO_RNG ); + if (ssl->conf->f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); + return (MBEDTLS_ERR_SSL_NO_RNG); } /* @@ -2812,57 +2586,55 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) buf = ssl->out_msg; p = buf + 4; - mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version(ssl->major_ver, ssl->minor_ver, + ssl->conf->transport, p); p += 2; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", - buf[4], buf[5] ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen version: [%d:%d]", + buf[4], buf[5])); #if defined(MBEDTLS_HAVE_TIME) - t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); - *p++ = (unsigned char)( t >> 8 ); - *p++ = (unsigned char)( t ); + t = mbedtls_time(NULL); + *p++ = (unsigned char)(t >> 24); + *p++ = (unsigned char)(t >> 16); + *p++ = (unsigned char)(t >> 8); + *p++ = (unsigned char)(t); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, - (long long) t ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG, + (long long) t)); #else - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) + return (ret); p += 4; #endif /* MBEDTLS_HAVE_TIME */ - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 28)) != 0) + return (ret); p += 28; - memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 ); + memcpy(ssl->handshake->randbytes + 32, buf + 6, 32); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, random bytes", buf + 6, 32); /* * Resume is 0 by default, see ssl_handshake_init(). * It may be already set to 1 by ssl_parse_session_ticket_ext(). * If not, try looking up session ID in our cache. */ - if( ssl->handshake->resume == 0 && + if (ssl->handshake->resume == 0 && #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE && + ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE && #endif - ssl->session_negotiate->id_len != 0 && - ssl->conf->f_get_cache != NULL && - ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) ); + ssl->session_negotiate->id_len != 0 && + ssl->conf->f_get_cache != NULL && + ssl->conf->f_get_cache(ssl->conf->p_cache, ssl->session_negotiate) == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("session successfully restored from cache")); ssl->handshake->resume = 1; } - if( ssl->handshake->resume == 0 ) - { + if (ssl->handshake->resume == 0) { /* * New session, create a new session id, * unless we're about to issue a session ticket @@ -2870,36 +2642,31 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = mbedtls_time( NULL ); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl->handshake->new_session_ticket != 0 ) - { + if (ssl->handshake->new_session_ticket != 0) { ssl->session_negotiate->id_len = n = 0; - memset( ssl->session_negotiate->id, 0, 32 ); - } - else + memset(ssl->session_negotiate->id, 0, 32); + } else #endif /* MBEDTLS_SSL_SESSION_TICKETS */ { ssl->session_negotiate->id_len = n = 32; - if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, - n ) ) != 0 ) - return( ret ); + if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id, + n)) != 0) + return (ret); } - } - else - { + } else { /* * Resuming a session */ n = ssl->session_negotiate->id_len; ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC; - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return (ret); } } @@ -2912,99 +2679,96 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) * 44+n . 43+n+m extensions */ *p++ = (unsigned char) ssl->session_negotiate->id_len; - memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len ); + memcpy(p, ssl->session_negotiate->id, ssl->session_negotiate->id_len); p += ssl->session_negotiate->id_len; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed", - ssl->handshake->resume ? "a" : "no" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n)); + MBEDTLS_SSL_DEBUG_BUF(3, "server hello, session id", buf + 39, n); + MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed", + ssl->handshake->resume ? "a" : "no")); - *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite >> 8 ); - *p++ = (unsigned char)( ssl->session_negotiate->ciphersuite ); - *p++ = (unsigned char)( ssl->session_negotiate->compression ); + *p++ = (unsigned char)(ssl->session_negotiate->ciphersuite >> 8); + *p++ = (unsigned char)(ssl->session_negotiate->ciphersuite); + *p++ = (unsigned char)(ssl->session_negotiate->compression); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", - mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X", - (unsigned int) ssl->session_negotiate->compression ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, chosen ciphersuite: %s", + mbedtls_ssl_get_ciphersuite_name(ssl->session_negotiate->ciphersuite))); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, compress alg.: 0x%02X", + (unsigned int) ssl->session_negotiate->compression)); /* Do not write the extensions if the protocol is SSLv3 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ( ssl->major_ver != 3 ) || ( ssl->minor_ver != 0 ) ) - { + if ((ssl->major_ver != 3) || (ssl->minor_ver != 0)) { #endif - /* - * First write extensions, then the total length - */ - ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + /* + * First write extensions, then the total length + */ + ssl_write_renegotiation_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_max_fragment_length_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_truncated_hmac_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_cid_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_encrypt_then_mac_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_extended_ms_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_session_ticket_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if ( mbedtls_ssl_ciphersuite_uses_ec( - mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) ) - { - ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; - } + if (mbedtls_ssl_ciphersuite_uses_ec( + mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite))) { + ssl_write_supported_point_formats_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; + } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_ecjpake_kkpp_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_alpn_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - ssl_write_use_srtp_ext( ssl, p + 2 + ext_len, &olen ); - ext_len += olen; + ssl_write_use_srtp_ext(ssl, p + 2 + ext_len, &olen); + ext_len += olen; #endif - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, - ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, + ext_len)); - if( ext_len > 0 ) - { - *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ext_len ) & 0xFF ); - p += ext_len; - } + if (ext_len > 0) { + *p++ = (unsigned char)((ext_len >> 8) & 0xFF); + *p++ = (unsigned char)((ext_len) & 0xFF); + p += ext_len; + } #if defined(MBEDTLS_SSL_PROTO_SSL3) } @@ -3014,60 +2778,56 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - ret = mbedtls_ssl_write_handshake_msg( ssl ); + ret = mbedtls_ssl_write_handshake_msg(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); - return( ret ); + return (ret); } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); ssl->state++; - return( 0 ); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; uint16_t dn_size, total_dn_size; /* excluding length bytes */ size_t ct_len, sa_len; /* including length bytes */ unsigned char *buf, *p; - const unsigned char * const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + const unsigned char *const end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; const mbedtls_x509_crt *crt; int authmode; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request")); ssl->state++; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET ) + if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) authmode = ssl->handshake->sni_authmode; else #endif authmode = ssl->conf->authmode; - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) || - authmode == MBEDTLS_SSL_VERIFY_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) ); - return( 0 ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info) || + authmode == MBEDTLS_SSL_VERIFY_NONE) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request")); + return (0); } /* @@ -3118,18 +2878,16 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) * enum { (255) } HashAlgorithm; * enum { (255) } SignatureAlgorithm; */ - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { const int *cur; /* * Supported signature algorithms */ - for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) - { - unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur ); + for (cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++) { + unsigned char hash = mbedtls_ssl_hash_from_md_alg(*cur); - if( MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md( ssl, hash ) ) + if (MBEDTLS_SSL_HASH_NONE == hash || mbedtls_ssl_set_calc_verify_md(ssl, hash)) continue; #if defined(MBEDTLS_RSA_C) @@ -3142,8 +2900,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) #endif } - p[0] = (unsigned char)( sa_len >> 8 ); - p[1] = (unsigned char)( sa_len ); + p[0] = (unsigned char)(sa_len >> 8); + p[1] = (unsigned char)(sa_len); sa_len += 2; p += sa_len; } @@ -3157,38 +2915,35 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) total_dn_size = 0; - if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED ) - { + if (ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED) { /* NOTE: If trusted certificates are provisioned * via a CA callback (configured through * `mbedtls_ssl_conf_ca_cb()`, then the * CertificateRequest is currently left empty. */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_ca_chain != NULL ) + if (ssl->handshake->sni_ca_chain != NULL) crt = ssl->handshake->sni_ca_chain; else #endif crt = ssl->conf->ca_chain; - while( crt != NULL && crt->version != 0 ) - { + while (crt != NULL && crt->version != 0) { /* It follows from RFC 5280 A.1 that this length * can be represented in at most 11 bits. */ dn_size = (uint16_t) crt->subject_raw.len; - if( end < p || (size_t)( end - p ) < 2 + (size_t) dn_size ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) ); + if (end < p || (size_t)(end - p) < 2 + (size_t) dn_size) { + MBEDTLS_SSL_DEBUG_MSG(1, ("skipping CAs: buffer too short")); break; } - *p++ = (unsigned char)( dn_size >> 8 ); - *p++ = (unsigned char)( dn_size ); - memcpy( p, crt->subject_raw.p, dn_size ); + *p++ = (unsigned char)(dn_size >> 8); + *p++ = (unsigned char)(dn_size); + memcpy(p, crt->subject_raw.p, dn_size); p += dn_size; - MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size ); + MBEDTLS_SSL_DEBUG_BUF(3, "requested DN", p - dn_size, dn_size); total_dn_size += 2 + dn_size; crt = crt->next; @@ -3198,64 +2953,59 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) ssl->out_msglen = p - buf; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; - ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 ); - ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size ); + ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)(total_dn_size >> 8); + ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)(total_dn_size); - ret = mbedtls_ssl_write_handshake_msg( ssl ); + ret = mbedtls_ssl_write_handshake_msg(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) -{ +static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); - return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); + if (! mbedtls_pk_can_do(mbedtls_ssl_own_key(ssl), MBEDTLS_PK_ECKEY)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable")); + return (MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH); } - if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, - mbedtls_pk_ec( *mbedtls_ssl_own_key( ssl ) ), - MBEDTLS_ECDH_OURS ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret ); - return( ret ); + if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, + mbedtls_pk_ec(*mbedtls_ssl_own_key(ssl)), + MBEDTLS_ECDH_OURS)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \ defined(MBEDTLS_SSL_ASYNC_PRIVATE) -static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, - size_t *signature_len ) -{ +static int ssl_resume_server_key_exchange(mbedtls_ssl_context *ssl, + size_t *signature_len) { /* Append the signature to ssl->out_msg, leaving 2 bytes for the * signature length which will be added in ssl_write_server_key_exchange * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; - size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN - - sig_start ); - int ret = ssl->conf->f_async_resume( ssl, - sig_start, signature_len, sig_max_len ); - if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - { + size_t sig_max_len = (ssl->out_buf + MBEDTLS_SSL_OUT_CONTENT_LEN + - sig_start); + int ret = ssl->conf->f_async_resume(ssl, + sig_start, signature_len, sig_max_len); + if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data( ssl, NULL ); + mbedtls_ssl_set_async_operation_data(ssl, NULL); } - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_resume_server_key_exchange", ret); + return (ret); } #endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ @@ -3263,9 +3013,8 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, /* Prepare the ServerKeyExchange message, up to and including * calculating the signature if any, but excluding formatting the * signature and sending the message. */ -static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, - size_t *signature_len ) -{ +static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, + size_t *signature_len) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -3292,20 +3041,18 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * - ECJPAKE key exchanges */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; ret = mbedtls_ecjpake_write_round_two( - &ssl->handshake->ecjpake_ctx, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret ); - return( ret ); + &ssl->handshake->ecjpake_ctx, + ssl->out_msg + ssl->out_msglen, + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, &len, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_write_round_two", ret); + return (ret); } ssl->out_msglen += len; @@ -3319,9 +3066,8 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, **/ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { ssl->out_msg[ssl->out_msglen++] = 0x00; ssl->out_msg[ssl->out_msglen++] = 0x00; } @@ -3332,15 +3078,13 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * - DHE key exchanges */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_dhe(ciphersuite_info)) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no DH parameters set" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no DH parameters set")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* @@ -3352,22 +3096,20 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_set_group( &ssl->handshake->dhm_ctx, - &ssl->conf->dhm_P, - &ssl->conf->dhm_G ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_set_group", ret ); - return( ret ); + if ((ret = mbedtls_dhm_set_group(&ssl->handshake->dhm_ctx, + &ssl->conf->dhm_P, + &ssl->conf->dhm_G)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_set_group", ret); + return (ret); } - if( ( ret = mbedtls_dhm_make_params( - &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - ssl->out_msg + ssl->out_msglen, &len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_params", ret ); - return( ret ); + if ((ret = mbedtls_dhm_make_params( + &ssl->handshake->dhm_ctx, + (int) mbedtls_mpi_size(&ssl->handshake->dhm_ctx.P), + ssl->out_msg + ssl->out_msglen, &len, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_make_params", ret); + return (ret); } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) @@ -3376,10 +3118,10 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->out_msglen += len; - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G ); - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: X ", &ssl->handshake->dhm_ctx.X); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: P ", &ssl->handshake->dhm_ctx.P); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: G ", &ssl->handshake->dhm_ctx.G); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GX", &ssl->handshake->dhm_ctx.GX); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED */ @@ -3387,8 +3129,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, * - ECDHE key exchanges */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_ecdhe(ciphersuite_info)) { /* * Ephemeral ECDH parameters: * @@ -3403,35 +3144,32 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, size_t len = 0; /* Match our preference list against the offered curves */ - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) - for( curve = ssl->handshake->curves; *curve != NULL; curve++ ) - if( (*curve)->grp_id == *gid ) + for (gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++) + for (curve = ssl->handshake->curves; *curve != NULL; curve++) + if ((*curve)->grp_id == *gid) goto curve_matching_done; curve_matching_done: - if( curve == NULL || *curve == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); + if (curve == NULL || *curve == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no matching curve for ECDHE")); + return (MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("ECDHE curve: %s", (*curve)->name)); - if( ( ret = mbedtls_ecdh_setup( &ssl->handshake->ecdh_ctx, - (*curve)->grp_id ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecp_group_load", ret ); - return( ret ); + if ((ret = mbedtls_ecdh_setup(&ssl->handshake->ecdh_ctx, + (*curve)->grp_id)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecp_group_load", ret); + return (ret); } - if( ( ret = mbedtls_ecdh_make_params( - &ssl->handshake->ecdh_ctx, &len, - ssl->out_msg + ssl->out_msglen, - MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_params", ret ); - return( ret ); + if ((ret = mbedtls_ecdh_make_params( + &ssl->handshake->ecdh_ctx, &len, + ssl->out_msg + ssl->out_msglen, + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_make_params", ret); + return (ret); } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) @@ -3440,8 +3178,8 @@ curve_matching_done: ssl->out_msglen += len; - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Q ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Q); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED */ @@ -3452,8 +3190,7 @@ curve_matching_done: * */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; @@ -3472,84 +3209,74 @@ curve_matching_done: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) mbedtls_pk_type_t sig_alg = - mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ); - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + mbedtls_ssl_get_ciphersuite_sig_pk_alg(ciphersuite_info); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { /* A: For TLS 1.2, obey signature-hash-algorithm extension * (RFC 5246, Sec. 7.4.1.4.1). */ - if( sig_alg == MBEDTLS_PK_NONE || - ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, - sig_alg ) ) == MBEDTLS_MD_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + if (sig_alg == MBEDTLS_PK_NONE || + (md_alg = mbedtls_ssl_sig_hash_set_find(&ssl->handshake->hash_algs, + sig_alg)) == MBEDTLS_MD_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); /* (... because we choose a cipher suite * only if there is a matching hash.) */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ) - { - /* B: Default hash SHA1 */ - md_alg = MBEDTLS_MD_SHA1; - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) { + /* B: Default hash SHA1 */ + md_alg = MBEDTLS_MD_SHA1; + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ - { - /* C: MD5 + SHA1 */ - md_alg = MBEDTLS_MD_NONE; - } + { + /* C: MD5 + SHA1 */ + md_alg = MBEDTLS_MD_NONE; + } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("pick hash algorithm %u for signing", (unsigned) md_alg)); /* * 2.2: Compute the hash to be signed */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( md_alg == MBEDTLS_MD_NONE ) - { + if (md_alg == MBEDTLS_MD_NONE) { hashlen = 36; - ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, - dig_signed, - dig_signed_len ); - if( ret != 0 ) - return( ret ); - } - else + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls(ssl, hash, + dig_signed, + dig_signed_len); + if (ret != 0) + return (ret); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( md_alg != MBEDTLS_MD_NONE ) - { - ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen, - dig_signed, - dig_signed_len, - md_alg ); - if( ret != 0 ) - return( ret ); - } - else + if (md_alg != MBEDTLS_MD_NONE) { + ret = mbedtls_ssl_get_key_exchange_md_tls1_2(ssl, hash, &hashlen, + dig_signed, + dig_signed_len, + md_alg); + if (ret != 0) + return (ret); + } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen ); + MBEDTLS_SSL_DEBUG_BUF(3, "parameters hash", hash, hashlen); /* * 2.3: Compute and add the signature */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { /* * For TLS 1.2, we need to specify signature and hash algorithm * explicitly through a prefix to the signature. @@ -3567,40 +3294,37 @@ curve_matching_done: */ ssl->out_msg[ssl->out_msglen++] = - mbedtls_ssl_hash_from_md_alg( md_alg ); + mbedtls_ssl_hash_from_md_alg(md_alg); ssl->out_msg[ssl->out_msglen++] = - mbedtls_ssl_sig_from_pk_alg( sig_alg ); + mbedtls_ssl_sig_from_pk_alg(sig_alg); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_sign_start != NULL ) - { - ret = ssl->conf->f_async_sign_start( ssl, - mbedtls_ssl_own_cert( ssl ), - md_alg, hash, hashlen ); - switch( ret ) - { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_sign was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return( ssl_resume_server_key_exchange( ssl, signature_len ) ); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); - default: - MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign_start", ret ); - return( ret ); + if (ssl->conf->f_async_sign_start != NULL) { + ret = ssl->conf->f_async_sign_start(ssl, + mbedtls_ssl_own_cert(ssl), + md_alg, hash, hashlen); + switch (ret) { + case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: + /* act as if f_async_sign was null */ + break; + case 0: + ssl->handshake->async_in_progress = 1; + return (ssl_resume_server_key_exchange(ssl, signature_len)); + case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: + ssl->handshake->async_in_progress = 1; + return (MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS); + default: + MBEDTLS_SSL_DEBUG_RET(1, "f_async_sign_start", ret); + return (ret); } } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if( mbedtls_ssl_own_key( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (mbedtls_ssl_own_key(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no private key")); + return (MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED); } /* Append the signature to ssl->out_msg, leaving 2 bytes for the @@ -3608,56 +3332,52 @@ curve_matching_done: * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - signature_len, - ssl->conf->f_rng, - ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); - return( ret ); + if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + signature_len, + ssl->conf->f_rng, + ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); + return (ret); } } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - return( 0 ); + return (0); } /* Prepare the ServerKeyExchange message and send it. For ciphersuites * that do not include a ServerKeyExchange message, do nothing. Either * way, if successful, move on to the next step in the SSL state * machine. */ -static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t signature_len = 0; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = - ssl->handshake->ciphersuite_info; + ssl->handshake->ciphersuite_info; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange")); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) /* Extract static ECDH parameters and abort if ServerKeyExchange * is not needed. */ - if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) ) - { + if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) { /* For suites involving ECDH, extract DH parameters * from certificate at this point. */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) - if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) ) - { - ssl_get_ecdh_params_from_cert( ssl ); + if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) { + ssl_get_ecdh_params_from_cert(ssl); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ /* Key exchanges not involving ephemeral keys don't use * ServerKeyExchange, so end here. */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange")); ssl->state++; - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ @@ -3665,44 +3385,40 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already prepared the message and there is an ongoing * signature operation, resume signing. */ - if( ssl->handshake->async_in_progress != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) ); - ret = ssl_resume_server_key_exchange( ssl, &signature_len ); - } - else + if (ssl->handshake->async_in_progress != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("resuming signature operation")); + ret = ssl_resume_server_key_exchange(ssl, &signature_len); + } else #endif /* defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && defined(MBEDTLS_SSL_ASYNC_PRIVATE) */ { /* ServerKeyExchange is needed. Prepare the message. */ - ret = ssl_prepare_server_key_exchange( ssl, &signature_len ); + ret = ssl_prepare_server_key_exchange(ssl, &signature_len); } - if( ret != 0 ) - { + if (ret != 0) { /* If we're starting to write a new message, set ssl->out_msglen * to 0. But if we're resuming after an asynchronous message, * out_msglen is the amount of data written so far and mst be * preserved. */ - if( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange (pending)" ) ); + if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange (pending)")); else ssl->out_msglen = 0; - return( ret ); + return (ret); } /* If there is a signature, write its length. * ssl_prepare_server_key_exchange already wrote the signature * itself at its proper place in the output buffer. */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) - if( signature_len != 0 ) - { - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len >> 8 ); - ssl->out_msg[ssl->out_msglen++] = (unsigned char)( signature_len ); + if (signature_len != 0) { + ssl->out_msg[ssl->out_msglen++] = (unsigned char)(signature_len >> 8); + ssl->out_msg[ssl->out_msglen++] = (unsigned char)(signature_len); - MBEDTLS_SSL_DEBUG_BUF( 3, "my signature", - ssl->out_msg + ssl->out_msglen, - signature_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "my signature", + ssl->out_msg + ssl->out_msglen, + signature_len); /* Skip over the already-written signature */ ssl->out_msglen += signature_len; @@ -3715,21 +3431,19 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server key exchange" ) ); - return( 0 ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server key exchange")); + return (0); } -static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server hello done")); ssl->out_msglen = 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -3738,67 +3452,61 @@ static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + mbedtls_ssl_send_flight_completed(ssl); #endif - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write server hello done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello done")); - return( 0 ); + return (0); } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end ) -{ +static int ssl_parse_client_dh_public(mbedtls_ssl_context *ssl, unsigned char **p, + const unsigned char *end) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t n; /* * Receive G^Y mod P, premaster = (G^Y)^X mod P */ - if( *p + 2 > end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (*p + 2 > end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = ((*p)[0] << 8) | (*p)[1]; *p += 2; - if( *p + n > end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (*p + n > end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + if ((ret = mbedtls_dhm_read_public(&ssl->handshake->dhm_ctx, *p, n)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_read_public", ret); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP); } *p += n; - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY ); + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: GY", &ssl->handshake->dhm_ctx.GY); - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -3807,43 +3515,39 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) -static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize ) -{ - int ret = ssl->conf->f_async_resume( ssl, - peer_pms, peer_pmslen, peer_pmssize ); - if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - { +static int ssl_resume_decrypt_pms(mbedtls_ssl_context *ssl, + unsigned char *peer_pms, + size_t *peer_pmslen, + size_t peer_pmssize) { + int ret = ssl->conf->f_async_resume(ssl, + peer_pms, peer_pmslen, peer_pmssize); + if (ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) { ssl->handshake->async_in_progress = 0; - mbedtls_ssl_set_async_operation_data( ssl, NULL ); + mbedtls_ssl_set_async_operation_data(ssl, NULL); } - MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret ); - return( ret ); + MBEDTLS_SSL_DEBUG_RET(2, "ssl_decrypt_encrypted_pms", ret); + return (ret); } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - unsigned char *peer_pms, - size_t *peer_pmslen, - size_t peer_pmssize ) -{ +static int ssl_decrypt_encrypted_pms(mbedtls_ssl_context *ssl, + const unsigned char *p, + const unsigned char *end, + unsigned char *peer_pms, + size_t *peer_pmslen, + size_t peer_pmssize) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl ); - mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk; - size_t len = mbedtls_pk_get_len( public_key ); + mbedtls_pk_context *private_key = mbedtls_ssl_own_key(ssl); + mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert(ssl)->pk; + size_t len = mbedtls_pk_get_len(public_key); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already started decoding the message and there is an ongoing * decryption operation, resume signing. */ - if( ssl->handshake->async_in_progress != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming decryption operation" ) ); - return( ssl_resume_decrypt_pms( ssl, - peer_pms, peer_pmslen, peer_pmssize ) ); + if (ssl->handshake->async_in_progress != 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("resuming decryption operation")); + return (ssl_resume_decrypt_pms(ssl, + peer_pms, peer_pmslen, peer_pmssize)); } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ @@ -3852,74 +3556,67 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 ) - { - if ( p + 2 > end ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0) { + if (p + 2 > end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - if( *p++ != ( ( len >> 8 ) & 0xFF ) || - *p++ != ( ( len ) & 0xFF ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (*p++ != ((len >> 8) & 0xFF) || + *p++ != ((len) & 0xFF)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } } #endif - if( p + len != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (p + len != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } /* * Decrypt the premaster secret */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_decrypt_start != NULL ) - { - ret = ssl->conf->f_async_decrypt_start( ssl, - mbedtls_ssl_own_cert( ssl ), - p, len ); - switch( ret ) - { - case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: - /* act as if f_async_decrypt_start was null */ - break; - case 0: - ssl->handshake->async_in_progress = 1; - return( ssl_resume_decrypt_pms( ssl, - peer_pms, - peer_pmslen, - peer_pmssize ) ); - case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: - ssl->handshake->async_in_progress = 1; - return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); - default: - MBEDTLS_SSL_DEBUG_RET( 1, "f_async_decrypt_start", ret ); - return( ret ); + if (ssl->conf->f_async_decrypt_start != NULL) { + ret = ssl->conf->f_async_decrypt_start(ssl, + mbedtls_ssl_own_cert(ssl), + p, len); + switch (ret) { + case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: + /* act as if f_async_decrypt_start was null */ + break; + case 0: + ssl->handshake->async_in_progress = 1; + return (ssl_resume_decrypt_pms(ssl, + peer_pms, + peer_pmslen, + peer_pmssize)); + case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: + ssl->handshake->async_in_progress = 1; + return (MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS); + default: + MBEDTLS_SSL_DEBUG_RET(1, "f_async_decrypt_start", ret); + return (ret); } } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_RSA ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (! mbedtls_pk_can_do(private_key, MBEDTLS_PK_RSA)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no RSA private key")); + return (MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED); } - ret = mbedtls_pk_decrypt( private_key, p, len, - peer_pms, peer_pmslen, peer_pmssize, - ssl->conf->f_rng, ssl->conf->p_rng ); - return( ret ); + ret = mbedtls_pk_decrypt(private_key, p, len, + peer_pms, peer_pmslen, peer_pmssize, + ssl->conf->f_rng, ssl->conf->p_rng); + return (ret); } -static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, - const unsigned char *p, - const unsigned char *end, - size_t pms_offset ) -{ +static int ssl_parse_encrypted_pms(mbedtls_ssl_context *ssl, + const unsigned char *p, + const unsigned char *end, + size_t pms_offset) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *pms = ssl->handshake->premaster + pms_offset; unsigned char ver[2]; @@ -3938,19 +3635,19 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, peer_pms[0] = peer_pms[1] = ~0; peer_pmslen = 0; - ret = ssl_decrypt_encrypted_pms( ssl, p, end, - peer_pms, - &peer_pmslen, - sizeof( peer_pms ) ); + ret = ssl_decrypt_encrypted_pms(ssl, p, end, + peer_pms, + &peer_pmslen, + sizeof(peer_pms)); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if ( ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) - return( ret ); + if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS) + return (ret); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - mbedtls_ssl_write_version( ssl->handshake->max_major_ver, - ssl->handshake->max_minor_ver, - ssl->conf->transport, ver ); + mbedtls_ssl_write_version(ssl->handshake->max_major_ver, + ssl->handshake->max_minor_ver, + ssl->conf->transport, ver); /* Avoid data-dependent branches while checking for invalid * padding, to protect against timing-based Bleichenbacher-type @@ -3967,7 +3664,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - mask = - ( ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ) ); + mask = - ((diff | - diff) >> (sizeof(unsigned int) * 8 - 1)); #if defined(_MSC_VER) #pragma warning( pop ) #endif @@ -3981,424 +3678,364 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, * successful. In particular, always generate the fake premaster secret, * regardless of whether it will ultimately influence the output or not. */ - ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) ); - if( ret != 0 ) - { + ret = ssl->conf->f_rng(ssl->conf->p_rng, fake_pms, sizeof(fake_pms)); + if (ret != 0) { /* It's ok to abort on an RNG failure, since this does not reveal * anything about the RSA decryption. */ - return( ret ); + return (ret); } #if defined(MBEDTLS_SSL_DEBUG_ALL) - if( diff != 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); + if (diff != 0) + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); #endif - if( sizeof( ssl->handshake->premaster ) < pms_offset || - sizeof( ssl->handshake->premaster ) - pms_offset < 48 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if (sizeof(ssl->handshake->premaster) < pms_offset || + sizeof(ssl->handshake->premaster) - pms_offset < 48) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } ssl->handshake->pmslen = 48; /* Set pms to either the true or the fake PMS, without * data-dependent branches. */ - for( i = 0; i < ssl->handshake->pmslen; i++ ) - pms[i] = ( mask & fake_pms[i] ) | ( (~mask) & peer_pms[i] ); + for (i = 0; i < ssl->handshake->pmslen; i++) + pms[i] = (mask & fake_pms[i]) | ((~mask) & peer_pms[i]); - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned char **p, - const unsigned char *end ) -{ +static int ssl_parse_client_psk_identity(mbedtls_ssl_context *ssl, unsigned char **p, + const unsigned char *end) { int ret = 0; uint16_t n; - if( ssl_conf_has_psk_or_cb( ssl->conf ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) ); - return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ); + if (ssl_conf_has_psk_or_cb(ssl->conf) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no pre-shared key")); + return (MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED); } /* * Receive client pre-shared key identity name */ - if( end - *p < 2 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (end - *p < 2) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - n = ( (*p)[0] << 8 ) | (*p)[1]; + n = ((*p)[0] << 8) | (*p)[1]; *p += 2; - if( n == 0 || n > end - *p ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (n == 0 || n > end - *p) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - if( ssl->conf->f_psk != NULL ) - { - if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 ) + if (ssl->conf->f_psk != NULL) { + if (ssl->conf->f_psk(ssl->conf->p_psk, ssl, *p, n) != 0) ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; - } - else - { + } else { /* Identity is not a big secret since clients send it in the clear, * but treat it carefully anyway, just in case */ - if( n != ssl->conf->psk_identity_len || - mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 ) - { + if (n != ssl->conf->psk_identity_len || + mbedtls_ssl_safer_memcmp(ssl->conf->psk_identity, *p, n) != 0) { ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; } } - if( ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ) - { - MBEDTLS_SSL_DEBUG_BUF( 3, "Unknown PSK identity", *p, n ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY ); - return( MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY ); + if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { + MBEDTLS_SSL_DEBUG_BUF(3, "Unknown PSK identity", *p, n); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY); + return (MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY); } *p += n; - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ -static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char *p, *end; ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse client key exchange")); #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) && \ ( defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) - if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) && - ( ssl->handshake->async_in_progress != 0 ) ) - { + if ((ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) && + (ssl->handshake->async_in_progress != 0)) { /* We've already read a record and there is an asynchronous * operation in progress to decrypt it. So skip reading the * record. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "will resume decryption of previously-read record" ) ); - } - else + MBEDTLS_SSL_DEBUG_MSG(3, ("will resume decryption of previously-read record")); + } else #endif - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); - } + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); + } - p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); + p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); end = ssl->in_msg + ssl->in_hslen; - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ) - { - if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret ); - return( ret ); + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA) { + if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); + return (ret); } - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + if (p != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); } - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); + if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS); } - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || - ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) - { - if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, - p, end - p) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); - } + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || + ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) { + if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, + p, end - p)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP); + } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP); - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); - } + if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS); + } - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ) - { - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); - } + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) { + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return (ret); + } - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); - } + if (p != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* For opaque PSKs, we perform the PSK-to-MS derivation atomatically - * and skip the intermediate PMS. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) ); - else + /* For opaque PSKs, we perform the PSK-to-MS derivation atomatically + * and skip the intermediate PMS. */ + if (ssl_use_opaque_psk(ssl) == 1) + MBEDTLS_SSL_DEBUG_MSG(1, ("skip PMS generation for opaque PSK")); + else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); - } - } - else + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if ( ssl->handshake->async_in_progress != 0 ) - { - /* There is an asynchronous operation in progress to - * decrypt the encrypted premaster secret, so skip - * directly to resuming this operation. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "PSK identity already parsed" ) ); - /* Update p to skip the PSK identity. ssl_parse_encrypted_pms - * won't actually use it, but maintain p anyway for robustness. */ - p += ssl->conf->psk_identity_len + 2; - } - else + if (ssl->handshake->async_in_progress != 0) { + /* There is an asynchronous operation in progress to + * decrypt the encrypted premaster secret, so skip + * directly to resuming this operation. */ + MBEDTLS_SSL_DEBUG_MSG(3, ("PSK identity already parsed")); + /* Update p to skip the PSK identity. ssl_parse_encrypted_pms + * won't actually use it, but maintain p anyway for robustness. */ + p += ssl->conf->psk_identity_len + 2; + } else #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); - } + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return (ret); + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* Opaque PSKs are currently only supported for PSK-only. */ + if (ssl_use_opaque_psk(ssl) == 1) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif - if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 2 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_encrypted_pms" ), ret ); - return( ret ); - } + if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 2)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_encrypted_pms"), ret); + return (ret); + } - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); - } - } - else + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); - } - if( ( ret = ssl_parse_client_dh_public( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_dh_public" ), ret ); - return( ret ); - } + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return (ret); + } + if ((ret = ssl_parse_client_dh_public(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_dh_public"), ret); + return (ret); + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* Opaque PSKs are currently only supported for PSK-only. */ + if (ssl_use_opaque_psk(ssl) == 1) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif - if( p != end ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); - } + if (p != end) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad client key exchange")); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE); + } - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); - } - } - else + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { - if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_client_psk_identity" ), ret ); - return( ret ); - } + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { + if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_client_psk_identity"), ret); + return (ret); + } - if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, - p, end - p ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); - } + if ((ret = mbedtls_ecdh_read_public(&ssl->handshake->ecdh_ctx, + p, end - p)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_read_public", ret); + return (MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP); + } #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* Opaque PSKs are currently only supported for PSK-only. */ - if( ssl_use_opaque_psk( ssl ) == 1 ) - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + /* Opaque PSKs are currently only supported for PSK-only. */ + if (ssl_use_opaque_psk(ssl) == 1) + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); #endif - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_QP ); + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_QP); - if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, - ciphersuite_info->key_exchange ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); - return( ret ); - } - } - else + if ((ret = mbedtls_ssl_psk_derive_premaster(ssl, + ciphersuite_info->key_exchange)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_psk_derive_premaster", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) - { - if( ( ret = ssl_parse_encrypted_pms( ssl, p, end, 0 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "ssl_parse_parse_encrypted_pms_secret" ), ret ); - return( ret ); - } - } - else + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA) { + if ((ret = ssl_parse_encrypted_pms(ssl, p, end, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, ("ssl_parse_parse_encrypted_pms_secret"), ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) - { - ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, - p, end - p ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); - } + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE) { + ret = mbedtls_ecjpake_read_round_two(&ssl->handshake->ecjpake_ctx, + p, end - p); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_read_round_two", ret); + return (MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE); + } - ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, - ssl->handshake->premaster, 32, &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); - return( ret ); - } - } - else + ret = mbedtls_ecjpake_derive_secret(&ssl->handshake->ecjpake_ctx, + ssl->handshake->premaster, 32, &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecjpake_derive_secret", ret); + return (ret); + } + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - return( ret ); + if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret); + return (ret); } ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client key exchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange")); - return( 0 ); + return (0); } #if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) -{ +static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, sig_len; unsigned char hash[48]; @@ -4410,60 +4047,54 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) mbedtls_md_type_t md_alg; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - mbedtls_pk_context * peer_pk; + mbedtls_pk_context *peer_pk; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate verify")); - if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( ssl->session_negotiate->peer_cert == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (ssl->session_negotiate->peer_cert == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return (0); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert_digest == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) ); + if (ssl->session_negotiate->peer_cert_digest == NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify")); ssl->state++; - return( 0 ); + return (0); } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* Read the message without adding it to the checksum */ - ret = mbedtls_ssl_read_record( ssl, 0 /* no checksum update */ ); - if( 0 != ret ) - { - MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ssl_read_record" ), ret ); - return( ret ); + ret = mbedtls_ssl_read_record(ssl, 0 /* no checksum update */); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_read_record"), ret); + return (ret); } ssl->state++; /* Process the message contents */ - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || - ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || + ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); } - i = mbedtls_ssl_hs_hdr_len( ssl ); + i = mbedtls_ssl_hs_hdr_len(ssl); #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( ssl->session_negotiate->peer_cert == NULL ) - { + if (ssl->session_negotiate->peer_cert == NULL) { /* Should never happen */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } peer_pk = &ssl->session_negotiate->peer_cert->pk; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -4476,127 +4107,114 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { md_alg = MBEDTLS_MD_NONE; hashlen = 36; /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */ - if( mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECDSA ) ) - { + if (mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECDSA)) { hash_start += 16; hashlen -= 16; md_alg = MBEDTLS_MD_SHA1; } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - if( i + 2 > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); - } + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + if (i + 2 > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); + } - /* - * Hash - */ - md_alg = mbedtls_ssl_md_alg_from_hash( ssl->in_msg[i] ); + /* + * Hash + */ + md_alg = mbedtls_ssl_md_alg_from_hash(ssl->in_msg[i]); - if( md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md( ssl, ssl->in_msg[i] ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" - " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); - } + if (md_alg == MBEDTLS_MD_NONE || mbedtls_ssl_set_calc_verify_md(ssl, ssl->in_msg[i])) { + MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" + " for verify message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); + } #if !defined(MBEDTLS_MD_SHA1) - if( MBEDTLS_MD_SHA1 == md_alg ) - hash_start += 16; + if (MBEDTLS_MD_SHA1 == md_alg) + hash_start += 16; #endif - /* Info from md_alg will be used instead */ - hashlen = 0; + /* Info from md_alg will be used instead */ + hashlen = 0; - i++; + i++; - /* - * Signature - */ - if( ( pk_alg = mbedtls_ssl_pk_alg_from_sig( ssl->in_msg[i] ) ) - == MBEDTLS_PK_NONE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" - " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); - } + /* + * Signature + */ + if ((pk_alg = mbedtls_ssl_pk_alg_from_sig(ssl->in_msg[i])) + == MBEDTLS_PK_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("peer not adhering to requested sig_alg" + " for verify message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); + } - /* - * Check the certificate's key type matches the signature alg - */ - if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); - } + /* + * Check the certificate's key type matches the signature alg + */ + if (!mbedtls_pk_can_do(peer_pk, pk_alg)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); + } - i++; - } - else + i++; + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } + + if (i + 2 > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); } - if( i + 2 > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); - } - - sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; + sig_len = (ssl->in_msg[i] << 8) | ssl->in_msg[i + 1]; i += 2; - if( i + sig_len != ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + if (i + sig_len != ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate verify message")); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY); } /* Calculate hash and verify signature */ { size_t dummy_hlen; - ssl->handshake->calc_verify( ssl, hash, &dummy_hlen ); + ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); } - if( ( ret = mbedtls_pk_verify( peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); - return( ret ); + if ((ret = mbedtls_pk_verify(peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); + return (ret); } - mbedtls_ssl_update_handshake_status( ssl ); + mbedtls_ssl_update_handshake_status(ssl); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t tlen; uint32_t lifetime; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write new session ticket")); ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_NEW_SESSION_TICKET; @@ -4612,23 +4230,22 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) * 10 . 9+n ticket content */ - if( ( ret = ssl->conf->f_ticket_write( ssl->conf->p_ticket, - ssl->session_negotiate, - ssl->out_msg + 10, - ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, - &tlen, &lifetime ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_ticket_write", ret ); + if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, + ssl->session_negotiate, + ssl->out_msg + 10, + ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN, + &tlen, &lifetime)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_ticket_write", ret); tlen = 0; } - ssl->out_msg[4] = ( lifetime >> 24 ) & 0xFF; - ssl->out_msg[5] = ( lifetime >> 16 ) & 0xFF; - ssl->out_msg[6] = ( lifetime >> 8 ) & 0xFF; - ssl->out_msg[7] = ( lifetime ) & 0xFF; + ssl->out_msg[4] = (lifetime >> 24) & 0xFF; + ssl->out_msg[5] = (lifetime >> 16) & 0xFF; + ssl->out_msg[6] = (lifetime >> 8) & 0xFF; + ssl->out_msg[7] = (lifetime) & 0xFF; - ssl->out_msg[8] = (unsigned char)( ( tlen >> 8 ) & 0xFF ); - ssl->out_msg[9] = (unsigned char)( ( tlen ) & 0xFF ); + ssl->out_msg[8] = (unsigned char)((tlen >> 8) & 0xFF); + ssl->out_msg[9] = (unsigned char)((tlen) & 0xFF); ssl->out_msglen = 10 + tlen; @@ -4638,44 +4255,40 @@ static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) */ ssl->handshake->new_session_ticket = 0; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write new session ticket" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write new session ticket")); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ /* * SSL handshake -- server side -- single step */ -int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl) { int ret = 0; - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server state: %d", ssl->state ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("server state: %d", ssl->state)); - if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_flush_output(ssl)) != 0) + return (ret); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING ) - { - if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING) { + if ((ret = mbedtls_ssl_flight_transmit(ssl)) != 0) + return (ret); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - switch( ssl->state ) - { + switch (ssl->state) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; break; @@ -4684,12 +4297,12 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) * <== ClientHello */ case MBEDTLS_SSL_CLIENT_HELLO: - ret = ssl_parse_client_hello( ssl ); + ret = ssl_parse_client_hello(ssl); break; #if defined(MBEDTLS_SSL_PROTO_DTLS) case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: - return( MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ); + return (MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED); #endif /* @@ -4700,23 +4313,23 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) * ServerHelloDone */ case MBEDTLS_SSL_SERVER_HELLO: - ret = ssl_write_server_hello( ssl ); + ret = ssl_write_server_hello(ssl); break; case MBEDTLS_SSL_SERVER_CERTIFICATE: - ret = mbedtls_ssl_write_certificate( ssl ); + ret = mbedtls_ssl_write_certificate(ssl); break; case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - ret = ssl_write_server_key_exchange( ssl ); + ret = ssl_write_server_key_exchange(ssl); break; case MBEDTLS_SSL_CERTIFICATE_REQUEST: - ret = ssl_write_certificate_request( ssl ); + ret = ssl_write_certificate_request(ssl); break; case MBEDTLS_SSL_SERVER_HELLO_DONE: - ret = ssl_write_server_hello_done( ssl ); + ret = ssl_write_server_hello_done(ssl); break; /* @@ -4727,23 +4340,23 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) * Finished */ case MBEDTLS_SSL_CLIENT_CERTIFICATE: - ret = mbedtls_ssl_parse_certificate( ssl ); + ret = mbedtls_ssl_parse_certificate(ssl); break; case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - ret = ssl_parse_client_key_exchange( ssl ); + ret = ssl_parse_client_key_exchange(ssl); break; case MBEDTLS_SSL_CERTIFICATE_VERIFY: - ret = ssl_parse_certificate_verify( ssl ); + ret = ssl_parse_certificate_verify(ssl); break; case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); + ret = mbedtls_ssl_parse_change_cipher_spec(ssl); break; case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_parse_finished( ssl ); + ret = mbedtls_ssl_parse_finished(ssl); break; /* @@ -4753,31 +4366,31 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) */ case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( ssl->handshake->new_session_ticket != 0 ) - ret = ssl_write_new_session_ticket( ssl ); + if (ssl->handshake->new_session_ticket != 0) + ret = ssl_write_new_session_ticket(ssl); else #endif - ret = mbedtls_ssl_write_change_cipher_spec( ssl ); + ret = mbedtls_ssl_write_change_cipher_spec(ssl); break; case MBEDTLS_SSL_SERVER_FINISHED: - ret = mbedtls_ssl_write_finished( ssl ); + ret = mbedtls_ssl_write_finished(ssl); break; case MBEDTLS_SSL_FLUSH_BUFFERS: - MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done")); ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; break; case MBEDTLS_SSL_HANDSHAKE_WRAPUP: - mbedtls_ssl_handshake_wrapup( ssl ); + mbedtls_ssl_handshake_wrapup(ssl); break; default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid state %d", ssl->state)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/common/mbedtls/ssl_ticket.c b/common/mbedtls/ssl_ticket.c index 626d137cc..aefc7ab09 100644 --- a/common/mbedtls/ssl_ticket.c +++ b/common/mbedtls/ssl_ticket.c @@ -39,12 +39,11 @@ /* * Initialze context */ -void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) ); +void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_ssl_ticket_context)); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_init( &ctx->mutex ); + mbedtls_mutex_init(&ctx->mutex); #endif } @@ -66,69 +65,63 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) /* * Generate/update a key */ -static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, - unsigned char index ) -{ +static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, + unsigned char index) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MAX_KEY_BYTES]; mbedtls_ssl_ticket_key *key = ctx->keys + index; #if defined(MBEDTLS_HAVE_TIME) - key->generation_time = (uint32_t) mbedtls_time( NULL ); + key->generation_time = (uint32_t) mbedtls_time(NULL); #endif - if( ( ret = ctx->f_rng( ctx->p_rng, key->name, sizeof( key->name ) ) ) != 0 ) - return( ret ); + if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) + return (ret); - if( ( ret = ctx->f_rng( ctx->p_rng, buf, sizeof( buf ) ) ) != 0 ) - return( ret ); + if ((ret = ctx->f_rng(ctx->p_rng, buf, sizeof(buf))) != 0) + return (ret); /* With GCM and CCM, same context can encrypt & decrypt */ - ret = mbedtls_cipher_setkey( &key->ctx, buf, - mbedtls_cipher_get_key_bitlen( &key->ctx ), - MBEDTLS_ENCRYPT ); + ret = mbedtls_cipher_setkey(&key->ctx, buf, + mbedtls_cipher_get_key_bitlen(&key->ctx), + MBEDTLS_ENCRYPT); - mbedtls_platform_zeroize( buf, sizeof( buf ) ); + mbedtls_platform_zeroize(buf, sizeof(buf)); - return( ret ); + return (ret); } /* * Rotate/generate keys if necessary */ -static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) -{ +static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) { #if !defined(MBEDTLS_HAVE_TIME) ((void) ctx); #else - if( ctx->ticket_lifetime != 0 ) - { - uint32_t current_time = (uint32_t) mbedtls_time( NULL ); + if (ctx->ticket_lifetime != 0) { + uint32_t current_time = (uint32_t) mbedtls_time(NULL); uint32_t key_time = ctx->keys[ctx->active].generation_time; - if( current_time >= key_time && - current_time - key_time < ctx->ticket_lifetime ) - { - return( 0 ); + if (current_time >= key_time && + current_time - key_time < ctx->ticket_lifetime) { + return (0); } ctx->active = 1 - ctx->active; - return( ssl_ticket_gen_key( ctx, ctx->active ) ); - } - else + return (ssl_ticket_gen_key(ctx, ctx->active)); + } else #endif /* MBEDTLS_HAVE_TIME */ - return( 0 ); + return (0); } /* * Setup context for actual use */ -int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime ) -{ +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t *cipher_info; @@ -137,48 +130,46 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, ctx->ticket_lifetime = lifetime; - cipher_info = mbedtls_cipher_info_from_type( cipher); - if( cipher_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_type(cipher); + if (cipher_info == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( cipher_info->mode != MBEDTLS_MODE_GCM && - cipher_info->mode != MBEDTLS_MODE_CCM ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cipher_info->mode != MBEDTLS_MODE_GCM && + cipher_info->mode != MBEDTLS_MODE_CCM) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cipher_info->key_bitlen > 8 * MAX_KEY_BYTES) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_cipher_setup_psa( &ctx->keys[0].ctx, - cipher_info, TICKET_AUTH_TAG_BYTES ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - return( ret ); + ret = mbedtls_cipher_setup_psa(&ctx->keys[0].ctx, + cipher_info, TICKET_AUTH_TAG_BYTES); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) + return (ret); /* We don't yet expect to support all ciphers through PSA, * so allow fallback to ordinary mbedtls_cipher_setup(). */ - if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + if (ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &ctx->keys[0].ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->keys[0].ctx, cipher_info)) != 0) + return (ret); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_cipher_setup_psa( &ctx->keys[1].ctx, - cipher_info, TICKET_AUTH_TAG_BYTES ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - return( ret ); - if( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) + ret = mbedtls_cipher_setup_psa(&ctx->keys[1].ctx, + cipher_info, TICKET_AUTH_TAG_BYTES); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) + return (ret); + if (ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &ctx->keys[1].ctx, cipher_info ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_cipher_setup(&ctx->keys[1].ctx, cipher_info)) != 0) + return (ret); - if( ( ret = ssl_ticket_gen_key( ctx, 0 ) ) != 0 || - ( ret = ssl_ticket_gen_key( ctx, 1 ) ) != 0 ) - { - return( ret ); + if ((ret = ssl_ticket_gen_key(ctx, 0)) != 0 || + (ret = ssl_ticket_gen_key(ctx, 1)) != 0) { + return (ret); } - return( 0 ); + return (0); } /* @@ -195,13 +186,12 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, * authenticated data. */ -int mbedtls_ssl_ticket_write( void *p_ticket, - const mbedtls_ssl_session *session, - unsigned char *start, - const unsigned char *end, - size_t *tlen, - uint32_t *ticket_lifetime ) -{ +int mbedtls_ssl_ticket_write(void *p_ticket, + const mbedtls_ssl_session *session, + unsigned char *start, + const unsigned char *end, + size_t *tlen, + uint32_t *ticket_lifetime) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; @@ -213,54 +203,51 @@ int mbedtls_ssl_ticket_write( void *p_ticket, *tlen = 0; - if( ctx == NULL || ctx->f_rng == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->f_rng == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, * in addition to session itself, that will be checked when writing it. */ - MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN ); + MBEDTLS_SSL_CHK_BUF_PTR(start, end, TICKET_MIN_LEN); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) + if ((ret = ssl_ticket_update_keys(ctx)) != 0) goto cleanup; key = &ctx->keys[ctx->active]; *ticket_lifetime = ctx->ticket_lifetime; - memcpy( key_name, key->name, TICKET_KEY_NAME_BYTES ); + memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); - if( ( ret = ctx->f_rng( ctx->p_rng, iv, TICKET_IV_BYTES ) ) != 0 ) + if ((ret = ctx->f_rng(ctx->p_rng, iv, TICKET_IV_BYTES)) != 0) goto cleanup; /* Dump session state */ - if( ( ret = mbedtls_ssl_session_save( session, - state, end - state, - &clear_len ) ) != 0 || - (unsigned long) clear_len > 65535 ) - { - goto cleanup; - } - state_len_bytes[0] = ( clear_len >> 8 ) & 0xff; - state_len_bytes[1] = ( clear_len ) & 0xff; - - /* Encrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - state, clear_len, - state, end - state, &ciph_len, - TICKET_AUTH_TAG_BYTES ) ) != 0 ) - { + if ((ret = mbedtls_ssl_session_save(session, + state, end - state, + &clear_len)) != 0 || + (unsigned long) clear_len > 65535) { goto cleanup; } - if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES ) - { + state_len_bytes[0] = (clear_len >> 8) & 0xff; + state_len_bytes[1] = (clear_len) & 0xff; + + /* Encrypt and authenticate */ + if ((ret = mbedtls_cipher_auth_encrypt_ext(&key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + state, clear_len, + state, end - state, &ciph_len, + TICKET_AUTH_TAG_BYTES)) != 0) { + goto cleanup; + } + if (ciph_len != clear_len + TICKET_AUTH_TAG_BYTES) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } @@ -269,37 +256,35 @@ int mbedtls_ssl_ticket_write( void *p_ticket, cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } /* * Select key based on name */ static mbedtls_ssl_ticket_key *ssl_ticket_select_key( - mbedtls_ssl_ticket_context *ctx, - const unsigned char name[4] ) -{ + mbedtls_ssl_ticket_context *ctx, + const unsigned char name[4]) { unsigned char i; - for( i = 0; i < sizeof( ctx->keys ) / sizeof( *ctx->keys ); i++ ) - if( memcmp( name, ctx->keys[i].name, 4 ) == 0 ) - return( &ctx->keys[i] ); + for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) + if (memcmp(name, ctx->keys[i].name, 4) == 0) + return (&ctx->keys[i]); - return( NULL ); + return (NULL); } /* * Load session ticket (see mbedtls_ssl_ticket_write for structure) */ -int mbedtls_ssl_ticket_parse( void *p_ticket, - mbedtls_ssl_session *session, - unsigned char *buf, - size_t len ) -{ +int mbedtls_ssl_ticket_parse(void *p_ticket, + mbedtls_ssl_session *session, + unsigned char *buf, + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; @@ -309,31 +294,29 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES; size_t enc_len, clear_len; - if( ctx == NULL || ctx->f_rng == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ctx == NULL || ctx->f_rng == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( len < TICKET_MIN_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (len < TICKET_MIN_LEN) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) + return (ret); #endif - if( ( ret = ssl_ticket_update_keys( ctx ) ) != 0 ) + if ((ret = ssl_ticket_update_keys(ctx)) != 0) goto cleanup; - enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1]; + enc_len = (enc_len_p[0] << 8) | enc_len_p[1]; - if( len != TICKET_MIN_LEN + enc_len ) - { + if (len != TICKET_MIN_LEN + enc_len) { ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; goto cleanup; } /* Select key */ - if( ( key = ssl_ticket_select_key( ctx, key_name ) ) == NULL ) - { + if ((key = ssl_ticket_select_key(ctx, key_name)) == NULL) { /* We can't know for sure but this is a likely option unless we're * under attack - this is only informative anyway */ ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; @@ -341,37 +324,34 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, } /* Decrypt and authenticate */ - if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx, - iv, TICKET_IV_BYTES, - /* Additional data: key name, IV and length */ - key_name, TICKET_ADD_DATA_LEN, - ticket, enc_len + TICKET_AUTH_TAG_BYTES, - ticket, enc_len, &clear_len, - TICKET_AUTH_TAG_BYTES ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) + if ((ret = mbedtls_cipher_auth_decrypt_ext(&key->ctx, + iv, TICKET_IV_BYTES, + /* Additional data: key name, IV and length */ + key_name, TICKET_ADD_DATA_LEN, + ticket, enc_len + TICKET_AUTH_TAG_BYTES, + ticket, enc_len, &clear_len, + TICKET_AUTH_TAG_BYTES)) != 0) { + if (ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED) ret = MBEDTLS_ERR_SSL_INVALID_MAC; goto cleanup; } - if( clear_len != enc_len ) - { + if (clear_len != enc_len) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto cleanup; } /* Actually load session */ - if( ( ret = mbedtls_ssl_session_load( session, ticket, clear_len ) ) != 0 ) + if ((ret = mbedtls_ssl_session_load(session, ticket, clear_len)) != 0) goto cleanup; #if defined(MBEDTLS_HAVE_TIME) { /* Check for expiration */ - mbedtls_time_t current_time = mbedtls_time( NULL ); + mbedtls_time_t current_time = mbedtls_time(NULL); - if( current_time < session->start || - (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime ) - { + if (current_time < session->start || + (uint32_t)(current_time - session->start) > ctx->ticket_lifetime) { ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; goto cleanup; } @@ -380,26 +360,25 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, cleanup: #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (mbedtls_mutex_unlock(&ctx->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); #endif - return( ret ); + return (ret); } /* * Free context */ -void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ) -{ - mbedtls_cipher_free( &ctx->keys[0].ctx ); - mbedtls_cipher_free( &ctx->keys[1].ctx ); +void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) { + mbedtls_cipher_free(&ctx->keys[0].ctx); + mbedtls_cipher_free(&ctx->keys[1].ctx); #if defined(MBEDTLS_THREADING_C) - mbedtls_mutex_free( &ctx->mutex ); + mbedtls_mutex_free(&ctx->mutex); #endif - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_ticket_context)); } #endif /* MBEDTLS_SSL_TICKET_C */ diff --git a/common/mbedtls/ssl_ticket.h b/common/mbedtls/ssl_ticket.h index bf5fc9702..5db443b45 100644 --- a/common/mbedtls/ssl_ticket.h +++ b/common/mbedtls/ssl_ticket.h @@ -48,8 +48,7 @@ extern "C" { /** * \brief Information for session ticket protection */ -typedef struct mbedtls_ssl_ticket_key -{ +typedef struct mbedtls_ssl_ticket_key { unsigned char name[4]; /*!< random key identifier */ uint32_t generation_time; /*!< key generation timestamp (seconds) */ mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ @@ -59,15 +58,14 @@ mbedtls_ssl_ticket_key; /** * \brief Context for session ticket handling functions */ -typedef struct mbedtls_ssl_ticket_context -{ +typedef struct mbedtls_ssl_ticket_context { mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ unsigned char active; /*!< index of the currently active key */ uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ /** Callback for getting (pseudo-)random numbers */ - int (*f_rng)(void *, unsigned char *, size_t); + int (*f_rng)(void *, unsigned char *, size_t); void *p_rng; /*!< context for the RNG function */ #if defined(MBEDTLS_THREADING_C) @@ -83,7 +81,7 @@ mbedtls_ssl_ticket_context; * * \param ctx Context to be initialized */ -void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); +void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); /** * \brief Prepare context to be actually used @@ -107,10 +105,10 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); * \return 0 if successful, * or a specific MBEDTLS_ERR_XXX error code */ -int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_cipher_type_t cipher, - uint32_t lifetime ); +int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_cipher_type_t cipher, + uint32_t lifetime); /** * \brief Implementation of the ticket write callback @@ -131,7 +129,7 @@ mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse; * * \param ctx Context to be cleaned up */ -void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx ); +void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx); #ifdef __cplusplus } diff --git a/common/mbedtls/ssl_tls.c b/common/mbedtls/ssl_tls.c index e367fbd9c..34534f3c5 100644 --- a/common/mbedtls/ssl_tls.c +++ b/common/mbedtls/ssl_tls.c @@ -60,93 +60,83 @@ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Top-level Connection ID API */ -int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, - size_t len, - int ignore_other_cid ) -{ - if( len > MBEDTLS_SSL_CID_IN_LEN_MAX ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, + size_t len, + int ignore_other_cid) { + if (len > MBEDTLS_SSL_CID_IN_LEN_MAX) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && - ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_FAIL && + ignore_other_cid != MBEDTLS_SSL_UNEXPECTED_CID_IGNORE) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } conf->ignore_unexpected_cid = ignore_other_cid; conf->cid_len = len; - return( 0 ); + return (0); } -int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, - int enable, - unsigned char const *own_cid, - size_t own_cid_len ) -{ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, + int enable, + unsigned char const *own_cid, + size_t own_cid_len) { + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); ssl->negotiate_cid = enable; - if( enable == MBEDTLS_SSL_CID_DISABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) ); - return( 0 ); + if (enable == MBEDTLS_SSL_CID_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Disable use of CID extension.")); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Enable use of CID extension.")); + MBEDTLS_SSL_DEBUG_BUF(3, "Own CID", own_cid, own_cid_len); - if( own_cid_len != ssl->conf->cid_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID length %u does not match CID length %u in config", - (unsigned) own_cid_len, - (unsigned) ssl->conf->cid_len ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (own_cid_len != ssl->conf->cid_len) { + MBEDTLS_SSL_DEBUG_MSG(3, ("CID length %u does not match CID length %u in config", + (unsigned) own_cid_len, + (unsigned) ssl->conf->cid_len)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - memcpy( ssl->own_cid, own_cid, own_cid_len ); + memcpy(ssl->own_cid, own_cid, own_cid_len); /* Truncation is not an issue here because * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ ssl->own_cid_len = (uint8_t) own_cid_len; - return( 0 ); + return (0); } -int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, - int *enabled, - unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], - size_t *peer_cid_len ) -{ +int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl, + int *enabled, + unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], + size_t *peer_cid_len) { *enabled = MBEDTLS_SSL_CID_DISABLED; - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions * were used, but client and server requested the empty CID. * This is indistinguishable from not using the CID extension * in the first place. */ - if( ssl->transform_in->in_cid_len == 0 && - ssl->transform_in->out_cid_len == 0 ) - { - return( 0 ); + if (ssl->transform_in->in_cid_len == 0 && + ssl->transform_in->out_cid_len == 0) { + return (0); } - if( peer_cid_len != NULL ) - { + if (peer_cid_len != NULL) { *peer_cid_len = ssl->transform_in->out_cid_len; - if( peer_cid != NULL ) - { - memcpy( peer_cid, ssl->transform_in->out_cid, - ssl->transform_in->out_cid_len ); + if (peer_cid != NULL) { + memcpy(peer_cid, ssl->transform_in->out_cid, + ssl->transform_in->out_cid_len); } } *enabled = MBEDTLS_SSL_CID_ENABLED; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -161,63 +151,57 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, * } MaxFragmentLength; * and we add 0 -> extension unused */ -static unsigned int ssl_mfl_code_to_length( int mfl ) -{ - switch( mfl ) - { - case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); - case MBEDTLS_SSL_MAX_FRAG_LEN_512: - return 512; - case MBEDTLS_SSL_MAX_FRAG_LEN_1024: - return 1024; - case MBEDTLS_SSL_MAX_FRAG_LEN_2048: - return 2048; - case MBEDTLS_SSL_MAX_FRAG_LEN_4096: - return 4096; - default: - return ( MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ); +static unsigned int ssl_mfl_code_to_length(int mfl) { + switch (mfl) { + case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: + return (MBEDTLS_TLS_EXT_ADV_CONTENT_LEN); + case MBEDTLS_SSL_MAX_FRAG_LEN_512: + return 512; + case MBEDTLS_SSL_MAX_FRAG_LEN_1024: + return 1024; + case MBEDTLS_SSL_MAX_FRAG_LEN_2048: + return 2048; + case MBEDTLS_SSL_MAX_FRAG_LEN_4096: + return 4096; + default: + return (MBEDTLS_TLS_EXT_ADV_CONTENT_LEN); } } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, - const mbedtls_ssl_session *src ) -{ - mbedtls_ssl_session_free( dst ); - memcpy( dst, src, sizeof( mbedtls_ssl_session ) ); +int mbedtls_ssl_session_copy(mbedtls_ssl_session *dst, + const mbedtls_ssl_session *src) { + mbedtls_ssl_session_free(dst); + memcpy(dst, src, sizeof(mbedtls_ssl_session)); #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( src->peer_cert != NULL ) - { + if (src->peer_cert != NULL) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); - if( dst->peer_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + dst->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); + if (dst->peer_cert == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - mbedtls_x509_crt_init( dst->peer_cert ); + mbedtls_x509_crt_init(dst->peer_cert); - if( ( ret = mbedtls_x509_crt_parse_der( dst->peer_cert, src->peer_cert->raw.p, - src->peer_cert->raw.len ) ) != 0 ) - { - mbedtls_free( dst->peer_cert ); + if ((ret = mbedtls_x509_crt_parse_der(dst->peer_cert, src->peer_cert->raw.p, + src->peer_cert->raw.len)) != 0) { + mbedtls_free(dst->peer_cert); dst->peer_cert = NULL; - return( ret ); + return (ret); } } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( src->peer_cert_digest != NULL ) - { + if (src->peer_cert_digest != NULL) { dst->peer_cert_digest = - mbedtls_calloc( 1, src->peer_cert_digest_len ); - if( dst->peer_cert_digest == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + mbedtls_calloc(1, src->peer_cert_digest_len); + if (dst->peer_cert_digest == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - memcpy( dst->peer_cert_digest, src->peer_cert_digest, - src->peer_cert_digest_len ); + memcpy(dst->peer_cert_digest, src->peer_cert_digest, + src->peer_cert_digest_len); dst->peer_cert_digest_type = src->peer_cert_digest_type; dst->peer_cert_digest_len = src->peer_cert_digest_len; } @@ -226,34 +210,32 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if( src->ticket != NULL ) - { - dst->ticket = mbedtls_calloc( 1, src->ticket_len ); - if( dst->ticket == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (src->ticket != NULL) { + dst->ticket = mbedtls_calloc(1, src->ticket_len); + if (dst->ticket == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - memcpy( dst->ticket, src->ticket, src->ticket_len ); + memcpy(dst->ticket, src->ticket, src->ticket_len); } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) -static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_old ) -{ - unsigned char* resized_buffer = mbedtls_calloc( 1, len_new ); - if( resized_buffer == NULL ) +static int resize_buffer(unsigned char **buffer, size_t len_new, size_t *len_old) { + unsigned char *resized_buffer = mbedtls_calloc(1, len_new); + if (resized_buffer == NULL) return -1; /* We want to copy len_new bytes when downsizing the buffer, and * len_old bytes when upsizing, so we choose the smaller of two sizes, * to fit one buffer into another. Size checks, ensuring that no data is * lost, are done outside of this function. */ - memcpy( resized_buffer, *buffer, - ( len_new < *len_old ) ? len_new : *len_old ); - mbedtls_platform_zeroize( *buffer, *len_old ); - mbedtls_free( *buffer ); + memcpy(resized_buffer, *buffer, + (len_new < *len_old) ? len_new : *len_old); + mbedtls_platform_zeroize(*buffer, *len_old); + mbedtls_free(*buffer); *buffer = resized_buffer; *len_old = len_new; @@ -261,60 +243,48 @@ static int resize_buffer( unsigned char **buffer, size_t len_new, size_t *len_ol return 0; } -static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, - size_t in_buf_new_len, - size_t out_buf_new_len ) -{ +static void handle_buffer_resizing(mbedtls_ssl_context *ssl, int downsizing, + size_t in_buf_new_len, + size_t out_buf_new_len) { int modified = 0; size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; - if( ssl->in_buf != NULL ) - { + if (ssl->in_buf != NULL) { written_in = ssl->in_msg - ssl->in_buf; iv_offset_in = ssl->in_iv - ssl->in_buf; len_offset_in = ssl->in_len - ssl->in_buf; - if( downsizing ? - ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : - ssl->in_buf_len < in_buf_new_len ) - { - if( resize_buffer( &ssl->in_buf, in_buf_new_len, &ssl->in_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, - in_buf_new_len ) ); + if (downsizing ? + ssl->in_buf_len > in_buf_new_len && ssl->in_left < in_buf_new_len : + ssl->in_buf_len < in_buf_new_len) { + if (resize_buffer(&ssl->in_buf, in_buf_new_len, &ssl->in_buf_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("input buffer resizing failed - out of memory")); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET, + in_buf_new_len)); modified = 1; } } } - if( ssl->out_buf != NULL ) - { + if (ssl->out_buf != NULL) { written_out = ssl->out_msg - ssl->out_buf; iv_offset_out = ssl->out_iv - ssl->out_buf; len_offset_out = ssl->out_len - ssl->out_buf; - if( downsizing ? - ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : - ssl->out_buf_len < out_buf_new_len ) - { - if( resize_buffer( &ssl->out_buf, out_buf_new_len, &ssl->out_buf_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "output buffer resizing failed - out of memory" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, - out_buf_new_len ) ); + if (downsizing ? + ssl->out_buf_len > out_buf_new_len && ssl->out_left < out_buf_new_len : + ssl->out_buf_len < out_buf_new_len) { + if (resize_buffer(&ssl->out_buf, out_buf_new_len, &ssl->out_buf_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("output buffer resizing failed - out of memory")); + } else { + MBEDTLS_SSL_DEBUG_MSG(2, ("Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET, + out_buf_new_len)); modified = 1; } } } - if( modified ) - { + if (modified) { /* Update pointers here to avoid doing it twice. */ - mbedtls_ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers(ssl); /* Fields below might not be properly updated with record * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; @@ -332,11 +302,10 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing, * Key material generation */ #if defined(MBEDTLS_SSL_PROTO_SSL3) -static int ssl3_prf( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ +static int ssl3_prf(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { int ret = 0; size_t i; mbedtls_md5_context md5; @@ -345,8 +314,8 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, unsigned char sha1sum[20]; ((void)label); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); /* * SSLv3: @@ -356,48 +325,46 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, * MD5( secret + SHA1( 'CCC' + secret + random ) ) + * ... */ - for( i = 0; i < dlen / 16; i++ ) - { - memset( padding, (unsigned char) ('A' + i), 1 + i ); + for (i = 0; i < dlen / 16; i++) { + memset(padding, (unsigned char)('A' + i), 1 + i); - if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 ) + if ((ret = mbedtls_sha1_starts_ret(&sha1)) != 0) goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 ) + if ((ret = mbedtls_sha1_update_ret(&sha1, padding, 1 + i)) != 0) goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 ) + if ((ret = mbedtls_sha1_update_ret(&sha1, secret, slen)) != 0) goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 ) + if ((ret = mbedtls_sha1_update_ret(&sha1, random, rlen)) != 0) goto exit; - if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 ) + if ((ret = mbedtls_sha1_finish_ret(&sha1, sha1sum)) != 0) goto exit; - if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 ) + if ((ret = mbedtls_md5_starts_ret(&md5)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5, secret, slen)) != 0) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 ) + if ((ret = mbedtls_md5_update_ret(&md5, sha1sum, 20)) != 0) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 ) + if ((ret = mbedtls_md5_finish_ret(&md5, dstbuf + i * 16)) != 0) goto exit; } exit: - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); - mbedtls_platform_zeroize( padding, sizeof( padding ) ); - mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize(padding, sizeof(padding)); + mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum)); - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static int tls1_prf( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ +static int tls1_prf(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { size_t nb, hs; size_t i, j, k; const unsigned char *S1, *S2; @@ -408,175 +375,160 @@ static int tls1_prf( const unsigned char *secret, size_t slen, mbedtls_md_context_t md_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_init( &md_ctx ); + mbedtls_md_init(&md_ctx); - tmp_len = 20 + strlen( label ) + rlen; - tmp = mbedtls_calloc( 1, tmp_len ); - if( tmp == NULL ) - { + tmp_len = 20 + strlen(label) + rlen; + tmp = mbedtls_calloc(1, tmp_len); + if (tmp == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - hs = ( slen + 1 ) / 2; + hs = (slen + 1) / 2; S1 = secret; S2 = secret + slen - hs; - nb = strlen( label ); - memcpy( tmp + 20, label, nb ); - memcpy( tmp + 20 + nb, random, rlen ); + nb = strlen(label); + memcpy(tmp + 20, label, nb); + memcpy(tmp + 20 + nb, random, rlen); nb += rlen; /* * First compute P_md5(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) - { + if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5)) == NULL) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; } - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { goto exit; } - mbedtls_md_hmac_starts( &md_ctx, S1, hs ); - mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); - mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); + mbedtls_md_hmac_starts(&md_ctx, S1, hs); + mbedtls_md_hmac_update(&md_ctx, tmp + 20, nb); + mbedtls_md_hmac_finish(&md_ctx, 4 + tmp); - for( i = 0; i < dlen; i += 16 ) - { - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 + nb ); - mbedtls_md_hmac_finish( &md_ctx, h_i ); + for (i = 0; i < dlen; i += 16) { + mbedtls_md_hmac_reset(&md_ctx); + mbedtls_md_hmac_update(&md_ctx, 4 + tmp, 16 + nb); + mbedtls_md_hmac_finish(&md_ctx, h_i); - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, 4 + tmp, 16 ); - mbedtls_md_hmac_finish( &md_ctx, 4 + tmp ); + mbedtls_md_hmac_reset(&md_ctx); + mbedtls_md_hmac_update(&md_ctx, 4 + tmp, 16); + mbedtls_md_hmac_finish(&md_ctx, 4 + tmp); - k = ( i + 16 > dlen ) ? dlen % 16 : 16; + k = (i + 16 > dlen) ? dlen % 16 : 16; - for( j = 0; j < k; j++ ) + for (j = 0; j < k; j++) dstbuf[i + j] = h_i[j]; } - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); /* * XOR out with P_sha1(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) - { + if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; } - if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) - { + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) { goto exit; } - mbedtls_md_hmac_starts( &md_ctx, S2, hs ); - mbedtls_md_hmac_update( &md_ctx, tmp + 20, nb ); - mbedtls_md_hmac_finish( &md_ctx, tmp ); + mbedtls_md_hmac_starts(&md_ctx, S2, hs); + mbedtls_md_hmac_update(&md_ctx, tmp + 20, nb); + mbedtls_md_hmac_finish(&md_ctx, tmp); - for( i = 0; i < dlen; i += 20 ) - { - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, tmp, 20 + nb ); - mbedtls_md_hmac_finish( &md_ctx, h_i ); + for (i = 0; i < dlen; i += 20) { + mbedtls_md_hmac_reset(&md_ctx); + mbedtls_md_hmac_update(&md_ctx, tmp, 20 + nb); + mbedtls_md_hmac_finish(&md_ctx, h_i); - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, tmp, 20 ); - mbedtls_md_hmac_finish( &md_ctx, tmp ); + mbedtls_md_hmac_reset(&md_ctx); + mbedtls_md_hmac_update(&md_ctx, tmp, 20); + mbedtls_md_hmac_finish(&md_ctx, tmp); - k = ( i + 20 > dlen ) ? dlen % 20 : 20; + k = (i + 20 > dlen) ? dlen % 20 : 20; - for( j = 0; j < k; j++ ) - dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] ); + for (j = 0; j < k; j++) + dstbuf[i + j] = (unsigned char)(dstbuf[i + j] ^ h_i[j]); } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - mbedtls_platform_zeroize( tmp, tmp_len ); - mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize(tmp, tmp_len); + mbedtls_platform_zeroize(h_i, sizeof(h_i)); - mbedtls_free( tmp ); - return( ret ); + mbedtls_free(tmp); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_TLS1) || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) -static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* derivation, - psa_key_id_t key, - psa_algorithm_t alg, - const unsigned char* seed, size_t seed_length, - const unsigned char* label, size_t label_length, - size_t capacity ) -{ +static psa_status_t setup_psa_key_derivation(psa_key_derivation_operation_t *derivation, + psa_key_id_t key, + psa_algorithm_t alg, + const unsigned char *seed, size_t seed_length, + const unsigned char *label, size_t label_length, + size_t capacity) { psa_status_t status; - status = psa_key_derivation_setup( derivation, alg ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_key_derivation_setup(derivation, alg); + if (status != PSA_SUCCESS) + return (status); - if( PSA_ALG_IS_TLS12_PRF( alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) - { - status = psa_key_derivation_input_bytes( derivation, - PSA_KEY_DERIVATION_INPUT_SEED, - seed, seed_length ); - if( status != PSA_SUCCESS ) - return( status ); + if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { + status = psa_key_derivation_input_bytes(derivation, + PSA_KEY_DERIVATION_INPUT_SEED, + seed, seed_length); + if (status != PSA_SUCCESS) + return (status); - if( mbedtls_svc_key_id_is_null( key ) ) - { + if (mbedtls_svc_key_id_is_null(key)) { status = psa_key_derivation_input_bytes( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, - NULL, 0 ); - } - else - { + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, + NULL, 0); + } else { status = psa_key_derivation_input_key( - derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key ); + derivation, PSA_KEY_DERIVATION_INPUT_SECRET, key); } - if( status != PSA_SUCCESS ) - return( status ); + if (status != PSA_SUCCESS) + return (status); - status = psa_key_derivation_input_bytes( derivation, - PSA_KEY_DERIVATION_INPUT_LABEL, - label, label_length ); - if( status != PSA_SUCCESS ) - return( status ); - } - else - { - return( PSA_ERROR_NOT_SUPPORTED ); + status = psa_key_derivation_input_bytes(derivation, + PSA_KEY_DERIVATION_INPUT_LABEL, + label, label_length); + if (status != PSA_SUCCESS) + return (status); + } else { + return (PSA_ERROR_NOT_SUPPORTED); } - status = psa_key_derivation_set_capacity( derivation, capacity ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_key_derivation_set_capacity(derivation, capacity); + if (status != PSA_SUCCESS) + return (status); - return( PSA_SUCCESS ); + return (PSA_SUCCESS); } -static int tls_prf_generic( mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ +static int tls_prf_generic(mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { psa_status_t status; psa_algorithm_t alg; psa_key_id_t master_key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_derivation_operation_t derivation = PSA_KEY_DERIVATION_OPERATION_INIT; - if( md_type == MBEDTLS_MD_SHA384 ) + if (md_type == MBEDTLS_MD_SHA384) alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384); else alg = PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256); @@ -588,62 +540,57 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, * Since the key API doesn't allow importing a key of length 0, * keep master_key=0, which setup_psa_key_derivation() understands * to mean a 0-length "secret" input. */ - if( slen != 0 ) - { + if (slen != 0) { psa_key_attributes_t key_attributes = psa_key_attributes_init(); - psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &key_attributes, alg ); - psa_set_key_type( &key_attributes, PSA_KEY_TYPE_DERIVE ); + psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&key_attributes, alg); + psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE); - status = psa_import_key( &key_attributes, secret, slen, &master_key ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_import_key(&key_attributes, secret, slen, &master_key); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - status = setup_psa_key_derivation( &derivation, - master_key, alg, - random, rlen, - (unsigned char const *) label, - (size_t) strlen( label ), - dlen ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = setup_psa_key_derivation(&derivation, + master_key, alg, + random, rlen, + (unsigned char const *) label, + (size_t) strlen(label), + dlen); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + psa_destroy_key(master_key); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - status = psa_key_derivation_output_bytes( &derivation, dstbuf, dlen ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_key_derivation_output_bytes(&derivation, dstbuf, dlen); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + psa_destroy_key(master_key); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - status = psa_key_derivation_abort( &derivation ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( master_key ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_key_derivation_abort(&derivation); + if (status != PSA_SUCCESS) { + psa_destroy_key(master_key); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - if( ! mbedtls_svc_key_id_is_null( master_key ) ) - status = psa_destroy_key( master_key ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (! mbedtls_svc_key_id_is_null(master_key)) + status = psa_destroy_key(master_key); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); - return( 0 ); + return (0); } #else /* MBEDTLS_USE_PSA_CRYPTO */ -static int tls_prf_generic( mbedtls_md_type_t md_type, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ +static int tls_prf_generic(mbedtls_md_type_t md_type, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { size_t nb; size_t i, j, k, md_len; unsigned char *tmp; @@ -653,214 +600,197 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, mbedtls_md_context_t md_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_init( &md_ctx ); + mbedtls_md_init(&md_ctx); - if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + if ((md_info = mbedtls_md_info_from_type(md_type)) == NULL) + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); - md_len = mbedtls_md_get_size( md_info ); + md_len = mbedtls_md_get_size(md_info); - tmp_len = md_len + strlen( label ) + rlen; - tmp = mbedtls_calloc( 1, tmp_len ); - if( tmp == NULL ) - { + tmp_len = md_len + strlen(label) + rlen; + tmp = mbedtls_calloc(1, tmp_len); + if (tmp == NULL) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - nb = strlen( label ); - memcpy( tmp + md_len, label, nb ); - memcpy( tmp + md_len + nb, random, rlen ); + nb = strlen(label); + memcpy(tmp + md_len, label, nb); + memcpy(tmp + md_len + nb, random, rlen); nb += rlen; /* * Compute P_(secret, label + random)[0..dlen] */ - if ( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 ) + if ((ret = mbedtls_md_setup(&md_ctx, md_info, 1)) != 0) goto exit; - mbedtls_md_hmac_starts( &md_ctx, secret, slen ); - mbedtls_md_hmac_update( &md_ctx, tmp + md_len, nb ); - mbedtls_md_hmac_finish( &md_ctx, tmp ); + mbedtls_md_hmac_starts(&md_ctx, secret, slen); + mbedtls_md_hmac_update(&md_ctx, tmp + md_len, nb); + mbedtls_md_hmac_finish(&md_ctx, tmp); - for( i = 0; i < dlen; i += md_len ) - { - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, tmp, md_len + nb ); - mbedtls_md_hmac_finish( &md_ctx, h_i ); + for (i = 0; i < dlen; i += md_len) { + mbedtls_md_hmac_reset(&md_ctx); + mbedtls_md_hmac_update(&md_ctx, tmp, md_len + nb); + mbedtls_md_hmac_finish(&md_ctx, h_i); - mbedtls_md_hmac_reset ( &md_ctx ); - mbedtls_md_hmac_update( &md_ctx, tmp, md_len ); - mbedtls_md_hmac_finish( &md_ctx, tmp ); + mbedtls_md_hmac_reset(&md_ctx); + mbedtls_md_hmac_update(&md_ctx, tmp, md_len); + mbedtls_md_hmac_finish(&md_ctx, tmp); - k = ( i + md_len > dlen ) ? dlen % md_len : md_len; + k = (i + md_len > dlen) ? dlen % md_len : md_len; - for( j = 0; j < k; j++ ) + for (j = 0; j < k; j++) dstbuf[i + j] = h_i[j]; } exit: - mbedtls_md_free( &md_ctx ); + mbedtls_md_free(&md_ctx); - mbedtls_platform_zeroize( tmp, tmp_len ); - mbedtls_platform_zeroize( h_i, sizeof( h_i ) ); + mbedtls_platform_zeroize(tmp, tmp_len); + mbedtls_platform_zeroize(h_i, sizeof(h_i)); - mbedtls_free( tmp ); + mbedtls_free(tmp); - return( ret ); + return (ret); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SHA256_C) -static int tls_prf_sha256( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ - return( tls_prf_generic( MBEDTLS_MD_SHA256, secret, slen, - label, random, rlen, dstbuf, dlen ) ); +static int tls_prf_sha256(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { + return (tls_prf_generic(MBEDTLS_MD_SHA256, secret, slen, + label, random, rlen, dstbuf, dlen)); } #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) -static int tls_prf_sha384( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ - return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen, - label, random, rlen, dstbuf, dlen ) ); +static int tls_prf_sha384(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { + return (tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, + label, random, rlen, dstbuf, dlen)); } #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t ); +static void ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *, const unsigned char *, size_t ); +static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *, const unsigned char *, size_t); #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) -static void ssl_calc_verify_ssl( const mbedtls_ssl_context *, unsigned char *, size_t * ); -static void ssl_calc_finished_ssl( mbedtls_ssl_context *, unsigned char *, int ); +static void ssl_calc_verify_ssl(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_ssl(mbedtls_ssl_context *, unsigned char *, int); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_calc_verify_tls( const mbedtls_ssl_context *, unsigned char*, size_t * ); -static void ssl_calc_finished_tls( mbedtls_ssl_context *, unsigned char *, int ); +static void ssl_calc_verify_tls(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_tls(mbedtls_ssl_context *, unsigned char *, int); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -static void ssl_update_checksum_sha256( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *,unsigned char*, size_t * ); -static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int ); +static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); +static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int); #endif #if defined(MBEDTLS_SHA512_C) -static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t ); -static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * ); -static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int ); +static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); +static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); +static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) -static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl ) -{ - if( ssl->conf->f_psk != NULL ) - { +static int ssl_use_opaque_psk(mbedtls_ssl_context const *ssl) { + if (ssl->conf->f_psk != NULL) { /* If we've used a callback to select the PSK, * the static configuration is irrelevant. */ - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - return( 1 ); + if (! mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) + return (1); - return( 0 ); + return (0); } - if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) ) - return( 1 ); + if (! mbedtls_svc_key_id_is_null(ssl->conf->psk_opaque)) + return (1); - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf ) -{ +static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf) { #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( tls_prf == ssl3_prf ) - { - return( MBEDTLS_SSL_TLS_PRF_SSL3 ); - } - else + if (tls_prf == ssl3_prf) { + return (MBEDTLS_SSL_TLS_PRF_SSL3); + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( tls_prf == tls1_prf ) - { - return( MBEDTLS_SSL_TLS_PRF_TLS1 ); - } - else + if (tls_prf == tls1_prf) { + return (MBEDTLS_SSL_TLS_PRF_TLS1); + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) - if( tls_prf == tls_prf_sha384 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA384 ); - } - else + if (tls_prf == tls_prf_sha384) { + return (MBEDTLS_SSL_TLS_PRF_SHA384); + } else #endif #if defined(MBEDTLS_SHA256_C) - if( tls_prf == tls_prf_sha256 ) - { - return( MBEDTLS_SSL_TLS_PRF_SHA256 ); - } - else + if (tls_prf == tls_prf_sha256) { + return (MBEDTLS_SSL_TLS_PRF_SHA256); + } else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - return( MBEDTLS_SSL_TLS_PRF_NONE ); + return (MBEDTLS_SSL_TLS_PRF_NONE); } #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, - const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ) -{ +int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, + const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen) { mbedtls_ssl_tls_prf_cb *tls_prf = NULL; - switch( prf ) - { + switch (prf) { #if defined(MBEDTLS_SSL_PROTO_SSL3) case MBEDTLS_SSL_TLS_PRF_SSL3: tls_prf = ssl3_prf; - break; + break; #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) case MBEDTLS_SSL_TLS_PRF_TLS1: tls_prf = tls1_prf; - break; + break; #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_SSL_TLS_PRF_SHA384: tls_prf = tls_prf_sha384; - break; + break; #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA256_C) case MBEDTLS_SSL_TLS_PRF_SHA256: tls_prf = tls_prf_sha256; - break; + break; #endif /* MBEDTLS_SHA256_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - default: - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + default: + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } - return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) ); + return (tls_prf(secret, slen, label, random, rlen, dstbuf, dlen)); } /* Type for the TLS PRF */ @@ -890,29 +820,28 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, * - MBEDTLS_SSL_EXPORT_KEYS: ssl->conf->{f,p}_export_keys * - MBEDTLS_DEBUG_C: ssl->conf->{f,p}_dbg */ -static int ssl_populate_transform( mbedtls_ssl_transform *transform, - int ciphersuite, - const unsigned char master[48], +static int ssl_populate_transform(mbedtls_ssl_transform *transform, + int ciphersuite, + const unsigned char master[48], #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int encrypt_then_mac, + int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int trunc_hmac, + int trunc_hmac, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_ZLIB_SUPPORT) - int compression, + int compression, #endif - ssl_tls_prf_t tls_prf, - const unsigned char randbytes[64], - int minor_ver, - unsigned endpoint, + ssl_tls_prf_t tls_prf, + const unsigned char randbytes[64], + int minor_ver, + unsigned endpoint, #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - const + const #endif - mbedtls_ssl_context *ssl ) -{ + mbedtls_ssl_context *ssl) { int ret = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) int psa_fallthrough; @@ -946,71 +875,66 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, transform->minor_ver = minor_ver; #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - memcpy( transform->randbytes, randbytes, sizeof( transform->randbytes ) ); + memcpy(transform->randbytes, randbytes, sizeof(transform->randbytes)); #endif /* * Get various info structures */ - ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite ); - if( ciphersuite_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found", - ciphersuite ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); + if (ciphersuite_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("ciphersuite info for %d not found", + ciphersuite)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher ); - if( cipher_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found", - ciphersuite_info->cipher ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); + if (cipher_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found", + ciphersuite_info->cipher)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - md_info = mbedtls_md_info_from_type( ciphersuite_info->mac ); - if( md_info == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found", - (unsigned) ciphersuite_info->mac ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md_info = mbedtls_md_info_from_type(ciphersuite_info->mac); + if (md_info == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md info for %u not found", + (unsigned) ciphersuite_info->mac)); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Copy own and peer's CID if the use of the CID * extension has been negotiated. */ - if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); + if (ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Copy CIDs into SSL transform")); transform->in_cid_len = ssl->own_cid_len; - memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid, - transform->in_cid_len ); + memcpy(transform->in_cid, ssl->own_cid, ssl->own_cid_len); + MBEDTLS_SSL_DEBUG_BUF(3, "Incoming CID", transform->in_cid, + transform->in_cid_len); transform->out_cid_len = ssl->handshake->peer_cid_len; - memcpy( transform->out_cid, ssl->handshake->peer_cid, - ssl->handshake->peer_cid_len ); - MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, - transform->out_cid_len ); + memcpy(transform->out_cid, ssl->handshake->peer_cid, + ssl->handshake->peer_cid_len); + MBEDTLS_SSL_DEBUG_BUF(3, "Outgoing CID", transform->out_cid, + transform->out_cid_len); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /* * Compute key block using the PRF */ - ret = tls_prf( master, 48, "key expansion", randbytes, 64, keyblk, 256 ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); + ret = tls_prf(master, 48, "key expansion", randbytes, 64, keyblk, 256); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", - mbedtls_ssl_get_ciphersuite_name( ciphersuite ) ) ); - MBEDTLS_SSL_DEBUG_BUF( 3, "master secret", master, 48 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "random bytes", randbytes, 64 ); - MBEDTLS_SSL_DEBUG_BUF( 4, "key block", keyblk, 256 ); + MBEDTLS_SSL_DEBUG_MSG(3, ("ciphersuite = %s", + mbedtls_ssl_get_ciphersuite_name(ciphersuite))); + MBEDTLS_SSL_DEBUG_BUF(3, "master secret", master, 48); + MBEDTLS_SSL_DEBUG_BUF(4, "random bytes", randbytes, 64); + MBEDTLS_SSL_DEBUG_BUF(4, "key block", keyblk, 256); /* * Determine the appropriate key, IV and MAC length. @@ -1021,10 +945,9 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) - if( cipher_info->mode == MBEDTLS_MODE_GCM || - cipher_info->mode == MBEDTLS_MODE_CCM || - cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) - { + if (cipher_info->mode == MBEDTLS_MODE_GCM || + cipher_info->mode == MBEDTLS_MODE_CCM || + cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY) { size_t explicit_ivlen; transform->maclen = 0; @@ -1042,14 +965,12 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, */ transform->ivlen = 12; #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { transform->fixed_ivlen = 12; - } - else + } else #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ { - if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) + if (cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY) transform->fixed_ivlen = 12; else transform->fixed_ivlen = 4; @@ -1058,112 +979,101 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, /* Minimum length of encrypted record */ explicit_ivlen = transform->ivlen - transform->fixed_ivlen; transform->minlen = explicit_ivlen + transform->taglen; - } - else + } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - if( cipher_info->mode == MBEDTLS_MODE_STREAM || - cipher_info->mode == MBEDTLS_MODE_CBC ) - { - /* Initialize HMAC contexts */ - if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || - ( ret = mbedtls_md_setup( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); - goto end; - } - - /* Get MAC length */ - mac_key_len = mbedtls_md_get_size( md_info ); - transform->maclen = mac_key_len; - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - /* - * If HMAC is to be truncated, we shall keep the leftmost bytes, - * (rfc 6066 page 13 or rfc 2104 section 4), - * so we only need to adjust the length here. - */ - if( trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED ) - { - transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) - /* Fall back to old, non-compliant version of the truncated - * HMAC implementation which also truncates the key - * (Mbed TLS versions from 1.3 to 2.6.0) */ - mac_key_len = transform->maclen; -#endif - } -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - - /* IV length */ - transform->ivlen = cipher_info->iv_size; - - /* Minimum length */ - if( cipher_info->mode == MBEDTLS_MODE_STREAM ) - transform->minlen = transform->maclen; - else - { - /* - * GenericBlockCipher: - * 1. if EtM is in use: one block plus MAC - * otherwise: * first multiple of blocklen greater than maclen - * 2. IV except for SSL3 and TLS 1.0 - */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED ) - { - transform->minlen = transform->maclen - + cipher_info->block_size; - } - else -#endif - { - transform->minlen = transform->maclen - + cipher_info->block_size - - transform->maclen % cipher_info->block_size; - } - -#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || - minor_ver == MBEDTLS_SSL_MINOR_VERSION_1 ) - ; /* No need to adjust minlen */ - else -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || - minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - transform->minlen += transform->ivlen; - } - else -#endif - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + if (cipher_info->mode == MBEDTLS_MODE_STREAM || + cipher_info->mode == MBEDTLS_MODE_CBC) { + /* Initialize HMAC contexts */ + if ((ret = mbedtls_md_setup(&transform->md_ctx_enc, md_info, 1)) != 0 || + (ret = mbedtls_md_setup(&transform->md_ctx_dec, md_info, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); goto end; } - } - } - else -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "keylen: %u, minlen: %u, ivlen: %u, maclen: %u", - (unsigned) keylen, - (unsigned) transform->minlen, - (unsigned) transform->ivlen, - (unsigned) transform->maclen ) ); + /* Get MAC length */ + mac_key_len = mbedtls_md_get_size(md_info); + transform->maclen = mac_key_len; + +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) + /* + * If HMAC is to be truncated, we shall keep the leftmost bytes, + * (rfc 6066 page 13 or rfc 2104 section 4), + * so we only need to adjust the length here. + */ + if (trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED) { + transform->maclen = MBEDTLS_SSL_TRUNCATED_HMAC_LEN; + +#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) + /* Fall back to old, non-compliant version of the truncated + * HMAC implementation which also truncates the key + * (Mbed TLS versions from 1.3 to 2.6.0) */ + mac_key_len = transform->maclen; +#endif + } +#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ + + /* IV length */ + transform->ivlen = cipher_info->iv_size; + + /* Minimum length */ + if (cipher_info->mode == MBEDTLS_MODE_STREAM) + transform->minlen = transform->maclen; + else { + /* + * GenericBlockCipher: + * 1. if EtM is in use: one block plus MAC + * otherwise: * first multiple of blocklen greater than maclen + * 2. IV except for SSL3 and TLS 1.0 + */ +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if (encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED) { + transform->minlen = transform->maclen + + cipher_info->block_size; + } else +#endif + { + transform->minlen = transform->maclen + + cipher_info->block_size + - transform->maclen % cipher_info->block_size; + } + +#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || + minor_ver == MBEDTLS_SSL_MINOR_VERSION_1) + ; /* No need to adjust minlen */ + else +#endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_2 || + minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + transform->minlen += transform->ivlen; + } else +#endif + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; + } + } + } else +#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } + + MBEDTLS_SSL_DEBUG_MSG(3, ("keylen: %u, minlen: %u, ivlen: %u, maclen: %u", + (unsigned) keylen, + (unsigned) transform->minlen, + (unsigned) transform->ivlen, + (unsigned) transform->maclen)); /* * Finally setup the cipher contexts, IVs and MAC secrets. */ #if defined(MBEDTLS_SSL_CLI_C) - if( endpoint == MBEDTLS_SSL_IS_CLIENT ) - { + if (endpoint == MBEDTLS_SSL_IS_CLIENT) { key1 = keyblk + mac_key_len * 2; key2 = keyblk + mac_key_len * 2 + keylen; @@ -1173,91 +1083,80 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, /* * This is not used in TLS v1.1. */ - iv_copy_len = ( transform->fixed_ivlen ) ? - transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_enc, key2 + keylen, iv_copy_len ); - memcpy( transform->iv_dec, key2 + keylen + iv_copy_len, - iv_copy_len ); - } - else + iv_copy_len = (transform->fixed_ivlen) ? + transform->fixed_ivlen : transform->ivlen; + memcpy(transform->iv_enc, key2 + keylen, iv_copy_len); + memcpy(transform->iv_dec, key2 + keylen + iv_copy_len, + iv_copy_len); + } else #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( endpoint == MBEDTLS_SSL_IS_SERVER ) - { - key1 = keyblk + mac_key_len * 2 + keylen; - key2 = keyblk + mac_key_len * 2; + if (endpoint == MBEDTLS_SSL_IS_SERVER) { + key1 = keyblk + mac_key_len * 2 + keylen; + key2 = keyblk + mac_key_len * 2; - mac_enc = keyblk + mac_key_len; - mac_dec = keyblk; + mac_enc = keyblk + mac_key_len; + mac_dec = keyblk; - /* - * This is not used in TLS v1.1. - */ - iv_copy_len = ( transform->fixed_ivlen ) ? - transform->fixed_ivlen : transform->ivlen; - memcpy( transform->iv_dec, key1 + keylen, iv_copy_len ); - memcpy( transform->iv_enc, key1 + keylen + iv_copy_len, - iv_copy_len ); - } - else + /* + * This is not used in TLS v1.1. + */ + iv_copy_len = (transform->fixed_ivlen) ? + transform->fixed_ivlen : transform->ivlen; + memcpy(transform->iv_dec, key1 + keylen, iv_copy_len); + memcpy(transform->iv_enc, key1 + keylen + iv_copy_len, + iv_copy_len); + } else #endif /* MBEDTLS_SSL_SRV_C */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } - -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) -#if defined(MBEDTLS_SSL_PROTO_SSL3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - if( mac_key_len > sizeof( transform->mac_enc ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto end; } - memcpy( transform->mac_enc, mac_enc, mac_key_len ); - memcpy( transform->mac_dec, mac_dec, mac_key_len ); - } - else +#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_PROTO_SSL3) + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + if (mac_key_len > sizeof(transform->mac_enc)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; + } + + memcpy(transform->mac_enc, mac_enc, mac_key_len); + memcpy(transform->mac_dec, mac_dec, mac_key_len); + } else #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) - { - /* For HMAC-based ciphersuites, initialize the HMAC transforms. - For AEAD-based ciphersuites, there is nothing to do here. */ - if( mac_key_len != 0 ) - { - mbedtls_md_hmac_starts( &transform->md_ctx_enc, mac_enc, mac_key_len ); - mbedtls_md_hmac_starts( &transform->md_ctx_dec, mac_dec, mac_key_len ); - } - } - else + if (minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1) { + /* For HMAC-based ciphersuites, initialize the HMAC transforms. + For AEAD-based ciphersuites, there is nothing to do here. */ + if (mac_key_len != 0) { + mbedtls_md_hmac_starts(&transform->md_ctx_enc, mac_enc, mac_key_len); + mbedtls_md_hmac_starts(&transform->md_ctx_dec, mac_dec, mac_key_len); + } + } else #endif - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - goto end; - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + goto end; + } #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_init != NULL ) - { + if (mbedtls_ssl_hw_record_init != NULL) { ret = 0; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_init()" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_init()")); - if( ( ret = mbedtls_ssl_hw_record_init( ssl, key1, key2, keylen, - transform->iv_enc, transform->iv_dec, - iv_copy_len, - mac_enc, mac_dec, - mac_key_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_init", ret ); + if ((ret = mbedtls_ssl_hw_record_init(ssl, key1, key2, keylen, + transform->iv_enc, transform->iv_dec, + iv_copy_len, + mac_enc, mac_dec, + mac_key_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_init", ret); ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED; goto end; } @@ -1268,23 +1167,21 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( ssl->conf->f_export_keys != NULL ) - { - ssl->conf->f_export_keys( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len ); + if (ssl->conf->f_export_keys != NULL) { + ssl->conf->f_export_keys(ssl->conf->p_export_keys, + master, keyblk, + mac_key_len, keylen, + iv_copy_len); } - if( ssl->conf->f_export_keys_ext != NULL ) - { - ssl->conf->f_export_keys_ext( ssl->conf->p_export_keys, - master, keyblk, - mac_key_len, keylen, - iv_copy_len, - randbytes + 32, - randbytes, - tls_prf_get_type( tls_prf ) ); + if (ssl->conf->f_export_keys_ext != NULL) { + ssl->conf->f_export_keys_ext(ssl->conf->p_export_keys, + master, keyblk, + mac_key_len, keylen, + iv_copy_len, + randbytes + 32, + randbytes, + tls_prf_get_type(tls_prf)); } #endif @@ -1296,41 +1193,34 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_enc, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + ret = mbedtls_cipher_setup_psa(&transform->cipher_ctx_enc, + cipher_info, transform->taglen); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup_psa", ret); goto end; } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based encryption cipher context" ) ); + if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Successfully setup PSA-based encryption cipher context")); psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record encryption - fall through to default setup." ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("Failed to setup PSA-based cipher context for record encryption - fall through to default setup.")); psa_fallthrough = 1; } - } - else + } else psa_fallthrough = 1; #else psa_fallthrough = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if( psa_fallthrough == 1 ) + if (psa_fallthrough == 1) #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_enc, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); - goto end; - } + if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc, + cipher_info)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); + goto end; + } #if defined(MBEDTLS_USE_PSA_CRYPTO) /* Only use PSA-based ciphers for TLS-1.2. @@ -1339,72 +1229,60 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * the structure field for the IV, which the PSA-based * implementation currently doesn't. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - ret = mbedtls_cipher_setup_psa( &transform->cipher_ctx_dec, - cipher_info, transform->taglen ); - if( ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup_psa", ret ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + ret = mbedtls_cipher_setup_psa(&transform->cipher_ctx_dec, + cipher_info, transform->taglen); + if (ret != 0 && ret != MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup_psa", ret); goto end; } - if( ret == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Successfully setup PSA-based decryption cipher context" ) ); + if (ret == 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Successfully setup PSA-based decryption cipher context")); psa_fallthrough = 0; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to setup PSA-based cipher context for record decryption - fall through to default setup." ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(1, ("Failed to setup PSA-based cipher context for record decryption - fall through to default setup.")); psa_fallthrough = 1; } - } - else + } else psa_fallthrough = 1; #else psa_fallthrough = 1; #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - if( psa_fallthrough == 1 ) + if (psa_fallthrough == 1) #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ( ret = mbedtls_cipher_setup( &transform->cipher_ctx_dec, - cipher_info ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setup", ret ); + if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec, + cipher_info)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret); + goto end; + } + + if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, key1, + cipher_info->key_bitlen, + MBEDTLS_ENCRYPT)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); goto end; } - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1, - cipher_info->key_bitlen, - MBEDTLS_ENCRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); - goto end; - } - - if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2, - cipher_info->key_bitlen, - MBEDTLS_DECRYPT ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret ); + if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, key2, + cipher_info->key_bitlen, + MBEDTLS_DECRYPT)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); goto end; } #if defined(MBEDTLS_CIPHER_MODE_CBC) - if( cipher_info->mode == MBEDTLS_MODE_CBC ) - { - if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc, - MBEDTLS_PADDING_NONE ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + if (cipher_info->mode == MBEDTLS_MODE_CBC) { + if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_enc, + MBEDTLS_PADDING_NONE)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); goto end; } - if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_dec, - MBEDTLS_PADDING_NONE ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_set_padding_mode", ret ); + if ((ret = mbedtls_cipher_set_padding_mode(&transform->cipher_ctx_dec, + MBEDTLS_PADDING_NONE)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_set_padding_mode", ret); goto end; } } @@ -1413,18 +1291,16 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, /* Initialize Zlib contexts */ #if defined(MBEDTLS_ZLIB_SUPPORT) - if( compression == MBEDTLS_SSL_COMPRESS_DEFLATE ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); + if (compression == MBEDTLS_SSL_COMPRESS_DEFLATE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Initializing zlib states")); - memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); - memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); + memset(&transform->ctx_deflate, 0, sizeof(transform->ctx_deflate)); + memset(&transform->ctx_inflate, 0, sizeof(transform->ctx_inflate)); - if( deflateInit( &transform->ctx_deflate, - Z_DEFAULT_COMPRESSION ) != Z_OK || - inflateInit( &transform->ctx_inflate ) != Z_OK ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Failed to initialize compression" ) ); + if (deflateInit(&transform->ctx_deflate, + Z_DEFAULT_COMPRESSION) != Z_OK || + inflateInit(&transform->ctx_inflate) != Z_OK) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Failed to initialize compression")); ret = MBEDTLS_ERR_SSL_COMPRESSION_FAILED; goto end; } @@ -1432,8 +1308,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_ZLIB_SUPPORT */ end: - mbedtls_platform_zeroize( keyblk, sizeof( keyblk ) ); - return( ret ); + mbedtls_platform_zeroize(keyblk, sizeof(keyblk)); + return (ret); } /* @@ -1446,58 +1322,49 @@ end: * Outputs: * - the tls_prf, calc_verify and calc_finished members of handshake structure */ -static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, - int minor_ver, - mbedtls_md_type_t hash ) -{ +static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake, + int minor_ver, + mbedtls_md_type_t hash) { #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA512_C) (void) hash; #endif #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { handshake->tls_prf = ssl3_prf; handshake->calc_verify = ssl_calc_verify_ssl; handshake->calc_finished = ssl_calc_finished_ssl; - } - else + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) - { - handshake->tls_prf = tls1_prf; - handshake->calc_verify = ssl_calc_verify_tls; - handshake->calc_finished = ssl_calc_finished_tls; - } - else + if (minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) { + handshake->tls_prf = tls1_prf; + handshake->calc_verify = ssl_calc_verify_tls; + handshake->calc_finished = ssl_calc_finished_tls; + } else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - hash == MBEDTLS_MD_SHA384 ) - { - handshake->tls_prf = tls_prf_sha384; - handshake->calc_verify = ssl_calc_verify_tls_sha384; - handshake->calc_finished = ssl_calc_finished_tls_sha384; - } - else + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + hash == MBEDTLS_MD_SHA384) { + handshake->tls_prf = tls_prf_sha384; + handshake->calc_verify = ssl_calc_verify_tls_sha384; + handshake->calc_finished = ssl_calc_finished_tls_sha384; + } else #endif #if defined(MBEDTLS_SHA256_C) - if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) - { - handshake->tls_prf = tls_prf_sha256; - handshake->calc_verify = ssl_calc_verify_tls_sha256; - handshake->calc_finished = ssl_calc_finished_tls_sha256; - } - else + if (minor_ver == MBEDTLS_SSL_MINOR_VERSION_3) { + handshake->tls_prf = tls_prf_sha256; + handshake->calc_verify = ssl_calc_verify_tls_sha256; + handshake->calc_finished = ssl_calc_finished_tls_sha256; + } else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } - return( 0 ); + return (0); } /* @@ -1514,10 +1381,9 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake, * EMS: passed to calc_verify (debug + (SSL3) session_negotiate) * PSA-PSA: minor_ver, conf */ -static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, - unsigned char *master, - const mbedtls_ssl_context *ssl ) -{ +static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, + unsigned char *master, + const mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* cf. RFC 5246, Section 8.1: @@ -1552,30 +1418,27 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, (void) ssl; #endif - if( handshake->resume != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) ); - return( 0 ); + if (handshake->resume != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("no premaster (session resumed)")); + return (0); } #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED ) - { + if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { lbl = "extended master secret"; salt = session_hash; - handshake->calc_verify( ssl, session_hash, &salt_len ); + handshake->calc_verify(ssl, session_hash, &salt_len); - MBEDTLS_SSL_DEBUG_BUF( 3, "session hash for extended master secret", - session_hash, salt_len ); + MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret", + session_hash, salt_len); } #endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && - ssl_use_opaque_psk( ssl ) == 1 ) - { + if (handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && + ssl_use_opaque_psk(ssl) == 1) { /* Perform PSK-to-MS expansion in a single step. */ psa_status_t status; psa_algorithm_t alg; @@ -1584,89 +1447,82 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, PSA_KEY_DERIVATION_OPERATION_INIT; mbedtls_md_type_t hash_alg = handshake->ciphersuite_info->mac; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("perform PSA-based PSK-to-MS expansion")); - psk = mbedtls_ssl_get_opaque_psk( ssl ); + psk = mbedtls_ssl_get_opaque_psk(ssl); - if( hash_alg == MBEDTLS_MD_SHA384 ) + if (hash_alg == MBEDTLS_MD_SHA384) alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); else alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); - status = setup_psa_key_derivation( &derivation, psk, alg, - salt, salt_len, - (unsigned char const *) lbl, - (size_t) strlen( lbl ), - master_secret_len ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = setup_psa_key_derivation(&derivation, psk, alg, + salt, salt_len, + (unsigned char const *) lbl, + (size_t) strlen(lbl), + master_secret_len); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - status = psa_key_derivation_output_bytes( &derivation, - master, - master_secret_len ); - if( status != PSA_SUCCESS ) - { - psa_key_derivation_abort( &derivation ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + status = psa_key_derivation_output_bytes(&derivation, + master, + master_secret_len); + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(&derivation); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } - status = psa_key_derivation_abort( &derivation ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } - else + status = psa_key_derivation_abort(&derivation); + if (status != PSA_SUCCESS) + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); + } else #endif { - ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, - lbl, salt, salt_len, - master, - master_secret_len ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "prf", ret ); - return( ret ); + ret = handshake->tls_prf(handshake->premaster, handshake->pmslen, + lbl, salt, salt_len, + master, + master_secret_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "prf", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_BUF( 3, "premaster secret", - handshake->premaster, - handshake->pmslen ); + MBEDTLS_SSL_DEBUG_BUF(3, "premaster secret", + handshake->premaster, + handshake->pmslen); - mbedtls_platform_zeroize( handshake->premaster, - sizeof(handshake->premaster) ); + mbedtls_platform_zeroize(handshake->premaster, + sizeof(handshake->premaster)); } - return( 0 ); + return (0); } -int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = + const mbedtls_ssl_ciphersuite_t *const ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> derive keys" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> derive keys")); /* Set PRF, calc_verify and calc_finished function pointers */ - ret = ssl_set_handshake_prfs( ssl->handshake, - ssl->minor_ver, - ciphersuite_info->mac ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_set_handshake_prfs", ret ); - return( ret ); + ret = ssl_set_handshake_prfs(ssl->handshake, + ssl->minor_ver, + ciphersuite_info->mac); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_set_handshake_prfs", ret); + return (ret); } /* Compute master secret if needed */ - ret = ssl_compute_master( ssl->handshake, - ssl->session_negotiate->master, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_compute_master", ret ); - return( ret ); + ret = ssl_compute_master(ssl->handshake, + ssl->session_negotiate->master, + ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_compute_master", ret); + return (ret); } /* Swap the client and server random values: @@ -1674,142 +1530,137 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) * - key derivation wants server+client (RFC 5246 6.3) */ { unsigned char tmp[64]; - memcpy( tmp, ssl->handshake->randbytes, 64 ); - memcpy( ssl->handshake->randbytes, tmp + 32, 32 ); - memcpy( ssl->handshake->randbytes + 32, tmp, 32 ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + memcpy(tmp, ssl->handshake->randbytes, 64); + memcpy(ssl->handshake->randbytes, tmp + 32, 32); + memcpy(ssl->handshake->randbytes + 32, tmp, 32); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); } /* Populate transform structure */ - ret = ssl_populate_transform( ssl->transform_negotiate, - ssl->session_negotiate->ciphersuite, - ssl->session_negotiate->master, + ret = ssl_populate_transform(ssl->transform_negotiate, + ssl->session_negotiate->ciphersuite, + ssl->session_negotiate->master, #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl->session_negotiate->encrypt_then_mac, + ssl->session_negotiate->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session_negotiate->trunc_hmac, + ssl->session_negotiate->trunc_hmac, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_ZLIB_SUPPORT) - ssl->session_negotiate->compression, + ssl->session_negotiate->compression, #endif - ssl->handshake->tls_prf, - ssl->handshake->randbytes, - ssl->minor_ver, - ssl->conf->endpoint, - ssl ); - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_populate_transform", ret ); - return( ret ); + ssl->handshake->tls_prf, + ssl->handshake->randbytes, + ssl->minor_ver, + ssl->conf->endpoint, + ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "ssl_populate_transform", ret); + return (ret); } /* We no longer need Server/ClientHello.random values */ - mbedtls_platform_zeroize( ssl->handshake->randbytes, - sizeof( ssl->handshake->randbytes ) ); + mbedtls_platform_zeroize(ssl->handshake->randbytes, + sizeof(ssl->handshake->randbytes)); /* Allocate compression buffer */ #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE && - ssl->compress_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Allocating compression buffer" ) ); - ssl->compress_buf = mbedtls_calloc( 1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN ); - if( ssl->compress_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - MBEDTLS_SSL_COMPRESS_BUFFER_LEN ) ); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (ssl->session_negotiate->compression == MBEDTLS_SSL_COMPRESS_DEFLATE && + ssl->compress_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Allocating compression buffer")); + ssl->compress_buf = mbedtls_calloc(1, MBEDTLS_SSL_COMPRESS_BUFFER_LEN); + if (ssl->compress_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed", + MBEDTLS_SSL_COMPRESS_BUFFER_LEN)); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= derive keys" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= derive keys")); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_SSL3) -void ssl_calc_verify_ssl( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) -{ +void ssl_calc_verify_ssl(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { mbedtls_md5_context md5; mbedtls_sha1_context sha1; unsigned char pad_1[48]; unsigned char pad_2[48]; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify ssl" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify ssl")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); - memset( pad_1, 0x36, 48 ); - memset( pad_2, 0x5C, 48 ); + memset(pad_1, 0x36, 48); + memset(pad_2, 0x5C, 48); - mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ret( &md5, pad_1, 48 ); - mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_md5_update_ret(&md5, ssl->session_negotiate->master, 48); + mbedtls_md5_update_ret(&md5, pad_1, 48); + mbedtls_md5_finish_ret(&md5, hash); - mbedtls_md5_starts_ret( &md5 ); - mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ret( &md5, pad_2, 48 ); - mbedtls_md5_update_ret( &md5, hash, 16 ); - mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_md5_starts_ret(&md5); + mbedtls_md5_update_ret(&md5, ssl->session_negotiate->master, 48); + mbedtls_md5_update_ret(&md5, pad_2, 48); + mbedtls_md5_update_ret(&md5, hash, 16); + mbedtls_md5_finish_ret(&md5, hash); - mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ret( &sha1, pad_1, 40 ); - mbedtls_sha1_finish_ret( &sha1, hash + 16 ); + mbedtls_sha1_update_ret(&sha1, ssl->session_negotiate->master, 48); + mbedtls_sha1_update_ret(&sha1, pad_1, 40); + mbedtls_sha1_finish_ret(&sha1, hash + 16); - mbedtls_sha1_starts_ret( &sha1 ); - mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ret( &sha1, pad_2, 40 ); - mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); - mbedtls_sha1_finish_ret( &sha1, hash + 16 ); + mbedtls_sha1_starts_ret(&sha1); + mbedtls_sha1_update_ret(&sha1, ssl->session_negotiate->master, 48); + mbedtls_sha1_update_ret(&sha1, pad_2, 40); + mbedtls_sha1_update_ret(&sha1, hash + 16, 20); + mbedtls_sha1_finish_ret(&sha1, hash + 16); *hlen = 36; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); return; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) -void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) -{ +void ssl_calc_verify_tls(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { mbedtls_md5_context md5; mbedtls_sha1_context sha1; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify tls" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify tls")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); - mbedtls_md5_finish_ret( &md5, hash ); - mbedtls_sha1_finish_ret( &sha1, hash + 16 ); + mbedtls_md5_finish_ret(&md5, hash); + mbedtls_sha1_finish_ret(&sha1, hash + 16); *hlen = 36; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); return; } @@ -1817,98 +1668,92 @@ void ssl_calc_verify_tls( const mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) -{ +void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_status_t status; psa_hash_operation_t sha256_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha256" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256")); + status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha256_psa, hash, 32, &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } *hlen = 32; - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); #else mbedtls_sha256_context sha256; - mbedtls_sha256_init( &sha256 ); + mbedtls_sha256_init(&sha256); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256")); - mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish_ret( &sha256, hash ); + mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + mbedtls_sha256_finish_ret(&sha256, hash); *hlen = 32; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_sha256_free( &sha256 ); + mbedtls_sha256_free(&sha256); #endif /* MBEDTLS_USE_PSA_CRYPTO */ return; } #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) -void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen ) -{ +void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; psa_status_t status; psa_hash_operation_t sha384_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> PSA calc verify sha384" ) ); - status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384")); + status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha384_psa, hash, 48, &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } *hlen = 48; - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= PSA calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); #else mbedtls_sha512_context sha512; - mbedtls_sha512_init( &sha512 ); + mbedtls_sha512_init(&sha512); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish_ret( &sha512, hash ); + mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha512); + mbedtls_sha512_finish_ret(&sha512, hash); *hlen = 48; - MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, *hlen ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); + MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); - mbedtls_sha512_free( &sha512 ); + mbedtls_sha512_free(&sha512); #endif /* MBEDTLS_USE_PSA_CRYPTO */ return; } @@ -1916,22 +1761,20 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex ) -{ +int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex) { unsigned char *p = ssl->handshake->premaster; - unsigned char *end = p + sizeof( ssl->handshake->premaster ); + unsigned char *end = p + sizeof(ssl->handshake->premaster); const unsigned char *psk = NULL; size_t psk_len = 0; - if( mbedtls_ssl_get_psk( ssl, &psk, &psk_len ) - == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED ) - { + if (mbedtls_ssl_get_psk(ssl, &psk, &psk_len) + == MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED) { /* * This should never happen because the existence of a PSK is always * checked before calling this function */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } /* @@ -1942,153 +1785,136 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch * with "other_secret" depending on the particular key exchange */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_PSK ) - { - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (key_ex == MBEDTLS_KEY_EXCHANGE_PSK) { + if (end - p < 2) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + *(p++) = (unsigned char)(psk_len >> 8); + *(p++) = (unsigned char)(psk_len); - if( end < p || (size_t)( end - p ) < psk_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end < p || (size_t)(end - p) < psk_len) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - memset( p, 0, psk_len ); + memset(p, 0, psk_len); p += psk_len; - } - else + } else #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - { - /* - * other_secret already set by the ClientKeyExchange message, - * and is 48 bytes long - */ - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (key_ex == MBEDTLS_KEY_EXCHANGE_RSA_PSK) { + /* + * other_secret already set by the ClientKeyExchange message, + * and is 48 bytes long + */ + if (end - p < 2) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - *p++ = 0; - *p++ = 48; - p += 48; - } - else + *p++ = 0; + *p++ = 48; + p += 48; + } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; + if (key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; - /* Write length only when we know the actual value */ - if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - p + 2, end - ( p + 2 ), &len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( ret ); - } - *(p++) = (unsigned char)( len >> 8 ); - *(p++) = (unsigned char)( len ); - p += len; + /* Write length only when we know the actual value */ + if ((ret = mbedtls_dhm_calc_secret(&ssl->handshake->dhm_ctx, + p + 2, end - (p + 2), &len, + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_dhm_calc_secret", ret); + return (ret); + } + *(p++) = (unsigned char)(len >> 8); + *(p++) = (unsigned char)(len); + p += len; - MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); - } - else + MBEDTLS_SSL_DEBUG_MPI(3, "DHM: K ", &ssl->handshake->dhm_ctx.K); + } else #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) - { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t zlen; + if (key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t zlen; - if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, - p + 2, end - ( p + 2 ), - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( ret ); - } + if ((ret = mbedtls_ecdh_calc_secret(&ssl->handshake->ecdh_ctx, &zlen, + p + 2, end - (p + 2), + ssl->conf->f_rng, ssl->conf->p_rng)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ecdh_calc_secret", ret); + return (ret); + } - *(p++) = (unsigned char)( zlen >> 8 ); - *(p++) = (unsigned char)( zlen ); - p += zlen; + *(p++) = (unsigned char)(zlen >> 8); + *(p++) = (unsigned char)(zlen); + p += zlen; - MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, - MBEDTLS_DEBUG_ECDH_Z ); - } - else + MBEDTLS_SSL_DEBUG_ECDH(3, &ssl->handshake->ecdh_ctx, + MBEDTLS_DEBUG_ECDH_Z); + } else #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); + } /* opaque psk<0..2^16-1>; */ - if( end - p < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end - p < 2) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - *(p++) = (unsigned char)( psk_len >> 8 ); - *(p++) = (unsigned char)( psk_len ); + *(p++) = (unsigned char)(psk_len >> 8); + *(p++) = (unsigned char)(psk_len); - if( end < p || (size_t)( end - p ) < psk_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (end < p || (size_t)(end - p) < psk_len) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - memcpy( p, psk, psk_len ); + memcpy(p, psk, psk_len); p += psk_len; ssl->handshake->pmslen = p - ssl->handshake->premaster; - return( 0 ); + return (0); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_RENEGOTIATION) -static int ssl_write_hello_request( mbedtls_ssl_context *ssl ); +static int ssl_write_hello_request(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_PROTO_DTLS) -int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_resend_hello_request(mbedtls_ssl_context *ssl) { /* If renegotiation is not enforced, retransmit until we would reach max * timeout if we were using the usual handshake doubling scheme */ - if( ssl->conf->renego_max_records < 0 ) - { + if (ssl->conf->renego_max_records < 0) { uint32_t ratio = ssl->conf->hs_timeout_max / ssl->conf->hs_timeout_min + 1; unsigned char doublings = 1; - while( ratio != 0 ) - { + while (ratio != 0) { ++doublings; ratio >>= 1; } - if( ++ssl->renego_records_seen > doublings ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "no longer retransmitting hello request" ) ); - return( 0 ); + if (++ssl->renego_records_seen > doublings) { + MBEDTLS_SSL_DEBUG_MSG(2, ("no longer retransmitting hello request")); + return (0); } } - return( ssl_write_hello_request( ssl ) ); + return (ssl_write_hello_request(ssl)); } #endif #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) -{ +static void ssl_clear_peer_cert(mbedtls_ssl_session *session) { #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( session->peer_cert != NULL ) - { - mbedtls_x509_crt_free( session->peer_cert ); - mbedtls_free( session->peer_cert ); + if (session->peer_cert != NULL) { + mbedtls_x509_crt_free(session->peer_cert); + mbedtls_free(session->peer_cert); session->peer_cert = NULL; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) - { + if (session->peer_cert_digest != NULL) { /* Zeroization is not necessary. */ - mbedtls_free( session->peer_cert_digest ); + mbedtls_free(session->peer_cert_digest); session->peer_cert_digest = NULL; session->peer_cert_digest_type = MBEDTLS_MD_NONE; session->peer_cert_digest_len = 0; @@ -2102,70 +1928,62 @@ static void ssl_clear_peer_cert( mbedtls_ssl_session *session ) */ #if !defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* No certificate support -> dummy functions */ -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); ssl->state++; - return( 0 ); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); ssl->state++; - return( 0 ); + return (0); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } #else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ /* Some certificate support -> implement write and parse */ -int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, n; const mbedtls_x509_crt *crt; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate")); - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); ssl->state++; - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - if( ssl->client_auth == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { + if (ssl->client_auth == 0) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate")); ssl->state++; - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -2173,32 +1991,29 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) * If using SSLv3 and got no cert, send an Alert message * (otherwise an empty Certificate message will be sent). */ - if( mbedtls_ssl_own_cert( ssl ) == NULL && - ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { + if (mbedtls_ssl_own_cert(ssl) == NULL && + ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { ssl->out_msglen = 2; ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; ssl->out_msg[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING; ssl->out_msg[1] = MBEDTLS_SSL_ALERT_MSG_NO_CERT; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("got no certificate to send")); goto write_msg; } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ } #endif /* MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( mbedtls_ssl_own_cert( ssl ) == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (mbedtls_ssl_own_cert(ssl) == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no certificate to send")); + return (MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED); } } #endif - MBEDTLS_SSL_DEBUG_CRT( 3, "own certificate", mbedtls_ssl_own_cert( ssl ) ); + MBEDTLS_SSL_DEBUG_CRT(3, "own certificate", mbedtls_ssl_own_cert(ssl)); /* * 0 . 0 handshake type @@ -2210,30 +2025,30 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) * n+3 . ... upper level cert, etc. */ i = 7; - crt = mbedtls_ssl_own_cert( ssl ); + crt = mbedtls_ssl_own_cert(ssl); - while( crt != NULL ) - { + while (crt != NULL) { n = crt->raw.len; - if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); + if (n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i) { + MBEDTLS_SSL_DEBUG_MSG(1, ("certificate too large, %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN)); + return (MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE); } - ssl->out_msg[i ] = (unsigned char)( n >> 16 ); - ssl->out_msg[i + 1] = (unsigned char)( n >> 8 ); - ssl->out_msg[i + 2] = (unsigned char)( n ); + ssl->out_msg[i ] = (unsigned char)(n >> 16); + ssl->out_msg[i + 1] = (unsigned char)(n >> 8); + ssl->out_msg[i + 2] = (unsigned char)(n); - i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n ); - i += n; crt = crt->next; + i += 3; + memcpy(ssl->out_msg + i, crt->raw.p, n); + i += n; + crt = crt->next; } - ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 ); - ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 ); - ssl->out_msg[6] = (unsigned char)( ( i - 7 ) ); + ssl->out_msg[4] = (unsigned char)((i - 7) >> 16); + ssl->out_msg[5] = (unsigned char)((i - 7) >> 8); + ssl->out_msg[6] = (unsigned char)((i - 7)); ssl->out_msglen = i; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -2245,61 +2060,58 @@ write_msg: ssl->state++; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate")); - return( ret ); + return (ret); } #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len ) -{ - mbedtls_x509_crt const * const peer_crt = ssl->session->peer_cert; +static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len) { + mbedtls_x509_crt const *const peer_crt = ssl->session->peer_cert; - if( peer_crt == NULL ) - return( -1 ); + if (peer_crt == NULL) + return (-1); - if( peer_crt->raw.len != crt_buf_len ) - return( -1 ); + if (peer_crt->raw.len != crt_buf_len) + return (-1); - return( memcmp( peer_crt->raw.p, crt_buf, peer_crt->raw.len ) ); + return (memcmp(peer_crt->raw.p, crt_buf, peer_crt->raw.len)); } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, - unsigned char *crt_buf, - size_t crt_buf_len ) -{ +static int ssl_check_peer_crt_unchanged(mbedtls_ssl_context *ssl, + unsigned char *crt_buf, + size_t crt_buf_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char const * const peer_cert_digest = + unsigned char const *const peer_cert_digest = ssl->session->peer_cert_digest; mbedtls_md_type_t const peer_cert_digest_type = ssl->session->peer_cert_digest_type; - mbedtls_md_info_t const * const digest_info = - mbedtls_md_info_from_type( peer_cert_digest_type ); + mbedtls_md_info_t const *const digest_info = + mbedtls_md_info_from_type(peer_cert_digest_type); unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN]; size_t digest_len; - if( peer_cert_digest == NULL || digest_info == NULL ) - return( -1 ); + if (peer_cert_digest == NULL || digest_info == NULL) + return (-1); - digest_len = mbedtls_md_get_size( digest_info ); - if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN ) - return( -1 ); + digest_len = mbedtls_md_get_size(digest_info); + if (digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN) + return (-1); - ret = mbedtls_md( digest_info, crt_buf, crt_buf_len, tmp_digest ); - if( ret != 0 ) - return( -1 ); + ret = mbedtls_md(digest_info, crt_buf, crt_buf_len, tmp_digest); + if (ret != 0) + return (-1); - return( memcmp( tmp_digest, peer_cert_digest, digest_len ) ); + return (memcmp(tmp_digest, peer_cert_digest, digest_len)); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ @@ -2308,125 +2120,115 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, * Once the certificate message is read, parse it into a cert chain and * perform basic checks, but leave actual verification to the caller */ -static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *chain ) -{ +static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *chain) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - int crt_cnt=0; + int crt_cnt = 0; #endif size_t i, n; uint8_t alert; - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || - ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || + ssl->in_hslen < mbedtls_ssl_hs_hdr_len(ssl) + 3 + 3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } - i = mbedtls_ssl_hs_hdr_len( ssl ); + i = mbedtls_ssl_hs_hdr_len(ssl); /* * Same message structure as in mbedtls_ssl_write_certificate() */ - n = ( ssl->in_msg[i+1] << 8 ) | ssl->in_msg[i+2]; + n = (ssl->in_msg[i + 1] << 8) | ssl->in_msg[i + 2]; - if( ssl->in_msg[i] != 0 || - ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len( ssl ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl->in_msg[i] != 0 || + ssl->in_hslen != n + 3 + mbedtls_ssl_hs_hdr_len(ssl)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ i += 3; /* Iterate through and parse the CRTs in the provided chain. */ - while( i < ssl->in_hslen ) - { + while (i < ssl->in_hslen) { /* Check that there's room for the next CRT's length fields. */ - if ( i + 3 > ssl->in_hslen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (i + 3 > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } /* In theory, the CRT can be up to 2**24 Bytes, but we don't support * anything beyond 2**16 ~ 64K. */ - if( ssl->in_msg[i] != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (ssl->in_msg[i] != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } /* Read length of the next CRT in the chain. */ - n = ( (unsigned int) ssl->in_msg[i + 1] << 8 ) + n = ((unsigned int) ssl->in_msg[i + 1] << 8) | (unsigned int) ssl->in_msg[i + 2]; i += 3; - if( n < 128 || i + n > ssl->in_hslen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + if (n < 128 || i + n > ssl->in_hslen) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate message")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } /* Check if we're handling the first CRT in the chain. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) - if( crt_cnt++ == 0 && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (crt_cnt++ == 0 && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { /* During client-side renegotiation, check that the server's * end-CRTs hasn't changed compared to the initial handshake, * mitigating the triple handshake attack. On success, reuse * the original end-CRT instead of parsing it again. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Check that peer CRT hasn't changed during renegotiation" ) ); - if( ssl_check_peer_crt_unchanged( ssl, - &ssl->in_msg[i], - n ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "new server cert during renegotiation" ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Check that peer CRT hasn't changed during renegotiation")); + if (ssl_check_peer_crt_unchanged(ssl, + &ssl->in_msg[i], + n) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("new server cert during renegotiation")); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED); + return (MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE); } /* Now we can safely free the original chain. */ - ssl_clear_peer_cert( ssl->session ); + ssl_clear_peer_cert(ssl->session); } #endif /* MBEDTLS_SSL_RENEGOTIATION && MBEDTLS_SSL_CLI_C */ /* Parse the next certificate in the chain. */ #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - ret = mbedtls_x509_crt_parse_der( chain, ssl->in_msg + i, n ); + ret = mbedtls_x509_crt_parse_der(chain, ssl->in_msg + i, n); #else /* If we don't need to store the CRT chain permanently, parse * it in-place from the input buffer instead of making a copy. */ - ret = mbedtls_x509_crt_parse_der_nocopy( chain, ssl->in_msg + i, n ); + ret = mbedtls_x509_crt_parse_der_nocopy(chain, ssl->in_msg + i, n); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - switch( ret ) - { + switch (ret) { case 0: /*ok*/ case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND: /* Ignore certificate with an unknown algorithm: maybe a @@ -2443,56 +2245,52 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, default: alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - crt_parse_der_failed: - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert ); - MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret ); - return( ret ); +crt_parse_der_failed: + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, alert); + MBEDTLS_SSL_DEBUG_RET(1, " mbedtls_x509_crt_parse_der", ret); + return (ret); } i += n; } - MBEDTLS_SSL_DEBUG_CRT( 3, "peer certificate", chain ); - return( 0 ); + MBEDTLS_SSL_DEBUG_CRT(3, "peer certificate", chain); + return (0); } #if defined(MBEDTLS_SSL_SRV_C) -static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) -{ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - return( -1 ); +static int ssl_srv_check_client_no_crt_notification(mbedtls_ssl_context *ssl) { + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) + return (-1); #if defined(MBEDTLS_SSL_PROTO_SSL3) /* * Check if the client sent an empty certificate */ - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - if( ssl->in_msglen == 2 && - ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && - ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && - ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); - return( 0 ); + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) { + if (ssl->in_msglen == 2 && + ssl->in_msgtype == MBEDTLS_SSL_MSG_ALERT && + ssl->in_msg[0] == MBEDTLS_SSL_ALERT_LEVEL_WARNING && + ssl->in_msg[1] == MBEDTLS_SSL_ALERT_MSG_NO_CERT) { + MBEDTLS_SSL_DEBUG_MSG(1, ("SSLv3 client has no certificate")); + return (0); } - return( -1 ); + return (-1); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len( ssl ) && - ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && - ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && - memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); - return( 0 ); + if (ssl->in_hslen == 3 + mbedtls_ssl_hs_hdr_len(ssl) && + ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && + ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE && + memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), "\0\0\0", 3) == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("TLSv1 client has no certificate")); + return (0); } - return( -1 ); + return (-1); #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -2506,40 +2304,36 @@ static int ssl_srv_check_client_no_crt_notification( mbedtls_ssl_context *ssl ) */ #define SSL_CERTIFICATE_EXPECTED 0 #define SSL_CERTIFICATE_SKIP 1 -static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl, - int authmode ) -{ +static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl, + int authmode) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - if( !mbedtls_ssl_ciphersuite_uses_srv_cert( ciphersuite_info ) ) - return( SSL_CERTIFICATE_SKIP ); + if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) + return (SSL_CERTIFICATE_SKIP); #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) - return( SSL_CERTIFICATE_SKIP ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK) + return (SSL_CERTIFICATE_SKIP); - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) - { + if (authmode == MBEDTLS_SSL_VERIFY_NONE) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY; - return( SSL_CERTIFICATE_SKIP ); + return (SSL_CERTIFICATE_SKIP); } } #else ((void) authmode); #endif /* MBEDTLS_SSL_SRV_C */ - return( SSL_CERTIFICATE_EXPECTED ); + return (SSL_CERTIFICATE_EXPECTED); } -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, - int authmode, - mbedtls_x509_crt *chain, - void *rs_ctx ) -{ +static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, + int authmode, + mbedtls_x509_crt *chain, + void *rs_ctx) { int ret = 0; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -2548,18 +2342,15 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); void *p_vrfy; - if( authmode == MBEDTLS_SSL_VERIFY_NONE ) - return( 0 ); + if (authmode == MBEDTLS_SSL_VERIFY_NONE) + return (0); - if( ssl->f_vrfy != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use context-specific verification callback" ) ); + if (ssl->f_vrfy != NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback")); f_vrfy = ssl->f_vrfy; p_vrfy = ssl->p_vrfy; - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use configuration-specific verification callback" ) ); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback")); f_vrfy = ssl->conf->f_vrfy; p_vrfy = ssl->conf->p_vrfy; } @@ -2568,60 +2359,55 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, * Main check: verify certificate */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( ssl->conf->f_ca_cb != NULL ) - { + if (ssl->conf->f_ca_cb != NULL) { ((void) rs_ctx); have_ca_chain = 1; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "use CA callback for X.509 CRT verification" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("use CA callback for X.509 CRT verification")); ret = mbedtls_x509_crt_verify_with_ca_cb( - chain, - ssl->conf->f_ca_cb, - ssl->conf->p_ca_cb, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy ); - } - else + chain, + ssl->conf->f_ca_cb, + ssl->conf->p_ca_cb, + ssl->conf->cert_profile, + ssl->hostname, + &ssl->session_negotiate->verify_result, + f_vrfy, p_vrfy); + } else #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ { mbedtls_x509_crt *ca_chain; mbedtls_x509_crl *ca_crl; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( ssl->handshake->sni_ca_chain != NULL ) - { + if (ssl->handshake->sni_ca_chain != NULL) { ca_chain = ssl->handshake->sni_ca_chain; ca_crl = ssl->handshake->sni_ca_crl; - } - else + } else #endif { ca_chain = ssl->conf->ca_chain; ca_crl = ssl->conf->ca_crl; } - if( ca_chain != NULL ) + if (ca_chain != NULL) have_ca_chain = 1; ret = mbedtls_x509_crt_verify_restartable( - chain, - ca_chain, ca_crl, - ssl->conf->cert_profile, - ssl->hostname, - &ssl->session_negotiate->verify_result, - f_vrfy, p_vrfy, rs_ctx ); + chain, + ca_chain, ca_crl, + ssl->conf->cert_profile, + ssl->hostname, + &ssl->session_negotiate->verify_result, + f_vrfy, p_vrfy, rs_ctx); } - if( ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "x509_verify_cert", ret ); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "x509_verify_cert", ret); } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ); + if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) + return (MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS); #endif /* @@ -2633,25 +2419,23 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, const mbedtls_pk_context *pk = &chain->pk; /* If certificate uses an EC key, make sure the curve is OK */ - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) && - mbedtls_ssl_check_curve( ssl, mbedtls_pk_ec( *pk )->grp.id ) != 0 ) - { + if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY) && + mbedtls_ssl_check_curve(ssl, mbedtls_pk_ec(*pk)->grp.id) != 0) { ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); - if( ret == 0 ) + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (EC key curve)")); + if (ret == 0) ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } } #endif /* MBEDTLS_ECP_C */ - if( mbedtls_ssl_check_cert_usage( chain, - ciphersuite_info, - ! ssl->conf->endpoint, - &ssl->session_negotiate->verify_result ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); - if( ret == 0 ) + if (mbedtls_ssl_check_cert_usage(chain, + ciphersuite_info, + ! ssl->conf->endpoint, + &ssl->session_negotiate->verify_result) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad certificate (usage extensions)")); + if (ret == 0) ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; } @@ -2661,166 +2445,151 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, * of error codes, including those from the user provided f_vrfy * functions, are treated as fatal and lead to a failure of * ssl_parse_certificate even if verification was optional. */ - if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && - ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) - { + if (authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && + (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || + ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE)) { ret = 0; } - if( have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) ); + if (have_ca_chain == 0 && authmode == MBEDTLS_SSL_VERIFY_REQUIRED) { + MBEDTLS_SSL_DEBUG_MSG(1, ("got no CA chain")); ret = MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED; } - if( ret != 0 ) - { + if (ret != 0) { uint8_t alert; /* The certificate may have been rejected for several reasons. Pick one and send the corresponding alert. Which alert to send may be a subject of debate in some cases. */ - if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER ) + if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_OTHER) alert = MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_CN_MISMATCH) alert = MBEDTLS_SSL_ALERT_MSG_BAD_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_KEY_USAGE) alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXT_KEY_USAGE) alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NS_CERT_TYPE) alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_PK) alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_BAD_KEY) alert = MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_EXPIRED) alert = MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_REVOKED) alert = MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED; - else if( ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) + else if (ssl->session_negotiate->verify_result & MBEDTLS_X509_BADCERT_NOT_TRUSTED) alert = MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA; else alert = MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN; - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - alert ); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + alert); } #if defined(MBEDTLS_DEBUG_C) - if( ssl->session_negotiate->verify_result != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x", - (unsigned int) ssl->session_negotiate->verify_result ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate verification flags clear" ) ); + if (ssl->session_negotiate->verify_result != 0) { + MBEDTLS_SSL_DEBUG_MSG(3, ("! Certificate verification flags %08x", + (unsigned int) ssl->session_negotiate->verify_result)); + } else { + MBEDTLS_SSL_DEBUG_MSG(3, ("Certificate verification flags clear")); } #endif /* MBEDTLS_DEBUG_C */ - return( ret ); + return (ret); } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) -static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, - unsigned char *start, size_t len ) -{ +static int ssl_remember_peer_crt_digest(mbedtls_ssl_context *ssl, + unsigned char *start, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Remember digest of the peer's end-CRT. */ ssl->session_negotiate->peer_cert_digest = - mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ); - if( ssl->session_negotiate->peer_cert_digest == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN); + if (ssl->session_negotiate->peer_cert_digest == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%d bytes) failed", + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN)); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } - ret = mbedtls_md( mbedtls_md_info_from_type( - MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE ), - start, len, - ssl->session_negotiate->peer_cert_digest ); + ret = mbedtls_md(mbedtls_md_info_from_type( + MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), + start, len, + ssl->session_negotiate->peer_cert_digest); ssl->session_negotiate->peer_cert_digest_type = MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE; ssl->session_negotiate->peer_cert_digest_len = MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN; - return( ret ); + return (ret); } -static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, - unsigned char *start, size_t len ) -{ +static int ssl_remember_peer_pubkey(mbedtls_ssl_context *ssl, + unsigned char *start, size_t len) { unsigned char *end = start + len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Make a copy of the peer's raw public key. */ - mbedtls_pk_init( &ssl->handshake->peer_pubkey ); - ret = mbedtls_pk_parse_subpubkey( &start, end, - &ssl->handshake->peer_pubkey ); - if( ret != 0 ) - { + mbedtls_pk_init(&ssl->handshake->peer_pubkey); + ret = mbedtls_pk_parse_subpubkey(&start, end, + &ssl->handshake->peer_pubkey); + if (ret != 0) { /* We should have parsed the public key before. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - return( 0 ); + return (0); } #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_parse_certificate(mbedtls_ssl_context *ssl) { int ret = 0; int crt_expected; #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) const int authmode = ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET - ? ssl->handshake->sni_authmode - : ssl->conf->authmode; + ? ssl->handshake->sni_authmode + : ssl->conf->authmode; #else const int authmode = ssl->conf->authmode; #endif void *rs_ctx = NULL; mbedtls_x509_crt *chain = NULL; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse certificate")); - crt_expected = ssl_parse_certificate_coordinate( ssl, authmode ); - if( crt_expected == SSL_CERTIFICATE_SKIP ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); + crt_expected = ssl_parse_certificate_coordinate(ssl, authmode); + if (crt_expected == SSL_CERTIFICATE_SKIP) { + MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate")); goto exit; } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled && - ssl->handshake->ecrs_state == ssl_ecrs_crt_verify ) - { + if (ssl->handshake->ecrs_enabled && + ssl->handshake->ecrs_state == ssl_ecrs_crt_verify) { chain = ssl->handshake->ecrs_peer_cert; ssl->handshake->ecrs_peer_cert = NULL; goto crt_verify; } #endif - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { /* mbedtls_ssl_read_record may have sent an alert already. We let it decide whether to alert. */ - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); goto exit; } #if defined(MBEDTLS_SSL_SRV_C) - if( ssl_srv_check_client_no_crt_notification( ssl ) == 0 ) - { + if (ssl_srv_check_client_no_crt_notification(ssl) == 0) { ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING; - if( authmode != MBEDTLS_SSL_VERIFY_OPTIONAL ) + if (authmode != MBEDTLS_SSL_VERIFY_OPTIONAL) ret = MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE; goto exit; @@ -2829,38 +2598,37 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl ) /* Clear existing peer CRT structure in case we tried to * reuse a session but it failed, and allocate a new one. */ - ssl_clear_peer_cert( ssl->session_negotiate ); + ssl_clear_peer_cert(ssl->session_negotiate); - chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); - if( chain == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", - sizeof( mbedtls_x509_crt ) ) ); - mbedtls_ssl_send_alert_message( ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + chain = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); + if (chain == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", + sizeof(mbedtls_x509_crt))); + mbedtls_ssl_send_alert_message(ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } - mbedtls_x509_crt_init( chain ); + mbedtls_x509_crt_init(chain); - ret = ssl_parse_certificate_chain( ssl, chain ); - if( ret != 0 ) + ret = ssl_parse_certificate_chain(ssl, chain); + if (ret != 0) goto exit; #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ssl->handshake->ecrs_enabled) + if (ssl->handshake->ecrs_enabled) ssl->handshake->ecrs_state = ssl_ecrs_crt_verify; crt_verify: - if( ssl->handshake->ecrs_enabled) + if (ssl->handshake->ecrs_enabled) rs_ctx = &ssl->handshake->ecrs_ctx; #endif - ret = ssl_parse_certificate_verify( ssl, authmode, - chain, rs_ctx ); - if( ret != 0 ) + ret = ssl_parse_certificate_verify(ssl, authmode, + chain, rs_ctx); + if (ret != 0) goto exit; #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -2881,16 +2649,16 @@ crt_verify: /* Free the CRT structures before computing * digest and copying the peer's public key. */ - mbedtls_x509_crt_free( chain ); - mbedtls_free( chain ); + mbedtls_x509_crt_free(chain); + mbedtls_free(chain); chain = NULL; - ret = ssl_remember_peer_crt_digest( ssl, crt_start, crt_len ); - if( ret != 0 ) + ret = ssl_remember_peer_crt_digest(ssl, crt_start, crt_len); + if (ret != 0) goto exit; - ret = ssl_remember_peer_pubkey( ssl, pk_start, pk_len ); - if( ret != 0 ) + ret = ssl_remember_peer_pubkey(ssl, pk_start, pk_len); + if (ret != 0) goto exit; } #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -2899,108 +2667,103 @@ crt_verify: chain = NULL; #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); exit: - if( ret == 0 ) + if (ret == 0) ssl->state++; #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS ) - { + if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { ssl->handshake->ecrs_peer_cert = chain; chain = NULL; } #endif - if( chain != NULL ) - { - mbedtls_x509_crt_free( chain ); - mbedtls_free( chain ); + if (chain != NULL) { + mbedtls_x509_crt_free(chain); + mbedtls_free(chain); } - return( ret ); + return (ret); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl, - const mbedtls_ssl_ciphersuite_t *ciphersuite_info ) -{ +void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, + const mbedtls_ssl_ciphersuite_t *ciphersuite_info) { ((void) ciphersuite_info); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ) + if (ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3) ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; else #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA512_C) - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - ssl->handshake->update_checksum = ssl_update_checksum_sha384; - else + if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) + ssl->handshake->update_checksum = ssl_update_checksum_sha384; + else #endif #if defined(MBEDTLS_SHA256_C) - if( ciphersuite_info->mac != MBEDTLS_MD_SHA384 ) - ssl->handshake->update_checksum = ssl_update_checksum_sha256; - else + if (ciphersuite_info->mac != MBEDTLS_MD_SHA384) + ssl->handshake->update_checksum = ssl_update_checksum_sha256; + else #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return; - } + { + MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); + return; + } } -void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 ); - mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 ); + mbedtls_md5_starts_ret(&ssl->handshake->fin_md5); + mbedtls_sha1_starts_ret(&ssl->handshake->fin_sha1); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &ssl->handshake->fin_sha256_psa ); - psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); + psa_hash_abort(&ssl->handshake->fin_sha256_psa); + psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); #else - mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ret(&ssl->handshake->fin_sha256, 0); #endif #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &ssl->handshake->fin_sha384_psa ); - psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); + psa_hash_abort(&ssl->handshake->fin_sha384_psa); + psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); #else - mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ret(&ssl->handshake->fin_sha512, 1); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } -static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ +static void ssl_update_checksum_start(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret(&ssl->handshake->fin_md5, buf, len); + mbedtls_sha1_update_ret(&ssl->handshake->fin_sha1, buf, len); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); #else - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret(&ssl->handshake->fin_sha256, buf, len); #endif #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); #else - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret(&ssl->handshake->fin_sha512, buf, len); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -3008,35 +2771,32 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ - mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); +static void ssl_update_checksum_md5sha1(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { + mbedtls_md5_update_ret(&ssl->handshake->fin_md5, buf, len); + mbedtls_sha1_update_ret(&ssl->handshake->fin_sha1, buf, len); } #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) -static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ +static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); #else - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret(&ssl->handshake->fin_sha256, buf, len); #endif } #endif #if defined(MBEDTLS_SHA512_C) -static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len ) -{ +static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); + psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); #else - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret(&ssl->handshake->fin_sha512, buf, len); #endif } #endif @@ -3044,8 +2804,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_SSL3) static void ssl_calc_finished_ssl( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) -{ + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { const char *sender; mbedtls_md5_context md5; mbedtls_sha1_context sha1; @@ -3055,16 +2814,16 @@ static void ssl_calc_finished_ssl( unsigned char sha1sum[20]; mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) session = ssl->session; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished ssl" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished ssl")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); /* * SSLv3: @@ -3076,61 +2835,60 @@ static void ssl_calc_finished_ssl( */ #if !defined(MBEDTLS_MD5_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) - md5.state, sizeof( md5.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished md5 state", (unsigned char *) + md5.state, sizeof(md5.state)); #endif #if !defined(MBEDTLS_SHA1_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) - sha1.state, sizeof( sha1.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha1 state", (unsigned char *) + sha1.state, sizeof(sha1.state)); #endif - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) ? "CLNT" - : "SRVR"; + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "CLNT" + : "SRVR"; - memset( padbuf, 0x36, 48 ); + memset(padbuf, 0x36, 48); - mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 ); - mbedtls_md5_update_ret( &md5, session->master, 48 ); - mbedtls_md5_update_ret( &md5, padbuf, 48 ); - mbedtls_md5_finish_ret( &md5, md5sum ); + mbedtls_md5_update_ret(&md5, (const unsigned char *) sender, 4); + mbedtls_md5_update_ret(&md5, session->master, 48); + mbedtls_md5_update_ret(&md5, padbuf, 48); + mbedtls_md5_finish_ret(&md5, md5sum); - mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 ); - mbedtls_sha1_update_ret( &sha1, session->master, 48 ); - mbedtls_sha1_update_ret( &sha1, padbuf, 40 ); - mbedtls_sha1_finish_ret( &sha1, sha1sum ); + mbedtls_sha1_update_ret(&sha1, (const unsigned char *) sender, 4); + mbedtls_sha1_update_ret(&sha1, session->master, 48); + mbedtls_sha1_update_ret(&sha1, padbuf, 40); + mbedtls_sha1_finish_ret(&sha1, sha1sum); - memset( padbuf, 0x5C, 48 ); + memset(padbuf, 0x5C, 48); - mbedtls_md5_starts_ret( &md5 ); - mbedtls_md5_update_ret( &md5, session->master, 48 ); - mbedtls_md5_update_ret( &md5, padbuf, 48 ); - mbedtls_md5_update_ret( &md5, md5sum, 16 ); - mbedtls_md5_finish_ret( &md5, buf ); + mbedtls_md5_starts_ret(&md5); + mbedtls_md5_update_ret(&md5, session->master, 48); + mbedtls_md5_update_ret(&md5, padbuf, 48); + mbedtls_md5_update_ret(&md5, md5sum, 16); + mbedtls_md5_finish_ret(&md5, buf); - mbedtls_sha1_starts_ret( &sha1 ); - mbedtls_sha1_update_ret( &sha1, session->master, 48 ); - mbedtls_sha1_update_ret( &sha1, padbuf , 40 ); - mbedtls_sha1_update_ret( &sha1, sha1sum, 20 ); - mbedtls_sha1_finish_ret( &sha1, buf + 16 ); + mbedtls_sha1_starts_ret(&sha1); + mbedtls_sha1_update_ret(&sha1, session->master, 48); + mbedtls_sha1_update_ret(&sha1, padbuf, 40); + mbedtls_sha1_update_ret(&sha1, sha1sum, 20); + mbedtls_sha1_finish_ret(&sha1, buf + 16); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, 36); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); - mbedtls_platform_zeroize( md5sum, sizeof( md5sum ) ); - mbedtls_platform_zeroize( sha1sum, sizeof( sha1sum ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); + mbedtls_platform_zeroize(md5sum, sizeof(md5sum)); + mbedtls_platform_zeroize(sha1sum, sizeof(sha1sum)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) static void ssl_calc_finished_tls( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) -{ + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; const char *sender; mbedtls_md5_context md5; @@ -3138,16 +2896,16 @@ static void ssl_calc_finished_tls( unsigned char padbuf[36]; mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) session = ssl->session; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls")); - mbedtls_md5_init( &md5 ); - mbedtls_sha1_init( &sha1 ); + mbedtls_md5_init(&md5); + mbedtls_sha1_init(&sha1); - mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); - mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); + mbedtls_md5_clone(&md5, &ssl->handshake->fin_md5); + mbedtls_sha1_clone(&sha1, &ssl->handshake->fin_sha1); /* * TLSv1: @@ -3156,41 +2914,40 @@ static void ssl_calc_finished_tls( */ #if !defined(MBEDTLS_MD5_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *) - md5.state, sizeof( md5.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished md5 state", (unsigned char *) + md5.state, sizeof(md5.state)); #endif #if !defined(MBEDTLS_SHA1_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *) - sha1.state, sizeof( sha1.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha1 state", (unsigned char *) + sha1.state, sizeof(sha1.state)); #endif - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "client finished" : "server finished"; - mbedtls_md5_finish_ret( &md5, padbuf ); - mbedtls_sha1_finish_ret( &sha1, padbuf + 16 ); + mbedtls_md5_finish_ret(&md5, padbuf); + mbedtls_sha1_finish_ret(&sha1, padbuf + 16); - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 36, buf, len ); + ssl->handshake->tls_prf(session->master, 48, sender, + padbuf, 36, buf, len); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_md5_free( &md5 ); - mbedtls_sha1_free( &sha1 ); + mbedtls_md5_free(&md5); + mbedtls_sha1_free(&sha1); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) static void ssl_calc_finished_tls_sha256( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) -{ + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; const char *sender; unsigned char padbuf[32]; @@ -3203,39 +2960,37 @@ static void ssl_calc_finished_tls_sha256( #endif mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) session = ssl->session; - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) + sender = (from == MBEDTLS_SSL_IS_CLIENT) ? "client finished" : "server finished"; #if defined(MBEDTLS_USE_PSA_CRYPTO) sha256_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha256" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha256")); - status = psa_hash_clone( &ssl->handshake->fin_sha256_psa, &sha256_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha256_psa, padbuf, sizeof( padbuf ), &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 32 ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else - mbedtls_sha256_init( &sha256 ); + mbedtls_sha256_init(&sha256); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha256" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256")); - mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); + mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); /* * TLSv1.2: @@ -3244,32 +2999,31 @@ static void ssl_calc_finished_tls_sha256( */ #if !defined(MBEDTLS_SHA256_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha2 state", (unsigned char *) - sha256.state, sizeof( sha256.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha2 state", (unsigned char *) + sha256.state, sizeof(sha256.state)); #endif - mbedtls_sha256_finish_ret( &sha256, padbuf ); - mbedtls_sha256_free( &sha256 ); + mbedtls_sha256_finish_ret(&sha256, padbuf); + mbedtls_sha256_free(&sha256); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 32, buf, len ); + ssl->handshake->tls_prf(session->master, 48, sender, + padbuf, 32, buf, len); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) -typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*); +typedef int (*finish_sha384_t)(mbedtls_sha512_context *, unsigned char *); static void ssl_calc_finished_tls_sha384( - mbedtls_ssl_context *ssl, unsigned char *buf, int from ) -{ + mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; const char *sender; unsigned char padbuf[48]; @@ -3282,38 +3036,36 @@ static void ssl_calc_finished_tls_sha384( #endif mbedtls_ssl_session *session = ssl->session_negotiate; - if( !session ) + if (!session) session = ssl->session; - sender = ( from == MBEDTLS_SSL_IS_CLIENT ) - ? "client finished" - : "server finished"; + sender = (from == MBEDTLS_SSL_IS_CLIENT) + ? "client finished" + : "server finished"; #if defined(MBEDTLS_USE_PSA_CRYPTO) sha384_psa = psa_hash_operation_init(); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc PSA finished tls sha384" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc PSA finished tls sha384")); - status = psa_hash_clone( &ssl->handshake->fin_sha384_psa, &sha384_psa ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash clone failed" ) ); + status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); return; } - status = psa_hash_finish( &sha384_psa, padbuf, sizeof( padbuf ), &hash_size ); - if( status != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "PSA hash finish failed" ) ); + status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size); + if (status != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); return; } - MBEDTLS_SSL_DEBUG_BUF( 3, "PSA calculated padbuf", padbuf, 48 ); + MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_sha512_init( &sha512 ); + mbedtls_sha512_init(&sha512); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc finished tls sha384" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); + mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha512); /* * TLSv1.2: @@ -3322,8 +3074,8 @@ static void ssl_calc_finished_tls_sha384( */ #if !defined(MBEDTLS_SHA512_ALT) - MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) - sha512.state, sizeof( sha512.state ) ); + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *) + sha512.state, sizeof(sha512.state)); #endif /* * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long. @@ -3331,57 +3083,53 @@ static void ssl_calc_finished_tls_sha384( * mbedtls_sha512_finish_ret(). */ finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret; - finish( &sha512, padbuf ); + finish(&sha512, padbuf); - mbedtls_sha512_free( &sha512 ); + mbedtls_sha512_free(&sha512); #endif - ssl->handshake->tls_prf( session->master, 48, sender, - padbuf, 48, buf, len ); + ssl->handshake->tls_prf(session->master, 48, sender, + padbuf, 48, buf, len); - MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_platform_zeroize( padbuf, sizeof( padbuf ) ); + mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); } #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) -{ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup: final free" ) ); +void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl) { + MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup: final free")); /* * Free our handshake params */ - mbedtls_ssl_handshake_free( ssl ); - mbedtls_free( ssl->handshake ); + mbedtls_ssl_handshake_free(ssl); + mbedtls_free(ssl->handshake); ssl->handshake = NULL; /* * Free the previous transform and swith in the current one */ - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); + if (ssl->transform) { + mbedtls_ssl_transform_free(ssl->transform); + mbedtls_free(ssl->transform); } ssl->transform = ssl->transform_negotiate; ssl->transform_negotiate = NULL; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup: final free")); } -void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl) { int resume = ssl->handshake->resume; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("=> handshake wrapup")); #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { + if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_DONE; ssl->renego_records_seen = 0; } @@ -3390,16 +3138,15 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) /* * Free the previous session and switch in the current one */ - if( ssl->session ) - { + if (ssl->session) { #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) /* RFC 7366 3.1: keep the EtM state */ ssl->session_negotiate->encrypt_then_mac = - ssl->session->encrypt_then_mac; + ssl->session->encrypt_then_mac; #endif - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); + mbedtls_ssl_session_free(ssl->session); + mbedtls_free(ssl->session); } ssl->session = ssl->session_negotiate; ssl->session_negotiate = NULL; @@ -3407,43 +3154,39 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) /* * Add cache entry */ - if( ssl->conf->f_set_cache != NULL && - ssl->session->id_len != 0 && - resume == 0 ) - { - if( ssl->conf->f_set_cache( ssl->conf->p_cache, ssl->session ) != 0 ) - MBEDTLS_SSL_DEBUG_MSG( 1, ( "cache did not store session" ) ); + if (ssl->conf->f_set_cache != NULL && + ssl->session->id_len != 0 && + resume == 0) { + if (ssl->conf->f_set_cache(ssl->conf->p_cache, ssl->session) != 0) + MBEDTLS_SSL_DEBUG_MSG(1, ("cache did not store session")); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->handshake->flight != NULL ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->handshake->flight != NULL) { /* Cancel handshake timer */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); /* Keep last flight around in case we need to resend it: * we need the handshake and transform structures for that */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip freeing handshake and transform" ) ); - } - else + MBEDTLS_SSL_DEBUG_MSG(3, ("skip freeing handshake and transform")); + } else #endif - mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); + mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl); ssl->state++; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup")); } -int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) { int ret, hash_len; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write finished")); - mbedtls_ssl_update_out_pointers( ssl, ssl->transform_negotiate ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate); - ssl->handshake->calc_finished( ssl, ssl->out_msg + 4, ssl->conf->endpoint ); + ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); /* * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites @@ -3451,11 +3194,11 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) * ciphersuite does this (and this is unlikely to change as activity has * moved to TLS 1.3 now) so we can keep the hardcoded 12 here. */ - hash_len = ( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) ? 36 : 12; + hash_len = (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) ? 36 : 12; #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->verify_data_len = hash_len; - memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len ); + memcpy(ssl->own_verify_data, ssl->out_msg + 4, hash_len); #endif ssl->out_msglen = 4 + hash_len; @@ -3466,91 +3209,82 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) * In case of session resuming, invert the client and server * ChangeCipherSpec messages order. */ - if( ssl->handshake->resume != 0 ) - { + if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; #endif - } - else + } else ssl->state++; /* * Switch to our negotiated transform and session parameters for outbound * data. */ - MBEDTLS_SSL_DEBUG_MSG( 3, ( "switching to new transform spec for outbound data" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("switching to new transform spec for outbound data")); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { unsigned char i; /* Remember current epoch settings for resending */ ssl->handshake->alt_transform_out = ssl->transform_out; - memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 ); + memcpy(ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8); /* Set sequence_number to zero */ - memset( ssl->cur_out_ctr + 2, 0, 6 ); + memset(ssl->cur_out_ctr + 2, 0, 6); /* Increment epoch */ - for( i = 2; i > 0; i-- ) - if( ++ssl->cur_out_ctr[i - 1] != 0 ) + for (i = 2; i > 0; i--) + if (++ssl->cur_out_ctr[i - 1] != 0) break; /* The loop goes to its end iff the counter is wrapping */ - if( i == 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS epoch would wrap" ) ); - return( MBEDTLS_ERR_SSL_COUNTER_WRAPPING ); + if (i == 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("DTLS epoch would wrap")); + return (MBEDTLS_ERR_SSL_COUNTER_WRAPPING); } - } - else + } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->cur_out_ctr, 0, 8 ); + memset(ssl->cur_out_ctr, 0, 8); ssl->transform_out = ssl->transform_negotiate; ssl->session_out = ssl->session_negotiate; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_activate != NULL ) - { - if( ( ret = mbedtls_ssl_hw_record_activate( ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_activate", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_activate != NULL) { + if ((ret = mbedtls_ssl_hw_record_activate(ssl, MBEDTLS_SSL_CHANNEL_OUTBOUND)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_activate", ret); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } } #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_send_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + mbedtls_ssl_send_flight_completed(ssl); #endif - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret ); - return( ret ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ret = mbedtls_ssl_flight_transmit(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flight_transmit", ret); + return (ret); } #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write finished")); - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -3559,113 +3293,105 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) #define SSL_MAX_HASH_LEN 12 #endif -int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned int hash_len; unsigned char buf[SSL_MAX_HASH_LEN]; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished")); - ssl->handshake->calc_finished( ssl, buf, ssl->conf->endpoint ^ 1 ); + ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); - if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret ); - return( ret ); + if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); + return (ret); } - if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); - return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE); + return (MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); } /* There is currently no ciphersuite using another length with TLS 1.2 */ #if defined(MBEDTLS_SSL_PROTO_SSL3) - if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) + if (ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0) hash_len = 36; else #endif hash_len = 12; - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); + if (ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || + ssl->in_hslen != mbedtls_ssl_hs_hdr_len(ssl) + hash_len) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_FINISHED); } - if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), - buf, hash_len ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); + if (mbedtls_ssl_safer_memcmp(ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl), + buf, hash_len) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("bad finished message")); + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR); + return (MBEDTLS_ERR_SSL_BAD_HS_FINISHED); } #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->verify_data_len = hash_len; - memcpy( ssl->peer_verify_data, buf, hash_len ); + memcpy(ssl->peer_verify_data, buf, hash_len); #endif - if( ssl->handshake->resume != 0 ) - { + if (ssl->handshake->resume != 0) { #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC; #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP; #endif - } - else + } else ssl->state++; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - mbedtls_ssl_recv_flight_completed( ssl ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) + mbedtls_ssl_recv_flight_completed(ssl); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse finished" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse finished")); - return( 0 ); + return (0); } -static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) -{ - memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); +static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) { + memset(handshake, 0, sizeof(mbedtls_ssl_handshake_params)); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_init( &handshake->fin_md5 ); - mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts_ret( &handshake->fin_md5 ); - mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); + mbedtls_md5_init(&handshake->fin_md5); + mbedtls_sha1_init(&handshake->fin_sha1); + mbedtls_md5_starts_ret(&handshake->fin_md5); + mbedtls_sha1_starts_ret(&handshake->fin_sha1); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); - psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); + psa_hash_setup(&handshake->fin_sha256_psa, PSA_ALG_SHA_256); #else - mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); + mbedtls_sha256_init(&handshake->fin_sha256); + mbedtls_sha256_starts_ret(&handshake->fin_sha256, 0); #endif #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); - psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); + psa_hash_setup(&handshake->fin_sha384_psa, PSA_ALG_SHA_384); #else - mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); + mbedtls_sha512_init(&handshake->fin_sha512); + mbedtls_sha512_starts_ret(&handshake->fin_sha512, 1); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -3674,17 +3400,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs ); + mbedtls_ssl_sig_hash_set_init(&handshake->hash_algs); #endif #if defined(MBEDTLS_DHM_C) - mbedtls_dhm_init( &handshake->dhm_ctx ); + mbedtls_dhm_init(&handshake->dhm_ctx); #endif #if defined(MBEDTLS_ECDH_C) - mbedtls_ecdh_init( &handshake->ecdh_ctx ); + mbedtls_ecdh_init(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); + mbedtls_ecjpake_init(&handshake->ecjpake_ctx); #if defined(MBEDTLS_SSL_CLI_C) handshake->ecjpake_cache = NULL; handshake->ecjpake_cache_len = 0; @@ -3692,7 +3418,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #endif #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_init( &handshake->ecrs_ctx ); + mbedtls_x509_crt_restart_init(&handshake->ecrs_ctx); #endif #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) @@ -3701,147 +3427,135 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_init( &handshake->peer_pubkey ); + mbedtls_pk_init(&handshake->peer_pubkey); #endif } -void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) -{ - memset( transform, 0, sizeof(mbedtls_ssl_transform) ); +void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform) { + memset(transform, 0, sizeof(mbedtls_ssl_transform)); - mbedtls_cipher_init( &transform->cipher_ctx_enc ); - mbedtls_cipher_init( &transform->cipher_ctx_dec ); + mbedtls_cipher_init(&transform->cipher_ctx_enc); + mbedtls_cipher_init(&transform->cipher_ctx_dec); #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) - mbedtls_md_init( &transform->md_ctx_enc ); - mbedtls_md_init( &transform->md_ctx_dec ); + mbedtls_md_init(&transform->md_ctx_enc); + mbedtls_md_init(&transform->md_ctx_dec); #endif } -void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) -{ - memset( session, 0, sizeof(mbedtls_ssl_session) ); +void mbedtls_ssl_session_init(mbedtls_ssl_session *session) { + memset(session, 0, sizeof(mbedtls_ssl_session)); } -static int ssl_handshake_init( mbedtls_ssl_context *ssl ) -{ +static int ssl_handshake_init(mbedtls_ssl_context *ssl) { /* Clear old handshake information if present */ - if( ssl->transform_negotiate ) - mbedtls_ssl_transform_free( ssl->transform_negotiate ); - if( ssl->session_negotiate ) - mbedtls_ssl_session_free( ssl->session_negotiate ); - if( ssl->handshake ) - mbedtls_ssl_handshake_free( ssl ); + if (ssl->transform_negotiate) + mbedtls_ssl_transform_free(ssl->transform_negotiate); + if (ssl->session_negotiate) + mbedtls_ssl_session_free(ssl->session_negotiate); + if (ssl->handshake) + mbedtls_ssl_handshake_free(ssl); /* * Either the pointers are now NULL or cleared properly and can be freed. * Now allocate missing structures. */ - if( ssl->transform_negotiate == NULL ) - { - ssl->transform_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_transform) ); + if (ssl->transform_negotiate == NULL) { + ssl->transform_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_transform)); } - if( ssl->session_negotiate == NULL ) - { - ssl->session_negotiate = mbedtls_calloc( 1, sizeof(mbedtls_ssl_session) ); + if (ssl->session_negotiate == NULL) { + ssl->session_negotiate = mbedtls_calloc(1, sizeof(mbedtls_ssl_session)); } - if( ssl->handshake == NULL ) - { - ssl->handshake = mbedtls_calloc( 1, sizeof(mbedtls_ssl_handshake_params) ); + if (ssl->handshake == NULL) { + ssl->handshake = mbedtls_calloc(1, sizeof(mbedtls_ssl_handshake_params)); } #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* If the buffers are too small - reallocate */ - handle_buffer_resizing( ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, - MBEDTLS_SSL_OUT_BUFFER_LEN ); + handle_buffer_resizing(ssl, 0, MBEDTLS_SSL_IN_BUFFER_LEN, + MBEDTLS_SSL_OUT_BUFFER_LEN); #endif /* All pointers should exist and can be directly freed without issue */ - if( ssl->handshake == NULL || - ssl->transform_negotiate == NULL || - ssl->session_negotiate == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc() of ssl sub-contexts failed" ) ); + if (ssl->handshake == NULL || + ssl->transform_negotiate == NULL || + ssl->session_negotiate == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc() of ssl sub-contexts failed")); - mbedtls_free( ssl->handshake ); - mbedtls_free( ssl->transform_negotiate ); - mbedtls_free( ssl->session_negotiate ); + mbedtls_free(ssl->handshake); + mbedtls_free(ssl->transform_negotiate); + mbedtls_free(ssl->session_negotiate); ssl->handshake = NULL; ssl->transform_negotiate = NULL; ssl->session_negotiate = NULL; - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); } /* Initialize structures */ - mbedtls_ssl_session_init( ssl->session_negotiate ); - mbedtls_ssl_transform_init( ssl->transform_negotiate ); - ssl_handshake_params_init( ssl->handshake ); + mbedtls_ssl_session_init(ssl->session_negotiate); + mbedtls_ssl_transform_init(ssl->transform_negotiate); + ssl_handshake_params_init(ssl->handshake); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { ssl->handshake->alt_transform_out = ssl->transform_out; - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; else ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); } #endif - return( 0 ); + return (0); } #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /* Dummy cookie callbacks for defaults */ -static int ssl_cookie_write_dummy( void *ctx, - unsigned char **p, unsigned char *end, - const unsigned char *cli_id, size_t cli_id_len ) -{ +static int ssl_cookie_write_dummy(void *ctx, + unsigned char **p, unsigned char *end, + const unsigned char *cli_id, size_t cli_id_len) { ((void) ctx); ((void) p); ((void) end); ((void) cli_id); ((void) cli_id_len); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } -static int ssl_cookie_check_dummy( void *ctx, - const unsigned char *cookie, size_t cookie_len, - const unsigned char *cli_id, size_t cli_id_len ) -{ +static int ssl_cookie_check_dummy(void *ctx, + const unsigned char *cookie, size_t cookie_len, + const unsigned char *cli_id, size_t cli_id_len) { ((void) ctx); ((void) cookie); ((void) cookie_len); ((void) cli_id); ((void) cli_id_len); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ /* * Initialize an SSL context */ -void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) -{ - memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); +void mbedtls_ssl_init(mbedtls_ssl_context *ssl) { + memset(ssl, 0, sizeof(mbedtls_ssl_context)); } /* * Setup an SSL context */ -int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, - const mbedtls_ssl_config *conf ) -{ +int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, + const mbedtls_ssl_config *conf) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; @@ -3858,10 +3572,9 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) ssl->in_buf_len = in_buf_len; #endif - ssl->in_buf = mbedtls_calloc( 1, in_buf_len ); - if( ssl->in_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) ); + ssl->in_buf = mbedtls_calloc(1, in_buf_len); + if (ssl->in_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len)); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } @@ -3869,28 +3582,27 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) ssl->out_buf_len = out_buf_len; #endif - ssl->out_buf = mbedtls_calloc( 1, out_buf_len ); - if( ssl->out_buf == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) ); + ssl->out_buf = mbedtls_calloc(1, out_buf_len); + if (ssl->out_buf == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len)); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto error; } - mbedtls_ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers(ssl); #if defined(MBEDTLS_SSL_DTLS_SRTP) - memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) ); + memset(&ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info)); #endif - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) + if ((ret = ssl_handshake_init(ssl)) != 0) goto error; - return( 0 ); + return (0); error: - mbedtls_free( ssl->in_buf ); - mbedtls_free( ssl->out_buf ); + mbedtls_free(ssl->in_buf); + mbedtls_free(ssl->out_buf); ssl->conf = NULL; @@ -3913,7 +3625,7 @@ error: ssl->out_iv = NULL; ssl->out_msg = NULL; - return( ret ); + return (ret); } /* @@ -3923,8 +3635,7 @@ error: * If partial is non-zero, keep data in the input buffer and client ID. * (Use when a DTLS client reconnects from the same port.) */ -int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) -{ +int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t in_buf_len = ssl->in_buf_len; @@ -3942,20 +3653,20 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->state = MBEDTLS_SSL_HELLO_REQUEST; /* Cancel any possibly running timer */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->renego_status = MBEDTLS_SSL_INITIAL_HANDSHAKE; ssl->renego_records_seen = 0; ssl->verify_data_len = 0; - memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); - memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); + memset(ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); + memset(ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN); #endif ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; ssl->in_offt = NULL; - mbedtls_ssl_reset_in_out_pointers( ssl ); + mbedtls_ssl_reset_in_out_pointers(ssl); ssl->in_msgtype = 0; ssl->in_msglen = 0; @@ -3964,7 +3675,7 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->in_epoch = 0; #endif #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - mbedtls_ssl_dtls_replay_reset( ssl ); + mbedtls_ssl_dtls_replay_reset(ssl); #endif ssl->in_hslen = 0; @@ -3976,11 +3687,11 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->out_msglen = 0; ssl->out_left = 0; #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - if( ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ) + if (ssl->split_done != MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED) ssl->split_done = 0; #endif - memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + memset(ssl->cur_out_ctr, 0, sizeof(ssl->cur_out_ctr)); ssl->transform_in = NULL; ssl->transform_out = NULL; @@ -3988,39 +3699,35 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->session_in = NULL; ssl->session_out = NULL; - memset( ssl->out_buf, 0, out_buf_len ); + memset(ssl->out_buf, 0, out_buf_len); #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) - if( partial == 0 ) + if (partial == 0) #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ { ssl->in_left = 0; - memset( ssl->in_buf, 0, in_buf_len ); + memset(ssl->in_buf, 0, in_buf_len); } #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_reset != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_reset()" ) ); - if( ( ret = mbedtls_ssl_hw_record_reset( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_hw_record_reset", ret ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + if (mbedtls_ssl_hw_record_reset != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_reset()")); + if ((ret = mbedtls_ssl_hw_record_reset(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_hw_record_reset", ret); + return (MBEDTLS_ERR_SSL_HW_ACCEL_FAILED); } } #endif - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); + if (ssl->transform) { + mbedtls_ssl_transform_free(ssl->transform); + mbedtls_free(ssl->transform); ssl->transform = NULL; } - if( ssl->session ) - { - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); + if (ssl->session) { + mbedtls_ssl_session_free(ssl->session); + mbedtls_free(ssl->session); ssl->session = NULL; } @@ -4030,110 +3737,98 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - if( partial == 0 ) + if (partial == 0) #endif { - mbedtls_free( ssl->cli_id ); + mbedtls_free(ssl->cli_id); ssl->cli_id = NULL; ssl->cli_id_len = 0; } #endif - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) - return( ret ); + if ((ret = ssl_handshake_init(ssl)) != 0) + return (ret); - return( 0 ); + return (0); } /* * Reset an initialized and used SSL context for re-use while retaining * all application-set variables, function pointers and data. */ -int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl ) -{ - return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); +int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl) { + return (mbedtls_ssl_session_reset_int(ssl, 0)); } /* * SSL set accessors */ -void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint ) -{ +void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint) { conf->endpoint = endpoint; } -void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport ) -{ +void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport) { conf->transport = transport; } #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) -void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode ) -{ +void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode) { conf->anti_replay = mode; } #endif #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) -void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit ) -{ +void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf, unsigned limit) { conf->badmac_limit = limit; } #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl, - unsigned allow_packing ) -{ +void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl, + unsigned allow_packing) { ssl->disable_datagram_packing = !allow_packing; } -void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, - uint32_t min, uint32_t max ) -{ +void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf, + uint32_t min, uint32_t max) { conf->hs_timeout_min = min; conf->hs_timeout_max = max; } #endif -void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ) -{ +void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode) { conf->authmode = authmode; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ +void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { conf->f_vrfy = f_vrfy; conf->p_vrfy = p_vrfy; } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { conf->f_rng = f_rng; conf->p_rng = p_rng; } -void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf, - void (*f_dbg)(void *, int, const char *, int, const char *), - void *p_dbg ) -{ +void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf, + void (*f_dbg)(void *, int, const char *, int, const char *), + void *p_dbg) { conf->f_dbg = f_dbg; conf->p_dbg = p_dbg; } -void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, - void *p_bio, - mbedtls_ssl_send_t *f_send, - mbedtls_ssl_recv_t *f_recv, - mbedtls_ssl_recv_timeout_t *f_recv_timeout ) -{ +void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl, + void *p_bio, + mbedtls_ssl_send_t *f_send, + mbedtls_ssl_recv_t *f_recv, + mbedtls_ssl_recv_timeout_t *f_recv_timeout) { ssl->p_bio = p_bio; ssl->f_send = f_send; ssl->f_recv = f_recv; @@ -4141,36 +3836,32 @@ void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_PROTO_DTLS) -void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu ) -{ +void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu) { ssl->mtu = mtu; } #endif -void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) -{ +void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout) { conf->read_timeout = timeout; } -void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl, - void *p_timer, - mbedtls_ssl_set_timer_t *f_set_timer, - mbedtls_ssl_get_timer_t *f_get_timer ) -{ +void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl, + void *p_timer, + mbedtls_ssl_set_timer_t *f_set_timer, + mbedtls_ssl_get_timer_t *f_get_timer) { ssl->p_timer = p_timer; ssl->f_set_timer = f_set_timer; ssl->f_get_timer = f_get_timer; /* Make sure we start with no timer running */ - mbedtls_ssl_set_timer( ssl, 0 ); + mbedtls_ssl_set_timer(ssl, 0); } #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, - void *p_cache, - int (*f_get_cache)(void *, mbedtls_ssl_session *), - int (*f_set_cache)(void *, const mbedtls_ssl_session *) ) -{ +void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, + void *p_cache, + int (*f_get_cache)(void *, mbedtls_ssl_session *), + int (*f_set_cache)(void *, const mbedtls_ssl_session *)) { conf->p_cache = p_cache; conf->f_get_cache = f_get_cache; conf->f_set_cache = f_set_cache; @@ -4178,99 +3869,88 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) -{ +int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ssl == NULL || - session == NULL || - ssl->session_negotiate == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || + session == NULL || + ssl->session_negotiate == NULL || + ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, - session ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_ssl_session_copy(ssl->session_negotiate, + session)) != 0) + return (ret); ssl->handshake->resume = 1; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_CLI_C */ -void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, - const int *ciphersuites ) -{ +void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf, + const int *ciphersuites) { conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; } -void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, - const int *ciphersuites, - int major, int minor ) -{ - if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) +void mbedtls_ssl_conf_ciphersuites_for_version(mbedtls_ssl_config *conf, + const int *ciphersuites, + int major, int minor) { + if (major != MBEDTLS_SSL_MAJOR_VERSION_3) return; - if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) + if (minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3) return; conf->ciphersuite_list[minor] = ciphersuites; } #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf, - const mbedtls_x509_crt_profile *profile ) -{ +void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf, + const mbedtls_x509_crt_profile *profile) { conf->cert_profile = profile; } /* Append a new keycert entry to a (possibly empty) list */ -static int ssl_append_key_cert( mbedtls_ssl_key_cert **head, - mbedtls_x509_crt *cert, - mbedtls_pk_context *key ) -{ +static int ssl_append_key_cert(mbedtls_ssl_key_cert **head, + mbedtls_x509_crt *cert, + mbedtls_pk_context *key) { mbedtls_ssl_key_cert *new_cert; - new_cert = mbedtls_calloc( 1, sizeof( mbedtls_ssl_key_cert ) ); - if( new_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + new_cert = mbedtls_calloc(1, sizeof(mbedtls_ssl_key_cert)); + if (new_cert == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); new_cert->cert = cert; new_cert->key = key; new_cert->next = NULL; /* Update head is the list was null, else add to the end */ - if( *head == NULL ) - { + if (*head == NULL) { *head = new_cert; - } - else - { + } else { mbedtls_ssl_key_cert *cur = *head; - while( cur->next != NULL ) + while (cur->next != NULL) cur = cur->next; cur->next = new_cert; } - return( 0 ); + return (0); } -int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf, +int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf, mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ) -{ - return( ssl_append_key_cert( &conf->key_cert, own_cert, pk_key ) ); + mbedtls_pk_context *pk_key) { + return (ssl_append_key_cert(&conf->key_cert, own_cert, pk_key)); } -void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, +void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf, mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ) -{ + mbedtls_x509_crl *ca_crl) { conf->ca_chain = ca_chain; conf->ca_crl = ca_crl; @@ -4283,10 +3963,9 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf, } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) -void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb ) -{ +void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb) { conf->f_ca_cb = f_ca_cb; conf->p_ca_cb = p_ca_cb; @@ -4299,34 +3978,30 @@ void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *own_cert, - mbedtls_pk_context *pk_key ) -{ - return( ssl_append_key_cert( &ssl->handshake->sni_key_cert, - own_cert, pk_key ) ); +int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *own_cert, + mbedtls_pk_context *pk_key) { + return (ssl_append_key_cert(&ssl->handshake->sni_key_cert, + own_cert, pk_key)); } -void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl, - mbedtls_x509_crt *ca_chain, - mbedtls_x509_crl *ca_crl ) -{ +void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl, + mbedtls_x509_crt *ca_chain, + mbedtls_x509_crl *ca_crl) { ssl->handshake->sni_ca_chain = ca_chain; ssl->handshake->sni_ca_crl = ca_crl; } -void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl, - int authmode ) -{ +void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, + int authmode) { ssl->handshake->sni_authmode = authmode; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ +void mbedtls_ssl_set_verify(mbedtls_ssl_context *ssl, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { ssl->f_vrfy = f_vrfy; ssl->p_vrfy = p_vrfy; } @@ -4336,36 +4011,33 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, /* * Set EC J-PAKE password for current handshake */ -int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, - const unsigned char *pw, - size_t pw_len ) -{ +int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl, + const unsigned char *pw, + size_t pw_len) { mbedtls_ecjpake_role role; - if( ssl->handshake == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->handshake == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) role = MBEDTLS_ECJPAKE_SERVER; else role = MBEDTLS_ECJPAKE_CLIENT; - return( mbedtls_ecjpake_setup( &ssl->handshake->ecjpake_ctx, - role, - MBEDTLS_MD_SHA256, - MBEDTLS_ECP_DP_SECP256R1, - pw, pw_len ) ); + return (mbedtls_ecjpake_setup(&ssl->handshake->ecjpake_ctx, + role, + MBEDTLS_MD_SHA256, + MBEDTLS_ECP_DP_SECP256R1, + pw, pw_len)); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) -{ +static void ssl_conf_remove_psk(mbedtls_ssl_config *conf) { /* Remove reference to existing PSK, if any. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) ) - { + if (! mbedtls_svc_key_id_is_null(conf->psk_opaque)) { /* The maintenance of the PSK key slot is the * user's responsibility. */ conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; @@ -4376,19 +4048,17 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) * configured simultaneously. As a safeguard, * though, `else` is omitted here. */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( conf->psk != NULL ) - { - mbedtls_platform_zeroize( conf->psk, conf->psk_len ); + if (conf->psk != NULL) { + mbedtls_platform_zeroize(conf->psk, conf->psk_len); - mbedtls_free( conf->psk ); + mbedtls_free(conf->psk); conf->psk = NULL; conf->psk_len = 0; } /* Remove reference to PSK identity, if any. */ - if( conf->psk_identity != NULL ) - { - mbedtls_free( conf->psk_identity ); + if (conf->psk_identity != NULL) { + mbedtls_free(conf->psk_identity); conf->psk_identity = NULL; conf->psk_identity_len = 0; } @@ -4398,137 +4068,126 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf ) * It checks that the provided identity is well-formed and attempts * to make a copy of it in the SSL config. * On failure, the PSK identity in the config remains unset. */ -static int ssl_conf_set_psk_identity( mbedtls_ssl_config *conf, - unsigned char const *psk_identity, - size_t psk_identity_len ) -{ +static int ssl_conf_set_psk_identity(mbedtls_ssl_config *conf, + unsigned char const *psk_identity, + size_t psk_identity_len) { /* Identity len will be encoded on two bytes */ - if( psk_identity == NULL || - ( psk_identity_len >> 16 ) != 0 || - psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (psk_identity == NULL || + (psk_identity_len >> 16) != 0 || + psk_identity_len > MBEDTLS_SSL_OUT_CONTENT_LEN) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - conf->psk_identity = mbedtls_calloc( 1, psk_identity_len ); - if( conf->psk_identity == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + conf->psk_identity = mbedtls_calloc(1, psk_identity_len); + if (conf->psk_identity == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); conf->psk_identity_len = psk_identity_len; - memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len ); + memcpy(conf->psk_identity, psk_identity, conf->psk_identity_len); - return( 0 ); + return (0); } -int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, - const unsigned char *psk, size_t psk_len, - const unsigned char *psk_identity, size_t psk_identity_len ) -{ +int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf, + const unsigned char *psk, size_t psk_len, + const unsigned char *psk_identity, size_t psk_identity_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Remove opaque/raw PSK + PSK Identity */ - ssl_conf_remove_psk( conf ); + ssl_conf_remove_psk(conf); /* Check and set raw PSK */ - if( psk == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( psk_len == 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( psk_len > MBEDTLS_PSK_MAX_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (psk == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + if (psk_len == 0) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + if (psk_len > MBEDTLS_PSK_MAX_LEN) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( ( conf->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((conf->psk = mbedtls_calloc(1, psk_len)) == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); conf->psk_len = psk_len; - memcpy( conf->psk, psk, conf->psk_len ); + memcpy(conf->psk, psk, conf->psk_len); /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity( conf, psk_identity, psk_identity_len ); - if( ret != 0 ) - ssl_conf_remove_psk( conf ); + ret = ssl_conf_set_psk_identity(conf, psk_identity, psk_identity_len); + if (ret != 0) + ssl_conf_remove_psk(conf); - return( ret ); + return (ret); } -static void ssl_remove_psk( mbedtls_ssl_context *ssl ) -{ +static void ssl_remove_psk(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) ) - { + if (! mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque)) { ssl->handshake->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT; - } - else + } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ - if( ssl->handshake->psk != NULL ) - { - mbedtls_platform_zeroize( ssl->handshake->psk, - ssl->handshake->psk_len ); - mbedtls_free( ssl->handshake->psk ); - ssl->handshake->psk_len = 0; - } + if (ssl->handshake->psk != NULL) { + mbedtls_platform_zeroize(ssl->handshake->psk, + ssl->handshake->psk_len); + mbedtls_free(ssl->handshake->psk); + ssl->handshake->psk_len = 0; + } } -int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl, - const unsigned char *psk, size_t psk_len ) -{ - if( psk == NULL || ssl->handshake == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl, + const unsigned char *psk, size_t psk_len) { + if (psk == NULL || ssl->handshake == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( psk_len > MBEDTLS_PSK_MAX_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (psk_len > MBEDTLS_PSK_MAX_LEN) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ssl_remove_psk( ssl ); + ssl_remove_psk(ssl); - if( ( ssl->handshake->psk = mbedtls_calloc( 1, psk_len ) ) == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if ((ssl->handshake->psk = mbedtls_calloc(1, psk_len)) == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); ssl->handshake->psk_len = psk_len; - memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len ); + memcpy(ssl->handshake->psk, psk, ssl->handshake->psk_len); - return( 0 ); + return (0); } #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf, - psa_key_id_t psk, - const unsigned char *psk_identity, - size_t psk_identity_len ) -{ +int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf, + psa_key_id_t psk, + const unsigned char *psk_identity, + size_t psk_identity_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Clear opaque/raw PSK + PSK Identity, if present. */ - ssl_conf_remove_psk( conf ); + ssl_conf_remove_psk(conf); /* Check and set opaque PSK */ - if( mbedtls_svc_key_id_is_null( psk ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mbedtls_svc_key_id_is_null(psk)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); conf->psk_opaque = psk; /* Check and set PSK Identity */ - ret = ssl_conf_set_psk_identity( conf, psk_identity, - psk_identity_len ); - if( ret != 0 ) - ssl_conf_remove_psk( conf ); + ret = ssl_conf_set_psk_identity(conf, psk_identity, + psk_identity_len); + if (ret != 0) + ssl_conf_remove_psk(conf); - return( ret ); + return (ret); } -int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl, - psa_key_id_t psk ) -{ - if( ( mbedtls_svc_key_id_is_null( psk ) ) || - ( ssl->handshake == NULL ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, + psa_key_id_t psk) { + if ((mbedtls_svc_key_id_is_null(psk)) || + (ssl->handshake == NULL)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ssl_remove_psk( ssl ); + ssl_remove_psk(ssl); ssl->handshake->psk_opaque = psk; - return( 0 ); + return (0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, - size_t), - void *p_psk ) -{ +void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, + int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, + size_t), + void *p_psk) { conf->f_psk = f_psk; conf->p_psk = p_psk; } @@ -4537,52 +4196,46 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) #if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) -{ +int mbedtls_ssl_conf_dh_param(mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || - ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); + if ((ret = mbedtls_mpi_read_string(&conf->dhm_P, 16, dhm_P)) != 0 || + (ret = mbedtls_mpi_read_string(&conf->dhm_G, 16, dhm_G)) != 0) { + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_DEPRECATED_REMOVED */ -int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, - const unsigned char *dhm_P, size_t P_len, - const unsigned char *dhm_G, size_t G_len ) -{ +int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf, + const unsigned char *dhm_P, size_t P_len, + const unsigned char *dhm_G, size_t G_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || - ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); + if ((ret = mbedtls_mpi_read_binary(&conf->dhm_P, dhm_P, P_len)) != 0 || + (ret = mbedtls_mpi_read_binary(&conf->dhm_G, dhm_G, G_len)) != 0) { + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); + return (ret); } - return( 0 ); + return (0); } -int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) -{ +int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); + if ((ret = mbedtls_mpi_copy(&conf->dhm_P, &dhm_ctx->P)) != 0 || + (ret = mbedtls_mpi_copy(&conf->dhm_G, &dhm_ctx->G)) != 0) { + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_SRV_C */ @@ -4590,9 +4243,8 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context /* * Set the minimum length for Diffie-Hellman parameters */ -void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, - unsigned int bitlen ) -{ +void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf, + unsigned int bitlen) { conf->dhm_min_bitlen = bitlen; } #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */ @@ -4601,9 +4253,8 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, /* * Set allowed/preferred hashes for handshake signatures */ -void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, - const int *hashes ) -{ +void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, + const int *hashes) { conf->sig_hashes = hashes; } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ @@ -4612,73 +4263,64 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, /* * Set the allowed elliptic curves */ -void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, - const mbedtls_ecp_group_id *curve_list ) -{ +void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf, + const mbedtls_ecp_group_id *curve_list) { conf->curve_list = curve_list; } #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) -{ +int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname) { /* Initialize to suppress unnecessary compiler warning */ size_t hostname_len = 0; /* Check if new hostname is valid before * making any change to current one */ - if( hostname != NULL ) - { - hostname_len = strlen( hostname ); + if (hostname != NULL) { + hostname_len = strlen(hostname); - if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* Now it's clear that we will overwrite the old hostname, * so we can free it safely */ - if( ssl->hostname != NULL ) - { - mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); - mbedtls_free( ssl->hostname ); + if (ssl->hostname != NULL) { + mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname)); + mbedtls_free(ssl->hostname); } /* Passing NULL as hostname shall clear the old one */ - if( hostname == NULL ) - { + if (hostname == NULL) { ssl->hostname = NULL; - } - else - { - ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + } else { + ssl->hostname = mbedtls_calloc(1, hostname_len + 1); + if (ssl->hostname == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - memcpy( ssl->hostname, hostname, hostname_len ); + memcpy(ssl->hostname, hostname, hostname_len); ssl->hostname[hostname_len] = '\0'; } - return( 0 ); + return (0); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, - int (*f_sni)(void *, mbedtls_ssl_context *, - const unsigned char *, size_t), - void *p_sni ) -{ +void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, + int (*f_sni)(void *, mbedtls_ssl_context *, + const unsigned char *, size_t), + void *p_sni) { conf->f_sni = f_sni; conf->p_sni = p_sni; } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ALPN) -int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos ) -{ +int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf, const char **protos) { size_t cur_len, tot_len; const char **p; @@ -4688,222 +4330,189 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot * We check lengths now rather than later. */ tot_len = 0; - for( p = protos; *p != NULL; p++ ) - { - cur_len = strlen( *p ); + for (p = protos; *p != NULL; p++) { + cur_len = strlen(*p); tot_len += cur_len; - if( ( cur_len == 0 ) || - ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) || - ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((cur_len == 0) || + (cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN) || + (tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } conf->alpn_list = protos; - return( 0 ); + return (0); } -const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ) -{ - return( ssl->alpn_chosen ); +const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl) { + return (ssl->alpn_chosen); } #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) -void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, - int support_mki_value ) -{ +void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf, + int support_mki_value) { conf->dtls_srtp_mki_support = support_mki_value; } -int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, - unsigned char *mki_value, - uint16_t mki_len ) -{ - if( mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl, + unsigned char *mki_value, + uint16_t mki_len) { + if (mki_len > MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ) - { - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED) { + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } - memcpy( ssl->dtls_srtp_info.mki_value, mki_value, mki_len ); + memcpy(ssl->dtls_srtp_info.mki_value, mki_value, mki_len); ssl->dtls_srtp_info.mki_len = mki_len; - return( 0 ); + return (0); } -int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, - const mbedtls_ssl_srtp_profile *profiles ) -{ +int mbedtls_ssl_conf_dtls_srtp_protection_profiles(mbedtls_ssl_config *conf, + const mbedtls_ssl_srtp_profile *profiles) { const mbedtls_ssl_srtp_profile *p; size_t list_size = 0; /* check the profiles list: all entry must be valid, * its size cannot be more than the total number of supported profiles, currently 4 */ - for( p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && - list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; - p++ ) - { - if( mbedtls_ssl_check_srtp_profile_value( *p ) != MBEDTLS_TLS_SRTP_UNSET ) - { + for (p = profiles; *p != MBEDTLS_TLS_SRTP_UNSET && + list_size <= MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH; + p++) { + if (mbedtls_ssl_check_srtp_profile_value(*p) != MBEDTLS_TLS_SRTP_UNSET) { list_size++; - } - else - { + } else { /* unsupported value, stop parsing and set the size to an error value */ list_size = MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH + 1; } } - if( list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH ) - { - conf->dtls_srtp_profile_list = NULL; - conf->dtls_srtp_profile_list_len = 0; - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (list_size > MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH) { + conf->dtls_srtp_profile_list = NULL; + conf->dtls_srtp_profile_list_len = 0; + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } conf->dtls_srtp_profile_list = profiles; conf->dtls_srtp_profile_list_len = list_size; - return( 0 ); + return (0); } -void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl, - mbedtls_dtls_srtp_info *dtls_srtp_info ) -{ +void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl, + mbedtls_dtls_srtp_info *dtls_srtp_info) { dtls_srtp_info->chosen_dtls_srtp_profile = ssl->dtls_srtp_info.chosen_dtls_srtp_profile; /* do not copy the mki value if there is no chosen profile */ - if( dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) - { + if (dtls_srtp_info->chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET) { dtls_srtp_info->mki_len = 0; - } - else - { + } else { dtls_srtp_info->mki_len = ssl->dtls_srtp_info.mki_len; - memcpy( dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, - ssl->dtls_srtp_info.mki_len ); + memcpy(dtls_srtp_info->mki_value, ssl->dtls_srtp_info.mki_value, + ssl->dtls_srtp_info.mki_len); } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ -void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ) -{ +void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor) { conf->max_major_ver = major; conf->max_minor_ver = minor; } -void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ) -{ +void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor) { conf->min_major_ver = major; conf->min_minor_ver = minor; } #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) -void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback ) -{ +void mbedtls_ssl_conf_fallback(mbedtls_ssl_config *conf, char fallback) { conf->fallback = fallback; } #endif #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, - char cert_req_ca_list ) -{ +void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf, + char cert_req_ca_list) { conf->cert_req_ca_list = cert_req_ca_list; } #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm ) -{ +void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm) { conf->encrypt_then_mac = etm; } #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems ) -{ +void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf, char ems) { conf->extended_ms = ems; } #endif #if defined(MBEDTLS_ARC4_C) -void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 ) -{ +void mbedtls_ssl_conf_arc4_support(mbedtls_ssl_config *conf, char arc4) { conf->arc4_disabled = arc4; } #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ) -{ - if( mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || - ssl_mfl_code_to_length( mfl_code ) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code) { + if (mfl_code >= MBEDTLS_SSL_MAX_FRAG_LEN_INVALID || + ssl_mfl_code_to_length(mfl_code) > MBEDTLS_TLS_EXT_ADV_CONTENT_LEN) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } conf->mfl_code = mfl_code; - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate ) -{ +void mbedtls_ssl_conf_truncated_hmac(mbedtls_ssl_config *conf, int truncate) { conf->trunc_hmac = truncate; } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) -void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split ) -{ +void mbedtls_ssl_conf_cbc_record_splitting(mbedtls_ssl_config *conf, char split) { conf->cbc_record_splitting = split; } #endif -void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy ) -{ +void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf, int allow_legacy) { conf->allow_legacy_renegotiation = allow_legacy; } #if defined(MBEDTLS_SSL_RENEGOTIATION) -void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation ) -{ +void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf, int renegotiation) { conf->disable_renegotiation = renegotiation; } -void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records ) -{ +void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf, int max_records) { conf->renego_max_records = max_records; } -void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf, - const unsigned char period[8] ) -{ - memcpy( conf->renego_period, period, 8 ); +void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf, + const unsigned char period[8]) { + memcpy(conf->renego_period, period, 8); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_CLI_C) -void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets ) -{ +void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf, int use_tickets) { conf->session_tickets = use_tickets; } #endif #if defined(MBEDTLS_SSL_SRV_C) -void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_ticket_write_t *f_ticket_write, - mbedtls_ssl_ticket_parse_t *f_ticket_parse, - void *p_ticket ) -{ +void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_ticket_write_t *f_ticket_write, + mbedtls_ssl_ticket_parse_t *f_ticket_parse, + void *p_ticket) { conf->f_ticket_write = f_ticket_write; conf->f_ticket_parse = f_ticket_parse; conf->p_ticket = p_ticket; @@ -4912,18 +4521,16 @@ void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) -void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_t *f_export_keys, - void *p_export_keys ) -{ +void mbedtls_ssl_conf_export_keys_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_t *f_export_keys, + void *p_export_keys) { conf->f_export_keys = f_export_keys; conf->p_export_keys = p_export_keys; } -void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf, - mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, - void *p_export_keys ) -{ +void mbedtls_ssl_conf_export_keys_ext_cb(mbedtls_ssl_config *conf, + mbedtls_ssl_export_keys_ext_t *f_export_keys_ext, + void *p_export_keys) { conf->f_export_keys_ext = f_export_keys_ext; conf->p_export_keys = p_export_keys; } @@ -4936,8 +4543,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, - void *async_config_data ) -{ + void *async_config_data) { conf->f_async_sign_start = f_async_sign; conf->f_async_decrypt_start = f_async_decrypt; conf->f_async_resume = f_async_resume; @@ -4945,23 +4551,20 @@ void mbedtls_ssl_conf_async_private_cb( conf->p_async_config_data = async_config_data; } -void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ) -{ - return( conf->p_async_config_data ); +void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf) { + return (conf->p_async_config_data); } -void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl ) -{ - if( ssl->handshake == NULL ) - return( NULL ); +void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl) { + if (ssl->handshake == NULL) + return (NULL); else - return( ssl->handshake->user_async_ctx ); + return (ssl->handshake->user_async_ctx); } -void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, - void *ctx ) -{ - if( ssl->handshake != NULL ) +void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, + void *ctx) { + if (ssl->handshake != NULL) ssl->handshake->user_async_ctx = ctx; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ @@ -4969,155 +4572,137 @@ void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl, /* * SSL get accessors */ -uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl ) -{ - if( ssl->session != NULL ) - return( ssl->session->verify_result ); +uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl) { + if (ssl->session != NULL) + return (ssl->session->verify_result); - if( ssl->session_negotiate != NULL ) - return( ssl->session_negotiate->verify_result ); + if (ssl->session_negotiate != NULL) + return (ssl->session_negotiate->verify_result); - return( 0xFFFFFFFF ); + return (0xFFFFFFFF); } -const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl ) -{ - if( ssl == NULL || ssl->session == NULL ) - return( NULL ); +const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl) { + if (ssl == NULL || ssl->session == NULL) + return (NULL); - return mbedtls_ssl_get_ciphersuite_name( ssl->session->ciphersuite ); + return mbedtls_ssl_get_ciphersuite_name(ssl->session->ciphersuite); } -const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) -{ +const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - switch( ssl->minor_ver ) - { + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + switch (ssl->minor_ver) { case MBEDTLS_SSL_MINOR_VERSION_2: - return( "DTLSv1.0" ); + return ("DTLSv1.0"); case MBEDTLS_SSL_MINOR_VERSION_3: - return( "DTLSv1.2" ); + return ("DTLSv1.2"); default: - return( "unknown (DTLS)" ); + return ("unknown (DTLS)"); } } #endif - switch( ssl->minor_ver ) - { + switch (ssl->minor_ver) { case MBEDTLS_SSL_MINOR_VERSION_0: - return( "SSLv3.0" ); + return ("SSLv3.0"); case MBEDTLS_SSL_MINOR_VERSION_1: - return( "TLSv1.0" ); + return ("TLSv1.0"); case MBEDTLS_SSL_MINOR_VERSION_2: - return( "TLSv1.1" ); + return ("TLSv1.1"); case MBEDTLS_SSL_MINOR_VERSION_3: - return( "TLSv1.2" ); + return ("TLSv1.2"); default: - return( "unknown" ); + return ("unknown"); } } #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) -{ +size_t mbedtls_ssl_get_input_max_frag_len(const mbedtls_ssl_context *ssl) { size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; size_t read_mfl; /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE ) - { - return ssl_mfl_code_to_length( ssl->conf->mfl_code ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + ssl->state >= MBEDTLS_SSL_SERVER_HELLO_DONE) { + return ssl_mfl_code_to_length(ssl->conf->mfl_code); } /* Check if a smaller max length was negotiated */ - if( ssl->session_out != NULL ) - { - read_mfl = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); - if( read_mfl < max_len ) - { + if (ssl->session_out != NULL) { + read_mfl = ssl_mfl_code_to_length(ssl->session_out->mfl_code); + if (read_mfl < max_len) { max_len = read_mfl; } } // During a handshake, use the value being negotiated - if( ssl->session_negotiate != NULL ) - { - read_mfl = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); - if( read_mfl < max_len ) - { + if (ssl->session_negotiate != NULL) { + read_mfl = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); + if (read_mfl < max_len) { max_len = read_mfl; } } - return( max_len ); + return (max_len); } -size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ) -{ +size_t mbedtls_ssl_get_output_max_frag_len(const mbedtls_ssl_context *ssl) { size_t max_len; /* * Assume mfl_code is correct since it was checked when set */ - max_len = ssl_mfl_code_to_length( ssl->conf->mfl_code ); + max_len = ssl_mfl_code_to_length(ssl->conf->mfl_code); /* Check if a smaller max length was negotiated */ - if( ssl->session_out != NULL && - ssl_mfl_code_to_length( ssl->session_out->mfl_code ) < max_len ) - { - max_len = ssl_mfl_code_to_length( ssl->session_out->mfl_code ); + if (ssl->session_out != NULL && + ssl_mfl_code_to_length(ssl->session_out->mfl_code) < max_len) { + max_len = ssl_mfl_code_to_length(ssl->session_out->mfl_code); } /* During a handshake, use the value being negotiated */ - if( ssl->session_negotiate != NULL && - ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ) < max_len ) - { - max_len = ssl_mfl_code_to_length( ssl->session_negotiate->mfl_code ); + if (ssl->session_negotiate != NULL && + ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code) < max_len) { + max_len = ssl_mfl_code_to_length(ssl->session_negotiate->mfl_code); } - return( max_len ); + return (max_len); } #if !defined(MBEDTLS_DEPRECATED_REMOVED) -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) -{ - return mbedtls_ssl_get_output_max_frag_len( ssl ); +size_t mbedtls_ssl_get_max_frag_len(const mbedtls_ssl_context *ssl) { + return mbedtls_ssl_get_output_max_frag_len(ssl); } #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_PROTO_DTLS) -size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl ) -{ +size_t mbedtls_ssl_get_current_mtu(const mbedtls_ssl_context *ssl) { /* Return unlimited mtu for client hello messages to avoid fragmentation. */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && - ( ssl->state == MBEDTLS_SSL_CLIENT_HELLO || - ssl->state == MBEDTLS_SSL_SERVER_HELLO ) ) - return ( 0 ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT && + (ssl->state == MBEDTLS_SSL_CLIENT_HELLO || + ssl->state == MBEDTLS_SSL_SERVER_HELLO)) + return (0); - if( ssl->handshake == NULL || ssl->handshake->mtu == 0 ) - return( ssl->mtu ); + if (ssl->handshake == NULL || ssl->handshake->mtu == 0) + return (ssl->mtu); - if( ssl->mtu == 0 ) - return( ssl->handshake->mtu ); + if (ssl->mtu == 0) + return (ssl->handshake->mtu); - return( ssl->mtu < ssl->handshake->mtu ? - ssl->mtu : ssl->handshake->mtu ); + return (ssl->mtu < ssl->handshake->mtu ? + ssl->mtu : ssl->handshake->mtu); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ -int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl) { size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; #if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) && \ @@ -5126,29 +4711,27 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) #endif #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl ); + const size_t mfl = mbedtls_ssl_get_output_max_frag_len(ssl); - if( max_len > mfl ) + if (max_len > mfl) max_len = mfl; #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( mbedtls_ssl_get_current_mtu( ssl ) != 0 ) - { - const size_t mtu = mbedtls_ssl_get_current_mtu( ssl ); - const int ret = mbedtls_ssl_get_record_expansion( ssl ); + if (mbedtls_ssl_get_current_mtu(ssl) != 0) { + const size_t mtu = mbedtls_ssl_get_current_mtu(ssl); + const int ret = mbedtls_ssl_get_record_expansion(ssl); const size_t overhead = (size_t) ret; - if( ret < 0 ) - return( ret ); + if (ret < 0) + return (ret); - if( mtu <= overhead ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "MTU too low for record expansion" ) ); - return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if (mtu <= overhead) { + MBEDTLS_SSL_DEBUG_MSG(1, ("MTU too low for record expansion")); + return (MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE); } - if( max_len > mtu - overhead ) + if (max_len > mtu - overhead) max_len = mtu - overhead; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -5158,45 +4741,41 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) ((void) ssl); #endif - return( (int) max_len ); + return ((int) max_len); } #if defined(MBEDTLS_X509_CRT_PARSE_C) -const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) -{ - if( ssl == NULL || ssl->session == NULL ) - return( NULL ); +const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl) { + if (ssl == NULL || ssl->session == NULL) + return (NULL); #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - return( ssl->session->peer_cert ); + return (ssl->session->peer_cert); #else - return( NULL ); + return (NULL); #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ } #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_CLI_C) -int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, - mbedtls_ssl_session *dst ) -{ - if( ssl == NULL || - dst == NULL || - ssl->session == NULL || - ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, + mbedtls_ssl_session *dst) { + if (ssl == NULL || + dst == NULL || + ssl->session == NULL || + ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - return( mbedtls_ssl_session_copy( dst, ssl->session ) ); + return (mbedtls_ssl_session_copy(dst, ssl->session)); } #endif /* MBEDTLS_SSL_CLI_C */ -const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ) -{ - if( ssl == NULL ) - return( NULL ); +const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_context *ssl) { + if (ssl == NULL) + return (NULL); - return( ssl->session ); + return (ssl->session); } /* @@ -5273,8 +4852,8 @@ static unsigned char ssl_serialized_session_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, + (SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8) & 0xFF, + (SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0) & 0xFF, }; /* @@ -5311,12 +4890,11 @@ static unsigned char ssl_serialized_session_header[] = { * verify_result is put before peer_cert so that all mandatory fields come * together in one block. */ -static int ssl_session_save( const mbedtls_ssl_session *session, - unsigned char omit_header, - unsigned char *buf, - size_t buf_len, - size_t *olen ) -{ +static int ssl_session_save(const mbedtls_ssl_session *session, + unsigned char omit_header, + unsigned char *buf, + size_t buf_len, + size_t *olen) { unsigned char *p = buf; size_t used = 0; #if defined(MBEDTLS_HAVE_TIME) @@ -5329,19 +4907,17 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #endif /* MBEDTLS_X509_CRT_PARSE_C */ - if( !omit_header ) - { + if (!omit_header) { /* * Add version identifier */ - used += sizeof( ssl_serialized_session_header ); + used += sizeof(ssl_serialized_session_header); - if( used <= buf_len ) - { - memcpy( p, ssl_serialized_session_header, - sizeof( ssl_serialized_session_header ) ); - p += sizeof( ssl_serialized_session_header ); + if (used <= buf_len) { + memcpy(p, ssl_serialized_session_header, + sizeof(ssl_serialized_session_header)); + p += sizeof(ssl_serialized_session_header); } } @@ -5351,18 +4927,17 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) used += 8; - if( used <= buf_len ) - { + if (used <= buf_len) { start = (uint64_t) session->start; - *p++ = (unsigned char)( ( start >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( start ) & 0xFF ); + *p++ = (unsigned char)((start >> 56) & 0xFF); + *p++ = (unsigned char)((start >> 48) & 0xFF); + *p++ = (unsigned char)((start >> 40) & 0xFF); + *p++ = (unsigned char)((start >> 32) & 0xFF); + *p++ = (unsigned char)((start >> 24) & 0xFF); + *p++ = (unsigned char)((start >> 16) & 0xFF); + *p++ = (unsigned char)((start >> 8) & 0xFF); + *p++ = (unsigned char)((start) & 0xFF); } #endif /* MBEDTLS_HAVE_TIME */ @@ -5370,30 +4945,29 @@ static int ssl_session_save( const mbedtls_ssl_session *session, * Basic mandatory fields */ used += 2 /* ciphersuite */ - + 1 /* compression */ - + 1 /* id_len */ - + sizeof( session->id ) - + sizeof( session->master ) - + 4; /* verify_result */ + + 1 /* compression */ + + 1 /* id_len */ + + sizeof(session->id) + + sizeof(session->master) + + 4; /* verify_result */ - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( session->ciphersuite >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ciphersuite ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((session->ciphersuite >> 8) & 0xFF); + *p++ = (unsigned char)((session->ciphersuite) & 0xFF); - *p++ = (unsigned char)( session->compression & 0xFF ); + *p++ = (unsigned char)(session->compression & 0xFF); - *p++ = (unsigned char)( session->id_len & 0xFF ); - memcpy( p, session->id, 32 ); + *p++ = (unsigned char)(session->id_len & 0xFF); + memcpy(p, session->id, 32); p += 32; - memcpy( p, session->master, 48 ); + memcpy(p, session->master, 48); p += 48; - *p++ = (unsigned char)( ( session->verify_result >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->verify_result ) & 0xFF ); + *p++ = (unsigned char)((session->verify_result >> 24) & 0xFF); + *p++ = (unsigned char)((session->verify_result >> 16) & 0xFF); + *p++ = (unsigned char)((session->verify_result >> 8) & 0xFF); + *p++ = (unsigned char)((session->verify_result) & 0xFF); } /* @@ -5401,43 +4975,36 @@ static int ssl_session_save( const mbedtls_ssl_session *session, */ #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( session->peer_cert == NULL ) + if (session->peer_cert == NULL) cert_len = 0; else cert_len = session->peer_cert->raw.len; used += 3 + cert_len; - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( cert_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( cert_len ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((cert_len >> 16) & 0xFF); + *p++ = (unsigned char)((cert_len >> 8) & 0xFF); + *p++ = (unsigned char)((cert_len) & 0xFF); - if( session->peer_cert != NULL ) - { - memcpy( p, session->peer_cert->raw.p, cert_len ); + if (session->peer_cert != NULL) { + memcpy(p, session->peer_cert->raw.p, cert_len); p += cert_len; } } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if( session->peer_cert_digest != NULL ) - { + if (session->peer_cert_digest != NULL) { used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = (unsigned char) session->peer_cert_digest_type; *p++ = (unsigned char) session->peer_cert_digest_len; - memcpy( p, session->peer_cert_digest, - session->peer_cert_digest_len ); + memcpy(p, session->peer_cert_digest, + session->peer_cert_digest_len); p += session->peer_cert_digest_len; } - } - else - { + } else { used += 2; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = (unsigned char) MBEDTLS_MD_NONE; *p++ = 0; } @@ -5451,22 +5018,20 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( session->ticket_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_len ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((session->ticket_len >> 16) & 0xFF); + *p++ = (unsigned char)((session->ticket_len >> 8) & 0xFF); + *p++ = (unsigned char)((session->ticket_len) & 0xFF); - if( session->ticket != NULL ) - { - memcpy( p, session->ticket, session->ticket_len ); + if (session->ticket != NULL) { + memcpy(p, session->ticket, session->ticket_len); p += session->ticket_len; } - *p++ = (unsigned char)( ( session->ticket_lifetime >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session->ticket_lifetime ) & 0xFF ); + *p++ = (unsigned char)((session->ticket_lifetime >> 24) & 0xFF); + *p++ = (unsigned char)((session->ticket_lifetime >> 16) & 0xFF); + *p++ = (unsigned char)((session->ticket_lifetime >> 8) & 0xFF); + *p++ = (unsigned char)((session->ticket_lifetime) & 0xFF); } #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -5476,42 +5041,41 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) used += 1; - if( used <= buf_len ) + if (used <= buf_len) *p++ = session->mfl_code; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) used += 1; - if( used <= buf_len ) - *p++ = (unsigned char)( ( session->trunc_hmac ) & 0xFF ); + if (used <= buf_len) + *p++ = (unsigned char)((session->trunc_hmac) & 0xFF); #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) used += 1; - if( used <= buf_len ) - *p++ = (unsigned char)( ( session->encrypt_then_mac ) & 0xFF ); + if (used <= buf_len) + *p++ = (unsigned char)((session->encrypt_then_mac) & 0xFF); #endif /* Done */ *olen = used; - if( used > buf_len ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (used > buf_len) + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - return( 0 ); + return (0); } /* * Public wrapper for ssl_session_save() */ -int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen ) -{ - return( ssl_session_save( session, 0, buf, buf_len, olen ) ); +int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len, + size_t *olen) { + return (ssl_session_save(session, 0, buf, buf_len, olen)); } /* @@ -5520,13 +5084,12 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, * This internal version is wrapped by a public function that cleans up in * case of error, and has an extra option omit_header. */ -static int ssl_session_load( mbedtls_ssl_session *session, - unsigned char omit_header, - const unsigned char *buf, - size_t len ) -{ +static int ssl_session_load(mbedtls_ssl_session *session, + unsigned char omit_header, + const unsigned char *buf, + size_t len) { const unsigned char *p = buf; - const unsigned char * const end = buf + len; + const unsigned char *const end = buf + len; #if defined(MBEDTLS_HAVE_TIME) uint64_t start; #endif @@ -5536,38 +5099,36 @@ static int ssl_session_load( mbedtls_ssl_session *session, #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ - if( !omit_header ) - { + if (!omit_header) { /* * Check version identifier */ - if( (size_t)( end - p ) < sizeof( ssl_serialized_session_header ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < sizeof(ssl_serialized_session_header)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( memcmp( p, ssl_serialized_session_header, - sizeof( ssl_serialized_session_header ) ) != 0 ) - { - return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); + if (memcmp(p, ssl_serialized_session_header, + sizeof(ssl_serialized_session_header)) != 0) { + return (MBEDTLS_ERR_SSL_VERSION_MISMATCH); } - p += sizeof( ssl_serialized_session_header ); + p += sizeof(ssl_serialized_session_header); } /* * Time */ #if defined(MBEDTLS_HAVE_TIME) - if( 8 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (8 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - start = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + start = ((uint64_t) p[0] << 56) | + ((uint64_t) p[1] << 48) | + ((uint64_t) p[2] << 40) | + ((uint64_t) p[3] << 32) | + ((uint64_t) p[4] << 24) | + ((uint64_t) p[5] << 16) | + ((uint64_t) p[6] << 8) | + ((uint64_t) p[7]); p += 8; session->start = (time_t) start; @@ -5576,25 +5137,25 @@ static int ssl_session_load( mbedtls_ssl_session *session, /* * Basic mandatory fields */ - if( 2 + 1 + 1 + 32 + 48 + 4 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (2 + 1 + 1 + 32 + 48 + 4 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session->ciphersuite = ( p[0] << 8 ) | p[1]; + session->ciphersuite = (p[0] << 8) | p[1]; p += 2; session->compression = *p++; session->id_len = *p++; - memcpy( session->id, p, 32 ); + memcpy(session->id, p, 32); p += 32; - memcpy( session->master, p, 48 ); + memcpy(session->master, p, 48); p += 48; - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->verify_result = ((uint32_t) p[0] << 24) | + ((uint32_t) p[1] << 16) | + ((uint32_t) p[2] << 8) | + ((uint32_t) p[3]); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -5616,64 +5177,61 @@ static int ssl_session_load( mbedtls_ssl_session *session, #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* Deserialize CRT from the end of the ticket. */ - if( 3 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (3 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - cert_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + cert_len = (p[0] << 16) | (p[1] << 8) | p[2]; p += 3; - if( cert_len != 0 ) - { + if (cert_len != 0) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( cert_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (cert_len > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session->peer_cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if( session->peer_cert == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + if (session->peer_cert == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - mbedtls_x509_crt_init( session->peer_cert ); + mbedtls_x509_crt_init(session->peer_cert); - if( ( ret = mbedtls_x509_crt_parse_der( session->peer_cert, - p, cert_len ) ) != 0 ) - { - mbedtls_x509_crt_free( session->peer_cert ); - mbedtls_free( session->peer_cert ); + if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, + p, cert_len)) != 0) { + mbedtls_x509_crt_free(session->peer_cert); + mbedtls_free(session->peer_cert); session->peer_cert = NULL; - return( ret ); + return (ret); } p += cert_len; } #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /* Deserialize CRT digest from the end of the ticket. */ - if( 2 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (2 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; - session->peer_cert_digest_len = (size_t) *p++; + session->peer_cert_digest_type = (mbedtls_md_type_t) * p++; + session->peer_cert_digest_len = (size_t) * p++; - if( session->peer_cert_digest_len != 0 ) - { + if (session->peer_cert_digest_len != 0) { const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type( session->peer_cert_digest_type ); - if( md_info == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + mbedtls_md_info_from_type(session->peer_cert_digest_type); + if (md_info == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( session->peer_cert_digest_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (session->peer_cert_digest_len > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); session->peer_cert_digest = - mbedtls_calloc( 1, session->peer_cert_digest_len ); - if( session->peer_cert_digest == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + mbedtls_calloc(1, session->peer_cert_digest_len); + if (session->peer_cert_digest == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - memcpy( session->peer_cert_digest, p, - session->peer_cert_digest_len ); + memcpy(session->peer_cert_digest, p, + session->peer_cert_digest_len); p += session->peer_cert_digest_len; } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -5683,32 +5241,31 @@ static int ssl_session_load( mbedtls_ssl_session *session, * Session ticket and associated data */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if( 3 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (3 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session->ticket_len = ( p[0] << 16 ) | ( p[1] << 8 ) | p[2]; + session->ticket_len = (p[0] << 16) | (p[1] << 8) | p[2]; p += 3; - if( session->ticket_len != 0 ) - { - if( session->ticket_len > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (session->ticket_len != 0) { + if (session->ticket_len > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session->ticket = mbedtls_calloc( 1, session->ticket_len ); - if( session->ticket == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); + session->ticket = mbedtls_calloc(1, session->ticket_len); + if (session->ticket == NULL) + return (MBEDTLS_ERR_SSL_ALLOC_FAILED); - memcpy( session->ticket, p, session->ticket_len ); + memcpy(session->ticket, p, session->ticket_len); p += session->ticket_len; } - if( 4 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (4 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->ticket_lifetime = ((uint32_t) p[0] << 24) | + ((uint32_t) p[1] << 16) | + ((uint32_t) p[2] << 8) | + ((uint32_t) p[3]); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -5716,106 +5273,101 @@ static int ssl_session_load( mbedtls_ssl_session *session, * Misc extension-related info */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (1 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); session->mfl_code = *p++; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (1 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); session->trunc_hmac = *p++; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( 1 > (size_t)( end - p ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (1 > (size_t)(end - p)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); session->encrypt_then_mac = *p++; #endif /* Done, should have consumed entire buffer */ - if( p != end ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (p != end) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - return( 0 ); + return (0); } /* * Deserialize session: public wrapper for error cleaning */ -int mbedtls_ssl_session_load( mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len ) -{ - int ret = ssl_session_load( session, 0, buf, len ); +int mbedtls_ssl_session_load(mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len) { + int ret = ssl_session_load(session, 0, buf, len); - if( ret != 0 ) - mbedtls_ssl_session_free( session ); + if (ret != 0) + mbedtls_ssl_session_free(session); - return( ret ); + return (ret); } /* * Perform a single step of the SSL handshake */ -int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); #if defined(MBEDTLS_SSL_CLI_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - ret = mbedtls_ssl_handshake_client_step( ssl ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) + ret = mbedtls_ssl_handshake_client_step(ssl); #endif #if defined(MBEDTLS_SSL_SRV_C) - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - ret = mbedtls_ssl_handshake_server_step( ssl ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) + ret = mbedtls_ssl_handshake_server_step(ssl); #endif - return( ret ); + return (ret); } /* * Perform the SSL handshake */ -int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl) { int ret = 0; /* Sanity checks */ - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ( ssl->f_set_timer == NULL || ssl->f_get_timer == NULL ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "You must use " - "mbedtls_ssl_set_timer_cb() for DTLS" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + (ssl->f_set_timer == NULL || ssl->f_get_timer == NULL)) { + MBEDTLS_SSL_DEBUG_MSG(1, ("You must use " + "mbedtls_ssl_set_timer_cb() for DTLS")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> handshake")); /* Main handshake loop */ - while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - ret = mbedtls_ssl_handshake_step( ssl ); + while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + ret = mbedtls_ssl_handshake_step(ssl); - if( ret != 0 ) + if (ret != 0) break; } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= handshake")); - return( ret ); + return (ret); } #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -5823,25 +5375,23 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) /* * Write HelloRequest to request renegotiation on server */ -static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) -{ +static int ssl_write_hello_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write hello request")); ssl->out_msglen = 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret ); - return( ret ); + if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write hello request" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write hello request")); - return( 0 ); + return (0); } #endif /* MBEDTLS_SSL_SRV_C */ @@ -5854,22 +5404,20 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) * If the handshake doesn't complete due to waiting for I/O, it will continue * during the next calls to mbedtls_ssl_renegotiate() or mbedtls_ssl_read() respectively. */ -int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_start_renegotiation(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> renegotiate")); - if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) - return( ret ); + if ((ret = ssl_handshake_init(ssl)) != 0) + return (ret); /* RFC 6347 4.2.2: "[...] the HelloRequest will have message_seq = 0 and * the ServerHello will have message_seq = 1" */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) - { - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING) { + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) ssl->handshake->out_msg_seq = 1; else ssl->handshake->in_msg_seq = 1; @@ -5879,42 +5427,39 @@ int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ) ssl->state = MBEDTLS_SSL_HELLO_REQUEST; ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS; - if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return (ret); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= renegotiate" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= renegotiate")); - return( 0 ); + return (0); } /* * Renegotiate current connection on client, * or request renegotiation on server */ -int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) -{ +int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; - if( ssl == NULL || ssl->conf == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl == NULL || ssl->conf == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); #if defined(MBEDTLS_SSL_SRV_C) /* On server, just send the request */ - if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) - { - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; /* Did we already try/start sending HelloRequest? */ - if( ssl->out_left != 0 ) - return( mbedtls_ssl_flush_output( ssl ) ); + if (ssl->out_left != 0) + return (mbedtls_ssl_flush_output(ssl)); - return( ssl_write_hello_request( ssl ) ); + return (ssl_write_hello_request(ssl)); } #endif /* MBEDTLS_SSL_SRV_C */ @@ -5923,92 +5468,83 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) * On client, either start the renegotiation process or, * if already in progress, continue the handshake */ - if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - { - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) { + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_start_renegotiation", ret ); - return( ret ); + if ((ret = mbedtls_ssl_start_renegotiation(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_start_renegotiation", ret); + return (ret); } - } - else - { - if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_handshake", ret ); - return( ret ); + } else { + if ((ret = mbedtls_ssl_handshake(ssl)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return (ret); } } #endif /* MBEDTLS_SSL_CLI_C */ - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -static void ssl_key_cert_free( mbedtls_ssl_key_cert *key_cert ) -{ +static void ssl_key_cert_free(mbedtls_ssl_key_cert *key_cert) { mbedtls_ssl_key_cert *cur = key_cert, *next; - while( cur != NULL ) - { + while (cur != NULL) { next = cur->next; - mbedtls_free( cur ); + mbedtls_free(cur); cur = next; } } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) -{ +void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params *handshake = ssl->handshake; - if( handshake == NULL ) + if (handshake == NULL) return; #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) - { - ssl->conf->f_async_cancel( ssl ); + if (ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0) { + ssl->conf->f_async_cancel(ssl); handshake->async_in_progress = 0; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_free( &handshake->fin_md5 ); - mbedtls_sha1_free( &handshake->fin_sha1 ); + mbedtls_md5_free(&handshake->fin_md5); + mbedtls_sha1_free(&handshake->fin_sha1); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &handshake->fin_sha256_psa ); + psa_hash_abort(&handshake->fin_sha256_psa); #else - mbedtls_sha256_free( &handshake->fin_sha256 ); + mbedtls_sha256_free(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort( &handshake->fin_sha384_psa ); + psa_hash_abort(&handshake->fin_sha384_psa); #else - mbedtls_sha512_free( &handshake->fin_sha512 ); + mbedtls_sha512_free(&handshake->fin_sha512); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_DHM_C) - mbedtls_dhm_free( &handshake->dhm_ctx ); + mbedtls_dhm_free(&handshake->dhm_ctx); #endif #if defined(MBEDTLS_ECDH_C) - mbedtls_ecdh_free( &handshake->ecdh_ctx ); + mbedtls_ecdh_free(&handshake->ecdh_ctx); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); + mbedtls_ecjpake_free(&handshake->ecjpake_ctx); #if defined(MBEDTLS_SSL_CLI_C) - mbedtls_free( handshake->ecjpake_cache ); + mbedtls_free(handshake->ecjpake_cache); handshake->ecjpake_cache = NULL; handshake->ecjpake_cache_len = 0; #endif @@ -6017,14 +5553,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ - mbedtls_free( (void *) handshake->curves ); + mbedtls_free((void *) handshake->curves); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( handshake->psk != NULL ) - { - mbedtls_platform_zeroize( handshake->psk, handshake->psk_len ); - mbedtls_free( handshake->psk ); + if (handshake->psk != NULL) { + mbedtls_platform_zeroize(handshake->psk, handshake->psk_len); + mbedtls_free(handshake->psk); } #endif @@ -6034,71 +5569,67 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) * Free only the linked list wrapper, not the keys themselves * since the belong to the SNI callback */ - if( handshake->sni_key_cert != NULL ) - { + if (handshake->sni_key_cert != NULL) { mbedtls_ssl_key_cert *cur = handshake->sni_key_cert, *next; - while( cur != NULL ) - { + while (cur != NULL) { next = cur->next; - mbedtls_free( cur ); + mbedtls_free(cur); cur = next; } } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) - mbedtls_x509_crt_restart_free( &handshake->ecrs_ctx ); - if( handshake->ecrs_peer_cert != NULL ) - { - mbedtls_x509_crt_free( handshake->ecrs_peer_cert ); - mbedtls_free( handshake->ecrs_peer_cert ); + mbedtls_x509_crt_restart_free(&handshake->ecrs_ctx); + if (handshake->ecrs_peer_cert != NULL) { + mbedtls_x509_crt_free(handshake->ecrs_peer_cert); + mbedtls_free(handshake->ecrs_peer_cert); } #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_pk_free( &handshake->peer_pubkey ); + mbedtls_pk_free(&handshake->peer_pubkey); #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - mbedtls_free( handshake->verify_cookie ); - mbedtls_ssl_flight_free( handshake->flight ); - mbedtls_ssl_buffering_free( ssl ); + mbedtls_free(handshake->verify_cookie); + mbedtls_ssl_flight_free(handshake->flight); + mbedtls_ssl_buffering_free(ssl); #endif #if defined(MBEDTLS_ECDH_C) && \ defined(MBEDTLS_USE_PSA_CRYPTO) - psa_destroy_key( handshake->ecdh_psa_privkey ); + psa_destroy_key(handshake->ecdh_psa_privkey); #endif /* MBEDTLS_ECDH_C && MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_platform_zeroize( handshake, - sizeof( mbedtls_ssl_handshake_params ) ); + mbedtls_platform_zeroize(handshake, + sizeof(mbedtls_ssl_handshake_params)); #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) /* If the buffers are too big - reallocate. Because of the way Mbed TLS * processes datagrams and the fact that a datagram is allowed to have * several records in it, it is possible that the I/O buffers are not * empty at this stage */ - handle_buffer_resizing( ssl, 1, mbedtls_ssl_get_input_buflen( ssl ), - mbedtls_ssl_get_output_buflen( ssl ) ); + handle_buffer_resizing(ssl, 1, mbedtls_ssl_get_input_buflen(ssl), + mbedtls_ssl_get_output_buflen(ssl)); #endif } -void mbedtls_ssl_session_free( mbedtls_ssl_session *session ) -{ - if( session == NULL ) +void mbedtls_ssl_session_free(mbedtls_ssl_session *session) { + if (session == NULL) return; #if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_clear_peer_cert( session ); + ssl_clear_peer_cert(session); #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - mbedtls_free( session->ticket ); + mbedtls_free(session->ticket); #endif - mbedtls_platform_zeroize( session, sizeof( mbedtls_ssl_session ) ); + mbedtls_platform_zeroize(session, sizeof(mbedtls_ssl_session)); } #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) @@ -6144,11 +5675,11 @@ static unsigned char ssl_serialized_context_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, - ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16 ) & 0xFF, - ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 0 ) & 0xFF, + (SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8) & 0xFF, + (SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0) & 0xFF, + (SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16) & 0xFF, + (SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 8) & 0xFF, + (SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 0) & 0xFF, }; /* @@ -6189,11 +5720,10 @@ static unsigned char ssl_serialized_context_header[] = { * 4. value was temporary (eg content of input buffer) * 5. value will be provided by the user again (eg I/O callbacks and context) */ -int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t buf_len, - size_t *olen ) -{ +int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t buf_len, + size_t *olen) { unsigned char *p = buf; size_t used = 0; size_t session_len; @@ -6208,96 +5738,84 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * (only DTLS) but are currently used to simplify the implementation. */ /* The initial handshake must be over */ - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Initial handshake isn't over")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( ssl->handshake != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Handshake isn't completed" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->handshake != NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Handshake isn't completed")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* Double-check that sub-structures are indeed ready */ - if( ssl->transform == NULL || ssl->session == NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Serialised structures aren't ready" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->transform == NULL || ssl->session == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Serialised structures aren't ready")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* There must be no pending incoming or outgoing data */ - if( mbedtls_ssl_check_pending( ssl ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending incoming data" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mbedtls_ssl_check_pending(ssl) != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending incoming data")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( ssl->out_left != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->out_left != 0) { + MBEDTLS_SSL_DEBUG_MSG(1, ("There is pending outgoing data")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* Protocol must be DLTS, not TLS */ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only DTLS is supported")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* Version must be 1.2 */ - if( ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->major_ver != MBEDTLS_SSL_MAJOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only version 1.2 supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only version 1.2 supported")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* We must be using an AEAD ciphersuite */ - if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only AEAD ciphersuites supported" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (mbedtls_ssl_transform_uses_aead(ssl->transform) != 1) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Only AEAD ciphersuites supported")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* Renegotiation must not be enabled */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Renegotiation must not be enabled" ) ); - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED) { + MBEDTLS_SSL_DEBUG_MSG(1, ("Renegotiation must not be enabled")); + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } #endif /* * Version and format identifier */ - used += sizeof( ssl_serialized_context_header ); + used += sizeof(ssl_serialized_context_header); - if( used <= buf_len ) - { - memcpy( p, ssl_serialized_context_header, - sizeof( ssl_serialized_context_header ) ); - p += sizeof( ssl_serialized_context_header ); + if (used <= buf_len) { + memcpy(p, ssl_serialized_context_header, + sizeof(ssl_serialized_context_header)); + p += sizeof(ssl_serialized_context_header); } /* * Session (length + data) */ - ret = ssl_session_save( ssl->session, 1, NULL, 0, &session_len ); - if( ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ) - return( ret ); + ret = ssl_session_save(ssl->session, 1, NULL, 0, &session_len); + if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) + return (ret); used += 4 + session_len; - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((session_len >> 24) & 0xFF); + *p++ = (unsigned char)((session_len >> 16) & 0xFF); + *p++ = (unsigned char)((session_len >> 8) & 0xFF); + *p++ = (unsigned char)((session_len) & 0xFF); - ret = ssl_session_save( ssl->session, 1, - p, session_len, &session_len ); - if( ret != 0 ) - return( ret ); + ret = ssl_session_save(ssl->session, 1, + p, session_len, &session_len); + if (ret != 0) + return (ret); p += session_len; } @@ -6305,24 +5823,22 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, /* * Transform */ - used += sizeof( ssl->transform->randbytes ); - if( used <= buf_len ) - { - memcpy( p, ssl->transform->randbytes, - sizeof( ssl->transform->randbytes ) ); - p += sizeof( ssl->transform->randbytes ); + used += sizeof(ssl->transform->randbytes); + if (used <= buf_len) { + memcpy(p, ssl->transform->randbytes, + sizeof(ssl->transform->randbytes)); + p += sizeof(ssl->transform->randbytes); } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) used += 2 + ssl->transform->in_cid_len + ssl->transform->out_cid_len; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = ssl->transform->in_cid_len; - memcpy( p, ssl->transform->in_cid, ssl->transform->in_cid_len ); + memcpy(p, ssl->transform->in_cid, ssl->transform->in_cid_len); p += ssl->transform->in_cid_len; *p++ = ssl->transform->out_cid_len; - memcpy( p, ssl->transform->out_cid, ssl->transform->out_cid_len ); + memcpy(p, ssl->transform->out_cid, ssl->transform->out_cid_len); p += ssl->transform->out_cid_len; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -6332,77 +5848,70 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) used += 4; - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((ssl->badmac_seen >> 24) & 0xFF); + *p++ = (unsigned char)((ssl->badmac_seen >> 16) & 0xFF); + *p++ = (unsigned char)((ssl->badmac_seen >> 8) & 0xFF); + *p++ = (unsigned char)((ssl->badmac_seen) & 0xFF); } #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) used += 16; - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( ssl->in_window_top >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((ssl->in_window_top >> 56) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top >> 48) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top >> 40) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top >> 32) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top >> 24) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top >> 16) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top >> 8) & 0xFF); + *p++ = (unsigned char)((ssl->in_window_top) & 0xFF); - *p++ = (unsigned char)( ( ssl->in_window >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window ) & 0xFF ); + *p++ = (unsigned char)((ssl->in_window >> 56) & 0xFF); + *p++ = (unsigned char)((ssl->in_window >> 48) & 0xFF); + *p++ = (unsigned char)((ssl->in_window >> 40) & 0xFF); + *p++ = (unsigned char)((ssl->in_window >> 32) & 0xFF); + *p++ = (unsigned char)((ssl->in_window >> 24) & 0xFF); + *p++ = (unsigned char)((ssl->in_window >> 16) & 0xFF); + *p++ = (unsigned char)((ssl->in_window >> 8) & 0xFF); + *p++ = (unsigned char)((ssl->in_window) & 0xFF); } #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_PROTO_DTLS) used += 1; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = ssl->disable_datagram_packing; } #endif /* MBEDTLS_SSL_PROTO_DTLS */ used += 8; - if( used <= buf_len ) - { - memcpy( p, ssl->cur_out_ctr, 8 ); + if (used <= buf_len) { + memcpy(p, ssl->cur_out_ctr, 8); p += 8; } #if defined(MBEDTLS_SSL_PROTO_DTLS) used += 2; - if( used <= buf_len ) - { - *p++ = (unsigned char)( ( ssl->mtu >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->mtu ) & 0xFF ); + if (used <= buf_len) { + *p++ = (unsigned char)((ssl->mtu >> 8) & 0xFF); + *p++ = (unsigned char)((ssl->mtu) & 0xFF); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_ALPN) { const uint8_t alpn_len = ssl->alpn_chosen - ? (uint8_t) strlen( ssl->alpn_chosen ) - : 0; + ? (uint8_t) strlen(ssl->alpn_chosen) + : 0; used += 1 + alpn_len; - if( used <= buf_len ) - { + if (used <= buf_len) { *p++ = alpn_len; - if( ssl->alpn_chosen != NULL ) - { - memcpy( p, ssl->alpn_chosen, alpn_len ); + if (ssl->alpn_chosen != NULL) { + memcpy(p, ssl->alpn_chosen, alpn_len); p += alpn_len; } } @@ -6414,34 +5923,33 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, */ *olen = used; - if( used > buf_len ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + if (used > buf_len) + return (MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - MBEDTLS_SSL_DEBUG_BUF( 4, "saved context", buf, used ); + MBEDTLS_SSL_DEBUG_BUF(4, "saved context", buf, used); - return( mbedtls_ssl_session_reset_int( ssl, 0 ) ); + return (mbedtls_ssl_session_reset_int(ssl, 0)); } /* * Helper to get TLS 1.2 PRF from ciphersuite * (Duplicates bits of logic from ssl_set_handshake_prfs().) */ -typedef int (*tls_prf_fn)( const unsigned char *secret, size_t slen, - const char *label, - const unsigned char *random, size_t rlen, - unsigned char *dstbuf, size_t dlen ); -static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) -{ +typedef int (*tls_prf_fn)(const unsigned char *secret, size_t slen, + const char *label, + const unsigned char *random, size_t rlen, + unsigned char *dstbuf, size_t dlen); +static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) { #if defined(MBEDTLS_SHA512_C) - const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = - mbedtls_ssl_ciphersuite_from_id( ciphersuite_id ); + const mbedtls_ssl_ciphersuite_t *const ciphersuite_info = + mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); - if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) - return( tls_prf_sha384 ); + if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) + return (tls_prf_sha384); #else (void) ciphersuite_id; #endif - return( tls_prf_sha256 ); + return (tls_prf_sha256); } /* @@ -6450,12 +5958,11 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id ) * This internal version is wrapped by a public function that cleans up in * case of error. */ -static int ssl_context_load( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ +static int ssl_context_load(mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len) { const unsigned char *p = buf; - const unsigned char * const end = buf + len; + const unsigned char *const end = buf + len; size_t session_len; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -6465,54 +5972,51 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * (Checking session is useful because it won't be NULL if we're * renegotiating, or if the user mistakenly loaded a session first.) */ - if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST || - ssl->session != NULL ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (ssl->state != MBEDTLS_SSL_HELLO_REQUEST || + ssl->session != NULL) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } /* * We can't check that the config matches the initial one, but we can at * least check it matches the requirements for serializing. */ - if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || - ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 || - ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 || - ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 || + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 || + ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 || + ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 || + ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 || #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || + ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || #endif - 0 ) - { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + 0) { + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); } - MBEDTLS_SSL_DEBUG_BUF( 4, "context to load", buf, len ); + MBEDTLS_SSL_DEBUG_BUF(4, "context to load", buf, len); /* * Check version identifier */ - if( (size_t)( end - p ) < sizeof( ssl_serialized_context_header ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < sizeof(ssl_serialized_context_header)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( memcmp( p, ssl_serialized_context_header, - sizeof( ssl_serialized_context_header ) ) != 0 ) - { - return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); + if (memcmp(p, ssl_serialized_context_header, + sizeof(ssl_serialized_context_header)) != 0) { + return (MBEDTLS_ERR_SSL_VERSION_MISMATCH); } - p += sizeof( ssl_serialized_context_header ); + p += sizeof(ssl_serialized_context_header); /* * Session */ - if( (size_t)( end - p ) < 4 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 4) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - session_len = ( (size_t) p[0] << 24 ) | - ( (size_t) p[1] << 16 ) | - ( (size_t) p[2] << 8 ) | - ( (size_t) p[3] ); + session_len = ((size_t) p[0] << 24) | + ((size_t) p[1] << 16) | + ((size_t) p[2] << 8) | + ((size_t) p[3]); p += 4; /* This has been allocated by ssl_handshake_init(), called by @@ -6522,14 +6026,13 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->session_out = ssl->session; ssl->session_negotiate = NULL; - if( (size_t)( end - p ) < session_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < session_len) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ret = ssl_session_load( ssl->session, 1, p, session_len ); - if( ret != 0 ) - { - mbedtls_ssl_session_free( ssl->session ); - return( ret ); + ret = ssl_session_load(ssl->session, 1, p, session_len); + if (ret != 0) { + mbedtls_ssl_session_free(ssl->session); + return (ret); } p += session_len; @@ -6546,52 +6049,52 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ssl->transform_negotiate = NULL; /* Read random bytes and populate structure */ - if( (size_t)( end - p ) < sizeof( ssl->transform->randbytes ) ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < sizeof(ssl->transform->randbytes)) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ret = ssl_populate_transform( ssl->transform, - ssl->session->ciphersuite, - ssl->session->master, + ret = ssl_populate_transform(ssl->transform, + ssl->session->ciphersuite, + ssl->session->master, #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl->session->encrypt_then_mac, + ssl->session->encrypt_then_mac, #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl->session->trunc_hmac, + ssl->session->trunc_hmac, #endif #endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ #if defined(MBEDTLS_ZLIB_SUPPORT) - ssl->session->compression, + ssl->session->compression, #endif - ssl_tls12prf_from_cs( ssl->session->ciphersuite ), - p, /* currently pointing to randbytes */ - MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ - ssl->conf->endpoint, - ssl ); - if( ret != 0 ) - return( ret ); + ssl_tls12prf_from_cs(ssl->session->ciphersuite), + p, /* currently pointing to randbytes */ + MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ + ssl->conf->endpoint, + ssl); + if (ret != 0) + return (ret); - p += sizeof( ssl->transform->randbytes ); + p += sizeof(ssl->transform->randbytes); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* Read connection IDs and store them */ - if( (size_t)( end - p ) < 1 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 1) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); ssl->transform->in_cid_len = *p++; - if( (size_t)( end - p ) < ssl->transform->in_cid_len + 1u ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < ssl->transform->in_cid_len + 1u) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - memcpy( ssl->transform->in_cid, p, ssl->transform->in_cid_len ); + memcpy(ssl->transform->in_cid, p, ssl->transform->in_cid_len); p += ssl->transform->in_cid_len; ssl->transform->out_cid_len = *p++; - if( (size_t)( end - p ) < ssl->transform->out_cid_len ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < ssl->transform->out_cid_len) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - memcpy( ssl->transform->out_cid, p, ssl->transform->out_cid_len ); + memcpy(ssl->transform->out_cid, p, ssl->transform->out_cid_len); p += ssl->transform->out_cid_len; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ @@ -6599,59 +6102,59 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * Saved fields from top-level ssl_context structure */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - if( (size_t)( end - p ) < 4 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 4) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ssl->badmac_seen = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + ssl->badmac_seen = ((uint32_t) p[0] << 24) | + ((uint32_t) p[1] << 16) | + ((uint32_t) p[2] << 8) | + ((uint32_t) p[3]); p += 4; #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( (size_t)( end - p ) < 16 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 16) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ssl->in_window_top = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + ssl->in_window_top = ((uint64_t) p[0] << 56) | + ((uint64_t) p[1] << 48) | + ((uint64_t) p[2] << 40) | + ((uint64_t) p[3] << 32) | + ((uint64_t) p[4] << 24) | + ((uint64_t) p[5] << 16) | + ((uint64_t) p[6] << 8) | + ((uint64_t) p[7]); p += 8; - ssl->in_window = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + ssl->in_window = ((uint64_t) p[0] << 56) | + ((uint64_t) p[1] << 48) | + ((uint64_t) p[2] << 40) | + ((uint64_t) p[3] << 32) | + ((uint64_t) p[4] << 24) | + ((uint64_t) p[5] << 16) | + ((uint64_t) p[6] << 8) | + ((uint64_t) p[7]); p += 8; #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( (size_t)( end - p ) < 1 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 1) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); ssl->disable_datagram_packing = *p++; #endif /* MBEDTLS_SSL_PROTO_DTLS */ - if( (size_t)( end - p ) < 8 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 8) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - memcpy( ssl->cur_out_ctr, p, 8 ); + memcpy(ssl->cur_out_ctr, p, 8); p += 8; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( (size_t)( end - p ) < 2 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 2) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ssl->mtu = ( p[0] << 8 ) | p[1]; + ssl->mtu = (p[0] << 8) | p[1]; p += 2; #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -6660,19 +6163,16 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, uint8_t alpn_len; const char **cur; - if( (size_t)( end - p ) < 1 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if ((size_t)(end - p) < 1) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); alpn_len = *p++; - if( alpn_len != 0 && ssl->conf->alpn_list != NULL ) - { + if (alpn_len != 0 && ssl->conf->alpn_list != NULL) { /* alpn_chosen should point to an item in the configured list */ - for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - { - if( strlen( *cur ) == alpn_len && - memcmp( p, cur, alpn_len ) == 0 ) - { + for (cur = ssl->conf->alpn_list; *cur != NULL; cur++) { + if (strlen(*cur) == alpn_len && + memcmp(p, cur, alpn_len) == 0) { ssl->alpn_chosen = *cur; break; } @@ -6680,8 +6180,8 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, } /* can only happen on conf mismatch */ - if( alpn_len != 0 && ssl->alpn_chosen == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (alpn_len != 0 && ssl->alpn_chosen == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); p += alpn_len; } @@ -6700,7 +6200,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, /* Adjust pointers for header fields of outgoing records to * the given transform, accounting for explicit IV and CID. */ - mbedtls_ssl_update_out_pointers( ssl, ssl->transform ); + mbedtls_ssl_update_out_pointers(ssl, ssl->transform); #if defined(MBEDTLS_SSL_PROTO_DTLS) ssl->in_epoch = 1; @@ -6710,137 +6210,125 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, * which we don't want - otherwise we'd end up freeing the wrong transform * by calling mbedtls_ssl_handshake_wrapup_free_hs_transform() * inappropriately. */ - if( ssl->handshake != NULL ) - { - mbedtls_ssl_handshake_free( ssl ); - mbedtls_free( ssl->handshake ); + if (ssl->handshake != NULL) { + mbedtls_ssl_handshake_free(ssl); + mbedtls_free(ssl->handshake); ssl->handshake = NULL; } /* * Done - should have consumed entire buffer */ - if( p != end ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if (p != end) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - return( 0 ); + return (0); } /* * Deserialize context: public wrapper for error cleaning */ -int mbedtls_ssl_context_load( mbedtls_ssl_context *context, - const unsigned char *buf, - size_t len ) -{ - int ret = ssl_context_load( context, buf, len ); +int mbedtls_ssl_context_load(mbedtls_ssl_context *context, + const unsigned char *buf, + size_t len) { + int ret = ssl_context_load(context, buf, len); - if( ret != 0 ) - mbedtls_ssl_free( context ); + if (ret != 0) + mbedtls_ssl_free(context); - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ /* * Free an SSL context */ -void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) -{ - if( ssl == NULL ) +void mbedtls_ssl_free(mbedtls_ssl_context *ssl) { + if (ssl == NULL) return; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> free" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("=> free")); - if( ssl->out_buf != NULL ) - { + if (ssl->out_buf != NULL) { #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t out_buf_len = ssl->out_buf_len; #else size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; #endif - mbedtls_platform_zeroize( ssl->out_buf, out_buf_len ); - mbedtls_free( ssl->out_buf ); + mbedtls_platform_zeroize(ssl->out_buf, out_buf_len); + mbedtls_free(ssl->out_buf); ssl->out_buf = NULL; } - if( ssl->in_buf != NULL ) - { + if (ssl->in_buf != NULL) { #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t in_buf_len = ssl->in_buf_len; #else size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; #endif - mbedtls_platform_zeroize( ssl->in_buf, in_buf_len ); - mbedtls_free( ssl->in_buf ); + mbedtls_platform_zeroize(ssl->in_buf, in_buf_len); + mbedtls_free(ssl->in_buf); ssl->in_buf = NULL; } #if defined(MBEDTLS_ZLIB_SUPPORT) - if( ssl->compress_buf != NULL ) - { - mbedtls_platform_zeroize( ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN ); - mbedtls_free( ssl->compress_buf ); + if (ssl->compress_buf != NULL) { + mbedtls_platform_zeroize(ssl->compress_buf, MBEDTLS_SSL_COMPRESS_BUFFER_LEN); + mbedtls_free(ssl->compress_buf); } #endif - if( ssl->transform ) - { - mbedtls_ssl_transform_free( ssl->transform ); - mbedtls_free( ssl->transform ); + if (ssl->transform) { + mbedtls_ssl_transform_free(ssl->transform); + mbedtls_free(ssl->transform); } - if( ssl->handshake ) - { - mbedtls_ssl_handshake_free( ssl ); - mbedtls_ssl_transform_free( ssl->transform_negotiate ); - mbedtls_ssl_session_free( ssl->session_negotiate ); + if (ssl->handshake) { + mbedtls_ssl_handshake_free(ssl); + mbedtls_ssl_transform_free(ssl->transform_negotiate); + mbedtls_ssl_session_free(ssl->session_negotiate); - mbedtls_free( ssl->handshake ); - mbedtls_free( ssl->transform_negotiate ); - mbedtls_free( ssl->session_negotiate ); + mbedtls_free(ssl->handshake); + mbedtls_free(ssl->transform_negotiate); + mbedtls_free(ssl->session_negotiate); } - if( ssl->session ) - { - mbedtls_ssl_session_free( ssl->session ); - mbedtls_free( ssl->session ); + if (ssl->session) { + mbedtls_ssl_session_free(ssl->session); + mbedtls_free(ssl->session); } #if defined(MBEDTLS_X509_CRT_PARSE_C) - if( ssl->hostname != NULL ) - { - mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) ); - mbedtls_free( ssl->hostname ); + if (ssl->hostname != NULL) { + mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname)); + mbedtls_free(ssl->hostname); } #endif #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) - if( mbedtls_ssl_hw_record_finish != NULL ) - { - MBEDTLS_SSL_DEBUG_MSG( 2, ( "going for mbedtls_ssl_hw_record_finish()" ) ); - mbedtls_ssl_hw_record_finish( ssl ); + if (mbedtls_ssl_hw_record_finish != NULL) { + MBEDTLS_SSL_DEBUG_MSG(2, ("going for mbedtls_ssl_hw_record_finish()")); + mbedtls_ssl_hw_record_finish(ssl); } #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - mbedtls_free( ssl->cli_id ); + mbedtls_free(ssl->cli_id); #endif - MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= free" ) ); + MBEDTLS_SSL_DEBUG_MSG(2, ("<= free")); /* Actually clear after last debug message */ - mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); + mbedtls_platform_zeroize(ssl, sizeof(mbedtls_ssl_context)); } /* * Initialze mbedtls_ssl_config */ -void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) -{ - memset( conf, 0, sizeof( mbedtls_ssl_config ) ); +void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) { + memset(conf, 0, sizeof(mbedtls_ssl_config)); } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -6889,24 +6377,22 @@ static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { /* * Load default in mbedtls_ssl_config */ -int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, - int endpoint, int transport, int preset ) -{ +int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, + int endpoint, int transport, int preset) { #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif /* Use the functions here so that they are covered in tests, * but otherwise access member directly for efficiency */ - mbedtls_ssl_conf_endpoint( conf, endpoint ); - mbedtls_ssl_conf_transport( conf, transport ); + mbedtls_ssl_conf_endpoint(conf, endpoint); + mbedtls_ssl_conf_transport(conf, transport); /* * Things that are common to all presets */ #if defined(MBEDTLS_SSL_CLI_C) - if( endpoint == MBEDTLS_SSL_IS_CLIENT ) - { + if (endpoint == MBEDTLS_SSL_IS_CLIENT) { conf->authmode = MBEDTLS_SSL_VERIFY_REQUIRED; #if defined(MBEDTLS_SSL_SESSION_TICKETS) conf->session_tickets = MBEDTLS_SSL_SESSION_TICKETS_ENABLED; @@ -6950,32 +6436,29 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_RENEGOTIATION) conf->renego_max_records = MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT; - memset( conf->renego_period, 0x00, 2 ); - memset( conf->renego_period + 2, 0xFF, 6 ); + memset(conf->renego_period, 0x00, 2); + memset(conf->renego_period + 2, 0xFF, 6); #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - if( endpoint == MBEDTLS_SSL_IS_SERVER ) - { - const unsigned char dhm_p[] = - MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; - const unsigned char dhm_g[] = - MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; + if (endpoint == MBEDTLS_SSL_IS_SERVER) { + const unsigned char dhm_p[] = + MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN; + const unsigned char dhm_g[] = + MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN; - if ( ( ret = mbedtls_ssl_conf_dh_param_bin( conf, - dhm_p, sizeof( dhm_p ), - dhm_g, sizeof( dhm_g ) ) ) != 0 ) - { - return( ret ); - } - } + if ((ret = mbedtls_ssl_conf_dh_param_bin(conf, + dhm_p, sizeof(dhm_p), + dhm_g, sizeof(dhm_g))) != 0) { + return (ret); + } + } #endif /* * Preset-specific defaults */ - switch( preset ) - { + switch (preset) { /* * NSA Suite B */ @@ -6986,10 +6469,10 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - ssl_preset_suiteb_ciphersuites; + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = + ssl_preset_suiteb_ciphersuites; #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; @@ -7008,27 +6491,27 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, * Default */ default: - conf->min_major_ver = ( MBEDTLS_SSL_MIN_MAJOR_VERSION > - MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION ) ? - MBEDTLS_SSL_MIN_MAJOR_VERSION : - MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; - conf->min_minor_ver = ( MBEDTLS_SSL_MIN_MINOR_VERSION > - MBEDTLS_SSL_MIN_VALID_MINOR_VERSION ) ? - MBEDTLS_SSL_MIN_MINOR_VERSION : - MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; + conf->min_major_ver = (MBEDTLS_SSL_MIN_MAJOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION) ? + MBEDTLS_SSL_MIN_MAJOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION; + conf->min_minor_ver = (MBEDTLS_SSL_MIN_MINOR_VERSION > + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION) ? + MBEDTLS_SSL_MIN_MINOR_VERSION : + MBEDTLS_SSL_MIN_VALID_MINOR_VERSION; conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; #if defined(MBEDTLS_SSL_PROTO_DTLS) - if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + if (transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_2; #endif conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = - conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = - mbedtls_ssl_list_ciphersuites(); + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = + conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = + mbedtls_ssl_list_ciphersuites(); #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_default; @@ -7047,42 +6530,39 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #endif } - return( 0 ); + return (0); } /* * Free mbedtls_ssl_config */ -void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) -{ +void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) { #if defined(MBEDTLS_DHM_C) - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); + mbedtls_mpi_free(&conf->dhm_P); + mbedtls_mpi_free(&conf->dhm_G); #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if( conf->psk != NULL ) - { - mbedtls_platform_zeroize( conf->psk, conf->psk_len ); - mbedtls_free( conf->psk ); + if (conf->psk != NULL) { + mbedtls_platform_zeroize(conf->psk, conf->psk_len); + mbedtls_free(conf->psk); conf->psk = NULL; conf->psk_len = 0; } - if( conf->psk_identity != NULL ) - { - mbedtls_platform_zeroize( conf->psk_identity, conf->psk_identity_len ); - mbedtls_free( conf->psk_identity ); + if (conf->psk_identity != NULL) { + mbedtls_platform_zeroize(conf->psk_identity, conf->psk_identity_len); + mbedtls_free(conf->psk_identity); conf->psk_identity = NULL; conf->psk_identity_len = 0; } #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) - ssl_key_cert_free( conf->key_cert ); + ssl_key_cert_free(conf->key_cert); #endif - mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); + mbedtls_platform_zeroize(conf, sizeof(mbedtls_ssl_config)); } #if defined(MBEDTLS_PK_C) && \ @@ -7090,46 +6570,42 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) /* * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX */ -unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk ) -{ +unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) { #if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_RSA ) ) - return( MBEDTLS_SSL_SIG_RSA ); + if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) + return (MBEDTLS_SSL_SIG_RSA); #endif #if defined(MBEDTLS_ECDSA_C) - if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECDSA ) ) - return( MBEDTLS_SSL_SIG_ECDSA ); + if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) + return (MBEDTLS_SSL_SIG_ECDSA); #endif - return( MBEDTLS_SSL_SIG_ANON ); + return (MBEDTLS_SSL_SIG_ANON); } -unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type ) -{ - switch( type ) { +unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_type_t type) { + switch (type) { case MBEDTLS_PK_RSA: - return( MBEDTLS_SSL_SIG_RSA ); + return (MBEDTLS_SSL_SIG_RSA); case MBEDTLS_PK_ECDSA: case MBEDTLS_PK_ECKEY: - return( MBEDTLS_SSL_SIG_ECDSA ); + return (MBEDTLS_SSL_SIG_ECDSA); default: - return( MBEDTLS_SSL_SIG_ANON ); + return (MBEDTLS_SSL_SIG_ANON); } } -mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) -{ - switch( sig ) - { +mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) { + switch (sig) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: - return( MBEDTLS_PK_RSA ); + return (MBEDTLS_PK_RSA); #endif #if defined(MBEDTLS_ECDSA_C) case MBEDTLS_SSL_SIG_ECDSA: - return( MBEDTLS_PK_ECDSA ); + return (MBEDTLS_PK_ECDSA); #endif default: - return( MBEDTLS_PK_NONE ); + return (MBEDTLS_PK_NONE); } } #endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ @@ -7138,34 +6614,30 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig ) defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) /* Find an entry in a signature-hash set matching a given hash algorithm. */ -mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg ) -{ - switch( sig_alg ) - { +mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg) { + switch (sig_alg) { case MBEDTLS_PK_RSA: - return( set->rsa ); + return (set->rsa); case MBEDTLS_PK_ECDSA: - return( set->ecdsa ); + return (set->ecdsa); default: - return( MBEDTLS_MD_NONE ); + return (MBEDTLS_MD_NONE); } } /* Add a signature-hash-pair to a signature-hash set */ -void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_pk_type_t sig_alg, - mbedtls_md_type_t md_alg ) -{ - switch( sig_alg ) - { +void mbedtls_ssl_sig_hash_set_add(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_pk_type_t sig_alg, + mbedtls_md_type_t md_alg) { + switch (sig_alg) { case MBEDTLS_PK_RSA: - if( set->rsa == MBEDTLS_MD_NONE ) + if (set->rsa == MBEDTLS_MD_NONE) set->rsa = md_alg; break; case MBEDTLS_PK_ECDSA: - if( set->ecdsa == MBEDTLS_MD_NONE ) + if (set->ecdsa == MBEDTLS_MD_NONE) set->ecdsa = md_alg; break; @@ -7175,9 +6647,8 @@ void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set, } /* Allow exactly one hash algorithm for each signature. */ -void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, - mbedtls_md_type_t md_alg ) -{ +void mbedtls_ssl_sig_hash_set_const_hash(mbedtls_ssl_sig_hash_set_t *set, + mbedtls_md_type_t md_alg) { set->rsa = md_alg; set->ecdsa = md_alg; } @@ -7188,64 +6659,60 @@ void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set, /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX */ -mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash ) -{ - switch( hash ) - { +mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash) { + switch (hash) { #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - return( MBEDTLS_MD_MD5 ); + return (MBEDTLS_MD_MD5); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: - return( MBEDTLS_MD_SHA1 ); + return (MBEDTLS_MD_SHA1); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_SSL_HASH_SHA224: - return( MBEDTLS_MD_SHA224 ); + return (MBEDTLS_MD_SHA224); case MBEDTLS_SSL_HASH_SHA256: - return( MBEDTLS_MD_SHA256 ); + return (MBEDTLS_MD_SHA256); #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_SSL_HASH_SHA384: - return( MBEDTLS_MD_SHA384 ); + return (MBEDTLS_MD_SHA384); case MBEDTLS_SSL_HASH_SHA512: - return( MBEDTLS_MD_SHA512 ); + return (MBEDTLS_MD_SHA512); #endif default: - return( MBEDTLS_MD_NONE ); + return (MBEDTLS_MD_NONE); } } /* * Convert from MBEDTLS_MD_XXX to MBEDTLS_SSL_HASH_XXX */ -unsigned char mbedtls_ssl_hash_from_md_alg( int md ) -{ - switch( md ) - { +unsigned char mbedtls_ssl_hash_from_md_alg(int md) { + switch (md) { #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( MBEDTLS_SSL_HASH_MD5 ); + return (MBEDTLS_SSL_HASH_MD5); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( MBEDTLS_SSL_HASH_SHA1 ); + return (MBEDTLS_SSL_HASH_SHA1); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA224: - return( MBEDTLS_SSL_HASH_SHA224 ); + return (MBEDTLS_SSL_HASH_SHA224); case MBEDTLS_MD_SHA256: - return( MBEDTLS_SSL_HASH_SHA256 ); + return (MBEDTLS_SSL_HASH_SHA256); #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA384: - return( MBEDTLS_SSL_HASH_SHA384 ); + return (MBEDTLS_SSL_HASH_SHA384); case MBEDTLS_MD_SHA512: - return( MBEDTLS_SSL_HASH_SHA512 ); + return (MBEDTLS_SSL_HASH_SHA512); #endif default: - return( MBEDTLS_SSL_HASH_NONE ); + return (MBEDTLS_SSL_HASH_NONE); } } @@ -7254,18 +6721,17 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md ) * Check if a curve proposed by the peer is in our list. * Return 0 if we're willing to use it, -1 otherwise. */ -int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id ) -{ +int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id) { const mbedtls_ecp_group_id *gid; - if( ssl->conf->curve_list == NULL ) - return( -1 ); + if (ssl->conf->curve_list == NULL) + return (-1); - for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) - if( *gid == grp_id ) - return( 0 ); + for (gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++) + if (*gid == grp_id) + return (0); - return( -1 ); + return (-1); } #endif /* MBEDTLS_ECP_C */ @@ -7274,28 +6740,26 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i * Check if a hash proposed by the peer is in our list. * Return 0 if we're willing to use it, -1 otherwise. */ -int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl, - mbedtls_md_type_t md ) -{ +int mbedtls_ssl_check_sig_hash(const mbedtls_ssl_context *ssl, + mbedtls_md_type_t md) { const int *cur; - if( ssl->conf->sig_hashes == NULL ) - return( -1 ); + if (ssl->conf->sig_hashes == NULL) + return (-1); - for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ ) - if( *cur == (int) md ) - return( 0 ); + for (cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++) + if (*cur == (int) md) + return (0); - return( -1 ); + return (-1); } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, - const mbedtls_ssl_ciphersuite_t *ciphersuite, - int cert_endpoint, - uint32_t *flags ) -{ +int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert, + const mbedtls_ssl_ciphersuite_t *ciphersuite, + int cert_endpoint, + uint32_t *flags) { int ret = 0; #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) int usage = 0; @@ -7313,11 +6777,9 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, #endif #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) - { + if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) { /* Server part of the key exchange */ - switch( ciphersuite->key_exchange ) - { + switch (ciphersuite->key_exchange) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT; @@ -7342,15 +6804,12 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, case MBEDTLS_KEY_EXCHANGE_ECJPAKE: usage = 0; } - } - else - { + } else { /* Client auth: we only implement rsa_sign and mbedtls_ecdsa_sign for now */ usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE; } - if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) - { + if (mbedtls_x509_crt_check_key_usage(cert, usage) != 0) { *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; ret = -1; } @@ -7359,36 +6818,30 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, #endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) - { + if (cert_endpoint == MBEDTLS_SSL_IS_SERVER) { ext_oid = MBEDTLS_OID_SERVER_AUTH; - ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_SERVER_AUTH ); - } - else - { + ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH); + } else { ext_oid = MBEDTLS_OID_CLIENT_AUTH; - ext_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_CLIENT_AUTH ); + ext_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH); } - if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) - { + if (mbedtls_x509_crt_check_extended_key_usage(cert, ext_oid, ext_len) != 0) { *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; ret = -1; } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ - return( ret ); + return (ret); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ -int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) -{ +int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) + if (ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3) return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; - switch( md ) - { + switch (md) { #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: @@ -7425,16 +6878,15 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) -int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, - unsigned char *output, - unsigned char *data, size_t data_len ) -{ +int mbedtls_ssl_get_key_exchange_md_ssl_tls(mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len) { int ret = 0; mbedtls_md5_context mbedtls_md5; mbedtls_sha1_context mbedtls_sha1; - mbedtls_md5_init( &mbedtls_md5 ); - mbedtls_sha1_init( &mbedtls_sha1 ); + mbedtls_md5_init(&mbedtls_md5); + mbedtls_sha1_init(&mbedtls_sha1); /* * digitally-signed struct { @@ -7449,61 +6901,53 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret ); + if ((ret = mbedtls_md5_starts_ret(&mbedtls_md5)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_starts_ret", ret); goto exit; } - if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, - ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); + if ((ret = mbedtls_md5_update_ret(&mbedtls_md5, + ssl->handshake->randbytes, 64)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_update_ret", ret); goto exit; } - if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); + if ((ret = mbedtls_md5_update_ret(&mbedtls_md5, data, data_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_update_ret", ret); goto exit; } - if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret ); + if ((ret = mbedtls_md5_finish_ret(&mbedtls_md5, output)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md5_finish_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret ); + if ((ret = mbedtls_sha1_starts_ret(&mbedtls_sha1)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_starts_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, - ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); + if ((ret = mbedtls_sha1_update_ret(&mbedtls_sha1, + ssl->handshake->randbytes, 64)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_update_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data, - data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); + if ((ret = mbedtls_sha1_update_ret(&mbedtls_sha1, data, + data_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_update_ret", ret); goto exit; } - if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1, - output + 16 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret ); + if ((ret = mbedtls_sha1_finish_ret(&mbedtls_sha1, + output + 16)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha1_finish_ret", ret); goto exit; } exit: - mbedtls_md5_free( &mbedtls_md5 ); - mbedtls_sha1_free( &mbedtls_sha1 ); + mbedtls_md5_free(&mbedtls_md5); + mbedtls_sha1_free(&mbedtls_sha1); - if( ret != 0 ) - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + if (ret != 0) + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return( ret ); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -7513,81 +6957,73 @@ exit: defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ) -{ +int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg) { psa_status_t status; psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); + psa_algorithm_t hash_alg = mbedtls_psa_translate_md(md_alg); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); - if( ( status = psa_hash_setup( &hash_operation, - hash_alg ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_setup", status ); + if ((status = psa_hash_setup(&hash_operation, + hash_alg)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_setup", status); goto exit; } - if( ( status = psa_hash_update( &hash_operation, ssl->handshake->randbytes, - 64 ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); + if ((status = psa_hash_update(&hash_operation, ssl->handshake->randbytes, + 64)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); goto exit; } - if( ( status = psa_hash_update( &hash_operation, - data, data_len ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_update", status ); + if ((status = psa_hash_update(&hash_operation, + data, data_len)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_update", status); goto exit; } - if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, - hashlen ) ) != PSA_SUCCESS ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); - goto exit; + if ((status = psa_hash_finish(&hash_operation, hash, MBEDTLS_MD_MAX_SIZE, + hashlen)) != PSA_SUCCESS) { + MBEDTLS_SSL_DEBUG_RET(1, "psa_hash_finish", status); + goto exit; } exit: - if( status != PSA_SUCCESS ) - { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - switch( status ) - { + if (status != PSA_SUCCESS) { + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); + switch (status) { case PSA_ERROR_NOT_SUPPORTED: - return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE); case PSA_ERROR_BAD_STATE: /* Intentional fallthrough */ case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_MD_BAD_INPUT_DATA); case PSA_ERROR_INSUFFICIENT_MEMORY: - return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + return (MBEDTLS_ERR_MD_ALLOC_FAILED); default: - return( MBEDTLS_ERR_MD_HW_ACCEL_FAILED ); + return (MBEDTLS_ERR_MD_HW_ACCEL_FAILED); } } - return( 0 ); + return (0); } #else -int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, - unsigned char *hash, size_t *hashlen, - unsigned char *data, size_t data_len, - mbedtls_md_type_t md_alg ) -{ +int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, + unsigned char *hash, size_t *hashlen, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg) { int ret = 0; mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - *hashlen = mbedtls_md_get_size( md_info ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg); + *hashlen = mbedtls_md_get_size(md_info); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform mbedtls-based computation of digest of ServerKeyExchange" ) ); + MBEDTLS_SSL_DEBUG_MSG(3, ("Perform mbedtls-based computation of digest of ServerKeyExchange")); - mbedtls_md_init( &ctx ); + mbedtls_md_init(&ctx); /* * digitally-signed struct { @@ -7596,40 +7032,35 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, * ServerDHParams params; * }; */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + if ((ret = mbedtls_md_setup(&ctx, md_info, 0)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_setup", ret); goto exit; } - if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); + if ((ret = mbedtls_md_starts(&ctx)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_starts", ret); goto exit; } - if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + if ((ret = mbedtls_md_update(&ctx, ssl->handshake->randbytes, 64)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); goto exit; } - if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + if ((ret = mbedtls_md_update(&ctx, data, data_len)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_update", ret); goto exit; } - if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); + if ((ret = mbedtls_md_finish(&ctx, hash)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } exit: - mbedtls_md_free( &ctx ); + mbedtls_md_free(&ctx); - if( ret != 0 ) - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + if (ret != 0) + mbedtls_ssl_send_alert_message(ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR); - return( ret ); + return (ret); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/common/mbedtls/ssl_tls13_keys.c b/common/mbedtls/ssl_tls13_keys.c index c39e0322b..a3121f62f 100644 --- a/common/mbedtls/ssl_tls13_keys.c +++ b/common/mbedtls/ssl_tls13_keys.c @@ -31,8 +31,7 @@ #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ .name = string, -struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = -{ +struct mbedtls_ssl_tls1_3_labels_struct const mbedtls_ssl_tls1_3_labels = { /* This seems to work in C, despite the string literal being one * character too long due to the 0-termination. */ MBEDTLS_SSL_TLS1_3_LABEL_LIST @@ -91,15 +90,14 @@ static const char tls1_3_label_prefix[6] = "tls13 "; MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) static void ssl_tls1_3_hkdf_encode_label( - size_t desired_length, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - unsigned char *dst, size_t *dlen ) -{ + size_t desired_length, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *dst, size_t *dlen) { size_t total_label_len = sizeof(tls1_3_label_prefix) + llen; size_t total_hkdf_lbl_len = - SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen ); + SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(total_label_len, clen); unsigned char *p = dst; @@ -108,73 +106,69 @@ static void ssl_tls1_3_hkdf_encode_label( * TLS 1.3 HKDF key expansion to more than 255 Bytes. */ #if MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN > 255 #error "The implementation of ssl_tls1_3_hkdf_encode_label() is not fit for the \ - value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" +value of MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN" #endif *p++ = 0; - *p++ = (unsigned char)( ( desired_length >> 0 ) & 0xFF ); + *p++ = (unsigned char)((desired_length >> 0) & 0xFF); /* Add label incl. prefix */ - *p++ = (unsigned char)( total_label_len & 0xFF ); - memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) ); + *p++ = (unsigned char)(total_label_len & 0xFF); + memcpy(p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix)); p += sizeof(tls1_3_label_prefix); - memcpy( p, label, llen ); + memcpy(p, label, llen); p += llen; /* Add context value */ - *p++ = (unsigned char)( clen & 0xFF ); - if( clen != 0 ) - memcpy( p, ctx, clen ); + *p++ = (unsigned char)(clen & 0xFF); + if (clen != 0) + memcpy(p, ctx, clen); /* Return total length to the caller. */ *dlen = total_hkdf_lbl_len; } int mbedtls_ssl_tls1_3_hkdf_expand_label( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - unsigned char *buf, size_t blen ) -{ + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen) { const mbedtls_md_info_t *md; unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; size_t hkdf_label_len; - if( llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) - { + if (llen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN) { /* Should never happen since this is an internal * function, and we know statically which labels * are allowed. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - if( clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN ) - { + if (clen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN) { /* Should not happen, as above. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - if( blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN ) - { + if (blen > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_EXPANSION_LEN) { /* Should not happen, as above. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - md = mbedtls_md_info_from_type( hash_alg ); - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md = mbedtls_md_info_from_type(hash_alg); + if (md == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - ssl_tls1_3_hkdf_encode_label( blen, - label, llen, - ctx, clen, - hkdf_label, - &hkdf_label_len ); + ssl_tls1_3_hkdf_encode_label(blen, + label, llen, + ctx, clen, + hkdf_label, + &hkdf_label_len); - return( mbedtls_hkdf_expand( md, - secret, slen, - hkdf_label, hkdf_label_len, - buf, blen ) ); + return (mbedtls_hkdf_expand(md, + secret, slen, + hkdf_label, hkdf_label_len, + buf, blen)); } /* @@ -194,156 +188,145 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( * keys in a single function call. */ int mbedtls_ssl_tls1_3_make_traffic_keys( - mbedtls_md_type_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, - size_t slen, size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys ) -{ + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t key_len, size_t iv_len, + mbedtls_ssl_key_set *keys) { int ret = 0; - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - client_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), - NULL, 0, - keys->client_write_key, key_len ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key), + NULL, 0, + keys->client_write_key, key_len); + if (ret != 0) + return (ret); - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - server_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( key ), - NULL, 0, - keys->server_write_key, key_len ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(key), + NULL, 0, + keys->server_write_key, key_len); + if (ret != 0) + return (ret); - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - client_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), - NULL, 0, - keys->client_write_iv, iv_len ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + client_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv), + NULL, 0, + keys->client_write_iv, iv_len); + if (ret != 0) + return (ret); - ret = mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - server_secret, slen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( iv ), - NULL, 0, - keys->server_write_iv, iv_len ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + server_secret, slen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(iv), + NULL, 0, + keys->server_write_iv, iv_len); + if (ret != 0) + return (ret); keys->key_len = key_len; keys->iv_len = iv_len; - return( 0 ); + return (0); } int mbedtls_ssl_tls1_3_derive_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - int ctx_hashed, - unsigned char *dstbuf, size_t buflen ) -{ + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int ctx_hashed, + unsigned char *dstbuf, size_t buflen) { int ret; unsigned char hashed_context[ MBEDTLS_MD_MAX_SIZE ]; const mbedtls_md_info_t *md; - md = mbedtls_md_info_from_type( hash_alg ); - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md = mbedtls_md_info_from_type(hash_alg); + if (md == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - if( ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED ) - { - ret = mbedtls_md( md, ctx, clen, hashed_context ); - if( ret != 0 ) - return( ret ); - clen = mbedtls_md_get_size( md ); - } - else - { - if( clen > sizeof(hashed_context) ) - { + if (ctx_hashed == MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED) { + ret = mbedtls_md(md, ctx, clen, hashed_context); + if (ret != 0) + return (ret); + clen = mbedtls_md_get_size(md); + } else { + if (clen > sizeof(hashed_context)) { /* This should never happen since this function is internal * and the code sets `ctx_hashed` correctly. * Let's double-check nonetheless to not run at the risk * of getting a stack overflow. */ - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + return (MBEDTLS_ERR_SSL_INTERNAL_ERROR); } - memcpy( hashed_context, ctx, clen ); + memcpy(hashed_context, ctx, clen); } - return( mbedtls_ssl_tls1_3_hkdf_expand_label( hash_alg, - secret, slen, - label, llen, - hashed_context, clen, - dstbuf, buflen ) ); + return (mbedtls_ssl_tls1_3_hkdf_expand_label(hash_alg, + secret, slen, + label, llen, + hashed_context, clen, + dstbuf, buflen)); } int mbedtls_ssl_tls1_3_evolve_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new ) -{ + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new) { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; size_t hlen, ilen; unsigned char tmp_secret[ MBEDTLS_MD_MAX_SIZE ] = { 0 }; unsigned char tmp_input [ MBEDTLS_MD_MAX_SIZE ] = { 0 }; const mbedtls_md_info_t *md; - md = mbedtls_md_info_from_type( hash_alg ); - if( md == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + md = mbedtls_md_info_from_type(hash_alg); + if (md == NULL) + return (MBEDTLS_ERR_SSL_BAD_INPUT_DATA); - hlen = mbedtls_md_get_size( md ); + hlen = mbedtls_md_get_size(md); /* For non-initial runs, call Derive-Secret( ., "derived", "") * on the old secret. */ - if( secret_old != NULL ) - { + if (secret_old != NULL) { ret = mbedtls_ssl_tls1_3_derive_secret( - hash_alg, - secret_old, hlen, - MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( derived ), - NULL, 0, /* context */ - MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, - tmp_secret, hlen ); - if( ret != 0 ) + hash_alg, + secret_old, hlen, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(derived), + NULL, 0, /* context */ + MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + tmp_secret, hlen); + if (ret != 0) goto cleanup; } - if( input != NULL ) - { - memcpy( tmp_input, input, input_len ); + if (input != NULL) { + memcpy(tmp_input, input, input_len); ilen = input_len; - } - else - { + } else { ilen = hlen; } /* HKDF-Extract takes a salt and input key material. * The salt is the old secret, and the input key material * is the input secret (PSK / ECDHE). */ - ret = mbedtls_hkdf_extract( md, - tmp_secret, hlen, - tmp_input, ilen, - secret_new ); - if( ret != 0 ) + ret = mbedtls_hkdf_extract(md, + tmp_secret, hlen, + tmp_input, ilen, + secret_new); + if (ret != 0) goto cleanup; ret = 0; - cleanup: +cleanup: - mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); - mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) ); - return( ret ); + mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret)); + mbedtls_platform_zeroize(tmp_input, sizeof(tmp_input)); + return (ret); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/common/mbedtls/ssl_tls13_keys.h b/common/mbedtls/ssl_tls13_keys.h index 7089049ce..51ef3c6d9 100644 --- a/common/mbedtls/ssl_tls13_keys.h +++ b/common/mbedtls/ssl_tls13_keys.h @@ -45,12 +45,10 @@ #define MBEDTLS_SSL_TLS1_3_LABEL( name, string ) \ const unsigned char name [ sizeof(string) - 1 ]; -union mbedtls_ssl_tls1_3_labels_union -{ +union mbedtls_ssl_tls1_3_labels_union { MBEDTLS_SSL_TLS1_3_LABEL_LIST }; -struct mbedtls_ssl_tls1_3_labels_struct -{ +struct mbedtls_ssl_tls1_3_labels_struct { MBEDTLS_SSL_TLS1_3_LABEL_LIST }; #undef MBEDTLS_SSL_TLS1_3_LABEL @@ -107,11 +105,11 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; */ int mbedtls_ssl_tls1_3_hkdf_expand_label( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - unsigned char *buf, size_t blen ); + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + unsigned char *buf, size_t blen); /** * \brief This function is part of the TLS 1.3 key schedule. @@ -143,11 +141,11 @@ int mbedtls_ssl_tls1_3_hkdf_expand_label( */ int mbedtls_ssl_tls1_3_make_traffic_keys( - mbedtls_md_type_t hash_alg, - const unsigned char *client_secret, - const unsigned char *server_secret, - size_t slen, size_t key_len, size_t iv_len, - mbedtls_ssl_key_set *keys ); + mbedtls_md_type_t hash_alg, + const unsigned char *client_secret, + const unsigned char *server_secret, + size_t slen, size_t key_len, size_t iv_len, + mbedtls_ssl_key_set *keys); #define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0 @@ -191,12 +189,12 @@ int mbedtls_ssl_tls1_3_make_traffic_keys( * \returns A negative error code on failure. */ int mbedtls_ssl_tls1_3_derive_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret, size_t slen, - const unsigned char *label, size_t llen, - const unsigned char *ctx, size_t clen, - int ctx_hashed, - unsigned char *dstbuf, size_t buflen ); + mbedtls_md_type_t hash_alg, + const unsigned char *secret, size_t slen, + const unsigned char *label, size_t llen, + const unsigned char *ctx, size_t clen, + int ctx_hashed, + unsigned char *dstbuf, size_t buflen); /** * \brief Compute the next secret in the TLS 1.3 key schedule @@ -266,9 +264,9 @@ int mbedtls_ssl_tls1_3_derive_secret( */ int mbedtls_ssl_tls1_3_evolve_secret( - mbedtls_md_type_t hash_alg, - const unsigned char *secret_old, - const unsigned char *input, size_t input_len, - unsigned char *secret_new ); + mbedtls_md_type_t hash_alg, + const unsigned char *secret_old, + const unsigned char *input, size_t input_len, + unsigned char *secret_new); #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ diff --git a/common/mbedtls/threading.c b/common/mbedtls/threading.c index 2de117f52..be3b58658 100644 --- a/common/mbedtls/threading.c +++ b/common/mbedtls/threading.c @@ -62,9 +62,8 @@ #endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */ #if defined(MBEDTLS_THREADING_PTHREAD) -static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) -{ - if( mutex == NULL ) +static void threading_mutex_init_pthread(mbedtls_threading_mutex_t *mutex) { + if (mutex == NULL) return; /* A nonzero value of is_valid indicates a successfully initialized @@ -73,44 +72,41 @@ static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex ) * if is_valid is nonzero. The Mbed TLS unit test code uses this field * to distinguish more states of the mutex; see * tests/src/threading_helpers for details. */ - mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0; + mutex->is_valid = pthread_mutex_init(&mutex->mutex, NULL) == 0; } -static void threading_mutex_free_pthread( mbedtls_threading_mutex_t *mutex ) -{ - if( mutex == NULL || !mutex->is_valid ) +static void threading_mutex_free_pthread(mbedtls_threading_mutex_t *mutex) { + if (mutex == NULL || !mutex->is_valid) return; - (void) pthread_mutex_destroy( &mutex->mutex ); + (void) pthread_mutex_destroy(&mutex->mutex); mutex->is_valid = 0; } -static int threading_mutex_lock_pthread( mbedtls_threading_mutex_t *mutex ) -{ - if( mutex == NULL || ! mutex->is_valid ) - return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); +static int threading_mutex_lock_pthread(mbedtls_threading_mutex_t *mutex) { + if (mutex == NULL || ! mutex->is_valid) + return (MBEDTLS_ERR_THREADING_BAD_INPUT_DATA); - if( pthread_mutex_lock( &mutex->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (pthread_mutex_lock(&mutex->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); - return( 0 ); + return (0); } -static int threading_mutex_unlock_pthread( mbedtls_threading_mutex_t *mutex ) -{ - if( mutex == NULL || ! mutex->is_valid ) - return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); +static int threading_mutex_unlock_pthread(mbedtls_threading_mutex_t *mutex) { + if (mutex == NULL || ! mutex->is_valid) + return (MBEDTLS_ERR_THREADING_BAD_INPUT_DATA); - if( pthread_mutex_unlock( &mutex->mutex ) != 0 ) - return( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + if (pthread_mutex_unlock(&mutex->mutex) != 0) + return (MBEDTLS_ERR_THREADING_MUTEX_ERROR); - return( 0 ); + return (0); } -void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_init_pthread; -void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_free_pthread; -int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_lock_pthread; -int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unlock_pthread; +void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_init_pthread; +void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_free_pthread; +int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_lock_pthread; +int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_unlock_pthread; /* * With phtreads we can statically initialize mutexes @@ -120,53 +116,49 @@ int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_unl #endif /* MBEDTLS_THREADING_PTHREAD */ #if defined(MBEDTLS_THREADING_ALT) -static int threading_mutex_fail( mbedtls_threading_mutex_t *mutex ) -{ - ((void) mutex ); - return( MBEDTLS_ERR_THREADING_BAD_INPUT_DATA ); +static int threading_mutex_fail(mbedtls_threading_mutex_t *mutex) { + ((void) mutex); + return (MBEDTLS_ERR_THREADING_BAD_INPUT_DATA); } -static void threading_mutex_dummy( mbedtls_threading_mutex_t *mutex ) -{ - ((void) mutex ); +static void threading_mutex_dummy(mbedtls_threading_mutex_t *mutex) { + ((void) mutex); return; } -void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; -void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t * ) = threading_mutex_dummy; -int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; -int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t * ) = threading_mutex_fail; +void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *) = threading_mutex_dummy; +void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *) = threading_mutex_dummy; +int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *) = threading_mutex_fail; +int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *) = threading_mutex_fail; /* * Set functions pointers and initialize global mutexes */ -void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), - void (*mutex_free)( mbedtls_threading_mutex_t * ), - int (*mutex_lock)( mbedtls_threading_mutex_t * ), - int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ) -{ +void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), + void (*mutex_free)(mbedtls_threading_mutex_t *), + int (*mutex_lock)(mbedtls_threading_mutex_t *), + int (*mutex_unlock)(mbedtls_threading_mutex_t *)) { mbedtls_mutex_init = mutex_init; mbedtls_mutex_free = mutex_free; mbedtls_mutex_lock = mutex_lock; mbedtls_mutex_unlock = mutex_unlock; #if defined(MBEDTLS_FS_IO) - mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); + mbedtls_mutex_init(&mbedtls_threading_readdir_mutex); #endif #if defined(THREADING_USE_GMTIME) - mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); + mbedtls_mutex_init(&mbedtls_threading_gmtime_mutex); #endif } /* * Free global mutexes */ -void mbedtls_threading_free_alt( void ) -{ +void mbedtls_threading_free_alt(void) { #if defined(MBEDTLS_FS_IO) - mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); + mbedtls_mutex_free(&mbedtls_threading_readdir_mutex); #endif #if defined(THREADING_USE_GMTIME) - mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); + mbedtls_mutex_free(&mbedtls_threading_gmtime_mutex); #endif } #endif /* MBEDTLS_THREADING_ALT */ diff --git a/common/mbedtls/threading.h b/common/mbedtls/threading.h index 05e27c52f..346cd723b 100644 --- a/common/mbedtls/threading.h +++ b/common/mbedtls/threading.h @@ -43,8 +43,7 @@ extern "C" { #if defined(MBEDTLS_THREADING_PTHREAD) #include -typedef struct mbedtls_threading_mutex_t -{ +typedef struct mbedtls_threading_mutex_t { pthread_mutex_t mutex; /* is_valid is 0 after a failed init or a free, and nonzero after a * successful init. This field is not considered part of the public @@ -75,15 +74,15 @@ typedef struct mbedtls_threading_mutex_t * \param mutex_lock the lock function implementation * \param mutex_unlock the unlock function implementation */ -void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ), - void (*mutex_free)( mbedtls_threading_mutex_t * ), - int (*mutex_lock)( mbedtls_threading_mutex_t * ), - int (*mutex_unlock)( mbedtls_threading_mutex_t * ) ); +void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *), + void (*mutex_free)(mbedtls_threading_mutex_t *), + int (*mutex_lock)(mbedtls_threading_mutex_t *), + int (*mutex_unlock)(mbedtls_threading_mutex_t *)); /** * \brief Free global mutexes. */ -void mbedtls_threading_free_alt( void ); +void mbedtls_threading_free_alt(void); #endif /* MBEDTLS_THREADING_ALT */ #if defined(MBEDTLS_THREADING_C) @@ -92,10 +91,10 @@ void mbedtls_threading_free_alt( void ); * * All these functions are expected to work or the result will be undefined. */ -extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex ); -extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex ); -extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex ); -extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); +extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex); +extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex); +extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex); +extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex); /* * Global mutexes diff --git a/common/mbedtls/timing.c b/common/mbedtls/timing.c index eb4146132..26629a831 100644 --- a/common/mbedtls/timing.c +++ b/common/mbedtls/timing.c @@ -47,8 +47,7 @@ #include #include -struct _hr_time -{ +struct _hr_time { LARGE_INTEGER start; }; @@ -60,8 +59,7 @@ struct _hr_time #include #include -struct _hr_time -{ +struct _hr_time { struct timeval start; }; @@ -72,12 +70,11 @@ struct _hr_time #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long tsc; __asm rdtsc __asm mov [tsc], eax - return( tsc ); + return (tsc); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ @@ -89,11 +86,10 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long lo, hi; - asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); - return( lo ); + asm volatile("rdtsc" : "=a"(lo), "=d"(hi)); + return (lo); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __i386__ */ @@ -103,11 +99,10 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long lo, hi; - asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); - return( lo | ( hi << 32 ) ); + asm volatile("rdtsc" : "=a"(lo), "=d"(hi)); + return (lo | (hi << 32)); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && ( __amd64__ || __x86_64__ ) */ @@ -117,19 +112,16 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long tbl, tbu0, tbu1; - do - { - asm volatile( "mftbu %0" : "=r" (tbu0) ); - asm volatile( "mftb %0" : "=r" (tbl ) ); - asm volatile( "mftbu %0" : "=r" (tbu1) ); - } - while( tbu0 != tbu1 ); + do { + asm volatile("mftbu %0" : "=r"(tbu0)); + asm volatile("mftb %0" : "=r"(tbl)); + asm volatile("mftbu %0" : "=r"(tbu1)); + } while (tbu0 != tbu1); - return( tbl ); + return (tbl); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && ( __powerpc__ || __ppc__ ) */ @@ -142,11 +134,10 @@ unsigned long mbedtls_timing_hardclock( void ) #else #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long tick; - asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) ); - return( tick ); + asm volatile("rdpr %%tick, %0;" : "=&r"(tick)); + return (tick); } #endif /* __OpenBSD__ */ #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && @@ -157,12 +148,11 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long tick; - asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" ); - asm volatile( "mov %%g1, %0" : "=r" (tick) ); - return( tick ); + asm volatile(".byte 0x83, 0x41, 0x00, 0x00"); + asm volatile("mov %%g1, %0" : "=r"(tick)); + return (tick); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __sparc__ && !__sparc64__ */ @@ -172,11 +162,10 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long cc; - asm volatile( "rpcc %0" : "=r" (cc) ); - return( cc & 0xFFFFFFFF ); + asm volatile("rpcc %0" : "=r"(cc)); + return (cc & 0xFFFFFFFF); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __alpha__ */ @@ -186,11 +175,10 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { unsigned long itc; - asm volatile( "mov %0 = ar.itc" : "=r" (itc) ); - return( itc ); + asm volatile("mov %0 = ar.itc" : "=r"(itc)); + return (itc); } #endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && __GNUC__ && __ia64__ */ @@ -200,13 +188,12 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { LARGE_INTEGER offset; - QueryPerformanceCounter( &offset ); + QueryPerformanceCounter(&offset); - return( (unsigned long)( offset.QuadPart ) ); + return ((unsigned long)(offset.QuadPart)); } #endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */ @@ -217,19 +204,17 @@ unsigned long mbedtls_timing_hardclock( void ) static int hardclock_init = 0; static struct timeval tv_init; -unsigned long mbedtls_timing_hardclock( void ) -{ +unsigned long mbedtls_timing_hardclock(void) { struct timeval tv_cur; - if( hardclock_init == 0 ) - { - gettimeofday( &tv_init, NULL ); + if (hardclock_init == 0) { + gettimeofday(&tv_init, NULL); hardclock_init = 1; } - gettimeofday( &tv_cur, NULL ); - return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000 - + ( tv_cur.tv_usec - tv_init.tv_usec ) ); + gettimeofday(&tv_cur, NULL); + return ((tv_cur.tv_sec - tv_init.tv_sec) * 1000000 + + (tv_cur.tv_usec - tv_init.tv_usec)); } #endif /* !HAVE_HARDCLOCK */ @@ -237,43 +222,36 @@ volatile int mbedtls_timing_alarmed = 0; #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) -{ +unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { struct _hr_time *t = (struct _hr_time *) val; - if( reset ) - { - QueryPerformanceCounter( &t->start ); - return( 0 ); - } - else - { + if (reset) { + QueryPerformanceCounter(&t->start); + return (0); + } else { unsigned long delta; LARGE_INTEGER now, hfreq; - QueryPerformanceCounter( &now ); - QueryPerformanceFrequency( &hfreq ); - delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul - / hfreq.QuadPart ); - return( delta ); + QueryPerformanceCounter(&now); + QueryPerformanceFrequency(&hfreq); + delta = (unsigned long)((now.QuadPart - t->start.QuadPart) * 1000ul + / hfreq.QuadPart); + return (delta); } } /* It's OK to use a global because alarm() is supposed to be global anyway */ static DWORD alarmMs; -static void TimerProc( void *TimerContext ) -{ +static void TimerProc(void *TimerContext) { (void) TimerContext; - Sleep( alarmMs ); + Sleep(alarmMs); mbedtls_timing_alarmed = 1; /* _endthread will be called implicitly on return * That ensures execution of thread funcition's epilogue */ } -void mbedtls_set_alarm( int seconds ) -{ - if( seconds == 0 ) - { +void mbedtls_set_alarm(int seconds) { + if (seconds == 0) { /* No need to create a thread for this simple case. * Also, this shorcut is more reliable at least on MinGW32 */ mbedtls_timing_alarmed = 1; @@ -282,44 +260,37 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; alarmMs = seconds * 1000; - (void) _beginthread( TimerProc, 0, NULL ); + (void) _beginthread(TimerProc, 0, NULL); } #else /* _WIN32 && !EFIX64 && !EFI32 */ -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) -{ +unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset) { struct _hr_time *t = (struct _hr_time *) val; - if( reset ) - { - gettimeofday( &t->start, NULL ); - return( 0 ); - } - else - { + if (reset) { + gettimeofday(&t->start, NULL); + return (0); + } else { unsigned long delta; struct timeval now; - gettimeofday( &now, NULL ); - delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul - + ( now.tv_usec - t->start.tv_usec ) / 1000; - return( delta ); + gettimeofday(&now, NULL); + delta = (now.tv_sec - t->start.tv_sec) * 1000ul + + (now.tv_usec - t->start.tv_usec) / 1000; + return (delta); } } -static void sighandler( int signum ) -{ +static void sighandler(int signum) { mbedtls_timing_alarmed = 1; - signal( signum, sighandler ); + signal(signum, sighandler); } -void mbedtls_set_alarm( int seconds ) -{ +void mbedtls_set_alarm(int seconds) { mbedtls_timing_alarmed = 0; - signal( SIGALRM, sighandler ); - alarm( seconds ); - if( seconds == 0 ) - { + signal(SIGALRM, sighandler); + alarm(seconds); + if (seconds == 0) { /* alarm(0) cancelled any previous pending alarm, but the handler won't fire, so raise the flag straight away. */ mbedtls_timing_alarmed = 1; @@ -331,37 +302,35 @@ void mbedtls_set_alarm( int seconds ) /* * Set delays to watch */ -void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ) -{ +void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; ctx->int_ms = int_ms; ctx->fin_ms = fin_ms; - if( fin_ms != 0 ) - (void) mbedtls_timing_get_timer( &ctx->timer, 1 ); + if (fin_ms != 0) + (void) mbedtls_timing_get_timer(&ctx->timer, 1); } /* * Get number of delays expired */ -int mbedtls_timing_get_delay( void *data ) -{ +int mbedtls_timing_get_delay(void *data) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; unsigned long elapsed_ms; - if( ctx->fin_ms == 0 ) - return( -1 ); + if (ctx->fin_ms == 0) + return (-1); - elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 ); + elapsed_ms = mbedtls_timing_get_timer(&ctx->timer, 0); - if( elapsed_ms >= ctx->fin_ms ) - return( 2 ); + if (elapsed_ms >= ctx->fin_ms) + return (2); - if( elapsed_ms >= ctx->int_ms ) - return( 1 ); + if (elapsed_ms >= ctx->int_ms) + return (1); - return( 0 ); + return (0); } #endif /* !MBEDTLS_TIMING_ALT */ @@ -372,15 +341,14 @@ int mbedtls_timing_get_delay( void *data ) * Busy-waits for the given number of milliseconds. * Used for testing mbedtls_timing_hardclock. */ -static void busy_msleep( unsigned long msec ) -{ +static void busy_msleep(unsigned long msec) { struct mbedtls_timing_hr_time hires; unsigned long i = 0; /* for busy-waiting */ volatile unsigned long j; /* to prevent optimisation */ - (void) mbedtls_timing_get_timer( &hires, 1 ); + (void) mbedtls_timing_get_timer(&hires, 1); - while( mbedtls_timing_get_timer( &hires, 0 ) < msec ) + while (mbedtls_timing_get_timer(&hires, 0) < msec) i++; j = i; @@ -409,8 +377,7 @@ static void busy_msleep( unsigned long msec ) * Warning: this is work in progress, some tests may not be reliable enough * yet! False positives may happen. */ -int mbedtls_timing_self_test( int verbose ) -{ +int mbedtls_timing_self_test(int verbose) { unsigned long cycles = 0, ratio = 0; unsigned long millisecs = 0, secs = 0; int hardfail = 0; @@ -418,63 +385,63 @@ int mbedtls_timing_self_test( int verbose ) uint32_t a = 0, b = 0; mbedtls_timing_delay_context ctx; - if( verbose != 0 ) - mbedtls_printf( " TIMING tests note: will take some time!\n" ); + if (verbose != 0) + mbedtls_printf(" TIMING tests note: will take some time!\n"); - if( verbose != 0 ) - mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); + if (verbose != 0) + mbedtls_printf(" TIMING test #1 (set_alarm / get_timer): "); { secs = 1; - (void) mbedtls_timing_get_timer( &hires, 1 ); + (void) mbedtls_timing_get_timer(&hires, 1); - mbedtls_set_alarm( (int) secs ); - while( !mbedtls_timing_alarmed ) + mbedtls_set_alarm((int) secs); + while (!mbedtls_timing_alarmed) ; - millisecs = mbedtls_timing_get_timer( &hires, 0 ); + millisecs = mbedtls_timing_get_timer(&hires, 0); /* For some reason on Windows it looks like alarm has an extra delay * (maybe related to creating a new thread). Allow some room here. */ - if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 ) + if (millisecs < 800 * secs || millisecs > 1200 * secs + 300) FAIL; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( " TIMING test #2 (set/get_delay ): " ); + if (verbose != 0) + mbedtls_printf(" TIMING test #2 (set/get_delay ): "); { a = 800; b = 400; - mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */ + mbedtls_timing_set_delay(&ctx, a, a + b); /* T = 0 */ - busy_msleep( a - a / 4 ); /* T = a - a/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 0 ) + busy_msleep(a - a / 4); /* T = a - a/4 */ + if (mbedtls_timing_get_delay(&ctx) != 0) FAIL; - busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 1 ) + busy_msleep(a / 4 + b / 4); /* T = a + b/4 */ + if (mbedtls_timing_get_delay(&ctx) != 1) FAIL; - busy_msleep( b ); /* T = a + b + b/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 2 ) + busy_msleep(b); /* T = a + b + b/4 */ + if (mbedtls_timing_get_delay(&ctx) != 2) FAIL; } - mbedtls_timing_set_delay( &ctx, 0, 0 ); - busy_msleep( 200 ); - if( mbedtls_timing_get_delay( &ctx ) != -1 ) + mbedtls_timing_set_delay(&ctx, 0, 0); + busy_msleep(200); + if (mbedtls_timing_get_delay(&ctx) != -1) FAIL; - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); - if( verbose != 0 ) - mbedtls_printf( " TIMING test #3 (hardclock / get_timer): " ); + if (verbose != 0) + mbedtls_printf(" TIMING test #3 (hardclock / get_timer): "); /* * Allow one failure for possible counter wrapping. @@ -483,10 +450,9 @@ int mbedtls_timing_self_test( int verbose ) */ hard_test: - if( hardfail > 1 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed (ignored)\n" ); + if (hardfail > 1) { + if (verbose != 0) + mbedtls_printf("failed (ignored)\n"); goto hard_test_done; } @@ -494,35 +460,33 @@ hard_test: /* Get a reference ratio cycles/ms */ millisecs = 1; cycles = mbedtls_timing_hardclock(); - busy_msleep( millisecs ); + busy_msleep(millisecs); cycles = mbedtls_timing_hardclock() - cycles; ratio = cycles / millisecs; /* Check that the ratio is mostly constant */ - for( millisecs = 2; millisecs <= 4; millisecs++ ) - { + for (millisecs = 2; millisecs <= 4; millisecs++) { cycles = mbedtls_timing_hardclock(); - busy_msleep( millisecs ); + busy_msleep(millisecs); cycles = mbedtls_timing_hardclock() - cycles; /* Allow variation up to 20% */ - if( cycles / millisecs < ratio - ratio / 5 || - cycles / millisecs > ratio + ratio / 5 ) - { + if (cycles / millisecs < ratio - ratio / 5 || + cycles / millisecs > ratio + ratio / 5) { hardfail++; goto hard_test; } } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); hard_test_done: - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); - return( 0 ); + return (0); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/timing.h b/common/mbedtls/timing.h index b7290cfca..597ef7521 100644 --- a/common/mbedtls/timing.h +++ b/common/mbedtls/timing.h @@ -41,16 +41,14 @@ extern "C" { /** * \brief timer structure */ -struct mbedtls_timing_hr_time -{ +struct mbedtls_timing_hr_time { unsigned char opaque[32]; }; /** * \brief Context for mbedtls_timing_set/get_delay() */ -typedef struct mbedtls_timing_delay_context -{ +typedef struct mbedtls_timing_delay_context { struct mbedtls_timing_hr_time timer; uint32_t int_ms; uint32_t fin_ms; @@ -72,7 +70,7 @@ extern volatile int mbedtls_timing_alarmed; * \note This value starts at an unspecified origin and * may wrap around. */ -unsigned long mbedtls_timing_hardclock( void ); +unsigned long mbedtls_timing_hardclock(void); /** * \brief Return the elapsed time in milliseconds @@ -91,7 +89,7 @@ unsigned long mbedtls_timing_hardclock( void ); * get_timer(0) }` the value time1+time2 is only approximately * the delay since the first reset. */ -unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); +unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset); /** * \brief Setup an alarm clock @@ -103,7 +101,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int * context, this means one for the whole process, not one per * thread. */ -void mbedtls_set_alarm( int seconds ); +void mbedtls_set_alarm(int seconds); /** * \brief Set a pair of delays to watch @@ -119,7 +117,7 @@ void mbedtls_set_alarm( int seconds ); * \note To set a single delay, either use \c mbedtls_timing_set_timer * directly or use this function with int_ms == fin_ms. */ -void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); +void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms); /** * \brief Get the status of delays @@ -133,7 +131,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); * 1 if only the intermediate delay is passed, * 2 if the final delay is passed. */ -int mbedtls_timing_get_delay( void *data ); +int mbedtls_timing_get_delay(void *data); #if defined(MBEDTLS_SELF_TEST) /** @@ -141,7 +139,7 @@ int mbedtls_timing_get_delay( void *data ); * * \return 0 if successful, or 1 if a test failed */ -int mbedtls_timing_self_test( int verbose ); +int mbedtls_timing_self_test(int verbose); #endif #ifdef __cplusplus diff --git a/common/mbedtls/version.c b/common/mbedtls/version.c index 32a0d7d58..db6fcbd53 100644 --- a/common/mbedtls/version.c +++ b/common/mbedtls/version.c @@ -24,21 +24,18 @@ #include "mbedtls/version.h" #include -unsigned int mbedtls_version_get_number( void ) -{ - return( MBEDTLS_VERSION_NUMBER ); +unsigned int mbedtls_version_get_number(void) { + return (MBEDTLS_VERSION_NUMBER); } -void mbedtls_version_get_string( char *string ) -{ - memcpy( string, MBEDTLS_VERSION_STRING, - sizeof( MBEDTLS_VERSION_STRING ) ); +void mbedtls_version_get_string(char *string) { + memcpy(string, MBEDTLS_VERSION_STRING, + sizeof(MBEDTLS_VERSION_STRING)); } -void mbedtls_version_get_string_full( char *string ) -{ - memcpy( string, MBEDTLS_VERSION_STRING_FULL, - sizeof( MBEDTLS_VERSION_STRING_FULL ) ); +void mbedtls_version_get_string_full(char *string) { + memcpy(string, MBEDTLS_VERSION_STRING_FULL, + sizeof(MBEDTLS_VERSION_STRING_FULL)); } #endif /* MBEDTLS_VERSION_C */ diff --git a/common/mbedtls/version.h b/common/mbedtls/version.h index 5b0c70fca..ab40c0be8 100644 --- a/common/mbedtls/version.h +++ b/common/mbedtls/version.h @@ -61,7 +61,7 @@ extern "C" { * \return The constructed version number in the format * MMNNPP00 (Major, Minor, Patch). */ -unsigned int mbedtls_version_get_number( void ); +unsigned int mbedtls_version_get_number(void); /** * Get the version string ("x.y.z"). @@ -69,7 +69,7 @@ unsigned int mbedtls_version_get_number( void ); * \param string The string that will receive the value. * (Should be at least 9 bytes in size) */ -void mbedtls_version_get_string( char *string ); +void mbedtls_version_get_string(char *string); /** * Get the full version string ("mbed TLS x.y.z"). @@ -80,7 +80,7 @@ void mbedtls_version_get_string( char *string ); * (So the buffer should be at least 18 bytes to receive this * version string). */ -void mbedtls_version_get_string_full( char *string ); +void mbedtls_version_get_string_full(char *string); /** * \brief Check if support for a feature was compiled into this @@ -99,7 +99,7 @@ void mbedtls_version_get_string_full( char *string ); * -2 if support for feature checking as a whole was not * compiled in. */ -int mbedtls_version_check_feature( const char *feature ); +int mbedtls_version_check_feature(const char *feature); #ifdef __cplusplus } diff --git a/common/mbedtls/version_features.c b/common/mbedtls/version_features.c index 93329879a..83568a442 100644 --- a/common/mbedtls/version_features.c +++ b/common/mbedtls/version_features.c @@ -25,7 +25,7 @@ #include -static const char * const features[] = { +static const char *const features[] = { #if defined(MBEDTLS_VERSION_FEATURES) #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", @@ -844,23 +844,21 @@ static const char * const features[] = { NULL }; -int mbedtls_version_check_feature( const char *feature ) -{ - const char * const *idx = features; +int mbedtls_version_check_feature(const char *feature) { + const char *const *idx = features; - if( *idx == NULL ) - return( -2 ); + if (*idx == NULL) + return (-2); - if( feature == NULL ) - return( -1 ); + if (feature == NULL) + return (-1); - while( *idx != NULL ) - { - if( !strcmp( *idx, feature ) ) - return( 0 ); + while (*idx != NULL) { + if (!strcmp(*idx, feature)) + return (0); idx++; } - return( -1 ); + return (-1); } #endif /* MBEDTLS_VERSION_C */ diff --git a/common/mbedtls/x509.c b/common/mbedtls/x509.c index 2a7be329b..7aeee2599 100644 --- a/common/mbedtls/x509.c +++ b/common/mbedtls/x509.c @@ -75,29 +75,28 @@ /* * CertificateSerialNumber ::= INTEGER */ -int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial ) -{ +int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *serial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_SERIAL + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) + return (MBEDTLS_ERR_X509_INVALID_SERIAL + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); - if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) && - **p != MBEDTLS_ASN1_INTEGER ) - return( MBEDTLS_ERR_X509_INVALID_SERIAL + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && + **p != MBEDTLS_ASN1_INTEGER) + return (MBEDTLS_ERR_X509_INVALID_SERIAL + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); serial->tag = *(*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret ); + if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) + return (MBEDTLS_ERR_X509_INVALID_SERIAL + ret); serial->p = *p; *p += serial->len; - return( 0 ); + return (0); } /* Get an algorithm identifier without parameters (eg for signatures) @@ -106,29 +105,27 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } */ -int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg ) -{ +int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_alg_null(p, end, alg)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - return( 0 ); + return (0); } /* * Parse an algorithm identifier with (optional) parameters */ -int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params ) -{ +int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg, mbedtls_x509_buf *params) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - return( 0 ); + return (0); } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -141,8 +138,7 @@ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, * * For HashAlgorithm, parameters MUST be NULL or absent. */ -static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg ) -{ +static int x509_get_hash_alg(const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; const unsigned char *end; @@ -150,42 +146,42 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md size_t len; /* Make sure we got a SEQUENCE and setup bounds */ - if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (alg->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); p = alg->p; end = p + alg->len; - if( p >= end ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if (p >= end) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); /* Parse md_oid */ md_oid.tag = *p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &md_oid.len, MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); md_oid.p = p; p += md_oid.len; /* Get md_alg from md_oid */ - if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_oid_get_md_alg(&md_oid, md_alg)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); /* Make sure params is absent of NULL */ - if( p == end ) - return( 0 ); + if (p == end) + return (0); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_NULL)) != 0 || len != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p != end ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* @@ -200,10 +196,9 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other * option. Enfore this at parsing time. */ -int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len ) -{ +int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, + mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, + int *salt_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p; const unsigned char *end, *end2; @@ -216,121 +211,113 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, *salt_len = 20; /* Make sure params is a SEQUENCE and setup bounds */ - if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); p = (unsigned char *) params->p; end = p + params->len; - if( p == end ) - return( 0 ); + if (p == end) + return (0); /* * HashAlgorithm */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)) == 0) { end2 = p + len; /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */ - if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_alg_null(&p, end2, &alg_id)) != 0) + return (ret); - if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_oid_get_md_alg(&alg_id, md_alg)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if (p != end2) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p == end ) - return( 0 ); + if (p == end) + return (0); /* * MaskGenAlgorithm */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1)) == 0) { end2 = p + len; /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */ - if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end2, &alg_id, &alg_params)) != 0) + return (ret); /* Only MFG1 is recognised for now */ - if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 ) - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + - MBEDTLS_ERR_OID_NOT_FOUND ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) + return (MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + + MBEDTLS_ERR_OID_NOT_FOUND); /* Parse HashAlgorithm */ - if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 ) - return( ret ); + if ((ret = x509_get_hash_alg(&alg_params, mgf_md)) != 0) + return (ret); - if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if (p != end2) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p == end ) - return( 0 ); + if (p == end) + return (0); /* * salt_len */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2)) == 0) { end2 = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end2, salt_len)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if (p != end2) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p == end ) - return( 0 ); + if (p == end) + return (0); /* * trailer_field (if present, must be 1) */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 ) - { + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3)) == 0) { int trailer_field; end2 = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if ((ret = mbedtls_asn1_get_int(&p, end2, &trailer_field)) != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end2) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - if( trailer_field != 1 ) - return( MBEDTLS_ERR_X509_INVALID_ALG ); - } - else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + if (trailer_field != 1) + return (MBEDTLS_ERR_X509_INVALID_ALG); + } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (MBEDTLS_ERR_X509_INVALID_ALG + ret); - if( p != end ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) + return (MBEDTLS_ERR_X509_INVALID_ALG + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ @@ -343,63 +330,61 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, * * AttributeValue ::= ANY DEFINED BY AttributeType */ -static int x509_get_attr_type_value( unsigned char **p, - const unsigned char *end, - mbedtls_x509_name *cur ) -{ +static int x509_get_attr_type_value(unsigned char **p, + const unsigned char *end, + mbedtls_x509_name *cur) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; mbedtls_x509_buf *oid; mbedtls_x509_buf *val; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_NAME + ret); end = *p + len; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) + return (MBEDTLS_ERR_X509_INVALID_NAME + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); oid = &cur->oid; oid->tag = **p; - if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_NAME + ret); oid->p = *p; *p += oid->len; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) + return (MBEDTLS_ERR_X509_INVALID_NAME + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); - if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && - **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && - **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && - **p != MBEDTLS_ASN1_BIT_STRING ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && + **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && + **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && + **p != MBEDTLS_ASN1_BIT_STRING) + return (MBEDTLS_ERR_X509_INVALID_NAME + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); val = &cur->val; val->tag = *(*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) + return (MBEDTLS_ERR_X509_INVALID_NAME + ret); val->p = *p; *p += val->len; - if( *p != end ) - { - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) { + return (MBEDTLS_ERR_X509_INVALID_NAME + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } cur->next = NULL; - return( 0 ); + return (0); } /* @@ -425,40 +410,37 @@ static int x509_get_attr_type_value( unsigned char **p, * same set so that they are "merged" together in the functions that consume * this list, eg mbedtls_x509_dn_gets(). */ -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur ) -{ +int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, + mbedtls_x509_name *cur) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t set_len; const unsigned char *end_set; /* don't use recursion, we'd risk stack overflow if not optimized */ - while( 1 ) - { + while (1) { /* * parse SET */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) + return (MBEDTLS_ERR_X509_INVALID_NAME + ret); end_set = *p + set_len; - while( 1 ) - { - if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 ) - return( ret ); + while (1) { + if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) + return (ret); - if( *p == end_set ) + if (*p == end_set) break; /* Mark this item as being no the only one in a set */ cur->next_merged = 1; - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (cur->next == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); cur = cur->next; } @@ -466,116 +448,116 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, /* * continue until end of SEQUENCE is reached */ - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_name ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); - if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (cur->next == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); cur = cur->next; } } -static int x509_parse_int( unsigned char **p, size_t n, int *res ) -{ +static int x509_parse_int(unsigned char **p, size_t n, int *res) { *res = 0; - for( ; n > 0; --n ) - { - if( ( **p < '0') || ( **p > '9' ) ) - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + for (; n > 0; --n) { + if ((**p < '0') || (**p > '9')) + return (MBEDTLS_ERR_X509_INVALID_DATE); *res *= 10; - *res += ( *(*p)++ - '0' ); + *res += (*(*p)++ - '0'); } - return( 0 ); + return (0); } -static int x509_date_is_valid(const mbedtls_x509_time *t ) -{ +static int x509_date_is_valid(const mbedtls_x509_time *t) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; int month_len; - CHECK_RANGE( 0, 9999, t->year ); - CHECK_RANGE( 0, 23, t->hour ); - CHECK_RANGE( 0, 59, t->min ); - CHECK_RANGE( 0, 59, t->sec ); + CHECK_RANGE(0, 9999, t->year); + CHECK_RANGE(0, 23, t->hour); + CHECK_RANGE(0, 59, t->min); + CHECK_RANGE(0, 59, t->sec); - switch( t->mon ) - { - case 1: case 3: case 5: case 7: case 8: case 10: case 12: + switch (t->mon) { + case 1: + case 3: + case 5: + case 7: + case 8: + case 10: + case 12: month_len = 31; break; - case 4: case 6: case 9: case 11: + case 4: + case 6: + case 9: + case 11: month_len = 30; break; case 2: - if( ( !( t->year % 4 ) && t->year % 100 ) || - !( t->year % 400 ) ) + if ((!(t->year % 4) && t->year % 100) || + !(t->year % 400)) month_len = 29; else month_len = 28; break; default: - return( ret ); + return (ret); } - CHECK_RANGE( 1, month_len, t->day ); + CHECK_RANGE(1, month_len, t->day); - return( 0 ); + return (0); } /* * Parse an ASN1_UTC_TIME (yearlen=2) or ASN1_GENERALIZED_TIME (yearlen=4) * field. */ -static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, - mbedtls_x509_time *tm ) -{ +static int x509_parse_time(unsigned char **p, size_t len, size_t yearlen, + mbedtls_x509_time *tm) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* * Minimum length is 10 or 12 depending on yearlen */ - if ( len < yearlen + 8 ) - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + if (len < yearlen + 8) + return (MBEDTLS_ERR_X509_INVALID_DATE); len -= yearlen + 8; /* * Parse year, month, day, hour, minute */ - CHECK( x509_parse_int( p, yearlen, &tm->year ) ); - if ( 2 == yearlen ) - { - if ( tm->year < 50 ) + CHECK(x509_parse_int(p, yearlen, &tm->year)); + if (2 == yearlen) { + if (tm->year < 50) tm->year += 100; tm->year += 1900; } - CHECK( x509_parse_int( p, 2, &tm->mon ) ); - CHECK( x509_parse_int( p, 2, &tm->day ) ); - CHECK( x509_parse_int( p, 2, &tm->hour ) ); - CHECK( x509_parse_int( p, 2, &tm->min ) ); + CHECK(x509_parse_int(p, 2, &tm->mon)); + CHECK(x509_parse_int(p, 2, &tm->day)); + CHECK(x509_parse_int(p, 2, &tm->hour)); + CHECK(x509_parse_int(p, 2, &tm->min)); /* * Parse seconds if present */ - if ( len >= 2 ) - { - CHECK( x509_parse_int( p, 2, &tm->sec ) ); + if (len >= 2) { + CHECK(x509_parse_int(p, 2, &tm->sec)); len -= 2; - } - else - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + } else + return (MBEDTLS_ERR_X509_INVALID_DATE); /* * Parse trailing 'Z' if present */ - if ( 1 == len && 'Z' == **p ) - { + if (1 == len && 'Z' == **p) { (*p)++; len--; } @@ -583,12 +565,12 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, /* * We should have parsed all characters at this point */ - if ( 0 != len ) - return ( MBEDTLS_ERR_X509_INVALID_DATE ); + if (0 != len) + return (MBEDTLS_ERR_X509_INVALID_DATE); - CHECK( x509_date_is_valid( tm ) ); + CHECK(x509_date_is_valid(tm)); - return ( 0 ); + return (0); } /* @@ -596,50 +578,48 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, * utcTime UTCTime, * generalTime GeneralizedTime } */ -int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *tm ) -{ +int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, + mbedtls_x509_time *tm) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, year_len; unsigned char tag; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) + return (MBEDTLS_ERR_X509_INVALID_DATE + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); tag = **p; - if( tag == MBEDTLS_ASN1_UTC_TIME ) + if (tag == MBEDTLS_ASN1_UTC_TIME) year_len = 2; - else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) + else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) year_len = 4; else - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return (MBEDTLS_ERR_X509_INVALID_DATE + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); (*p)++; - ret = mbedtls_asn1_get_len( p, end, &len ); + ret = mbedtls_asn1_get_len(p, end, &len); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + if (ret != 0) + return (MBEDTLS_ERR_X509_INVALID_DATE + ret); - return x509_parse_time( p, len, year_len, tm ); + return x509_parse_time(p, len, year_len, tm); } -int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) -{ +int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; int tag_type; - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if ((end - *p) < 1) + return (MBEDTLS_ERR_X509_INVALID_SIGNATURE + + MBEDTLS_ERR_ASN1_OUT_OF_DATA); tag_type = **p; - if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret ); + if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) + return (MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret); sig->tag = tag_type; sig->len = len; @@ -647,74 +627,69 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x *p += len; - return( 0 ); + return (0); } /* * Get signature algorithm from alg OID and optional parameters */ -int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts ) -{ +int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, + void **sig_opts) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( *sig_opts != NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (*sig_opts != NULL) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret ); + if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) + return (MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( *pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { + if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { mbedtls_pk_rsassa_pss_options *pss_opts; - pss_opts = mbedtls_calloc( 1, sizeof( mbedtls_pk_rsassa_pss_options ) ); - if( pss_opts == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); + if (pss_opts == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); - ret = mbedtls_x509_get_rsassa_pss_params( sig_params, - md_alg, - &pss_opts->mgf1_hash_id, - &pss_opts->expected_salt_len ); - if( ret != 0 ) - { - mbedtls_free( pss_opts ); - return( ret ); + ret = mbedtls_x509_get_rsassa_pss_params(sig_params, + md_alg, + &pss_opts->mgf1_hash_id, + &pss_opts->expected_salt_len); + if (ret != 0) { + mbedtls_free(pss_opts); + return (ret); } *sig_opts = (void *) pss_opts; - } - else + } else #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ { /* Make sure parameters are absent or NULL */ - if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) || - sig_params->len != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG ); + if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || + sig_params->len != 0) + return (MBEDTLS_ERR_X509_INVALID_ALG); } - return( 0 ); + return (0); } /* * X.509 Extensions (No parsing of extensions, pointer should * be either manually updated or extensions should be parsed!) */ -int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag ) -{ +int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *ext, int tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; /* Extension structure use EXPLICIT tagging. That is, the actual * `Extensions` structure is wrapped by a tag-length pair using * the respective context-specific tag. */ - ret = mbedtls_asn1_get_tag( p, end, &ext->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + ret = mbedtls_asn1_get_tag(p, end, &ext->len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); + if (ret != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ext->p = *p; @@ -723,23 +698,22 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( end != *p + len ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (end != *p + len) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* * Store the name in printable form into buf; no more * than size characters will be written */ -int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) -{ +int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n; unsigned char c, merge = 0; @@ -747,61 +721,56 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) const char *short_name = NULL; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - memset( s, 0, sizeof( s ) ); + memset(s, 0, sizeof(s)); name = dn; p = buf; n = size; - while( name != NULL ) - { - if( !name->oid.p ) - { + while (name != NULL) { + if (!name->oid.p) { name = name->next; continue; } - if( name != dn ) - { - ret = mbedtls_snprintf( p, n, merge ? " + " : ", " ); + if (name != dn) { + ret = mbedtls_snprintf(p, n, merge ? " + " : ", "); MBEDTLS_X509_SAFE_SNPRINTF; } - ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name ); + ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name); - if( ret == 0 ) - ret = mbedtls_snprintf( p, n, "%s=", short_name ); + if (ret == 0) + ret = mbedtls_snprintf(p, n, "%s=", short_name); else - ret = mbedtls_snprintf( p, n, "\?\?=" ); + ret = mbedtls_snprintf(p, n, "\?\?="); MBEDTLS_X509_SAFE_SNPRINTF; - for( i = 0; i < name->val.len; i++ ) - { - if( i >= sizeof( s ) - 1 ) + for (i = 0; i < name->val.len; i++) { + if (i >= sizeof(s) - 1) break; c = name->val.p[i]; - if( c < 32 || c >= 127 ) - s[i] = '?'; + if (c < 32 || c >= 127) + s[i] = '?'; else s[i] = c; } s[i] = '\0'; - ret = mbedtls_snprintf( p, n, "%s", s ); + ret = mbedtls_snprintf(p, n, "%s", s); MBEDTLS_X509_SAFE_SNPRINTF; merge = name->next_merged; name = name->next; } - return( (int) ( size - n ) ); + return ((int)(size - n)); } /* * Store the serial in printable form into buf; no more * than size characters will be written */ -int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ) -{ +int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, nr; char *p; @@ -809,62 +778,58 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se p = buf; n = size; - nr = ( serial->len <= 32 ) - ? serial->len : 28; + nr = (serial->len <= 32) + ? serial->len : 28; - for( i = 0; i < nr; i++ ) - { - if( i == 0 && nr > 1 && serial->p[i] == 0x0 ) + for (i = 0; i < nr; i++) { + if (i == 0 && nr > 1 && serial->p[i] == 0x0) continue; - ret = mbedtls_snprintf( p, n, "%02X%s", - serial->p[i], ( i < nr - 1 ) ? ":" : "" ); + ret = mbedtls_snprintf(p, n, "%02X%s", + serial->p[i], (i < nr - 1) ? ":" : ""); MBEDTLS_X509_SAFE_SNPRINTF; } - if( nr != serial->len ) - { - ret = mbedtls_snprintf( p, n, "...." ); + if (nr != serial->len) { + ret = mbedtls_snprintf(p, n, "...."); MBEDTLS_X509_SAFE_SNPRINTF; } - return( (int) ( size - n ) ); + return ((int)(size - n)); } /* * Helper for writing signature algorithms */ -int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts ) -{ +int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const void *sig_opts) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; char *p = buf; size_t n = size; const char *desc = NULL; - ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc ); - if( ret != 0 ) - ret = mbedtls_snprintf( p, n, "???" ); + ret = mbedtls_oid_get_sig_alg_desc(sig_oid, &desc); + if (ret != 0) + ret = mbedtls_snprintf(p, n, "???"); else - ret = mbedtls_snprintf( p, n, "%s", desc ); + ret = mbedtls_snprintf(p, n, "%s", desc); MBEDTLS_X509_SAFE_SNPRINTF; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { + if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { const mbedtls_pk_rsassa_pss_options *pss_opts; const mbedtls_md_info_t *md_info, *mgf_md_info; pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts; - md_info = mbedtls_md_info_from_type( md_alg ); - mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id ); + md_info = mbedtls_md_info_from_type(md_alg); + mgf_md_info = mbedtls_md_info_from_type(pss_opts->mgf1_hash_id); - ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)", - md_info ? mbedtls_md_get_name( md_info ) : "???", - mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???", - (unsigned int) pss_opts->expected_salt_len ); + ret = mbedtls_snprintf(p, n, " (%s, MGF1-%s, 0x%02X)", + md_info ? mbedtls_md_get_name(md_info) : "???", + mgf_md_info ? mbedtls_md_get_name(mgf_md_info) : "???", + (unsigned int) pss_opts->expected_salt_len); MBEDTLS_X509_SAFE_SNPRINTF; } #else @@ -873,22 +838,21 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s ((void) sig_opts); #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - return( (int)( size - n ) ); + return ((int)(size - n)); } /* * Helper for writing "RSA key size", "EC key size", etc */ -int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) -{ +int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name) { char *p = buf; size_t n = buf_size; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_snprintf( p, n, "%s key size", name ); + ret = mbedtls_snprintf(p, n, "%s key size", name); MBEDTLS_X509_SAFE_SNPRINTF; - return( 0 ); + return (0); } #if defined(MBEDTLS_HAVE_TIME_DATE) @@ -896,19 +860,17 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) * Set the time structure to the current time. * Return 0 on success, non-zero on failure. */ -static int x509_get_current_time( mbedtls_x509_time *now ) -{ +static int x509_get_current_time(mbedtls_x509_time *now) { struct tm *lt, tm_buf; mbedtls_time_t tt; int ret = 0; - tt = mbedtls_time( NULL ); - lt = mbedtls_platform_gmtime_r( &tt, &tm_buf ); + tt = mbedtls_time(NULL); + lt = mbedtls_platform_gmtime_r(&tt, &tm_buf); - if( lt == NULL ) + if (lt == NULL) ret = -1; - else - { + else { now->year = lt->tm_year + 1900; now->mon = lt->tm_mon + 1; now->day = lt->tm_mday; @@ -917,82 +879,77 @@ static int x509_get_current_time( mbedtls_x509_time *now ) now->sec = lt->tm_sec; } - return( ret ); + return (ret); } /* * Return 0 if before <= after, 1 otherwise */ -static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after ) -{ - if( before->year > after->year ) - return( 1 ); +static int x509_check_time(const mbedtls_x509_time *before, const mbedtls_x509_time *after) { + if (before->year > after->year) + return (1); - if( before->year == after->year && - before->mon > after->mon ) - return( 1 ); + if (before->year == after->year && + before->mon > after->mon) + return (1); - if( before->year == after->year && - before->mon == after->mon && - before->day > after->day ) - return( 1 ); + if (before->year == after->year && + before->mon == after->mon && + before->day > after->day) + return (1); - if( before->year == after->year && - before->mon == after->mon && - before->day == after->day && - before->hour > after->hour ) - return( 1 ); + if (before->year == after->year && + before->mon == after->mon && + before->day == after->day && + before->hour > after->hour) + return (1); - if( before->year == after->year && - before->mon == after->mon && - before->day == after->day && - before->hour == after->hour && - before->min > after->min ) - return( 1 ); + if (before->year == after->year && + before->mon == after->mon && + before->day == after->day && + before->hour == after->hour && + before->min > after->min) + return (1); - if( before->year == after->year && - before->mon == after->mon && - before->day == after->day && - before->hour == after->hour && - before->min == after->min && - before->sec > after->sec ) - return( 1 ); + if (before->year == after->year && + before->mon == after->mon && + before->day == after->day && + before->hour == after->hour && + before->min == after->min && + before->sec > after->sec) + return (1); - return( 0 ); + return (0); } -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ) -{ +int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) { mbedtls_x509_time now; - if( x509_get_current_time( &now ) != 0 ) - return( 1 ); + if (x509_get_current_time(&now) != 0) + return (1); - return( x509_check_time( &now, to ) ); + return (x509_check_time(&now, to)); } -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) -{ +int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) { mbedtls_x509_time now; - if( x509_get_current_time( &now ) != 0 ) - return( 1 ); + if (x509_get_current_time(&now) != 0) + return (1); - return( x509_check_time( from, &now ) ); + return (x509_check_time(from, &now)); } #else /* MBEDTLS_HAVE_TIME_DATE */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ) -{ +int mbedtls_x509_time_is_past(const mbedtls_x509_time *to) { ((void) to); - return( 0 ); + return (0); } -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) -{ +int mbedtls_x509_time_is_future(const mbedtls_x509_time *from) { ((void) from); - return( 0 ); + return (0); } #endif /* MBEDTLS_HAVE_TIME_DATE */ @@ -1004,62 +961,58 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ) /* * Checkup routine */ -int mbedtls_x509_self_test( int verbose ) -{ +int mbedtls_x509_self_test(int verbose) { int ret = 0; #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C) uint32_t flags; mbedtls_x509_crt cacert; mbedtls_x509_crt clicert; - if( verbose != 0 ) - mbedtls_printf( " X.509 certificate load: " ); + if (verbose != 0) + mbedtls_printf(" X.509 certificate load: "); - mbedtls_x509_crt_init( &cacert ); - mbedtls_x509_crt_init( &clicert ); + mbedtls_x509_crt_init(&cacert); + mbedtls_x509_crt_init(&clicert); - ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, - mbedtls_test_cli_crt_len ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt, + mbedtls_test_cli_crt_len); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); goto cleanup; } - ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt, - mbedtls_test_ca_crt_len ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_ca_crt, + mbedtls_test_ca_crt_len); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n X.509 signature verify: "); + if (verbose != 0) + mbedtls_printf("passed\n X.509 signature verify: "); - ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL ); - if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_x509_crt_verify(&clicert, &cacert, NULL, NULL, &flags, NULL, NULL); + if (ret != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); goto cleanup; } - if( verbose != 0 ) - mbedtls_printf( "passed\n\n"); + if (verbose != 0) + mbedtls_printf("passed\n\n"); cleanup: - mbedtls_x509_crt_free( &cacert ); - mbedtls_x509_crt_free( &clicert ); + mbedtls_x509_crt_free(&cacert); + mbedtls_x509_crt_free(&clicert); #else ((void) verbose); #endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA256_C */ - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/x509.h b/common/mbedtls/x509.h index 08525e26d..2f430d4dd 100644 --- a/common/mbedtls/x509.h +++ b/common/mbedtls/x509.h @@ -227,8 +227,7 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name; typedef mbedtls_asn1_sequence mbedtls_x509_sequence; /** Container for date and time (precision in seconds). */ -typedef struct mbedtls_x509_time -{ +typedef struct mbedtls_x509_time { int year, mon, day; /**< Date. */ int hour, min, sec; /**< Time. */ } @@ -248,7 +247,7 @@ mbedtls_x509_time; * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ); +int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** * \brief Store the certificate serial in printable form into buf; @@ -261,7 +260,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ); * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ); +int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial); /** * \brief Check a given mbedtls_x509_time against the system time @@ -275,7 +274,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * \return 1 if the given time is in the past or an error occurred, * 0 otherwise. */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); +int mbedtls_x509_time_is_past(const mbedtls_x509_time *to); /** * \brief Check a given mbedtls_x509_time against the system time @@ -289,7 +288,7 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); * \return 1 if the given time is in the future or an error occurred, * 0 otherwise. */ -int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); +int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); #if defined(MBEDTLS_SELF_TEST) @@ -298,7 +297,7 @@ int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_x509_self_test( int verbose ); +int mbedtls_x509_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ @@ -306,42 +305,42 @@ int mbedtls_x509_self_test( int verbose ); * Internal module functions. You probably do not want to use these unless you * know you do. */ -int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur ); -int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg ); -int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params ); +int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, + mbedtls_x509_name *cur); +int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg); +int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg, mbedtls_x509_buf *params); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len ); +int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, + mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, + int *salt_len); #endif -int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ); -int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts ); -int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *t ); -int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial ); -int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag ); -int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts ); -int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ); -int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name ); -int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, - size_t val_len ); -int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ); -int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ); -int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size ); +int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); +int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, + void **sig_opts); +int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, + mbedtls_x509_time *t); +int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *serial); +int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *ext, int tag); +int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const void *sig_opts); +int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); +int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); +int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, + int critical, const unsigned char *val, + size_t val_len); +int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first); +int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first); +int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + unsigned char *sig, size_t size); #define MBEDTLS_X509_SAFE_SNPRINTF \ do { \ diff --git a/common/mbedtls/x509_create.c b/common/mbedtls/x509_create.c index 056bbaa78..9cd33c789 100644 --- a/common/mbedtls/x509_create.c +++ b/common/mbedtls/x509_create.c @@ -31,12 +31,12 @@ /* Structure linking OIDs for X.509 DN AttributeTypes to their * string representations and default string encodings used by Mbed TLS. */ typedef struct { - const char *name; /* String representation of AttributeType, e.g. + const char *name; /* String representation of AttributeType, e.g. * "CN" or "emailAddress". */ - size_t name_len; /* Length of 'name', without trailing 0 byte. */ - const char *oid; /* String representation of OID of AttributeType, + size_t name_len; /* Length of 'name', without trailing 0 byte. */ + const char *oid; /* String representation of OID of AttributeType, * as per RFC 5280, Appendix A.1. */ - int default_tag; /* The default character encoding used for the + int default_tag; /* The default character encoding used for the * given attribute type, e.g. * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ } x509_attr_descriptor_t; @@ -44,102 +44,152 @@ typedef struct { #define ADD_STRLEN( s ) s, sizeof( s ) - 1 /* X.509 DN attributes from RFC 5280, Appendix A.1. */ -static const x509_attr_descriptor_t x509_attrs[] = -{ - { ADD_STRLEN( "CN" ), - MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "commonName" ), - MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "C" ), - MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "countryName" ), - MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "O" ), - MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "organizationName" ), - MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "L" ), - MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "locality" ), - MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "R" ), - MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "OU" ), - MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "organizationalUnitName" ), - MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "ST" ), - MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "stateOrProvinceName" ), - MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "emailAddress" ), - MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "serialNumber" ), - MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "postalAddress" ), - MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "postalCode" ), - MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "dnQualifier" ), - MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING }, - { ADD_STRLEN( "title" ), - MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "surName" ), - MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "SN" ), - MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "givenName" ), - MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "GN" ), - MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "initials" ), - MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "pseudonym" ), - MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "generationQualifier" ), - MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING }, - { ADD_STRLEN( "domainComponent" ), - MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, - { ADD_STRLEN( "DC" ), - MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING }, +static const x509_attr_descriptor_t x509_attrs[] = { + { + ADD_STRLEN("CN"), + MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("commonName"), + MBEDTLS_OID_AT_CN, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("C"), + MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING + }, + { + ADD_STRLEN("countryName"), + MBEDTLS_OID_AT_COUNTRY, MBEDTLS_ASN1_PRINTABLE_STRING + }, + { + ADD_STRLEN("O"), + MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("organizationName"), + MBEDTLS_OID_AT_ORGANIZATION, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("L"), + MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("locality"), + MBEDTLS_OID_AT_LOCALITY, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("R"), + MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING + }, + { + ADD_STRLEN("OU"), + MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("organizationalUnitName"), + MBEDTLS_OID_AT_ORG_UNIT, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("ST"), + MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("stateOrProvinceName"), + MBEDTLS_OID_AT_STATE, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("emailAddress"), + MBEDTLS_OID_PKCS9_EMAIL, MBEDTLS_ASN1_IA5_STRING + }, + { + ADD_STRLEN("serialNumber"), + MBEDTLS_OID_AT_SERIAL_NUMBER, MBEDTLS_ASN1_PRINTABLE_STRING + }, + { + ADD_STRLEN("postalAddress"), + MBEDTLS_OID_AT_POSTAL_ADDRESS, MBEDTLS_ASN1_PRINTABLE_STRING + }, + { + ADD_STRLEN("postalCode"), + MBEDTLS_OID_AT_POSTAL_CODE, MBEDTLS_ASN1_PRINTABLE_STRING + }, + { + ADD_STRLEN("dnQualifier"), + MBEDTLS_OID_AT_DN_QUALIFIER, MBEDTLS_ASN1_PRINTABLE_STRING + }, + { + ADD_STRLEN("title"), + MBEDTLS_OID_AT_TITLE, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("surName"), + MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("SN"), + MBEDTLS_OID_AT_SUR_NAME, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("givenName"), + MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("GN"), + MBEDTLS_OID_AT_GIVEN_NAME, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("initials"), + MBEDTLS_OID_AT_INITIALS, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("pseudonym"), + MBEDTLS_OID_AT_PSEUDONYM, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("generationQualifier"), + MBEDTLS_OID_AT_GENERATION_QUALIFIER, MBEDTLS_ASN1_UTF8_STRING + }, + { + ADD_STRLEN("domainComponent"), + MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING + }, + { + ADD_STRLEN("DC"), + MBEDTLS_OID_DOMAIN_COMPONENT, MBEDTLS_ASN1_IA5_STRING + }, { NULL, 0, NULL, MBEDTLS_ASN1_NULL } }; -static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len ) -{ +static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, size_t name_len) { const x509_attr_descriptor_t *cur; - for( cur = x509_attrs; cur->name != NULL; cur++ ) - if( cur->name_len == name_len && - strncmp( cur->name, name, name_len ) == 0 ) + for (cur = x509_attrs; cur->name != NULL; cur++) + if (cur->name_len == name_len && + strncmp(cur->name, name, name_len) == 0) break; - if ( cur->name == NULL ) - return( NULL ); + if (cur->name == NULL) + return (NULL); - return( cur ); + return (cur); } -int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name ) -{ +int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { int ret = 0; const char *s = name, *c = s; - const char *end = s + strlen( s ); + const char *end = s + strlen(s); const char *oid = NULL; - const x509_attr_descriptor_t* attr_descr = NULL; + const x509_attr_descriptor_t *attr_descr = NULL; int in_tag = 1; char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; char *d = data; /* Clear existing chain if present */ - mbedtls_asn1_free_named_data_list( head ); + mbedtls_asn1_free_named_data_list(head); - while( c <= end ) - { - if( in_tag && *c == '=' ) - { - if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL ) - { + while (c <= end) { + if (in_tag && *c == '=') { + if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { ret = MBEDTLS_ERR_X509_UNKNOWN_OID; goto exit; } @@ -150,45 +200,38 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na d = data; } - if( !in_tag && *c == '\\' && c != end ) - { + if (!in_tag && *c == '\\' && c != end) { c++; /* Check for valid escaped characters */ - if( c == end || *c != ',' ) - { + if (c == end || *c != ',') { ret = MBEDTLS_ERR_X509_INVALID_NAME; goto exit; } - } - else if( !in_tag && ( *c == ',' || c == end ) ) - { - mbedtls_asn1_named_data* cur = - mbedtls_asn1_store_named_data( head, oid, strlen( oid ), - (unsigned char *) data, - d - data ); + } else if (!in_tag && (*c == ',' || c == end)) { + mbedtls_asn1_named_data *cur = + mbedtls_asn1_store_named_data(head, oid, strlen(oid), + (unsigned char *) data, + d - data); - if(cur == NULL ) - { - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (cur == NULL) { + return (MBEDTLS_ERR_X509_ALLOC_FAILED); } // set tagType cur->val.tag = attr_descr->default_tag; - while( c < end && *(c + 1) == ' ' ) + while (c < end && *(c + 1) == ' ') c++; s = c + 1; in_tag = 1; } - if( !in_tag && s != c + 1 ) - { + if (!in_tag && s != c + 1) { *(d++) = *c; - if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE ) - { + if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { ret = MBEDTLS_ERR_X509_INVALID_NAME; goto exit; } @@ -199,27 +242,25 @@ int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *na exit: - return( ret ); + return (ret); } /* The first byte of the value in the mbedtls_asn1_named_data structure is reserved * to store the critical boolean for us */ -int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, size_t val_len ) -{ +int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, + int critical, const unsigned char *val, size_t val_len) { mbedtls_asn1_named_data *cur; - if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len, - NULL, val_len + 1 ) ) == NULL ) - { - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len, + NULL, val_len + 1)) == NULL) { + return (MBEDTLS_ERR_X509_ALLOC_FAILED); } cur->val.p[0] = critical; - memcpy( cur->val.p + 1, val, val_len ); + memcpy(cur->val.p + 1, val, val_len); - return( 0 ); + return (0); } /* @@ -234,115 +275,109 @@ int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, * * AttributeValue ::= ANY DEFINED BY AttributeType */ -static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name) -{ +static int x509_write_name(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *cur_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - const char *oid = (const char*)cur_name->oid.p; + const char *oid = (const char *)cur_name->oid.p; size_t oid_len = cur_name->oid.len; const unsigned char *name = cur_name->val.p; size_t name_len = cur_name->val.len; // Write correct string tag and value - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tagged_string( p, start, - cur_name->val.tag, - (const char *) name, - name_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tagged_string(p, start, + cur_name->val.tag, + (const char *) name, + name_len)); // Write OID // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, - oid_len ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, + oid_len)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SET ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SET)); - return( (int) len ); + return ((int) len); } -int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ) -{ +int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_asn1_named_data *cur = first; - while( cur != NULL ) - { - MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, cur ) ); + while (cur != NULL) { + MBEDTLS_ASN1_CHK_ADD(len, x509_write_name(p, start, cur)); cur = cur->next; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return ((int) len); } -int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size ) -{ +int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + unsigned char *sig, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - if( *p < start || (size_t)( *p - start ) < size ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p < start || (size_t)(*p - start) < size) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); len = size; (*p) -= len; - memcpy( *p, sig, len ); + memcpy(*p, sig, len); - if( *p - start < 1 ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + if (*p - start < 1) + return (MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); *--(*p) = 0; len += 1; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); // Write OID // - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid, - oid_len, 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid, + oid_len, 0)); - return( (int) len ); + return ((int) len); } -static int x509_write_extension( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *ext ) -{ +static int x509_write_extension(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *ext) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1, - ext->val.len - 1 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->val.p + 1, + ext->val.len - 1)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->val.len - 1)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - if( ext->val.p[0] != 0 ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) ); + if (ext->val.p[0] != 0) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(p, start, 1)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p, - ext->oid.len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, ext->oid.p, + ext->oid.len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, ext->oid.len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return ((int) len); } /* @@ -355,20 +390,18 @@ static int x509_write_extension( unsigned char **p, unsigned char *start, * -- by extnID * } */ -int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first ) -{ +int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_asn1_named_data *cur_ext = first; - while( cur_ext != NULL ) - { - MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) ); + while (cur_ext != NULL) { + MBEDTLS_ASN1_CHK_ADD(len, x509_write_extension(p, start, cur_ext)); cur_ext = cur_ext->next; } - return( (int) len ); + return ((int) len); } #endif /* MBEDTLS_X509_CREATE_C */ diff --git a/common/mbedtls/x509_crl.c b/common/mbedtls/x509_crl.c index edeb39b02..595ba95fe 100644 --- a/common/mbedtls/x509_crl.c +++ b/common/mbedtls/x509_crl.c @@ -65,24 +65,21 @@ /* * Version ::= INTEGER { v1(0), v2(1) } */ -static int x509_crl_get_version( unsigned char **p, - const unsigned char *end, - int *ver ) -{ +static int x509_crl_get_version(unsigned char **p, + const unsigned char *end, + int *ver) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { *ver = 0; - return( 0 ); + return (0); } - return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); + return (MBEDTLS_ERR_X509_INVALID_VERSION + ret); } - return( 0 ); + return (0); } /* @@ -92,26 +89,24 @@ static int x509_crl_get_version( unsigned char **p, * list of extensions is well-formed and abort on critical extensions (that * are unsupported as we don't support any extension so far) */ -static int x509_get_crl_ext( unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext ) -{ +static int x509_get_crl_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *ext) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); /* * crlExtensions [0] EXPLICIT Extensions OPTIONAL * -- if present, version MUST be v2 */ - if( ( ret = mbedtls_x509_get_ext( p, end, ext, 0 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_ext(p, end, ext, 0)) != 0) + return (ret); end = ext->p + ext->len; - while( *p < end ) - { + while (*p < end) { /* * Extension ::= SEQUENCE { * extnID OBJECT IDENTIFIER, @@ -123,65 +118,62 @@ static int x509_get_crl_ext( unsigned char **p, size_t len; /* Get enclosing sequence tag */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); end_ext_data = *p + len; /* Get OID (currently ignored) */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, - MBEDTLS_ASN1_OID ) ) != 0 ) - { - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, + MBEDTLS_ASN1_OID)) != 0) { + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); } *p += len; /* Get optional critical */ - if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, - &is_critical ) ) != 0 && - ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) - { - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, + &is_critical)) != 0 && + (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); } /* Data should be octet string type */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); /* Ignore data so far and just check its length */ *p += len; - if( *p != end_ext_data ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end_ext_data) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* Abort on (unsupported) critical extensions */ - if( is_critical ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if (is_critical) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* * X.509 CRL v2 entry extensions (no extensions parsed yet.) */ -static int x509_get_crl_entry_ext( unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *ext ) -{ +static int x509_get_crl_entry_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *ext) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* OPTIONAL */ - if( end <= *p ) - return( 0 ); + if (end <= *p) + return (0); ext->tag = **p; ext->p = *p; @@ -190,111 +182,102 @@ static int x509_get_crl_entry_ext( unsigned char **p, * Get CRL-entry extension sequence header * crlEntryExtensions Extensions OPTIONAL -- if present, MUST be v2 */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_tag(p, end, &ext->len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ext->p = NULL; - return( 0 ); + return (0); } - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); } end = *p + ext->len; - if( end != *p + ext->len ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (end != *p + ext->len) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - while( *p < end ) - { - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + while (*p < end) { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); *p += len; } - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* * X.509 CRL Entries */ -static int x509_get_entries( unsigned char **p, - const unsigned char *end, - mbedtls_x509_crl_entry *entry ) -{ +static int x509_get_entries(unsigned char **p, + const unsigned char *end, + mbedtls_x509_crl_entry *entry) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t entry_len; mbedtls_x509_crl_entry *cur_entry = entry; - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); - if( ( ret = mbedtls_asn1_get_tag( p, end, &entry_len, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( 0 ); + if ((ret = mbedtls_asn1_get_tag(p, end, &entry_len, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (0); - return( ret ); + return (ret); } end = *p + entry_len; - while( *p < end ) - { + while (*p < end) { size_t len2; const unsigned char *end2; cur_entry->raw.tag = **p; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len2, - MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len2, + MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED)) != 0) { + return (ret); } cur_entry->raw.p = *p; cur_entry->raw.len = len2; end2 = *p + len2; - if( ( ret = mbedtls_x509_get_serial( p, end2, &cur_entry->serial ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_serial(p, end2, &cur_entry->serial)) != 0) + return (ret); - if( ( ret = mbedtls_x509_get_time( p, end2, - &cur_entry->revocation_date ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_time(p, end2, + &cur_entry->revocation_date)) != 0) + return (ret); - if( ( ret = x509_get_crl_entry_ext( p, end2, - &cur_entry->entry_ext ) ) != 0 ) - return( ret ); + if ((ret = x509_get_crl_entry_ext(p, end2, + &cur_entry->entry_ext)) != 0) + return (ret); - if( *p < end ) - { - cur_entry->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl_entry ) ); + if (*p < end) { + cur_entry->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl_entry)); - if( cur_entry->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (cur_entry->next == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); cur_entry = cur_entry->next; } } - return( 0 ); + return (0); } /* * Parse one CRLs in DER format and append it to the chained list */ -int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen ) -{ +int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, + const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p = NULL, *end = NULL; @@ -304,44 +287,42 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, /* * Check for valid input */ - if( crl == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (crl == NULL || buf == NULL) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); + memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); /* * Add new CRL on the end of the chain if needed. */ - while( crl->version != 0 && crl->next != NULL ) + while (crl->version != 0 && crl->next != NULL) crl = crl->next; - if( crl->version != 0 && crl->next == NULL ) - { - crl->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ); + if (crl->version != 0 && crl->next == NULL) { + crl->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crl)); - if( crl->next == NULL ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (crl->next == NULL) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_ALLOC_FAILED); } - mbedtls_x509_crl_init( crl->next ); + mbedtls_x509_crl_init(crl->next); crl = crl->next; } /* * Copy raw DER-encoded CRL */ - if( buflen == 0 ) - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if (buflen == 0) + return (MBEDTLS_ERR_X509_INVALID_FORMAT); - p = mbedtls_calloc( 1, buflen ); - if( p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + p = mbedtls_calloc(1, buflen); + if (p == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); - memcpy( p, buf, buflen ); + memcpy(p, buf, buflen); crl->raw.p = p; crl->raw.len = buflen; @@ -354,18 +335,16 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_INVALID_FORMAT); } - if( len != (size_t) ( end - p ) ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (len != (size_t)(end - p)) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } /* @@ -373,11 +352,10 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, */ crl->tbs.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } end = p + len; @@ -389,27 +367,24 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * * signature AlgorithmIdentifier */ - if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 || - ( ret = mbedtls_x509_get_alg( &p, end, &crl->sig_oid, &sig_params1 ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = x509_crl_get_version(&p, end, &crl->version)) != 0 || + (ret = mbedtls_x509_get_alg(&p, end, &crl->sig_oid, &sig_params1)) != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } - if( crl->version < 0 || crl->version > 1 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + if (crl->version < 0 || crl->version > 1) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_UNKNOWN_VERSION); } crl->version++; - if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, - &crl->sig_md, &crl->sig_pk, - &crl->sig_opts ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); + if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1, + &crl->sig_md, &crl->sig_pk, + &crl->sig_opts)) != 0) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG); } /* @@ -417,17 +392,15 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, */ crl->issuer_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } - if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_name(&p, p + len, &crl->issuer)) != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } crl->issuer_raw.len = p - crl->issuer_raw.p; @@ -436,21 +409,18 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * thisUpdate Time * nextUpdate Time OPTIONAL */ - if( ( ret = mbedtls_x509_get_time( &p, end, &crl->this_update ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_time(&p, end, &crl->this_update)) != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } - if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) - { - if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) && - ret != ( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_time(&p, end, &crl->next_update)) != 0) { + if (ret != (MBEDTLS_ERR_X509_INVALID_DATE + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) && + ret != (MBEDTLS_ERR_X509_INVALID_DATE + + MBEDTLS_ERR_ASN1_OUT_OF_DATA)) { + mbedtls_x509_crl_free(crl); + return (ret); } } @@ -462,32 +432,28 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * -- if present, MUST be v2 * } OPTIONAL */ - if( ( ret = x509_get_entries( &p, end, &crl->entry ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = x509_get_entries(&p, end, &crl->entry)) != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } /* * crlExtensions EXPLICIT Extensions OPTIONAL * -- if present, MUST be v2 */ - if( crl->version == 2 ) - { - ret = x509_get_crl_ext( &p, end, &crl->crl_ext ); + if (crl->version == 2) { + ret = x509_get_crl_ext(&p, end, &crl->crl_ext); - if( ret != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if (ret != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } } - if( p != end ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } end = crl->raw.p + crl->raw.len; @@ -496,68 +462,61 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ - if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } - if( crl->sig_oid.len != sig_oid2.len || - memcmp( crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len ) != 0 || - sig_params1.len != sig_params2.len || - ( sig_params1.len != 0 && - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_SIG_MISMATCH ); + if (crl->sig_oid.len != sig_oid2.len || + memcmp(crl->sig_oid.p, sig_oid2.p, crl->sig_oid.len) != 0 || + sig_params1.len != sig_params2.len || + (sig_params1.len != 0 && + memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_SIG_MISMATCH); } - if( ( ret = mbedtls_x509_get_sig( &p, end, &crl->sig ) ) != 0 ) - { - mbedtls_x509_crl_free( crl ); - return( ret ); + if ((ret = mbedtls_x509_get_sig(&p, end, &crl->sig)) != 0) { + mbedtls_x509_crl_free(crl); + return (ret); } - if( p != end ) - { - mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + mbedtls_x509_crl_free(crl); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return (0); } /* * Parse one or more CRLs and add them to the chained list */ -int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) -{ +int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) { #if defined(MBEDTLS_PEM_PARSE_C) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t use_len = 0; mbedtls_pem_context pem; int is_pem = 0; - if( chain == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (chain == NULL || buf == NULL) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - do - { - mbedtls_pem_init( &pem ); + do { + mbedtls_pem_init(&pem); // Avoid calling mbedtls_pem_read_buffer() on non-null-terminated // string - if( buflen == 0 || buf[buflen - 1] != '\0' ) + if (buflen == 0 || buf[buflen - 1] != '\0') ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; else - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN X509 CRL-----", - "-----END X509 CRL-----", - buf, NULL, 0, &use_len ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len); - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded */ @@ -566,51 +525,47 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s buflen -= use_len; buf += use_len; - if( ( ret = mbedtls_x509_crl_parse_der( chain, - pem.buf, pem.buflen ) ) != 0 ) - { - mbedtls_pem_free( &pem ); - return( ret ); + if ((ret = mbedtls_x509_crl_parse_der(chain, + pem.buf, pem.buflen)) != 0) { + mbedtls_pem_free(&pem); + return (ret); } - } - else if( is_pem ) - { - mbedtls_pem_free( &pem ); - return( ret ); + } else if (is_pem) { + mbedtls_pem_free(&pem); + return (ret); } - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); } /* In the PEM case, buflen is 1 at the end, for the terminated NULL byte. * And a valid CRL cannot be less than 1 byte anyway. */ - while( is_pem && buflen > 1 ); + while (is_pem && buflen > 1); - if( is_pem ) - return( 0 ); + if (is_pem) + return (0); else #endif /* MBEDTLS_PEM_PARSE_C */ - return( mbedtls_x509_crl_parse_der( chain, buf, buflen ) ); + return (mbedtls_x509_crl_parse_der(chain, buf, buflen)); } #if defined(MBEDTLS_FS_IO) /* * Load one or more CRLs and add them to the chained list */ -int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) -{ +int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) + return (ret); - ret = mbedtls_x509_crl_parse( chain, buf, n ); + ret = mbedtls_x509_crl_parse(chain, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ @@ -622,9 +577,8 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) /* * Return an informational string about the CRL. */ -int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl ) -{ +int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crl *crl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; @@ -633,80 +587,77 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = mbedtls_snprintf( p, n, "%sCRL version : %d", - prefix, crl->version ); + ret = mbedtls_snprintf(p, n, "%sCRL version : %d", + prefix, crl->version); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &crl->issuer ); + ret = mbedtls_x509_dn_gets(p, n, &crl->issuer); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sthis update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->this_update.year, crl->this_update.mon, - crl->this_update.day, crl->this_update.hour, - crl->this_update.min, crl->this_update.sec ); + ret = mbedtls_snprintf(p, n, "\n%sthis update : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crl->this_update.year, crl->this_update.mon, + crl->this_update.day, crl->this_update.hour, + crl->this_update.min, crl->this_update.sec); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%snext update : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crl->next_update.year, crl->next_update.mon, - crl->next_update.day, crl->next_update.hour, - crl->next_update.min, crl->next_update.sec ); + ret = mbedtls_snprintf(p, n, "\n%snext update : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crl->next_update.year, crl->next_update.mon, + crl->next_update.day, crl->next_update.hour, + crl->next_update.min, crl->next_update.sec); MBEDTLS_X509_SAFE_SNPRINTF; entry = &crl->entry; - ret = mbedtls_snprintf( p, n, "\n%sRevoked certificates:", - prefix ); + ret = mbedtls_snprintf(p, n, "\n%sRevoked certificates:", + prefix); MBEDTLS_X509_SAFE_SNPRINTF; - while( entry != NULL && entry->raw.len != 0 ) - { - ret = mbedtls_snprintf( p, n, "\n%sserial number: ", - prefix ); + while (entry != NULL && entry->raw.len != 0) { + ret = mbedtls_snprintf(p, n, "\n%sserial number: ", + prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_serial_gets( p, n, &entry->serial ); + ret = mbedtls_x509_serial_gets(p, n, &entry->serial); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, " revocation date: " \ - "%04d-%02d-%02d %02d:%02d:%02d", - entry->revocation_date.year, entry->revocation_date.mon, - entry->revocation_date.day, entry->revocation_date.hour, - entry->revocation_date.min, entry->revocation_date.sec ); + ret = mbedtls_snprintf(p, n, " revocation date: " \ + "%04d-%02d-%02d %02d:%02d:%02d", + entry->revocation_date.year, entry->revocation_date.mon, + entry->revocation_date.day, entry->revocation_date.hour, + entry->revocation_date.min, entry->revocation_date.sec); MBEDTLS_X509_SAFE_SNPRINTF; entry = entry->next; } - ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets( p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, - crl->sig_opts ); + ret = mbedtls_x509_sig_alg_gets(p, n, &crl->sig_oid, crl->sig_pk, crl->sig_md, + crl->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n" ); + ret = mbedtls_snprintf(p, n, "\n"); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return ((int)(size - n)); } /* * Initialize a CRL chain */ -void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ) -{ - memset( crl, 0, sizeof(mbedtls_x509_crl) ); +void mbedtls_x509_crl_init(mbedtls_x509_crl *crl) { + memset(crl, 0, sizeof(mbedtls_x509_crl)); } /* * Unallocate all CRL data */ -void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) -{ +void mbedtls_x509_crl_free(mbedtls_x509_crl *crl) { mbedtls_x509_crl *crl_cur = crl; mbedtls_x509_crl *crl_prv; mbedtls_x509_name *name_cur; @@ -714,55 +665,48 @@ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ) mbedtls_x509_crl_entry *entry_cur; mbedtls_x509_crl_entry *entry_prv; - if( crl == NULL ) + if (crl == NULL) return; - do - { + do { #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free( crl_cur->sig_opts ); + mbedtls_free(crl_cur->sig_opts); #endif name_cur = crl_cur->issuer.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } entry_cur = crl_cur->entry.next; - while( entry_cur != NULL ) - { + while (entry_cur != NULL) { entry_prv = entry_cur; entry_cur = entry_cur->next; - mbedtls_platform_zeroize( entry_prv, - sizeof( mbedtls_x509_crl_entry ) ); - mbedtls_free( entry_prv ); + mbedtls_platform_zeroize(entry_prv, + sizeof(mbedtls_x509_crl_entry)); + mbedtls_free(entry_prv); } - if( crl_cur->raw.p != NULL ) - { - mbedtls_platform_zeroize( crl_cur->raw.p, crl_cur->raw.len ); - mbedtls_free( crl_cur->raw.p ); + if (crl_cur->raw.p != NULL) { + mbedtls_platform_zeroize(crl_cur->raw.p, crl_cur->raw.len); + mbedtls_free(crl_cur->raw.p); } crl_cur = crl_cur->next; - } - while( crl_cur != NULL ); + } while (crl_cur != NULL); crl_cur = crl; - do - { + do { crl_prv = crl_cur; crl_cur = crl_cur->next; - mbedtls_platform_zeroize( crl_prv, sizeof( mbedtls_x509_crl ) ); - if( crl_prv != crl ) - mbedtls_free( crl_prv ); - } - while( crl_cur != NULL ); + mbedtls_platform_zeroize(crl_prv, sizeof(mbedtls_x509_crl)); + if (crl_prv != crl) + mbedtls_free(crl_prv); + } while (crl_cur != NULL); } #endif /* MBEDTLS_X509_CRL_PARSE_C */ diff --git a/common/mbedtls/x509_crl.h b/common/mbedtls/x509_crl.h index 7e9e8885f..e5e77345b 100644 --- a/common/mbedtls/x509_crl.h +++ b/common/mbedtls/x509_crl.h @@ -47,8 +47,7 @@ extern "C" { * Certificate revocation list entry. * Contains the CA-specific serial numbers and revocation dates. */ -typedef struct mbedtls_x509_crl_entry -{ +typedef struct mbedtls_x509_crl_entry { mbedtls_x509_buf raw; mbedtls_x509_buf serial; @@ -65,8 +64,7 @@ mbedtls_x509_crl_entry; * Certificate revocation list structure. * Every CRL may have multiple entries. */ -typedef struct mbedtls_x509_crl -{ +typedef struct mbedtls_x509_crl { mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ @@ -104,8 +102,8 @@ mbedtls_x509_crl; * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, - const unsigned char *buf, size_t buflen ); +int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, + const unsigned char *buf, size_t buflen); /** * \brief Parse one or more CRLs and append them to the chained list * @@ -118,7 +116,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); +int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen); #if defined(MBEDTLS_FS_IO) /** @@ -131,7 +129,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); +int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path); #endif /* MBEDTLS_FS_IO */ /** @@ -145,22 +143,22 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crl *crl ); +int mbedtls_x509_crl_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crl *crl); /** * \brief Initialize a CRL (chain) * * \param crl CRL chain to initialize */ -void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); +void mbedtls_x509_crl_init(mbedtls_x509_crl *crl); /** * \brief Unallocate all CRL data * * \param crl CRL chain to free */ -void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); +void mbedtls_x509_crl_free(mbedtls_x509_crl *crl); /* \} name */ /* \} addtogroup x509_module */ diff --git a/common/mbedtls/x509_crt.c b/common/mbedtls/x509_crt.c index 0aa4f4c21..850893f0a 100644 --- a/common/mbedtls/x509_crt.c +++ b/common/mbedtls/x509_crt.c @@ -94,17 +94,16 @@ typedef struct { /* * Default profile */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = -{ +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = { #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) /* Allow SHA-1 (weak, but still safe in controlled environments) */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1) | #endif /* Only SHA-2 hashes */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ 0xFFFFFFF, /* Any curve */ 2048, @@ -113,22 +112,21 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = /* * Next-default profile */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = -{ +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = { /* Hashes from SHA-256 and above */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512), 0xFFFFFFF, /* Any PK alg */ #if defined(MBEDTLS_ECP_C) /* Curves at or above 128-bit security level */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP521R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP256R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP384R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_BP512R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256K1 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP521R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP256R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256K1), #else 0, #endif @@ -138,18 +136,17 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = /* * NSA Suite B Profile */ -const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = -{ +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = { /* Only SHA-256 and 384 */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384), /* Only ECDSA */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), #if defined(MBEDTLS_ECP_C) /* Only NIST P-256 and P-384 */ - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) | - MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP384R1 ), + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) | + MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1), #else 0, #endif @@ -160,133 +157,121 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = * Check md_alg against profile * Return 0 if md_alg is acceptable for this profile, -1 otherwise */ -static int x509_profile_check_md_alg( const mbedtls_x509_crt_profile *profile, - mbedtls_md_type_t md_alg ) -{ - if( md_alg == MBEDTLS_MD_NONE ) - return( -1 ); +static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile, + mbedtls_md_type_t md_alg) { + if (md_alg == MBEDTLS_MD_NONE) + return (-1); - if( ( profile->allowed_mds & MBEDTLS_X509_ID_FLAG( md_alg ) ) != 0 ) - return( 0 ); + if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) + return (0); - return( -1 ); + return (-1); } /* * Check pk_alg against profile * Return 0 if pk_alg is acceptable for this profile, -1 otherwise */ -static int x509_profile_check_pk_alg( const mbedtls_x509_crt_profile *profile, - mbedtls_pk_type_t pk_alg ) -{ - if( pk_alg == MBEDTLS_PK_NONE ) - return( -1 ); +static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile, + mbedtls_pk_type_t pk_alg) { + if (pk_alg == MBEDTLS_PK_NONE) + return (-1); - if( ( profile->allowed_pks & MBEDTLS_X509_ID_FLAG( pk_alg ) ) != 0 ) - return( 0 ); + if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) + return (0); - return( -1 ); + return (-1); } /* * Check key against profile * Return 0 if pk is acceptable for this profile, -1 otherwise */ -static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, - const mbedtls_pk_context *pk ) -{ - const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type( pk ); +static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, + const mbedtls_pk_context *pk) { + const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); #if defined(MBEDTLS_RSA_C) - if( pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS ) - { - if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen ) - return( 0 ); + if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { + if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) + return (0); - return( -1 ); + return (-1); } #endif #if defined(MBEDTLS_ECP_C) - if( pk_alg == MBEDTLS_PK_ECDSA || - pk_alg == MBEDTLS_PK_ECKEY || - pk_alg == MBEDTLS_PK_ECKEY_DH ) - { - const mbedtls_ecp_group_id gid = mbedtls_pk_ec( *pk )->grp.id; + if (pk_alg == MBEDTLS_PK_ECDSA || + pk_alg == MBEDTLS_PK_ECKEY || + pk_alg == MBEDTLS_PK_ECKEY_DH) { + const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id; - if( gid == MBEDTLS_ECP_DP_NONE ) - return( -1 ); + if (gid == MBEDTLS_ECP_DP_NONE) + return (-1); - if( ( profile->allowed_curves & MBEDTLS_X509_ID_FLAG( gid ) ) != 0 ) - return( 0 ); + if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) + return (0); - return( -1 ); + return (-1); } #endif - return( -1 ); + return (-1); } /* * Like memcmp, but case-insensitive and always returns -1 if different */ -static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) -{ +static int x509_memcasecmp(const void *s1, const void *s2, size_t len) { size_t i; unsigned char diff; const unsigned char *n1 = s1, *n2 = s2; - for( i = 0; i < len; i++ ) - { + for (i = 0; i < len; i++) { diff = n1[i] ^ n2[i]; - if( diff == 0 ) + if (diff == 0) continue; - if( diff == 32 && - ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || - ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) - { + if (diff == 32 && + ((n1[i] >= 'a' && n1[i] <= 'z') || + (n1[i] >= 'A' && n1[i] <= 'Z'))) { continue; } - return( -1 ); + return (-1); } - return( 0 ); + return (0); } /* * Return 0 if name matches wildcard, -1 otherwise */ -static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) -{ +static int x509_check_wildcard(const char *cn, const mbedtls_x509_buf *name) { size_t i; - size_t cn_idx = 0, cn_len = strlen( cn ); + size_t cn_idx = 0, cn_len = strlen(cn); /* We can't have a match if there is no wildcard to match */ - if( name->len < 3 || name->p[0] != '*' || name->p[1] != '.' ) - return( -1 ); + if (name->len < 3 || name->p[0] != '*' || name->p[1] != '.') + return (-1); - for( i = 0; i < cn_len; ++i ) - { - if( cn[i] == '.' ) - { + for (i = 0; i < cn_len; ++i) { + if (cn[i] == '.') { cn_idx = i; break; } } - if( cn_idx == 0 ) - return( -1 ); + if (cn_idx == 0) + return (-1); - if( cn_len - cn_idx == name->len - 1 && - x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) - { - return( 0 ); + if (cn_len - cn_idx == name->len - 1 && + x509_memcasecmp(name->p + 1, cn + cn_idx, name->len - 1) == 0) { + return (0); } - return( -1 ); + return (-1); } /* @@ -295,24 +280,21 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) * * Return 0 if equal, -1 otherwise. */ -static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b ) -{ - if( a->tag == b->tag && - a->len == b->len && - memcmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); +static int x509_string_cmp(const mbedtls_x509_buf *a, const mbedtls_x509_buf *b) { + if (a->tag == b->tag && + a->len == b->len && + memcmp(a->p, b->p, b->len) == 0) { + return (0); } - if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && - a->len == b->len && - x509_memcasecmp( a->p, b->p, b->len ) == 0 ) - { - return( 0 ); + if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && + (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && + a->len == b->len && + x509_memcasecmp(a->p, b->p, b->len) == 0) { + return (0); } - return( -1 ); + return (-1); } /* @@ -325,48 +307,43 @@ static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b * * Return 0 if equal, -1 otherwise. */ -static int x509_name_cmp( const mbedtls_x509_name *a, const mbedtls_x509_name *b ) -{ +static int x509_name_cmp(const mbedtls_x509_name *a, const mbedtls_x509_name *b) { /* Avoid recursion, it might not be optimised by the compiler */ - while( a != NULL || b != NULL ) - { - if( a == NULL || b == NULL ) - return( -1 ); + while (a != NULL || b != NULL) { + if (a == NULL || b == NULL) + return (-1); /* type */ - if( a->oid.tag != b->oid.tag || - a->oid.len != b->oid.len || - memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 ) - { - return( -1 ); + if (a->oid.tag != b->oid.tag || + a->oid.len != b->oid.len || + memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { + return (-1); } /* value */ - if( x509_string_cmp( &a->val, &b->val ) != 0 ) - return( -1 ); + if (x509_string_cmp(&a->val, &b->val) != 0) + return (-1); /* structure of the list of sets */ - if( a->next_merged != b->next_merged ) - return( -1 ); + if (a->next_merged != b->next_merged) + return (-1); a = a->next; b = b->next; } /* a == NULL == b */ - return( 0 ); + return (0); } /* * Reset (init or clear) a verify_chain */ static void x509_crt_verify_chain_reset( - mbedtls_x509_crt_verify_chain *ver_chain ) -{ + mbedtls_x509_crt_verify_chain *ver_chain) { size_t i; - for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ ) - { + for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { ver_chain->items[i].crt = NULL; ver_chain->items[i].flags = (uint32_t) -1; } @@ -381,35 +358,32 @@ static void x509_crt_verify_chain_reset( /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ -static int x509_get_version( unsigned char **p, - const unsigned char *end, - int *ver ) -{ +static int x509_get_version(unsigned char **p, + const unsigned char *end, + int *ver) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { *ver = 0; - return( 0 ); + return (0); } - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } end = *p + len; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); + if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) + return (MBEDTLS_ERR_X509_INVALID_VERSION + ret); - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_VERSION + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_VERSION + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* @@ -417,67 +391,63 @@ static int x509_get_version( unsigned char **p, * notBefore Time, * notAfter Time } */ -static int x509_get_dates( unsigned char **p, - const unsigned char *end, - mbedtls_x509_time *from, - mbedtls_x509_time *to ) -{ +static int x509_get_dates(unsigned char **p, + const unsigned char *end, + mbedtls_x509_time *from, + mbedtls_x509_time *to) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_DATE + ret); end = *p + len; - if( ( ret = mbedtls_x509_get_time( p, end, from ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) + return (ret); - if( ( ret = mbedtls_x509_get_time( p, end, to ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) + return (ret); - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_DATE + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* * X.509 v2/v3 unique identifier (not parsed) */ -static int x509_get_uid( unsigned char **p, - const unsigned char *end, - mbedtls_x509_buf *uid, int n ) -{ +static int x509_get_uid(unsigned char **p, + const unsigned char *end, + mbedtls_x509_buf *uid, int n) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); uid->tag = **p; - if( ( ret = mbedtls_asn1_get_tag( p, end, &uid->len, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( 0 ); + if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | n)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + return (0); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } uid->p = *p; *p += uid->len; - return( 0 ); + return (0); } -static int x509_get_basic_constraints( unsigned char **p, - const unsigned char *end, - int *ca_istrue, - int *max_pathlen ) -{ +static int x509_get_basic_constraints(unsigned char **p, + const unsigned char *end, + int *ca_istrue, + int *max_pathlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -489,88 +459,84 @@ static int x509_get_basic_constraints( unsigned char **p, *ca_istrue = 0; /* DEFAULT FALSE */ *max_pathlen = 0; /* endless */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); - if( ( ret = mbedtls_asn1_get_bool( p, end, ca_istrue ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - ret = mbedtls_asn1_get_int( p, end, ca_istrue ); + if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + ret = mbedtls_asn1_get_int(p, end, ca_istrue); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if (ret != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( *ca_istrue != 0 ) + if (*ca_istrue != 0) *ca_istrue = 1; } - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); - if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer * overflow, which is an undefined behavior. */ - if( *max_pathlen == INT_MAX ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (*max_pathlen == INT_MAX) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_INVALID_LENGTH); (*max_pathlen)++; - return( 0 ); + return (0); } -static int x509_get_ns_cert_type( unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type) -{ +static int x509_get_ns_cert_type(unsigned char **p, + const unsigned char *end, + unsigned char *ns_cert_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_bitstring bs = { 0, 0, NULL }; - if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( bs.len != 1 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (bs.len != 1) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_INVALID_LENGTH); /* Get actual bitstring */ *ns_cert_type = *bs.p; - return( 0 ); + return (0); } -static int x509_get_key_usage( unsigned char **p, - const unsigned char *end, - unsigned int *key_usage) -{ +static int x509_get_key_usage(unsigned char **p, + const unsigned char *end, + unsigned int *key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; mbedtls_x509_bitstring bs = { 0, 0, NULL }; - if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( bs.len < 1 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (bs.len < 1) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_INVALID_LENGTH); /* Get actual bitstring */ *key_usage = 0; - for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ ) - { - *key_usage |= (unsigned int) bs.p[i] << (8*i); + for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) { + *key_usage |= (unsigned int) bs.p[i] << (8 * i); } - return( 0 ); + return (0); } /* @@ -578,21 +544,20 @@ static int x509_get_key_usage( unsigned char **p, * * KeyPurposeId ::= OBJECT IDENTIFIER */ -static int x509_get_ext_key_usage( unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *ext_key_usage) -{ +static int x509_get_ext_key_usage(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *ext_key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); /* Sequence length must be >= 1 */ - if( ext_key_usage->buf.p == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + if (ext_key_usage->buf.p == NULL) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_INVALID_LENGTH); - return( 0 ); + return (0); } /* @@ -622,10 +587,9 @@ static int x509_get_ext_key_usage( unsigned char **p, * NOTE: we list all types, but only use dNSName and otherName * of type HwModuleName, as defined in RFC 4108, at this point. */ -static int x509_get_subject_alt_name( unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name ) -{ +static int x509_get_subject_alt_name(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len, tag_len; mbedtls_asn1_buf *buf; @@ -633,66 +597,61 @@ static int x509_get_subject_alt_name( unsigned char **p, mbedtls_asn1_sequence *cur = subject_alt_name; /* Get main sequence tag */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( *p + len != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p + len != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - while( *p < end ) - { + while (*p < end) { mbedtls_x509_subject_alternative_name dummy_san_buf; - memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) ); + memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); tag = **p; (*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != - MBEDTLS_ASN1_CONTEXT_SPECIFIC ) - { - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + if ((tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != + MBEDTLS_ASN1_CONTEXT_SPECIFIC) { + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } /* * Check that the SAN is structured correctly. */ - ret = mbedtls_x509_parse_subject_alt_name( &(cur->buf), &dummy_san_buf ); + ret = mbedtls_x509_parse_subject_alt_name(&(cur->buf), &dummy_san_buf); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. */ - if( ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - { + if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { mbedtls_x509_sequence *seq_cur = subject_alt_name->next; mbedtls_x509_sequence *seq_prv; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } subject_alt_name->next = NULL; - return( ret ); + return (ret); } /* Allocate and assign next pointer */ - if( cur->buf.p != NULL ) - { - if( cur->next != NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + if (cur->buf.p != NULL) { + if (cur->next != NULL) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS); - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + if (cur->next == NULL) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_ALLOC_FAILED); cur = cur->next; } @@ -707,11 +666,11 @@ static int x509_get_subject_alt_name( unsigned char **p, /* Set final sequence entry's next pointer to NULL */ cur->next = NULL; - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* @@ -763,49 +722,47 @@ static int x509_get_subject_alt_name( unsigned char **p, * NOTE: we only parse and use anyPolicy without qualifiers at this point * as defined in RFC 5280. */ -static int x509_get_certificate_policies( unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *certificate_policies ) -{ +static int x509_get_certificate_policies(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *certificate_policies) { int ret, parse_ret = 0; size_t len; mbedtls_asn1_buf *buf; mbedtls_asn1_sequence *cur = certificate_policies; /* Get main sequence tag */ - ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (ret != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( *p + len != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p + len != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* * Cannot be an empty sequence. */ - if( len == 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (len == 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - while( *p < end ) - { + while (*p < end) { mbedtls_x509_buf policy_oid; const unsigned char *policy_end; /* * Get the policy sequence */ - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); policy_end = *p + len; - if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, - MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, + MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); policy_oid.tag = MBEDTLS_ASN1_OID; policy_oid.len = len; @@ -814,8 +771,7 @@ static int x509_get_certificate_policies( unsigned char **p, /* * Only AnyPolicy is currently supported when enforcing policy. */ - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_POLICY, &policy_oid ) != 0 ) - { + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_POLICY, &policy_oid) != 0) { /* * Set the parsing return code but continue parsing, in case this * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION @@ -825,80 +781,76 @@ static int x509_get_certificate_policies( unsigned char **p, } /* Allocate and assign next pointer */ - if( cur->buf.p != NULL ) - { - if( cur->next != NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + if (cur->buf.p != NULL) { + if (cur->next != NULL) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS); - cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); + cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); - if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + if (cur->next == NULL) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_ALLOC_FAILED); cur = cur->next; } - buf = &( cur->buf ); + buf = &(cur->buf); buf->tag = policy_oid.tag; buf->p = policy_oid.p; buf->len = policy_oid.len; *p += len; - /* - * If there is an optional qualifier, then *p < policy_end - * Check the Qualifier len to verify it doesn't exceed policy_end. - */ - if( *p < policy_end ) - { - if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + /* + * If there is an optional qualifier, then *p < policy_end + * Check the Qualifier len to verify it doesn't exceed policy_end. + */ + if (*p < policy_end) { + if ((ret = mbedtls_asn1_get_tag(p, policy_end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); /* * Skip the optional policy qualifiers. */ *p += len; } - if( *p != policy_end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != policy_end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } /* Set final sequence entry's next pointer to NULL */ cur->next = NULL; - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( parse_ret ); + return (parse_ret); } /* * X.509 v3 extensions * */ -static int x509_get_crt_ext( unsigned char **p, - const unsigned char *end, - mbedtls_x509_crt *crt, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) -{ +static int x509_get_crt_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_crt *crt, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; - if( *p == end ) - return( 0 ); + if (*p == end) + return (0); - if( ( ret = mbedtls_x509_get_ext( p, end, &crt->v3_ext, 3 ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) + return (ret); end = crt->v3_ext.p + crt->v3_ext.len; - while( *p < end ) - { + while (*p < end) { /* * Extension ::= SEQUENCE { * extnID OBJECT IDENTIFIER, @@ -909,51 +861,49 @@ static int x509_get_crt_ext( unsigned char **p, int is_critical = 0; /* DEFAULT FALSE */ int ext_type = 0; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); end_ext_data = *p + len; /* Get extension ID */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, - MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, + MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); extn_oid.tag = MBEDTLS_ASN1_OID; extn_oid.p = *p; *p += extn_oid.len; /* Get optional critical */ - if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && - ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && + (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); /* Data should be octet string type */ - if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); start_ext_octet = *p; end_ext_octet = *p + len; - if( end_ext_octet != end_ext_data ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (end_ext_octet != end_ext_data) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); /* * Detect supported extensions */ - ret = mbedtls_oid_get_x509_ext_type( &extn_oid, &ext_type ); + ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); - if( ret != 0 ) - { + if (ret != 0) { /* Give the callback (if any) a chance to handle the extension */ - if( cb != NULL ) - { - ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); - if( ret != 0 && is_critical ) - return( ret ); + if (cb != NULL) { + ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); + if (ret != 0 && is_critical) + return (ret); *p = end_ext_octet; continue; } @@ -962,136 +912,132 @@ static int x509_get_crt_ext( unsigned char **p, *p = end_ext_octet; #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( is_critical ) - { + if (is_critical) { /* Data is marked as critical: fail */ - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } #endif continue; } /* Forbid repeated extensions */ - if( ( crt->ext_types & ext_type ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS ); + if ((crt->ext_types & ext_type) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS); crt->ext_types |= ext_type; - switch( ext_type ) - { - case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: - /* Parse basic constraints */ - if( ( ret = x509_get_basic_constraints( p, end_ext_octet, - &crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) - return( ret ); - break; + switch (ext_type) { + case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: + /* Parse basic constraints */ + if ((ret = x509_get_basic_constraints(p, end_ext_octet, + &crt->ca_istrue, &crt->max_pathlen)) != 0) + return (ret); + break; - case MBEDTLS_X509_EXT_KEY_USAGE: - /* Parse key usage */ - if( ( ret = x509_get_key_usage( p, end_ext_octet, - &crt->key_usage ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_KEY_USAGE: + /* Parse key usage */ + if ((ret = x509_get_key_usage(p, end_ext_octet, + &crt->key_usage)) != 0) + return (ret); + break; - case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: - /* Parse extended key usage */ - if( ( ret = x509_get_ext_key_usage( p, end_ext_octet, - &crt->ext_key_usage ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: + /* Parse extended key usage */ + if ((ret = x509_get_ext_key_usage(p, end_ext_octet, + &crt->ext_key_usage)) != 0) + return (ret); + break; - case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: - /* Parse subject alt name */ - if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, - &crt->subject_alt_names ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: + /* Parse subject alt name */ + if ((ret = x509_get_subject_alt_name(p, end_ext_octet, + &crt->subject_alt_names)) != 0) + return (ret); + break; - case MBEDTLS_X509_EXT_NS_CERT_TYPE: - /* Parse netscape certificate type */ - if( ( ret = x509_get_ns_cert_type( p, end_ext_octet, - &crt->ns_cert_type ) ) != 0 ) - return( ret ); - break; + case MBEDTLS_X509_EXT_NS_CERT_TYPE: + /* Parse netscape certificate type */ + if ((ret = x509_get_ns_cert_type(p, end_ext_octet, + &crt->ns_cert_type)) != 0) + return (ret); + break; - case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: - /* Parse certificate policies type */ - if( ( ret = x509_get_certificate_policies( p, end_ext_octet, - &crt->certificate_policies ) ) != 0 ) - { - /* Give the callback (if any) a chance to handle the extension - * if it contains unsupported policies */ - if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && - cb( p_ctx, crt, &extn_oid, is_critical, - start_ext_octet, end_ext_octet ) == 0 ) - break; + case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: + /* Parse certificate policies type */ + if ((ret = x509_get_certificate_policies(p, end_ext_octet, + &crt->certificate_policies)) != 0) { + /* Give the callback (if any) a chance to handle the extension + * if it contains unsupported policies */ + if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && + cb(p_ctx, crt, &extn_oid, is_critical, + start_ext_octet, end_ext_octet) == 0) + break; #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( is_critical ) - return( ret ); + if (is_critical) + return (ret); + else +#endif + /* + * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we + * cannot interpret or enforce the policy. However, it is up to + * the user to choose how to enforce the policies, + * unless the extension is critical. + */ + if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) + return (ret); + } + break; + + default: + /* + * If this is a non-critical extension, which the oid layer + * supports, but there isn't an x509 parser for it, + * skip the extension. + */ +#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) + if (is_critical) + return (MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); else #endif - /* - * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we - * cannot interpret or enforce the policy. However, it is up to - * the user to choose how to enforce the policies, - * unless the extension is critical. - */ - if( ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - return( ret ); - } - break; - - default: - /* - * If this is a non-critical extension, which the oid layer - * supports, but there isn't an x509 parser for it, - * skip the extension. - */ -#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( is_critical ) - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); - else -#endif - *p = end_ext_octet; + *p = end_ext_octet; } } - if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (*p != end) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - return( 0 ); + return (0); } /* * Parse and fill a single X.509 certificate in DER format */ -static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) -{ +static int x509_crt_parse_der_core(mbedtls_x509_crt *crt, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end, *crt_end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); + memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); + memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); /* * Check for valid input */ - if( crt == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (crt == NULL || buf == NULL) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); /* Use the original buffer until we figure out actual length. */ - p = (unsigned char*) buf; + p = (unsigned char *) buf; len = buflen; end = p + len; @@ -1101,31 +1047,27 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_INVALID_FORMAT); } end = crt_end = p + len; crt->raw.len = crt_end - buf; - if( make_copy != 0 ) - { + if (make_copy != 0) { /* Create and populate a new buffer for the raw field. */ - crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len ); - if( crt->raw.p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); + if (crt->raw.p == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); - memcpy( crt->raw.p, buf, crt->raw.len ); + memcpy(crt->raw.p, buf, crt->raw.len); crt->own_buffer = 1; p += crt->raw.len - len; end = crt_end = p + len; - } - else - { - crt->raw.p = (unsigned char*) buf; + } else { + crt->raw.p = (unsigned char *) buf; crt->own_buffer = 0; } @@ -1134,11 +1076,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, */ crt->tbs.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } end = p + len; @@ -1151,29 +1092,26 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * * signature AlgorithmIdentifier */ - if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 || - ( ret = mbedtls_x509_get_serial( &p, end, &crt->serial ) ) != 0 || - ( ret = mbedtls_x509_get_alg( &p, end, &crt->sig_oid, - &sig_params1 ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || + (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || + (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, + &sig_params1)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } - if( crt->version < 0 || crt->version > 2 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + if (crt->version < 0 || crt->version > 2) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_UNKNOWN_VERSION); } crt->version++; - if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, - &crt->sig_md, &crt->sig_pk, - &crt->sig_opts ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, + &crt->sig_md, &crt->sig_pk, + &crt->sig_opts)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } /* @@ -1181,17 +1119,15 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, */ crt->issuer_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } - if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } crt->issuer_raw.len = p - crt->issuer_raw.p; @@ -1202,11 +1138,10 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * notAfter Time } * */ - if( ( ret = x509_get_dates( &p, end, &crt->valid_from, - &crt->valid_to ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = x509_get_dates(&p, end, &crt->valid_from, + &crt->valid_to)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } /* @@ -1214,17 +1149,15 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, */ crt->subject_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } - if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } crt->subject_raw.len = p - crt->subject_raw.p; @@ -1233,10 +1166,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * SubjectPublicKeyInfo */ crt->pk_raw.p = p; - if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &crt->pk ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } crt->pk_raw.len = p - crt->pk_raw.p; @@ -1248,43 +1180,37 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * extensions [3] EXPLICIT Extensions OPTIONAL * -- If present, version shall be v3 */ - if( crt->version == 2 || crt->version == 3 ) - { - ret = x509_get_uid( &p, end, &crt->issuer_id, 1 ); - if( ret != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (crt->version == 2 || crt->version == 3) { + ret = x509_get_uid(&p, end, &crt->issuer_id, 1); + if (ret != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } } - if( crt->version == 2 || crt->version == 3 ) - { - ret = x509_get_uid( &p, end, &crt->subject_id, 2 ); - if( ret != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if (crt->version == 2 || crt->version == 3) { + ret = x509_get_uid(&p, end, &crt->subject_id, 2); + if (ret != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } } #if !defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - if( crt->version == 3 ) + if (crt->version == 3) #endif { - ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); - if( ret != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); + if (ret != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } } - if( p != end ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } end = crt_end; @@ -1296,61 +1222,55 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING */ - if( ( ret = mbedtls_x509_get_alg( &p, end, &sig_oid2, &sig_params2 ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } - if( crt->sig_oid.len != sig_oid2.len || - memcmp( crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len ) != 0 || - sig_params1.tag != sig_params2.tag || - sig_params1.len != sig_params2.len || - ( sig_params1.len != 0 && - memcmp( sig_params1.p, sig_params2.p, sig_params1.len ) != 0 ) ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_SIG_MISMATCH ); + if (crt->sig_oid.len != sig_oid2.len || + memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || + sig_params1.tag != sig_params2.tag || + sig_params1.len != sig_params2.len || + (sig_params1.len != 0 && + memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_SIG_MISMATCH); } - if( ( ret = mbedtls_x509_get_sig( &p, end, &crt->sig ) ) != 0 ) - { - mbedtls_x509_crt_free( crt ); - return( ret ); + if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { + mbedtls_x509_crt_free(crt); + return (ret); } - if( p != end ) - { - mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + mbedtls_x509_crt_free(crt); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return (0); } /* * Parse one X.509 certificate in DER format from a buffer and add them to a * chained list */ -static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) -{ +static int mbedtls_x509_crt_parse_der_internal(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; /* * Check for valid input */ - if( crt == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (crt == NULL || buf == NULL) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - while( crt->version != 0 && crt->next != NULL ) - { + while (crt->version != 0 && crt->next != NULL) { prev = crt; crt = crt->next; } @@ -1358,65 +1278,59 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, /* * Add new certificate on the end of the chain if needed. */ - if( crt->version != 0 && crt->next == NULL ) - { - crt->next = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ); + if (crt->version != 0 && crt->next == NULL) { + crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - if( crt->next == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (crt->next == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); prev = crt; - mbedtls_x509_crt_init( crt->next ); + mbedtls_x509_crt_init(crt->next); crt = crt->next; } - ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx ); - if( ret != 0 ) - { - if( prev ) + ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); + if (ret != 0) { + if (prev) prev->next = NULL; - if( crt != chain ) - mbedtls_free( crt ); + if (crt != chain) + mbedtls_free(crt); - return( ret ); + return (ret); } - return( 0 ); + return (0); } -int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ) -{ - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) ); +int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen) { + return (mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 0, NULL, NULL)); } -int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ) -{ - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) ); +int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx) { + return (mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, make_copy, cb, p_ctx)); } -int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ) -{ - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) ); +int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen) { + return (mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL)); } /* * Parse one or more PEM certificates from a buffer and add them to the chained * list */ -int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ) -{ +int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen) { #if defined(MBEDTLS_PEM_PARSE_C) int success = 0, first_error = 0, total_failed = 0; int buf_format = MBEDTLS_X509_FORMAT_DER; @@ -1425,59 +1339,51 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, /* * Check for valid input */ - if( chain == NULL || buf == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (chain == NULL || buf == NULL) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); /* * Determine buffer content. Buffer contains either one DER certificate or * one or more PEM certificates. */ #if defined(MBEDTLS_PEM_PARSE_C) - if( buflen != 0 && buf[buflen - 1] == '\0' && - strstr( (const char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL ) - { + if (buflen != 0 && buf[buflen - 1] == '\0' && + strstr((const char *) buf, "-----BEGIN CERTIFICATE-----") != NULL) { buf_format = MBEDTLS_X509_FORMAT_PEM; } - if( buf_format == MBEDTLS_X509_FORMAT_DER ) - return mbedtls_x509_crt_parse_der( chain, buf, buflen ); + if (buf_format == MBEDTLS_X509_FORMAT_DER) + return mbedtls_x509_crt_parse_der(chain, buf, buflen); #else - return mbedtls_x509_crt_parse_der( chain, buf, buflen ); + return mbedtls_x509_crt_parse_der(chain, buf, buflen); #endif #if defined(MBEDTLS_PEM_PARSE_C) - if( buf_format == MBEDTLS_X509_FORMAT_PEM ) - { + if (buf_format == MBEDTLS_X509_FORMAT_PEM) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pem_context pem; /* 1 rather than 0 since the terminating NULL byte is counted in */ - while( buflen > 1 ) - { + while (buflen > 1) { size_t use_len; - mbedtls_pem_init( &pem ); + mbedtls_pem_init(&pem); /* If we get there, we know the string is null-terminated */ - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN CERTIFICATE-----", - "-----END CERTIFICATE-----", - buf, NULL, 0, &use_len ); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN CERTIFICATE-----", + "-----END CERTIFICATE-----", + buf, NULL, 0, &use_len); - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded */ buflen -= use_len; buf += use_len; - } - else if( ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA ) - { - return( ret ); - } - else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - mbedtls_pem_free( &pem ); + } else if (ret == MBEDTLS_ERR_PEM_BAD_INPUT_DATA) { + return (ret); + } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + mbedtls_pem_free(&pem); /* * PEM header and footer were found @@ -1485,28 +1391,26 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, buflen -= use_len; buf += use_len; - if( first_error == 0 ) + if (first_error == 0) first_error = ret; total_failed++; continue; - } - else + } else break; - ret = mbedtls_x509_crt_parse_der( chain, pem.buf, pem.buflen ); + ret = mbedtls_x509_crt_parse_der(chain, pem.buf, pem.buflen); - mbedtls_pem_free( &pem ); + mbedtls_pem_free(&pem); - if( ret != 0 ) - { + if (ret != 0) { /* * Quit parsing on a memory error */ - if( ret == MBEDTLS_ERR_X509_ALLOC_FAILED ) - return( ret ); + if (ret == MBEDTLS_ERR_X509_ALLOC_FAILED) + return (ret); - if( first_error == 0 ) + if (first_error == 0) first_error = ret; total_failed++; @@ -1517,12 +1421,12 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, } } - if( success ) - return( total_failed ); - else if( first_error ) - return( first_error ); + if (success) + return (total_failed); + else if (first_error) + return (first_error); else - return( MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT ); + return (MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT); #endif /* MBEDTLS_PEM_PARSE_C */ } @@ -1530,146 +1434,136 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, /* * Load one or more certificates and add them to the chained list */ -int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) -{ +int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) + return (ret); - ret = mbedtls_x509_crt_parse( chain, buf, n ); + ret = mbedtls_x509_crt_parse(chain, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return (ret); } -int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) -{ +int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path) { int ret = 0; #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) int w_ret; WCHAR szDir[MAX_PATH]; char filename[MAX_PATH]; char *p; - size_t len = strlen( path ); + size_t len = strlen(path); WIN32_FIND_DATAW file_data; HANDLE hFind; - if( len > MAX_PATH - 3 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (len > MAX_PATH - 3) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - memset( szDir, 0, sizeof(szDir) ); - memset( filename, 0, MAX_PATH ); - memcpy( filename, path, len ); + memset(szDir, 0, sizeof(szDir)); + memset(filename, 0, MAX_PATH); + memcpy(filename, path, len); filename[len++] = '\\'; p = filename + len; filename[len++] = '*'; - w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir, - MAX_PATH - 3 ); - if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + w_ret = MultiByteToWideChar(CP_ACP, 0, filename, (int)len, szDir, + MAX_PATH - 3); + if (w_ret == 0) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - hFind = FindFirstFileW( szDir, &file_data ); - if( hFind == INVALID_HANDLE_VALUE ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + hFind = FindFirstFileW(szDir, &file_data); + if (hFind == INVALID_HANDLE_VALUE) + return (MBEDTLS_ERR_X509_FILE_IO_ERROR); len = MAX_PATH - len; - do - { - memset( p, 0, len ); + do { + memset(p, 0, len); - if( file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY ) + if (file_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) continue; - w_ret = WideCharToMultiByte( CP_ACP, 0, file_data.cFileName, - lstrlenW( file_data.cFileName ), - p, (int) len - 1, - NULL, NULL ); - if( w_ret == 0 ) - { + w_ret = WideCharToMultiByte(CP_ACP, 0, file_data.cFileName, + lstrlenW(file_data.cFileName), + p, (int) len - 1, + NULL, NULL); + if (w_ret == 0) { ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; goto cleanup; } - w_ret = mbedtls_x509_crt_parse_file( chain, filename ); - if( w_ret < 0 ) + w_ret = mbedtls_x509_crt_parse_file(chain, filename); + if (w_ret < 0) ret++; else ret += w_ret; - } - while( FindNextFileW( hFind, &file_data ) != 0 ); + } while (FindNextFileW(hFind, &file_data) != 0); - if( GetLastError() != ERROR_NO_MORE_FILES ) + if (GetLastError() != ERROR_NO_MORE_FILES) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; cleanup: - FindClose( hFind ); + FindClose(hFind); #else /* _WIN32 */ int t_ret; int snp_ret; struct stat sb; struct dirent *entry; char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN]; - DIR *dir = opendir( path ); + DIR *dir = opendir(path); - if( dir == NULL ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + if (dir == NULL) + return (MBEDTLS_ERR_X509_FILE_IO_ERROR); #if defined(MBEDTLS_THREADING_C) - if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) - { - closedir( dir ); - return( ret ); + if ((ret = mbedtls_mutex_lock(&mbedtls_threading_readdir_mutex)) != 0) { + closedir(dir); + return (ret); } #endif /* MBEDTLS_THREADING_C */ - memset( &sb, 0, sizeof( sb ) ); + memset(&sb, 0, sizeof(sb)); - while( ( entry = readdir( dir ) ) != NULL ) - { - snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, - "%s/%s", path, entry->d_name ); + while ((entry = readdir(dir)) != NULL) { + snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name, + "%s/%s", path, entry->d_name); - if( snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name ) - { + if (snp_ret < 0 || (size_t)snp_ret >= sizeof entry_name) { ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; goto cleanup; - } - else if( stat( entry_name, &sb ) == -1 ) - { + } else if (stat(entry_name, &sb) == -1) { ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; goto cleanup; } - if( !S_ISREG( sb.st_mode ) ) + if (!S_ISREG(sb.st_mode)) continue; // Ignore parse errors // - t_ret = mbedtls_x509_crt_parse_file( chain, entry_name ); - if( t_ret < 0 ) + t_ret = mbedtls_x509_crt_parse_file(chain, entry_name); + if (t_ret < 0) ret++; else ret += t_ret; } cleanup: - closedir( dir ); + closedir(dir); #if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) + if (mbedtls_mutex_unlock(&mbedtls_threading_readdir_mutex) != 0) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; #endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ @@ -1685,28 +1579,26 @@ cleanup: * NOTE: we currently only parse and use otherName of type HwModuleName, * as defined in RFC 4108. */ -static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, - mbedtls_x509_san_other_name *other_name ) -{ +static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, + mbedtls_x509_san_other_name *other_name) { int ret = 0; size_t len; unsigned char *p = subject_alt_name->p; const unsigned char *end = p + subject_alt_name->len; mbedtls_x509_buf cur_oid; - if( ( subject_alt_name->tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) != - ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ) ) - { + if ((subject_alt_name->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != + (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { /* * The given subject alternative name is not of type "othername". */ - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); } - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); cur_oid.tag = MBEDTLS_ASN1_OID; cur_oid.p = p; @@ -1715,63 +1607,58 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, /* * Only HwModuleName is currently supported. */ - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid ) != 0 ) - { - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { + return (MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); } - if( p + len >= end ) - { - mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p + len >= end) { + mbedtls_platform_zeroize(other_name, sizeof(*other_name)); + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } p += len; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; other_name->value.hardware_module_name.oid.p = p; other_name->value.hardware_module_name.oid.len = len; - if( p + len >= end ) - { - mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p + len >= end) { + mbedtls_platform_zeroize(other_name, sizeof(*other_name)); + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } p += len; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_OCTET_STRING)) != 0) + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret); other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.len = len; p += len; - if( p != end ) - { - mbedtls_platform_zeroize( other_name, - sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + mbedtls_platform_zeroize(other_name, + sizeof(*other_name)); + return (MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return (0); } -static int x509_info_subject_alt_name( char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix ) -{ +static int x509_info_subject_alt_name(char **buf, size_t *size, + const mbedtls_x509_sequence + *subject_alt_name, + const char *prefix) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; @@ -1779,60 +1666,51 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, mbedtls_x509_subject_alternative_name san; int parse_ret; - while( cur != NULL ) - { - memset( &san, 0, sizeof( san ) ); - parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); - if( parse_ret != 0 ) - { - if( parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ) - { - ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + while (cur != NULL) { + memset(&san, 0, sizeof(san)); + parse_ret = mbedtls_x509_parse_subject_alt_name(&cur->buf, &san); + if (parse_ret != 0) { + if (parse_ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - } - else - { - ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + } else { + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; } cur = cur->next; continue; } - switch( san.type ) - { + switch (san.type) { /* * otherName */ - case MBEDTLS_X509_SAN_OTHER_NAME: - { + case MBEDTLS_X509_SAN_OTHER_NAME: { mbedtls_x509_san_other_name *other_name = &san.san.other_name; - ret = mbedtls_snprintf( p, n, "\n%s otherName :", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s otherName :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->value.hardware_module_name.oid ) != 0 ) - { - ret = mbedtls_snprintf( p, n, "\n%s hardware module name :", prefix ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, + &other_name->value.hardware_module_name.oid) != 0) { + ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%s hardware type : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s hardware type : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_oid_get_numeric_string( p, n, &other_name->value.hardware_module_name.oid ); + ret = mbedtls_oid_get_numeric_string(p, n, &other_name->value.hardware_module_name.oid); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s hardware serial number : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( other_name->value.hardware_module_name.val.len >= n ) - { + if (other_name->value.hardware_module_name.val.len >= n) { *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_X509_BUFFER_TOO_SMALL); } - memcpy( p, other_name->value.hardware_module_name.val.p, - other_name->value.hardware_module_name.val.len ); + memcpy(p, other_name->value.hardware_module_name.val.p, + other_name->value.hardware_module_name.val.len); p += other_name->value.hardware_module_name.val.len; n -= other_name->value.hardware_module_name.val.len; @@ -1844,17 +1722,15 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, /* * dNSName */ - case MBEDTLS_X509_SAN_DNS_NAME: - { - ret = mbedtls_snprintf( p, n, "\n%s dNSName : ", prefix ); + case MBEDTLS_X509_SAN_DNS_NAME: { + ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( san.san.unstructured_name.len >= n ) - { + if (san.san.unstructured_name.len >= n) { *p = '\0'; - return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); + return (MBEDTLS_ERR_X509_BUFFER_TOO_SMALL); } - memcpy( p, san.san.unstructured_name.p, san.san.unstructured_name.len ); + memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); p += san.san.unstructured_name.len; n -= san.san.unstructured_name.len; } @@ -1864,7 +1740,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, * Type not supported, skip item. */ default: - ret = mbedtls_snprintf( p, n, "\n%s ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%s ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; break; } @@ -1877,32 +1753,29 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, *size = n; *buf = p; - return( 0 ); + return (0); } -int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san ) -{ +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch( san_buf->tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK ) ) - { + switch (san_buf->tag & + (MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK)) { /* * otherName */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): - { + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): { mbedtls_x509_san_other_name other_name; - ret = x509_get_other_name( san_buf, &other_name ); - if( ret != 0 ) - return( ret ); + ret = x509_get_other_name(san_buf, &other_name); + if (ret != 0) + return (ret); - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy( &san->san.other_name, - &other_name, sizeof( other_name ) ); + memcpy(&san->san.other_name, + &other_name, sizeof(other_name)); } break; @@ -1910,13 +1783,12 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, /* * dNSName */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): - { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): { + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); san->type = MBEDTLS_X509_SAN_DNS_NAME; - memcpy( &san->san.unstructured_name, - san_buf, sizeof( *san_buf ) ); + memcpy(&san->san.unstructured_name, + san_buf, sizeof(*san_buf)); } break; @@ -1925,9 +1797,9 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, * Type not supported */ default: - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + return (MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); } - return( 0 ); + return (0); } #define PRINT_ITEM(i) \ @@ -1941,60 +1813,57 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, if( ns_cert_type & (type) ) \ PRINT_ITEM( name ); -static int x509_info_cert_type( char **buf, size_t *size, - unsigned char ns_cert_type ) -{ +static int x509_info_cert_type(char **buf, size_t *size, + unsigned char ns_cert_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const char *sep = ""; - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); - CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA"); + CERT_TYPE(MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA"); *size = n; *buf = p; - return( 0 ); + return (0); } #define KEY_USAGE(code,name) \ if( key_usage & (code) ) \ PRINT_ITEM( name ); -static int x509_info_key_usage( char **buf, size_t *size, - unsigned int key_usage ) -{ +static int x509_info_key_usage(char **buf, size_t *size, + unsigned int key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n = *size; char *p = *buf; const char *sep = ""; - KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); - KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); - KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); - KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); - KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" ); - KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); - KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); - KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" ); - KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" ); + KEY_USAGE(MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature"); + KEY_USAGE(MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment"); + KEY_USAGE(MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement"); + KEY_USAGE(MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign"); + KEY_USAGE(MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign"); + KEY_USAGE(MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only"); + KEY_USAGE(MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only"); *size = n; *buf = p; - return( 0 ); + return (0); } -static int x509_info_ext_key_usage( char **buf, size_t *size, - const mbedtls_x509_sequence *extended_key_usage ) -{ +static int x509_info_ext_key_usage(char **buf, size_t *size, + const mbedtls_x509_sequence *extended_key_usage) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *desc; size_t n = *size; @@ -2002,12 +1871,11 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, const mbedtls_x509_sequence *cur = extended_key_usage; const char *sep = ""; - while( cur != NULL ) - { - if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) != 0 ) + while (cur != NULL) { + if (mbedtls_oid_get_extended_key_usage(&cur->buf, &desc) != 0) desc = "???"; - ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); + ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -2018,12 +1886,11 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, *size = n; *buf = p; - return( 0 ); + return (0); } -static int x509_info_cert_policies( char **buf, size_t *size, - const mbedtls_x509_sequence *certificate_policies ) -{ +static int x509_info_cert_policies(char **buf, size_t *size, + const mbedtls_x509_sequence *certificate_policies) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *desc; size_t n = *size; @@ -2031,12 +1898,11 @@ static int x509_info_cert_policies( char **buf, size_t *size, const mbedtls_x509_sequence *cur = certificate_policies; const char *sep = ""; - while( cur != NULL ) - { - if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) != 0 ) + while (cur != NULL) { + if (mbedtls_oid_get_certificate_policies(&cur->buf, &desc) != 0) desc = "???"; - ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); + ret = mbedtls_snprintf(p, n, "%s%s", sep, desc); MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -2047,7 +1913,7 @@ static int x509_info_cert_policies( char **buf, size_t *size, *size = n; *buf = p; - return( 0 ); + return (0); } /* @@ -2055,9 +1921,8 @@ static int x509_info_cert_policies( char **buf, size_t *size, */ #define BEFORE_COLON 18 #define BC "18" -int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt ) -{ +int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crt *crt) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; @@ -2066,136 +1931,127 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - if( NULL == crt ) - { - ret = mbedtls_snprintf( p, n, "\nCertificate is uninitialised!\n" ); + if (NULL == crt) { + ret = mbedtls_snprintf(p, n, "\nCertificate is uninitialised!\n"); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return ((int)(size - n)); } - ret = mbedtls_snprintf( p, n, "%scert. version : %d\n", - prefix, crt->version ); + ret = mbedtls_snprintf(p, n, "%scert. version : %d\n", + prefix, crt->version); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "%sserial number : ", - prefix ); + ret = mbedtls_snprintf(p, n, "%sserial number : ", + prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_serial_gets( p, n, &crt->serial ); + ret = mbedtls_x509_serial_gets(p, n, &crt->serial); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sissuer name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%sissuer name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &crt->issuer ); + ret = mbedtls_x509_dn_gets(p, n, &crt->issuer); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &crt->subject ); + ret = mbedtls_x509_dn_gets(p, n, &crt->subject); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sissued on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_from.year, crt->valid_from.mon, - crt->valid_from.day, crt->valid_from.hour, - crt->valid_from.min, crt->valid_from.sec ); + ret = mbedtls_snprintf(p, n, "\n%sissued on : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crt->valid_from.year, crt->valid_from.mon, + crt->valid_from.day, crt->valid_from.hour, + crt->valid_from.min, crt->valid_from.sec); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%sexpires on : " \ - "%04d-%02d-%02d %02d:%02d:%02d", prefix, - crt->valid_to.year, crt->valid_to.mon, - crt->valid_to.day, crt->valid_to.hour, - crt->valid_to.min, crt->valid_to.sec ); + ret = mbedtls_snprintf(p, n, "\n%sexpires on : " \ + "%04d-%02d-%02d %02d:%02d:%02d", prefix, + crt->valid_to.year, crt->valid_to.mon, + crt->valid_to.day, crt->valid_to.hour, + crt->valid_to.min, crt->valid_to.sec); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets( p, n, &crt->sig_oid, crt->sig_pk, - crt->sig_md, crt->sig_opts ); + ret = mbedtls_x509_sig_alg_gets(p, n, &crt->sig_oid, crt->sig_pk, + crt->sig_md, crt->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ - if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, - mbedtls_pk_get_name( &crt->pk ) ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + mbedtls_pk_get_name(&crt->pk))) != 0) { + return (ret); } - ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen( &crt->pk ) ); + ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits", prefix, key_size_str, + (int) mbedtls_pk_get_bitlen(&crt->pk)); MBEDTLS_X509_SAFE_SNPRINTF; /* * Optional extensions */ - if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS ) - { - ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, - crt->ca_istrue ? "true" : "false" ); + if (crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) { + ret = mbedtls_snprintf(p, n, "\n%sbasic constraints : CA=%s", prefix, + crt->ca_istrue ? "true" : "false"); MBEDTLS_X509_SAFE_SNPRINTF; - if( crt->max_pathlen > 0 ) - { - ret = mbedtls_snprintf( p, n, ", max_pathlen=%d", crt->max_pathlen - 1 ); + if (crt->max_pathlen > 0) { + ret = mbedtls_snprintf(p, n, ", max_pathlen=%d", crt->max_pathlen - 1); MBEDTLS_X509_SAFE_SNPRINTF; } } - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) - { - ret = mbedtls_snprintf( p, n, "\n%ssubject alt name :", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { + ret = mbedtls_snprintf(p, n, "\n%ssubject alt name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_subject_alt_name( &p, &n, - &crt->subject_alt_names, - prefix ) ) != 0 ) - return( ret ); + if ((ret = x509_info_subject_alt_name(&p, &n, + &crt->subject_alt_names, + prefix)) != 0) + return (ret); } - if( crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE ) - { - ret = mbedtls_snprintf( p, n, "\n%scert. type : ", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_NS_CERT_TYPE) { + ret = mbedtls_snprintf(p, n, "\n%scert. type : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_cert_type( &p, &n, crt->ns_cert_type ) ) != 0 ) - return( ret ); + if ((ret = x509_info_cert_type(&p, &n, crt->ns_cert_type)) != 0) + return (ret); } - if( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) - { - ret = mbedtls_snprintf( p, n, "\n%skey usage : ", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) { + ret = mbedtls_snprintf(p, n, "\n%skey usage : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 ) - return( ret ); + if ((ret = x509_info_key_usage(&p, &n, crt->key_usage)) != 0) + return (ret); } - if( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) - { - ret = mbedtls_snprintf( p, n, "\n%sext key usage : ", prefix ); + if (crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) { + ret = mbedtls_snprintf(p, n, "\n%sext key usage : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_ext_key_usage( &p, &n, - &crt->ext_key_usage ) ) != 0 ) - return( ret ); + if ((ret = x509_info_ext_key_usage(&p, &n, + &crt->ext_key_usage)) != 0) + return (ret); } - if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES ) - { - ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix ); + if (crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES) { + ret = mbedtls_snprintf(p, n, "\n%scertificate policies : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = x509_info_cert_policies( &p, &n, - &crt->certificate_policies ) ) != 0 ) - return( ret ); + if ((ret = x509_info_cert_policies(&p, &n, + &crt->certificate_policies)) != 0) + return (ret); } - ret = mbedtls_snprintf( p, n, "\n" ); + ret = mbedtls_snprintf(p, n, "\n"); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return ((int)(size - n)); } struct x509_crt_verify_string { @@ -2227,88 +2083,81 @@ static const struct x509_crt_verify_string x509_crt_verify_strings[] = { { 0, NULL } }; -int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ) -{ +int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, + uint32_t flags) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const struct x509_crt_verify_string *cur; char *p = buf; size_t n = size; - for( cur = x509_crt_verify_strings; cur->string != NULL ; cur++ ) - { - if( ( flags & cur->code ) == 0 ) + for (cur = x509_crt_verify_strings; cur->string != NULL ; cur++) { + if ((flags & cur->code) == 0) continue; - ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, cur->string ); + ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, cur->string); MBEDTLS_X509_SAFE_SNPRINTF; flags ^= cur->code; } - if( flags != 0 ) - { - ret = mbedtls_snprintf( p, n, "%sUnknown reason " - "(this should not happen)\n", prefix ); + if (flags != 0) { + ret = mbedtls_snprintf(p, n, "%sUnknown reason " + "(this should not happen)\n", prefix); MBEDTLS_X509_SAFE_SNPRINTF; } - return( (int) ( size - n ) ); + return ((int)(size - n)); } #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) -int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, - unsigned int usage ) -{ +int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, + unsigned int usage) { unsigned int usage_must, usage_may; unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY - | MBEDTLS_X509_KU_DECIPHER_ONLY; + | MBEDTLS_X509_KU_DECIPHER_ONLY; - if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 ) - return( 0 ); + if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) + return (0); usage_must = usage & ~may_mask; - if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); usage_may = usage & may_mask; - if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (((crt->key_usage & may_mask) | usage_may) != usage_may) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - return( 0 ); + return (0); } #endif #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) -int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len ) -{ +int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, + const char *usage_oid, + size_t usage_len) { const mbedtls_x509_sequence *cur; /* Extension is not mandatory, absent means no restriction */ - if( ( crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE ) == 0 ) - return( 0 ); + if ((crt->ext_types & MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE) == 0) + return (0); /* * Look for the requested usage (or wildcard ANY) in our list */ - for( cur = &crt->ext_key_usage; cur != NULL; cur = cur->next ) - { + for (cur = &crt->ext_key_usage; cur != NULL; cur = cur->next) { const mbedtls_x509_buf *cur_oid = &cur->buf; - if( cur_oid->len == usage_len && - memcmp( cur_oid->p, usage_oid, usage_len ) == 0 ) - { - return( 0 ); + if (cur_oid->len == usage_len && + memcmp(cur_oid->p, usage_oid, usage_len) == 0) { + return (0); } - if( MBEDTLS_OID_CMP( MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid ) == 0 ) - return( 0 ); + if (MBEDTLS_OID_CMP(MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE, cur_oid) == 0) + return (0); } - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ @@ -2316,44 +2165,38 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, /* * Return 1 if the certificate is revoked, or 0 otherwise. */ -int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ) -{ +int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl) { const mbedtls_x509_crl_entry *cur = &crl->entry; - while( cur != NULL && cur->serial.len != 0 ) - { - if( crt->serial.len == cur->serial.len && - memcmp( crt->serial.p, cur->serial.p, crt->serial.len ) == 0 ) - { - return( 1 ); + while (cur != NULL && cur->serial.len != 0) { + if (crt->serial.len == cur->serial.len && + memcmp(crt->serial.p, cur->serial.p, crt->serial.len) == 0) { + return (1); } cur = cur->next; } - return( 0 ); + return (0); } /* * Check that the given certificate is not revoked according to the CRL. * Skip validation if no CRL for the given CA is present. */ -static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, - mbedtls_x509_crl *crl_list, - const mbedtls_x509_crt_profile *profile ) -{ +static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, + mbedtls_x509_crl *crl_list, + const mbedtls_x509_crt_profile *profile) { int flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; - if( ca == NULL ) - return( flags ); + if (ca == NULL) + return (flags); - while( crl_list != NULL ) - { - if( crl_list->version == 0 || - x509_name_cmp( &crl_list->issuer, &ca->subject ) != 0 ) - { + while (crl_list != NULL) { + if (crl_list->version == 0 || + x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { crl_list = crl_list->next; continue; } @@ -2362,9 +2205,8 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, * Check if the CA is configured to sign CRLs */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( mbedtls_x509_crt_check_key_usage( ca, - MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) - { + if (mbedtls_x509_crt_check_key_usage(ca, + MBEDTLS_X509_KU_CRL_SIGN) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } @@ -2373,27 +2215,25 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, /* * Check if CRL is correctly signed by the trusted CA */ - if( x509_profile_check_md_alg( profile, crl_list->sig_md ) != 0 ) + if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) flags |= MBEDTLS_X509_BADCRL_BAD_MD; - if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 ) + if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) flags |= MBEDTLS_X509_BADCRL_BAD_PK; - md_info = mbedtls_md_info_from_type( crl_list->sig_md ); - if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 ) - { + md_info = mbedtls_md_info_from_type(crl_list->sig_md); + if (mbedtls_md(md_info, crl_list->tbs.p, crl_list->tbs.len, hash) != 0) { /* Note: this can't happen except after an internal error */ flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } - if( x509_profile_check_key( profile, &ca->pk ) != 0 ) + if (x509_profile_check_key(profile, &ca->pk) != 0) flags |= MBEDTLS_X509_BADCERT_BAD_KEY; - if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk, - crl_list->sig_md, hash, mbedtls_md_get_size( md_info ), - crl_list->sig.p, crl_list->sig.len ) != 0 ) - { + if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, + crl_list->sig_md, hash, mbedtls_md_get_size(md_info), + crl_list->sig.p, crl_list->sig.len) != 0) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } @@ -2401,17 +2241,16 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, /* * Check for validity of CRL (Do not drop out) */ - if( mbedtls_x509_time_is_past( &crl_list->next_update ) ) + if (mbedtls_x509_time_is_past(&crl_list->next_update)) flags |= MBEDTLS_X509_BADCRL_EXPIRED; - if( mbedtls_x509_time_is_future( &crl_list->this_update ) ) + if (mbedtls_x509_time_is_future(&crl_list->this_update)) flags |= MBEDTLS_X509_BADCRL_FUTURE; /* * Check if certificate is revoked */ - if( mbedtls_x509_crt_is_revoked( crt, crl_list ) ) - { + if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { flags |= MBEDTLS_X509_BADCERT_REVOKED; break; } @@ -2419,64 +2258,60 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, crl_list = crl_list->next; } - return( flags ); + return (flags); } #endif /* MBEDTLS_X509_CRL_PARSE_C */ /* * Check the signature of a certificate by its parent */ -static int x509_crt_check_signature( const mbedtls_x509_crt *child, - mbedtls_x509_crt *parent, - mbedtls_x509_crt_restart_ctx *rs_ctx ) -{ +static int x509_crt_check_signature(const mbedtls_x509_crt *child, + mbedtls_x509_crt *parent, + mbedtls_x509_crt_restart_ctx *rs_ctx) { unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t hash_len; #if !defined(MBEDTLS_USE_PSA_CRYPTO) const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type( child->sig_md ); - hash_len = mbedtls_md_get_size( md_info ); + md_info = mbedtls_md_info_from_type(child->sig_md); + hash_len = mbedtls_md_get_size(md_info); /* Note: hash errors can happen only after an internal error */ - if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 ) - return( -1 ); + if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) + return (-1); #else psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md ); + psa_algorithm_t hash_alg = mbedtls_psa_translate_md(child->sig_md); - if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS ) - return( -1 ); + if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) + return (-1); - if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len ) - != PSA_SUCCESS ) - { - return( -1 ); + if (psa_hash_update(&hash_operation, child->tbs.p, child->tbs.len) + != PSA_SUCCESS) { + return (-1); } - if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len ) - != PSA_SUCCESS ) - { - return( -1 ); + if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len) + != PSA_SUCCESS) { + return (-1); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Skip expensive computation on obvious mismatch */ - if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) - return( -1 ); + if (! mbedtls_pk_can_do(&parent->pk, child->sig_pk)) + return (-1); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) - { - return( mbedtls_pk_verify_restartable( &parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len, &rs_ctx->pk ) ); + if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { + return (mbedtls_pk_verify_restartable(&parent->pk, + child->sig_md, hash, hash_len, + child->sig.p, child->sig.len, &rs_ctx->pk)); } #else (void) rs_ctx; #endif - return( mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent->pk, - child->sig_md, hash, hash_len, - child->sig.p, child->sig.len ) ); + return (mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, + child->sig_md, hash, hash_len, + child->sig.p, child->sig.len)); } /* @@ -2485,35 +2320,33 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, * * top means parent is a locally-trusted certificate */ -static int x509_crt_check_parent( const mbedtls_x509_crt *child, - const mbedtls_x509_crt *parent, - int top ) -{ +static int x509_crt_check_parent(const mbedtls_x509_crt *child, + const mbedtls_x509_crt *parent, + int top) { int need_ca_bit; /* Parent must be the issuer */ - if( x509_name_cmp( &child->issuer, &parent->subject ) != 0 ) - return( -1 ); + if (x509_name_cmp(&child->issuer, &parent->subject) != 0) + return (-1); /* Parent must have the basicConstraints CA bit set as a general rule */ need_ca_bit = 1; /* Exception: v1/v2 certificates that are locally trusted. */ - if( top && parent->version < 3 ) + if (top && parent->version < 3) need_ca_bit = 0; - if( need_ca_bit && ! parent->ca_istrue ) - return( -1 ); + if (need_ca_bit && ! parent->ca_istrue) + return (-1); #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( need_ca_bit && - mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) - { - return( -1 ); + if (need_ca_bit && + mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { + return (-1); } #endif - return( 0 ); + return (0); } /* @@ -2560,23 +2393,21 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise */ static int x509_crt_find_parent_in( - mbedtls_x509_crt *child, - mbedtls_x509_crt *candidates, - mbedtls_x509_crt **r_parent, - int *r_signature_is_good, - int top, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx ) -{ + mbedtls_x509_crt *child, + mbedtls_x509_crt *candidates, + mbedtls_x509_crt **r_parent, + int *r_signature_is_good, + int top, + unsigned path_cnt, + unsigned self_cnt, + mbedtls_x509_crt_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *parent, *fallback_parent; int signature_is_good = 0, fallback_signature_is_good; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* did we have something in progress? */ - if( rs_ctx != NULL && rs_ctx->parent != NULL ) - { + if (rs_ctx != NULL && rs_ctx->parent != NULL) { /* restore saved state */ parent = rs_ctx->parent; fallback_parent = rs_ctx->fallback_parent; @@ -2595,16 +2426,14 @@ static int x509_crt_find_parent_in( fallback_parent = NULL; fallback_signature_is_good = 0; - for( parent = candidates; parent != NULL; parent = parent->next ) - { + for (parent = candidates; parent != NULL; parent = parent->next) { /* basic parenting skills (name, CA bit, key usage) */ - if( x509_crt_check_parent( child, parent, top ) != 0 ) + if (x509_crt_check_parent(child, parent, top) != 0) continue; /* +1 because stored max_pathlen is 1 higher that the actual value */ - if( parent->max_pathlen > 0 && - (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt ) - { + if (parent->max_pathlen > 0 && + (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { continue; } @@ -2612,32 +2441,29 @@ static int x509_crt_find_parent_in( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) check_signature: #endif - ret = x509_crt_check_signature( child, parent, rs_ctx ); + ret = x509_crt_check_signature(child, parent, rs_ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent = parent; rs_ctx->fallback_parent = fallback_parent; rs_ctx->fallback_signature_is_good = fallback_signature_is_good; - return( ret ); + return (ret); } #else (void) ret; #endif signature_is_good = ret == 0; - if( top && ! signature_is_good ) + if (top && ! signature_is_good) continue; /* optional time check */ - if( mbedtls_x509_time_is_past( &parent->valid_to ) || - mbedtls_x509_time_is_future( &parent->valid_from ) ) - { - if( fallback_parent == NULL ) - { + if (mbedtls_x509_time_is_past(&parent->valid_to) || + mbedtls_x509_time_is_future(&parent->valid_from)) { + if (fallback_parent == NULL) { fallback_parent = parent; fallback_signature_is_good = signature_is_good; } @@ -2651,13 +2477,12 @@ check_signature: break; } - if( parent == NULL ) - { + if (parent == NULL) { *r_parent = fallback_parent; *r_signature_is_good = fallback_signature_is_good; } - return( 0 ); + return (0); } /* @@ -2683,15 +2508,14 @@ check_signature: * - MBEDTLS_ERR_ECP_IN_PROGRESS otherwise */ static int x509_crt_find_parent( - mbedtls_x509_crt *child, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crt **parent, - int *parent_is_trusted, - int *signature_is_good, - unsigned path_cnt, - unsigned self_cnt, - mbedtls_x509_crt_restart_ctx *rs_ctx ) -{ + mbedtls_x509_crt *child, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crt **parent, + int *parent_is_trusted, + int *signature_is_good, + unsigned path_cnt, + unsigned self_cnt, + mbedtls_x509_crt_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *search_list; @@ -2699,34 +2523,32 @@ static int x509_crt_find_parent( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* restore then clear saved state if we have some stored */ - if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1 ) - { + if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { *parent_is_trusted = rs_ctx->parent_is_trusted; rs_ctx->parent_is_trusted = -1; } #endif - while( 1 ) { + while (1) { search_list = *parent_is_trusted ? trust_ca : child->next; - ret = x509_crt_find_parent_in( child, search_list, - parent, signature_is_good, - *parent_is_trusted, - path_cnt, self_cnt, rs_ctx ); + ret = x509_crt_find_parent_in(child, search_list, + parent, signature_is_good, + *parent_is_trusted, + path_cnt, self_cnt, rs_ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->parent_is_trusted = *parent_is_trusted; - return( ret ); + return (ret); } #else (void) ret; #endif /* stop here if found or already in second iteration */ - if( *parent != NULL || *parent_is_trusted == 0 ) + if (*parent != NULL || *parent_is_trusted == 0) break; /* prepare second iteration */ @@ -2734,13 +2556,12 @@ static int x509_crt_find_parent( } /* extra precaution against mistakes in the caller */ - if( *parent == NULL ) - { + if (*parent == NULL) { *parent_is_trusted = 0; *signature_is_good = 0; } - return( 0 ); + return (0); } /* @@ -2750,27 +2571,24 @@ static int x509_crt_find_parent( * check for self-issued as self-signatures are not checked) */ static int x509_crt_check_ee_locally_trusted( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca ) -{ + mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca) { mbedtls_x509_crt *cur; /* must be self-issued */ - if( x509_name_cmp( &crt->issuer, &crt->subject ) != 0 ) - return( -1 ); + if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) + return (-1); /* look for an exact match with trusted cert */ - for( cur = trust_ca; cur != NULL; cur = cur->next ) - { - if( crt->raw.len == cur->raw.len && - memcmp( crt->raw.p, cur->raw.p, crt->raw.len ) == 0 ) - { - return( 0 ); + for (cur = trust_ca; cur != NULL; cur = cur->next) { + if (crt->raw.len == cur->raw.len && + memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { + return (0); } } /* too bad */ - return( -1 ); + return (-1); } /* @@ -2814,15 +2632,14 @@ static int x509_crt_check_ee_locally_trusted( * even if it was found to be invalid */ static int x509_crt_verify_chain( - mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - mbedtls_x509_crt_verify_chain *ver_chain, - mbedtls_x509_crt_restart_ctx *rs_ctx ) -{ + mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + mbedtls_x509_crt_verify_chain *ver_chain, + mbedtls_x509_crt_restart_ctx *rs_ctx) { /* Don't initialize any of those variables here, so that the compiler can * catch potential issues with jumping ahead when restarting */ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -2838,8 +2655,7 @@ static int x509_crt_verify_chain( #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* resume if we had an operation in progress */ - if( rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent ) - { + if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { /* restore saved state */ *ver_chain = rs_ctx->ver_chain; /* struct copy */ self_cnt = rs_ctx->self_cnt; @@ -2858,7 +2674,7 @@ static int x509_crt_verify_chain( parent_is_trusted = 0; child_is_trusted = 0; - while( 1 ) { + while (1) { /* Add certificate to the verification chain */ cur = &ver_chain->items[ver_chain->len]; cur->crt = child; @@ -2867,28 +2683,27 @@ static int x509_crt_verify_chain( flags = &cur->flags; /* Check time-validity (all certificates) */ - if( mbedtls_x509_time_is_past( &child->valid_to ) ) + if (mbedtls_x509_time_is_past(&child->valid_to)) *flags |= MBEDTLS_X509_BADCERT_EXPIRED; - if( mbedtls_x509_time_is_future( &child->valid_from ) ) + if (mbedtls_x509_time_is_future(&child->valid_from)) *flags |= MBEDTLS_X509_BADCERT_FUTURE; /* Stop here for trusted roots (but not for trusted EE certs) */ - if( child_is_trusted ) - return( 0 ); + if (child_is_trusted) + return (0); /* Check signature algorithm: MD & PK algs */ - if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 ) + if (x509_profile_check_md_alg(profile, child->sig_md) != 0) *flags |= MBEDTLS_X509_BADCERT_BAD_MD; - if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 ) + if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) *flags |= MBEDTLS_X509_BADCERT_BAD_PK; /* Special case: EE certs that are locally trusted */ - if( ver_chain->len == 1 && - x509_crt_check_ee_locally_trusted( child, trust_ca ) == 0 ) - { - return( 0 ); + if (ver_chain->len == 1 && + x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { + return (0); } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) @@ -2898,19 +2713,17 @@ find_parent: /* Obtain list of potential trusted signers from CA callback, * or use statically provided list. */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( f_ca_cb != NULL ) - { - mbedtls_x509_crt_free( ver_chain->trust_ca_cb_result ); - mbedtls_free( ver_chain->trust_ca_cb_result ); + if (f_ca_cb != NULL) { + mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); + mbedtls_free(ver_chain->trust_ca_cb_result); ver_chain->trust_ca_cb_result = NULL; - ret = f_ca_cb( p_ca_cb, child, &ver_chain->trust_ca_cb_result ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); + if (ret != 0) + return (MBEDTLS_ERR_X509_FATAL_ERROR); cur_trust_ca = ver_chain->trust_ca_cb_result; - } - else + } else #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ { ((void) f_ca_cb); @@ -2919,60 +2732,56 @@ find_parent: } /* Look for a parent in trusted CAs or up the chain */ - ret = x509_crt_find_parent( child, cur_trust_ca, &parent, - &parent_is_trusted, &signature_is_good, - ver_chain->len - 1, self_cnt, rs_ctx ); + ret = x509_crt_find_parent(child, cur_trust_ca, &parent, + &parent_is_trusted, &signature_is_good, + ver_chain->len - 1, self_cnt, rs_ctx); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) - { + if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { /* save state */ rs_ctx->in_progress = x509_crt_rs_find_parent; rs_ctx->self_cnt = self_cnt; rs_ctx->ver_chain = *ver_chain; /* struct copy */ - return( ret ); + return (ret); } #else (void) ret; #endif /* No parent? We're done here */ - if( parent == NULL ) - { + if (parent == NULL) { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return( 0 ); + return (0); } /* Count intermediate self-issued (not necessarily self-signed) certs. * These can occur with some strategies for key rollover, see [SIRO], * and should be excluded from max_pathlen checks. */ - if( ver_chain->len != 1 && - x509_name_cmp( &child->issuer, &child->subject ) == 0 ) - { + if (ver_chain->len != 1 && + x509_name_cmp(&child->issuer, &child->subject) == 0) { self_cnt++; } /* path_cnt is 0 for the first intermediate CA, * and if parent is trusted it's not an intermediate CA */ - if( ! parent_is_trusted && - ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) - { + if (! parent_is_trusted && + ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { /* return immediately to avoid overflow the chain array */ - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + return (MBEDTLS_ERR_X509_FATAL_ERROR); } /* signature was checked while searching parent */ - if( ! signature_is_good ) + if (! signature_is_good) *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; /* check size of signing key */ - if( x509_profile_check_key( profile, &parent->pk ) != 0 ) + if (x509_profile_check_key(profile, &parent->pk) != 0) *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; #if defined(MBEDTLS_X509_CRL_PARSE_C) /* Check trusted CA's CRL for the given crt */ - *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile ); + *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile); #else (void) ca_crl; #endif @@ -2988,78 +2797,67 @@ find_parent: /* * Check for CN match */ -static int x509_crt_check_cn( const mbedtls_x509_buf *name, - const char *cn, size_t cn_len ) -{ +static int x509_crt_check_cn(const mbedtls_x509_buf *name, + const char *cn, size_t cn_len) { /* try exact match */ - if( name->len == cn_len && - x509_memcasecmp( cn, name->p, cn_len ) == 0 ) - { - return( 0 ); + if (name->len == cn_len && + x509_memcasecmp(cn, name->p, cn_len) == 0) { + return (0); } /* try wildcard match */ - if( x509_check_wildcard( cn, name ) == 0 ) - { - return( 0 ); + if (x509_check_wildcard(cn, name) == 0) { + return (0); } - return( -1 ); + return (-1); } /* * Check for SAN match, see RFC 5280 Section 4.2.1.6 */ -static int x509_crt_check_san( const mbedtls_x509_buf *name, - const char *cn, size_t cn_len ) -{ +static int x509_crt_check_san(const mbedtls_x509_buf *name, + const char *cn, size_t cn_len) { const unsigned char san_type = (unsigned char) name->tag & MBEDTLS_ASN1_TAG_VALUE_MASK; /* dNSName */ - if( san_type == MBEDTLS_X509_SAN_DNS_NAME ) - return( x509_crt_check_cn( name, cn, cn_len ) ); + if (san_type == MBEDTLS_X509_SAN_DNS_NAME) + return (x509_crt_check_cn(name, cn, cn_len)); /* (We may handle other types here later.) */ /* Unrecognized type */ - return( -1 ); + return (-1); } /* * Verify the requested CN - only call this if cn is not NULL! */ -static void x509_crt_verify_name( const mbedtls_x509_crt *crt, - const char *cn, - uint32_t *flags ) -{ +static void x509_crt_verify_name(const mbedtls_x509_crt *crt, + const char *cn, + uint32_t *flags) { const mbedtls_x509_name *name; const mbedtls_x509_sequence *cur; - size_t cn_len = strlen( cn ); + size_t cn_len = strlen(cn); - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) - { - for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) - { - if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 ) + if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { + for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) { + if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) break; } - if( cur == NULL ) + if (cur == NULL) *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - } - else - { - for( name = &crt->subject; name != NULL; name = name->next ) - { - if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && - x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) - { + } else { + for (name = &crt->subject; name != NULL; name = name->next) { + if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && + x509_crt_check_cn(&name->val, cn, cn_len) == 0) { break; } } - if( name == NULL ) + if (name == NULL) *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; } } @@ -3068,29 +2866,27 @@ static void x509_crt_verify_name( const mbedtls_x509_crt *crt, * Merge the flags for all certs in the chain, after calling callback */ static int x509_crt_merge_flags_with_cb( - uint32_t *flags, - const mbedtls_x509_crt_verify_chain *ver_chain, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ + uint32_t *flags, + const mbedtls_x509_crt_verify_chain *ver_chain, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned i; uint32_t cur_flags; const mbedtls_x509_crt_verify_chain_item *cur; - for( i = ver_chain->len; i != 0; --i ) - { - cur = &ver_chain->items[i-1]; + for (i = ver_chain->len; i != 0; --i) { + cur = &ver_chain->items[i - 1]; cur_flags = cur->flags; - if( NULL != f_vrfy ) - if( ( ret = f_vrfy( p_vrfy, cur->crt, (int) i-1, &cur_flags ) ) != 0 ) - return( ret ); + if (NULL != f_vrfy) + if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i - 1, &cur_flags)) != 0) + return (ret); *flags |= cur_flags; } - return( 0 ); + return (0); } /* @@ -3110,17 +2906,16 @@ static int x509_crt_merge_flags_with_cb( * of trusted signers, and `ca_crl` will be use as the static list * of CRLs. */ -static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ) -{ +static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_pk_type_t pk_type; mbedtls_x509_crt_verify_chain ver_chain; @@ -3128,105 +2923,101 @@ static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, *flags = 0; ee_flags = 0; - x509_crt_verify_chain_reset( &ver_chain ); + x509_crt_verify_chain_reset(&ver_chain); - if( profile == NULL ) - { + if (profile == NULL) { ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; goto exit; } /* check name if requested */ - if( cn != NULL ) - x509_crt_verify_name( crt, cn, &ee_flags ); + if (cn != NULL) + x509_crt_verify_name(crt, cn, &ee_flags); /* Check the type and size of the key */ - pk_type = mbedtls_pk_get_type( &crt->pk ); + pk_type = mbedtls_pk_get_type(&crt->pk); - if( x509_profile_check_pk_alg( profile, pk_type ) != 0 ) + if (x509_profile_check_pk_alg(profile, pk_type) != 0) ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; - if( x509_profile_check_key( profile, &crt->pk ) != 0 ) + if (x509_profile_check_key(profile, &crt->pk) != 0) ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; /* Check the chain */ - ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, - f_ca_cb, p_ca_cb, profile, - &ver_chain, rs_ctx ); + ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, + f_ca_cb, p_ca_cb, profile, + &ver_chain, rs_ctx); - if( ret != 0 ) + if (ret != 0) goto exit; /* Merge end-entity flags */ ver_chain.items[0].flags |= ee_flags; /* Build final flags, calling callback on the way if any */ - ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); + ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); exit: #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_free( ver_chain.trust_ca_cb_result ); - mbedtls_free( ver_chain.trust_ca_cb_result ); + mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); + mbedtls_free(ver_chain.trust_ca_cb_result); ver_chain.trust_ca_cb_result = NULL; #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) - mbedtls_x509_crt_restart_free( rs_ctx ); + if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) + mbedtls_x509_crt_restart_free(rs_ctx); #endif /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by * the SSL module for authmode optional, but non-zero return from the * callback means a fatal error so it shouldn't be ignored */ - if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) + if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) ret = MBEDTLS_ERR_X509_FATAL_ERROR; - if( ret != 0 ) - { + if (ret != 0) { *flags = (uint32_t) -1; - return( ret ); + return (ret); } - if( *flags != 0 ) - return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); + if (*flags != 0) + return (MBEDTLS_ERR_X509_CERT_VERIFY_FAILED); - return( 0 ); + return (0); } /* * Verify the certificate validity (default profile, not restartable) */ -int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, - NULL, NULL, - &mbedtls_x509_crt_profile_default, - cn, flags, - f_vrfy, p_vrfy, NULL ) ); +int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { + return (x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, + NULL, NULL, + &mbedtls_x509_crt_profile_default, + cn, flags, + f_vrfy, p_vrfy, NULL)); } /* * Verify the certificate validity (user-chosen profile, not restartable) */ -int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, NULL ) ); +int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { + return (x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, + NULL, NULL, + profile, cn, flags, + f_vrfy, p_vrfy, NULL)); } #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -3234,50 +3025,46 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * Verify the certificate validity (user-chosen profile, CA callback, * not restartable). */ -int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ) -{ - return( x509_crt_verify_restartable_ca_cb( crt, NULL, NULL, - f_ca_cb, p_ca_cb, - profile, cn, flags, - f_vrfy, p_vrfy, NULL ) ); +int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy) { + return (x509_crt_verify_restartable_ca_cb(crt, NULL, NULL, + f_ca_cb, p_ca_cb, + profile, cn, flags, + f_vrfy, p_vrfy, NULL)); } #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ) -{ - return( x509_crt_verify_restartable_ca_cb( crt, trust_ca, ca_crl, - NULL, NULL, - profile, cn, flags, - f_vrfy, p_vrfy, rs_ctx ) ); +int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx) { + return (x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, + NULL, NULL, + profile, cn, flags, + f_vrfy, p_vrfy, rs_ctx)); } /* * Initialize a certificate chain */ -void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) -{ - memset( crt, 0, sizeof(mbedtls_x509_crt) ); +void mbedtls_x509_crt_init(mbedtls_x509_crt *crt) { + memset(crt, 0, sizeof(mbedtls_x509_crt)); } /* * Unallocate all certificate data */ -void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) -{ +void mbedtls_x509_crt_free(mbedtls_x509_crt *crt) { mbedtls_x509_crt *cert_cur = crt; mbedtls_x509_crt *cert_prv; mbedtls_x509_name *name_cur; @@ -3285,95 +3072,84 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) mbedtls_x509_sequence *seq_cur; mbedtls_x509_sequence *seq_prv; - if( crt == NULL ) + if (crt == NULL) return; - do - { - mbedtls_pk_free( &cert_cur->pk ); + do { + mbedtls_pk_free(&cert_cur->pk); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free( cert_cur->sig_opts ); + mbedtls_free(cert_cur->sig_opts); #endif name_cur = cert_cur->issuer.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } name_cur = cert_cur->subject.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } seq_cur = cert_cur->ext_key_usage.next; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } seq_cur = cert_cur->subject_alt_names.next; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } seq_cur = cert_cur->certificate_policies.next; - while( seq_cur != NULL ) - { + while (seq_cur != NULL) { seq_prv = seq_cur; seq_cur = seq_cur->next; - mbedtls_platform_zeroize( seq_prv, - sizeof( mbedtls_x509_sequence ) ); - mbedtls_free( seq_prv ); + mbedtls_platform_zeroize(seq_prv, + sizeof(mbedtls_x509_sequence)); + mbedtls_free(seq_prv); } - if( cert_cur->raw.p != NULL && cert_cur->own_buffer ) - { - mbedtls_platform_zeroize( cert_cur->raw.p, cert_cur->raw.len ); - mbedtls_free( cert_cur->raw.p ); + if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { + mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len); + mbedtls_free(cert_cur->raw.p); } cert_cur = cert_cur->next; - } - while( cert_cur != NULL ); + } while (cert_cur != NULL); cert_cur = crt; - do - { + do { cert_prv = cert_cur; cert_cur = cert_cur->next; - mbedtls_platform_zeroize( cert_prv, sizeof( mbedtls_x509_crt ) ); - if( cert_prv != crt ) - mbedtls_free( cert_prv ); - } - while( cert_cur != NULL ); + mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); + if (cert_prv != crt) + mbedtls_free(cert_prv); + } while (cert_cur != NULL); } #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* * Initialize a restart context */ -void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) -{ - mbedtls_pk_restart_init( &ctx->pk ); +void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx) { + mbedtls_pk_restart_init(&ctx->pk); ctx->parent = NULL; ctx->fallback_parent = NULL; @@ -3383,19 +3159,18 @@ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) ctx->in_progress = x509_crt_rs_none; ctx->self_cnt = 0; - x509_crt_verify_chain_reset( &ctx->ver_chain ); + x509_crt_verify_chain_reset(&ctx->ver_chain); } /* * Free the components of a restart context */ -void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) -{ - if( ctx == NULL ) +void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) { + if (ctx == NULL) return; - mbedtls_pk_restart_free( &ctx->pk ); - mbedtls_x509_crt_restart_init( ctx ); + mbedtls_pk_restart_free(&ctx->pk); + mbedtls_x509_crt_restart_init(ctx); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/common/mbedtls/x509_crt.h b/common/mbedtls/x509_crt.h index 8e389f8c0..5ef2510f9 100644 --- a/common/mbedtls/x509_crt.h +++ b/common/mbedtls/x509_crt.h @@ -49,8 +49,7 @@ extern "C" { /** * Container for an X.509 certificate. The certificate may be chained. */ -typedef struct mbedtls_x509_crt -{ +typedef struct mbedtls_x509_crt { int own_buffer; /**< Indicates if \c raw is owned * by the structure or not. */ mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ @@ -104,24 +103,21 @@ mbedtls_x509_crt; * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id } */ -typedef struct mbedtls_x509_san_other_name -{ +typedef struct mbedtls_x509_san_other_name { /** * The type_id is an OID as deifned in RFC 5280. * To check the value of the type id, you should use * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. */ mbedtls_x509_buf type_id; /**< The type id. */ - union - { + union { /** * From RFC 4108 section 5: * HardwareModuleName ::= SEQUENCE { * hwType OBJECT IDENTIFIER, * hwSerialNum OCTET STRING } */ - struct - { + struct { mbedtls_x509_buf oid; /**< The object identifier. */ mbedtls_x509_buf val; /**< The named value. */ } @@ -134,8 +130,7 @@ mbedtls_x509_san_other_name; /** * A structure for holding the parsed Subject Alternative Name, according to type */ -typedef struct mbedtls_x509_subject_alternative_name -{ +typedef struct mbedtls_x509_subject_alternative_name { int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ @@ -156,8 +151,7 @@ mbedtls_x509_subject_alternative_name; * * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). */ -typedef struct mbedtls_x509_crt_profile -{ +typedef struct mbedtls_x509_crt_profile { uint32_t allowed_mds; /**< MDs for signatures */ uint32_t allowed_pks; /**< PK algs for signatures */ uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ @@ -179,8 +173,7 @@ mbedtls_x509_crt_profile; /** * Container for writing a certificate (CRT) */ -typedef struct mbedtls_x509write_cert -{ +typedef struct mbedtls_x509write_cert { int version; mbedtls_mpi serial; mbedtls_pk_context *subject_key; @@ -210,8 +203,7 @@ typedef struct { /** * Verification chain as built by \c mbedtls_crt_verify_chain() */ -typedef struct -{ +typedef struct { mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; unsigned len; @@ -229,8 +221,7 @@ typedef struct /** * \brief Context for resuming X.509 verify operations */ -typedef struct -{ +typedef struct { /* for check_signature() */ mbedtls_pk_restart_ctx pk; @@ -297,9 +288,9 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ); +int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen); /** * \brief The type of certificate extension callbacks. @@ -331,12 +322,12 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \return \c 0 on success. * \return A negative error code on failure. */ -typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, - mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - const unsigned char *p, - const unsigned char *end ); +typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, + mbedtls_x509_crt const *crt, + mbedtls_x509_buf const *oid, + int critical, + const unsigned char *p, + const unsigned char *end); /** * \brief Parse a single DER formatted certificate and add it @@ -378,12 +369,12 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - int make_copy, - mbedtls_x509_crt_ext_cb_t cb, - void *p_ctx ); +int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + int make_copy, + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx); /** * \brief Parse a single DER formatted certificate and add it @@ -412,9 +403,9 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen ); +int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen); /** * \brief Parse one DER-encoded or one or more concatenated PEM-encoded @@ -446,7 +437,7 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, * \return A negative X509 or PEM error code otherwise. * */ -int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); +int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen); #if defined(MBEDTLS_FS_IO) /** @@ -462,7 +453,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, s * \return 0 if all certificates parsed successfully, a positive number * if partly successful or a specific X509 or PEM error code */ -int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); +int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); /** * \brief Load one or more certificate files from a path and add them @@ -477,7 +468,7 @@ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); * \return 0 if all certificates parsed successfully, a positive number * if partly successful or a specific X509 or PEM error code */ -int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); +int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); #endif /* MBEDTLS_FS_IO */ /** @@ -507,8 +498,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); * SAN type. * \return Another negative value for any other failure. */ -int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san ); +int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san); /** * \brief Returns an informational string about the * certificate. @@ -521,8 +512,8 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_crt *crt ); +int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_crt *crt); /** * \brief Returns an informational string about the @@ -536,8 +527,8 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ); +int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, + uint32_t flags); /** * \brief Verify a chain of certificates. @@ -605,12 +596,12 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \return Another negative error code in case of a fatal error * encountered during the verification process. */ -int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); /** * \brief Verify a chain of certificates with respect to @@ -646,13 +637,13 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, * \return Another negative error code in case of a fatal error * encountered during the verification process. */ -int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); /** * \brief Restartable version of \c mbedtls_crt_verify_with_profile() @@ -680,14 +671,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ -int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, - mbedtls_x509_crt *trust_ca, - mbedtls_x509_crl *ca_crl, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy, - mbedtls_x509_crt_restart_ctx *rs_ctx ); +int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, + mbedtls_x509_crt *trust_ca, + mbedtls_x509_crl *ca_crl, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy, + mbedtls_x509_crt_restart_ctx *rs_ctx); /** * \brief The type of trusted certificate callbacks. @@ -719,9 +710,9 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, * to the caller. * \return A negative error code on failure. */ -typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, - mbedtls_x509_crt const *child, - mbedtls_x509_crt **candidate_cas ); +typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx, + mbedtls_x509_crt const *child, + mbedtls_x509_crt **candidate_cas); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /** @@ -746,13 +737,13 @@ typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, * * \return See \c mbedtls_crt_verify_with_profile(). */ -int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, - mbedtls_x509_crt_ca_cb_t f_ca_cb, - void *p_ca_cb, - const mbedtls_x509_crt_profile *profile, - const char *cn, uint32_t *flags, - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), - void *p_vrfy ); +int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, + mbedtls_x509_crt_ca_cb_t f_ca_cb, + void *p_ca_cb, + const mbedtls_x509_crt_profile *profile, + const char *cn, uint32_t *flags, + int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), + void *p_vrfy); #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ @@ -778,8 +769,8 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, * (intermediate) CAs the keyUsage extension is automatically * checked by \c mbedtls_x509_crt_verify(). */ -int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, - unsigned int usage ); +int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, + unsigned int usage); #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */ #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) @@ -796,9 +787,9 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, * * \note Usually only makes sense on leaf certificates. */ -int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, - const char *usage_oid, - size_t usage_len ); +int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, + const char *usage_oid, + size_t usage_len); #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -811,7 +802,7 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, * \return 1 if the certificate is revoked, 0 otherwise * */ -int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ); +int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl); #endif /* MBEDTLS_X509_CRL_PARSE_C */ /** @@ -819,25 +810,25 @@ int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509 * * \param crt Certificate chain to initialize */ -void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ); +void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); /** * \brief Unallocate all certificate data * * \param crt Certificate chain to free */ -void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ); +void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /** * \brief Initialize a restart context */ -void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ); +void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); /** * \brief Free the components of a restart context */ -void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); +void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -850,7 +841,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); * * \param ctx CRT context to initialize */ -void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); +void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx); /** * \brief Set the verion for a Certificate @@ -860,7 +851,7 @@ void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or * MBEDTLS_X509_CRT_VERSION_3) */ -void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ); +void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version); /** * \brief Set the serial number for a Certificate. @@ -870,7 +861,7 @@ void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version * * \return 0 if successful */ -int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ); +int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial); /** * \brief Set the validity period for a Certificate @@ -886,8 +877,8 @@ int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls * \return 0 if timestamp was parsed successfully, or * a specific error code */ -int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, - const char *not_after ); +int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, + const char *not_after); /** * \brief Set the issuer name for a Certificate @@ -901,8 +892,8 @@ int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char * \return 0 if issuer name was parsed successfully, or * a specific error code */ -int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, - const char *issuer_name ); +int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, + const char *issuer_name); /** * \brief Set the subject name for a Certificate @@ -916,8 +907,8 @@ int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, * \return 0 if subject name was parsed successfully, or * a specific error code */ -int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, - const char *subject_name ); +int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, + const char *subject_name); /** * \brief Set the subject public key for the certificate @@ -925,7 +916,7 @@ int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, * \param ctx CRT context to use * \param key public key to include */ -void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); +void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); /** * \brief Set the issuer key used for signing the certificate @@ -933,7 +924,7 @@ void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls * \param ctx CRT context to use * \param key private key to sign with */ -void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); +void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); /** * \brief Set the MD algorithm to use for the signature @@ -942,7 +933,7 @@ void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_ * \param ctx CRT context to use * \param md_alg MD algorithm to use */ -void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ); +void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg); /** * \brief Generic function to add to or replace an extension in the @@ -957,10 +948,10 @@ void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_t * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len ); +int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, + const char *oid, size_t oid_len, + int critical, + const unsigned char *val, size_t val_len); /** * \brief Set the basicConstraints extension for a CRT @@ -973,8 +964,8 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen ); +int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, + int is_ca, int max_pathlen); #if defined(MBEDTLS_SHA1_C) /** @@ -986,7 +977,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ); +int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); /** * \brief Set the authorityKeyIdentifier extension for a CRT @@ -997,7 +988,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ); +int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); #endif /* MBEDTLS_SHA1_C */ /** @@ -1009,8 +1000,8 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * * * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, - unsigned int key_usage ); +int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, + unsigned int key_usage); /** * \brief Set the Netscape Cert Type flags @@ -1021,15 +1012,15 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, * * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type ); +int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, + unsigned char ns_cert_type); /** * \brief Free the contents of a CRT write context * * \param ctx CRT context to free */ -void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); +void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); /** * \brief Write a built up certificate to a X509 DER structure @@ -1051,9 +1042,9 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -1072,9 +1063,9 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/common/mbedtls/x509_csr.c b/common/mbedtls/x509_csr.c index 5463f8a9e..80ee5cd83 100644 --- a/common/mbedtls/x509_csr.c +++ b/common/mbedtls/x509_csr.c @@ -59,56 +59,52 @@ /* * Version ::= INTEGER { v1(0) } */ -static int x509_csr_get_version( unsigned char **p, - const unsigned char *end, - int *ver ) -{ +static int x509_csr_get_version(unsigned char **p, + const unsigned char *end, + int *ver) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - { - if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - { + if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { *ver = 0; - return( 0 ); + return (0); } - return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); + return (MBEDTLS_ERR_X509_INVALID_VERSION + ret); } - return( 0 ); + return (0); } /* * Parse a CSR in DER format */ -int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen ) -{ +int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params; - memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) ); + memset(&sig_params, 0, sizeof(mbedtls_x509_buf)); /* * Check for valid input */ - if( csr == NULL || buf == NULL || buflen == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (csr == NULL || buf == NULL || buflen == 0) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - mbedtls_x509_csr_init( csr ); + mbedtls_x509_csr_init(csr); /* * first copy the raw DER data */ - p = mbedtls_calloc( 1, len = buflen ); + p = mbedtls_calloc(1, len = buflen); - if( p == NULL ) - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if (p == NULL) + return (MBEDTLS_ERR_X509_ALLOC_FAILED); - memcpy( p, buf, buflen ); + memcpy(p, buf, buflen); csr->raw.p = p; csr->raw.len = len; @@ -121,18 +117,16 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * signature BIT STRING * } */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_INVALID_FORMAT); } - if( len != (size_t) ( end - p ) ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (len != (size_t)(end - p)) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } /* @@ -140,11 +134,10 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ csr->cri.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } end = p + len; @@ -153,16 +146,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * Version ::= INTEGER { v1(0) } */ - if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = x509_csr_get_version(&p, end, &csr->version)) != 0) { + mbedtls_x509_csr_free(csr); + return (ret); } - if( csr->version != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); + if (csr->version != 0) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_UNKNOWN_VERSION); } csr->version++; @@ -172,17 +163,15 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, */ csr->subject_raw.p = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } - if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_x509_get_name(&p, p + len, &csr->subject)) != 0) { + mbedtls_x509_csr_free(csr); + return (ret); } csr->subject_raw.len = p - csr->subject_raw.p; @@ -190,10 +179,9 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, /* * subjectPKInfo SubjectPublicKeyInfo */ - if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &csr->pk)) != 0) { + mbedtls_x509_csr_free(csr); + return (ret); } /* @@ -206,11 +194,10 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * the requester's expectations - this cannot cause a violation of our * signature policies. */ - if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + ret); } p += len; @@ -221,41 +208,36 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING */ - if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_x509_get_alg(&p, end, &csr->sig_oid, &sig_params)) != 0) { + mbedtls_x509_csr_free(csr); + return (ret); } - if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params, - &csr->sig_md, &csr->sig_pk, - &csr->sig_opts ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG ); + if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params, + &csr->sig_md, &csr->sig_pk, + &csr->sig_opts)) != 0) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG); } - if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 ) - { - mbedtls_x509_csr_free( csr ); - return( ret ); + if ((ret = mbedtls_x509_get_sig(&p, end, &csr->sig)) != 0) { + mbedtls_x509_csr_free(csr); + return (ret); } - if( p != end ) - { - mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + if (p != end) { + mbedtls_x509_csr_free(csr); + return (MBEDTLS_ERR_X509_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - return( 0 ); + return (0); } /* * Parse a CSR, allowing for PEM or raw DER encoding */ -int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) -{ +int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen) { #if defined(MBEDTLS_PEM_PARSE_C) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t use_len; @@ -265,61 +247,57 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz /* * Check for valid input */ - if( csr == NULL || buf == NULL || buflen == 0 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (csr == NULL || buf == NULL || buflen == 0) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); #if defined(MBEDTLS_PEM_PARSE_C) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ - if( buf[buflen - 1] == '\0' ) - { - mbedtls_pem_init( &pem ); - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN CERTIFICATE REQUEST-----", - "-----END CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len ); - if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - ret = mbedtls_pem_read_buffer( &pem, - "-----BEGIN NEW CERTIFICATE REQUEST-----", - "-----END NEW CERTIFICATE REQUEST-----", - buf, NULL, 0, &use_len ); + if (buf[buflen - 1] == '\0') { + mbedtls_pem_init(&pem); + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN CERTIFICATE REQUEST-----", + "-----END CERTIFICATE REQUEST-----", + buf, NULL, 0, &use_len); + if (ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { + ret = mbedtls_pem_read_buffer(&pem, + "-----BEGIN NEW CERTIFICATE REQUEST-----", + "-----END NEW CERTIFICATE REQUEST-----", + buf, NULL, 0, &use_len); } - if( ret == 0 ) - { + if (ret == 0) { /* * Was PEM encoded, parse the result */ - ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ); + ret = mbedtls_x509_csr_parse_der(csr, pem.buf, pem.buflen); } - mbedtls_pem_free( &pem ); - if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); + mbedtls_pem_free(&pem); + if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) + return (ret); } #endif /* MBEDTLS_PEM_PARSE_C */ - return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) ); + return (mbedtls_x509_csr_parse_der(csr, buf, buflen)); } #if defined(MBEDTLS_FS_IO) /* * Load a CSR into the structure */ -int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) -{ +int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; unsigned char *buf; - if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) + return (ret); - ret = mbedtls_x509_csr_parse( csr, buf, n ); + ret = mbedtls_x509_csr_parse(csr, buf, n); - mbedtls_platform_zeroize( buf, n ); - mbedtls_free( buf ); + mbedtls_platform_zeroize(buf, n); + mbedtls_free(buf); - return( ret ); + return (ret); } #endif /* MBEDTLS_FS_IO */ @@ -328,9 +306,8 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) /* * Return an informational string about the CSR. */ -int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr ) -{ +int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_csr *csr) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; char *p; @@ -339,76 +316,71 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, p = buf; n = size; - ret = mbedtls_snprintf( p, n, "%sCSR version : %d", - prefix, csr->version ); + ret = mbedtls_snprintf(p, n, "%sCSR version : %d", + prefix, csr->version); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssubject name : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_dn_gets( p, n, &csr->subject ); + ret = mbedtls_x509_dn_gets(p, n, &csr->subject); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix ); + ret = mbedtls_snprintf(p, n, "\n%ssigned using : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; - ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, - csr->sig_opts ); + ret = mbedtls_x509_sig_alg_gets(p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md, + csr->sig_opts); MBEDTLS_X509_SAFE_SNPRINTF; - if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, - mbedtls_pk_get_name( &csr->pk ) ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_x509_key_size_helper(key_size_str, BEFORE_COLON, + mbedtls_pk_get_name(&csr->pk))) != 0) { + return (ret); } - ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, - (int) mbedtls_pk_get_bitlen( &csr->pk ) ); + ret = mbedtls_snprintf(p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, + (int) mbedtls_pk_get_bitlen(&csr->pk)); MBEDTLS_X509_SAFE_SNPRINTF; - return( (int) ( size - n ) ); + return ((int)(size - n)); } /* * Initialize a CSR */ -void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ) -{ - memset( csr, 0, sizeof(mbedtls_x509_csr) ); +void mbedtls_x509_csr_init(mbedtls_x509_csr *csr) { + memset(csr, 0, sizeof(mbedtls_x509_csr)); } /* * Unallocate all CSR data */ -void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ) -{ +void mbedtls_x509_csr_free(mbedtls_x509_csr *csr) { mbedtls_x509_name *name_cur; mbedtls_x509_name *name_prv; - if( csr == NULL ) + if (csr == NULL) return; - mbedtls_pk_free( &csr->pk ); + mbedtls_pk_free(&csr->pk); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - mbedtls_free( csr->sig_opts ); + mbedtls_free(csr->sig_opts); #endif name_cur = csr->subject.next; - while( name_cur != NULL ) - { + while (name_cur != NULL) { name_prv = name_cur; name_cur = name_cur->next; - mbedtls_platform_zeroize( name_prv, sizeof( mbedtls_x509_name ) ); - mbedtls_free( name_prv ); + mbedtls_platform_zeroize(name_prv, sizeof(mbedtls_x509_name)); + mbedtls_free(name_prv); } - if( csr->raw.p != NULL ) - { - mbedtls_platform_zeroize( csr->raw.p, csr->raw.len ); - mbedtls_free( csr->raw.p ); + if (csr->raw.p != NULL) { + mbedtls_platform_zeroize(csr->raw.p, csr->raw.len); + mbedtls_free(csr->raw.p); } - mbedtls_platform_zeroize( csr, sizeof( mbedtls_x509_csr ) ); + mbedtls_platform_zeroize(csr, sizeof(mbedtls_x509_csr)); } #endif /* MBEDTLS_X509_CSR_PARSE_C */ diff --git a/common/mbedtls/x509_csr.h b/common/mbedtls/x509_csr.h index b1dfc21f1..dc0bddaae 100644 --- a/common/mbedtls/x509_csr.h +++ b/common/mbedtls/x509_csr.h @@ -46,8 +46,7 @@ extern "C" { /** * Certificate Signing Request (CSR) structure. */ -typedef struct mbedtls_x509_csr -{ +typedef struct mbedtls_x509_csr { mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ @@ -69,8 +68,7 @@ mbedtls_x509_csr; /** * Container for writing a CSR */ -typedef struct mbedtls_x509write_csr -{ +typedef struct mbedtls_x509write_csr { mbedtls_pk_context *key; mbedtls_asn1_named_data *subject; mbedtls_md_type_t md_alg; @@ -90,8 +88,8 @@ mbedtls_x509write_csr; * * \return 0 if successful, or a specific X509 error code */ -int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, - const unsigned char *buf, size_t buflen ); +int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, + const unsigned char *buf, size_t buflen); /** * \brief Load a Certificate Signing Request (CSR), DER or PEM format @@ -105,7 +103,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ); +int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen); #if defined(MBEDTLS_FS_IO) /** @@ -118,7 +116,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz * * \return 0 if successful, or a specific X509 or PEM error code */ -int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); +int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path); #endif /* MBEDTLS_FS_IO */ /** @@ -133,22 +131,22 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ -int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, - const mbedtls_x509_csr *csr ); +int mbedtls_x509_csr_info(char *buf, size_t size, const char *prefix, + const mbedtls_x509_csr *csr); /** * \brief Initialize a CSR * * \param csr CSR to initialize */ -void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ); +void mbedtls_x509_csr_init(mbedtls_x509_csr *csr); /** * \brief Unallocate all CSR data * * \param csr CSR to free */ -void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ); +void mbedtls_x509_csr_free(mbedtls_x509_csr *csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ /* \} name */ @@ -160,7 +158,7 @@ void mbedtls_x509_csr_free( mbedtls_x509_csr *csr ); * * \param ctx CSR context to initialize */ -void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ); +void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx); /** * \brief Set the subject name for a CSR @@ -174,8 +172,8 @@ void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ); * \return 0 if subject name was parsed successfully, or * a specific error code */ -int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, - const char *subject_name ); +int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, + const char *subject_name); /** * \brief Set the key for a CSR (public key will be included, @@ -184,7 +182,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, * \param ctx CSR context to use * \param key Asymetric key to include */ -void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ); +void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key); /** * \brief Set the MD algorithm to use for the signature @@ -193,7 +191,7 @@ void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_conte * \param ctx CSR context to use * \param md_alg MD algorithm to use */ -void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ); +void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg); /** * \brief Set the Key Usage Extension flags @@ -212,7 +210,7 @@ void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_ty * #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this * function. */ -int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage ); +int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage); /** * \brief Set the Netscape Cert Type flags @@ -223,8 +221,8 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch * * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type ); +int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, + unsigned char ns_cert_type); /** * \brief Generic function to add to or replace an extension in the @@ -238,16 +236,16 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, * * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED */ -int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - const unsigned char *val, size_t val_len ); +int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, + const char *oid, size_t oid_len, + const unsigned char *val, size_t val_len); /** * \brief Free the contents of a CSR context * * \param ctx CSR context to free */ -void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); +void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); /** * \brief Write a CSR (Certificate Signing Request) to a @@ -270,9 +268,9 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #if defined(MBEDTLS_PEM_WRITE_C) /** @@ -292,9 +290,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * for countermeasures against timing attacks). * ECDSA signatures always require a non-NULL f_rng. */ -int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ diff --git a/common/mbedtls/x509write_crt.c b/common/mbedtls/x509write_crt.c index 498b8b0a0..80797578b 100644 --- a/common/mbedtls/x509write_crt.c +++ b/common/mbedtls/x509write_crt.c @@ -40,293 +40,269 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); +void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { + memset(ctx, 0, sizeof(mbedtls_x509write_cert)); - mbedtls_mpi_init( &ctx->serial ); + mbedtls_mpi_init(&ctx->serial); ctx->version = MBEDTLS_X509_CRT_VERSION_3; } -void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) -{ - mbedtls_mpi_free( &ctx->serial ); +void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx) { + mbedtls_mpi_free(&ctx->serial); - mbedtls_asn1_free_named_data_list( &ctx->subject ); - mbedtls_asn1_free_named_data_list( &ctx->issuer ); - mbedtls_asn1_free_named_data_list( &ctx->extensions ); + mbedtls_asn1_free_named_data_list(&ctx->subject); + mbedtls_asn1_free_named_data_list(&ctx->issuer); + mbedtls_asn1_free_named_data_list(&ctx->extensions); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert)); } -void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, - int version ) -{ +void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, + int version) { ctx->version = version; } -void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, - mbedtls_md_type_t md_alg ) -{ +void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, + mbedtls_md_type_t md_alg) { ctx->md_alg = md_alg; } -void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key ) -{ +void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, + mbedtls_pk_context *key) { ctx->subject_key = key; } -void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, - mbedtls_pk_context *key ) -{ +void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, + mbedtls_pk_context *key) { ctx->issuer_key = key; } -int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, - const char *subject_name ) -{ - return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); +int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, + const char *subject_name) { + return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } -int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, - const char *issuer_name ) -{ - return mbedtls_x509_string_to_names( &ctx->issuer, issuer_name ); +int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, + const char *issuer_name) { + return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name); } -int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, - const mbedtls_mpi *serial ) -{ +int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, + const mbedtls_mpi *serial) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 ) - return( ret ); + if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) + return (ret); - return( 0 ); + return (0); } -int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, - const char *not_before, - const char *not_after ) -{ - if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || - strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ) - { - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); +int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, + const char *not_before, + const char *not_after) { + if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 || + strlen(not_after) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) { + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); } - strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN ); - strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN ); + strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); + strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN); ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z'; - return( 0 ); + return (0); } -int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, - const char *oid, size_t oid_len, - int critical, - const unsigned char *val, size_t val_len ) -{ - return( mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, - critical, val, val_len ) ); +int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, + const char *oid, size_t oid_len, + int critical, + const unsigned char *val, size_t val_len) { + return (mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, + critical, val, val_len)); } -int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, - int is_ca, int max_pathlen ) -{ +int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, + int is_ca, int max_pathlen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[9]; unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + memset(buf, 0, sizeof(buf)); - if( is_ca && max_pathlen > 127 ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); + if (is_ca && max_pathlen > 127) + return (MBEDTLS_ERR_X509_BAD_INPUT_DATA); - if( is_ca ) - { - if( max_pathlen >= 0 ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, - max_pathlen ) ); + if (is_ca) { + if (max_pathlen >= 0) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, + max_pathlen)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( &c, buf, 1 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( - mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, - MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), - is_ca, buf + sizeof(buf) - len, len ) ); + return ( + mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, + MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS), + is_ca, buf + sizeof(buf) - len, len)); } #if defined(MBEDTLS_SHA1_C) -int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ) -{ +int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); + memset(buf, 0, sizeof(buf)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_pk_write_pubkey(&c, buf, ctx->subject_key)); - ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, - buf + sizeof( buf ) - 20 ); - if( ret != 0 ) - return( ret ); - c = buf + sizeof( buf ) - 20; + ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len, + buf + sizeof(buf) - 20); + if (ret != 0) + return (ret); + c = buf + sizeof(buf) - 20; len = 20; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OCTET_STRING)); - return mbedtls_x509write_crt_set_extension( ctx, - MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + return mbedtls_x509write_crt_set_extension(ctx, + MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER), + 0, buf + sizeof(buf) - len, len); } -int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ) -{ +int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof( buf ); + unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); + memset(buf, 0, sizeof(buf)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_pk_write_pubkey(&c, buf, ctx->issuer_key)); - ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, - buf + sizeof( buf ) - 20 ); - if( ret != 0 ) - return( ret ); - c = buf + sizeof( buf ) - 20; + ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len, + buf + sizeof(buf) - 20); + if (ret != 0) + return (ret); + c = buf + sizeof(buf) - 20; len = 20; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); return mbedtls_x509write_crt_set_extension( - ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, - MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), - 0, buf + sizeof( buf ) - len, len ); + ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, + MBEDTLS_OID_SIZE(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER), + 0, buf + sizeof(buf) - len, len); } #endif /* MBEDTLS_SHA1_C */ -int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, - unsigned int key_usage ) -{ +int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, + unsigned int key_usage) { unsigned char buf[5], ku[2]; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE | - MBEDTLS_X509_KU_NON_REPUDIATION | - MBEDTLS_X509_KU_KEY_ENCIPHERMENT | - MBEDTLS_X509_KU_DATA_ENCIPHERMENT | - MBEDTLS_X509_KU_KEY_AGREEMENT | - MBEDTLS_X509_KU_KEY_CERT_SIGN | - MBEDTLS_X509_KU_CRL_SIGN | - MBEDTLS_X509_KU_ENCIPHER_ONLY | - MBEDTLS_X509_KU_DECIPHER_ONLY; + MBEDTLS_X509_KU_NON_REPUDIATION | + MBEDTLS_X509_KU_KEY_ENCIPHERMENT | + MBEDTLS_X509_KU_DATA_ENCIPHERMENT | + MBEDTLS_X509_KU_KEY_AGREEMENT | + MBEDTLS_X509_KU_KEY_CERT_SIGN | + MBEDTLS_X509_KU_CRL_SIGN | + MBEDTLS_X509_KU_ENCIPHER_ONLY | + MBEDTLS_X509_KU_DECIPHER_ONLY; /* Check that nothing other than the allowed flags is set */ - if( ( key_usage & ~allowed_bits ) != 0 ) - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + if ((key_usage & ~allowed_bits) != 0) + return (MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE); c = buf + 5; - ku[0] = (unsigned char)( key_usage ); - ku[1] = (unsigned char)( key_usage >> 8 ); - ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 ); + ku[0] = (unsigned char)(key_usage); + ku[1] = (unsigned char)(key_usage >> 8); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9); - if( ret < 0 ) - return( ret ); - else if( ret < 3 || ret > 5 ) - return( MBEDTLS_ERR_X509_INVALID_FORMAT ); + if (ret < 0) + return (ret); + else if (ret < 3 || ret > 5) + return (MBEDTLS_ERR_X509_INVALID_FORMAT); - ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), - 1, c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), + 1, c, (size_t)ret); + if (ret != 0) + return (ret); - return( 0 ); + return (0); } -int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, - unsigned char ns_cert_type ) -{ +int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, + unsigned char ns_cert_type) { unsigned char buf[4]; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; - ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 ); - if( ret < 3 || ret > 4 ) - return( ret ); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); + if (ret < 3 || ret > 4) + return (ret); - ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), - 0, c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), + 0, c, (size_t)ret); + if (ret != 0) + return (ret); - return( 0 ); + return (0); } -static int x509_write_time( unsigned char **p, unsigned char *start, - const char *t, size_t size ) -{ +static int x509_write_time(unsigned char **p, unsigned char *start, + const char *t, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( t[0] == '2' && t[1] == '0' && t[2] < '5' ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) t + 2, - size - 2 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_UTC_TIME ) ); - } - else - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) t, - size ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, - MBEDTLS_ASN1_GENERALIZED_TIME ) ); + if (t[0] == '2' && t[1] == '0' && t[2] < '5') { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) t + 2, + size - 2)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_UTC_TIME)); + } else { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, + (const unsigned char *) t, + size)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_GENERALIZED_TIME)); } - return( (int) len ); + return ((int) len); } -int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, + unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; size_t sig_oid_len = 0; @@ -346,17 +322,16 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, /* There's no direct way of extracting a signature algorithm * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ - if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) ) + if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) pk_alg = MBEDTLS_PK_RSA; - else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) ) + else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) pk_alg = MBEDTLS_PK_ECDSA; else - return( MBEDTLS_ERR_X509_INVALID_ALG ); + return (MBEDTLS_ERR_X509_INVALID_ALG); - if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { + return (ret); } /* @@ -364,38 +339,37 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, */ /* Only for v3 */ - if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 ) - { - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_x509_write_extensions( &c, - buf, ctx->extensions ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) { + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_x509_write_extensions(&c, + buf, ctx->extensions)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 3)); } /* * SubjectPublicKeyInfo */ - MBEDTLS_ASN1_CHK_ADD( pub_len, - mbedtls_pk_write_pubkey_der( ctx->subject_key, - buf, c - buf ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, + mbedtls_pk_write_pubkey_der(ctx->subject_key, + buf, c - buf)); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_x509_write_names( &c, buf, - ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_x509_write_names(&c, buf, + ctx->subject)); /* * Validity ::= SEQUENCE { @@ -404,93 +378,90 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, */ sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, - x509_write_time( &c, buf, ctx->not_after, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); + MBEDTLS_ASN1_CHK_ADD(sub_len, + x509_write_time(&c, buf, ctx->not_after, + MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); - MBEDTLS_ASN1_CHK_ADD( sub_len, - x509_write_time( &c, buf, ctx->not_before, - MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); + MBEDTLS_ASN1_CHK_ADD(sub_len, + x509_write_time(&c, buf, ctx->not_before, + MBEDTLS_X509_RFC5280_UTC_TIME_LEN)); len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); /* * Issuer ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, - ctx->issuer ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, + ctx->issuer)); /* * Signature ::= AlgorithmIdentifier */ - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_algorithm_identifier( &c, buf, - sig_oid, strlen( sig_oid ), 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_algorithm_identifier(&c, buf, + sig_oid, strlen(sig_oid), 0)); /* * Serial ::= INTEGER */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, - &ctx->serial ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&c, buf, + &ctx->serial)); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ /* Can be omitted for v1 */ - if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 ) - { + if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) { sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, - mbedtls_asn1_write_int( &c, buf, ctx->version ) ); + MBEDTLS_ASN1_CHK_ADD(sub_len, + mbedtls_asn1_write_int(&c, buf, ctx->version)); len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_len( &c, buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_len(&c, buf, sub_len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); /* * Make signature */ /* Compute hash of CRT. */ - if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, - len, hash ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, + len, hash)) != 0) { + return (ret); } - if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, - hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, + hash, 0, sig, &sig_len, + f_rng, p_rng)) != 0) { + return (ret); } /* Move CRT to the front of the buffer to have space * for the signature. */ - memmove( buf, c, len ); + memmove(buf, c, len); c = buf + len; /* Add signature at the end of the buffer, * making sure that it doesn't underflow * into the CRT buffer. */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, c, - sig_oid, sig_oid_len, sig, sig_len ) ); + MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c, + sig_oid, sig_oid_len, sig, sig_len)); /* * Memory layout after this step: @@ -501,43 +472,40 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, /* Move raw CRT to just before the signature. */ c = c2 - len; - memmove( c, buf, len ); + memmove(c, buf, len); len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); - return( (int) len ); + return ((int) len); } #define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n" #define PEM_END_CRT "-----END CERTIFICATE-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, - unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt, + unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen; - if( ( ret = mbedtls_x509write_crt_der( crt, buf, size, - f_rng, p_rng ) ) < 0 ) - { - return( ret ); + if ((ret = mbedtls_x509write_crt_der(crt, buf, size, + f_rng, p_rng)) < 0) { + return (ret); } - if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT, - buf + size - ret, ret, - buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, + buf + size - ret, ret, + buf, size, &olen)) != 0) { + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_PEM_WRITE_C */ diff --git a/common/mbedtls/x509write_csr.c b/common/mbedtls/x509write_csr.c index c7c8032be..0be337393 100644 --- a/common/mbedtls/x509write_csr.c +++ b/common/mbedtls/x509write_csr.c @@ -52,93 +52,84 @@ #define mbedtls_free free #endif -void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); +void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) { + memset(ctx, 0, sizeof(mbedtls_x509write_csr)); } -void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) -{ - mbedtls_asn1_free_named_data_list( &ctx->subject ); - mbedtls_asn1_free_named_data_list( &ctx->extensions ); +void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx) { + mbedtls_asn1_free_named_data_list(&ctx->subject); + mbedtls_asn1_free_named_data_list(&ctx->extensions); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr)); } -void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) -{ +void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg) { ctx->md_alg = md_alg; } -void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ) -{ +void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key) { ctx->key = key; } -int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, - const char *subject_name ) -{ - return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); +int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx, + const char *subject_name) { + return mbedtls_x509_string_to_names(&ctx->subject, subject_name); } -int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx, - const char *oid, size_t oid_len, - const unsigned char *val, size_t val_len ) -{ - return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, - 0, val, val_len ); +int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx, + const char *oid, size_t oid_len, + const unsigned char *val, size_t val_len) { + return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len, + 0, val, val_len); } -int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage ) -{ +int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage) { unsigned char buf[4]; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; - ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 ); - if( ret < 3 || ret > 4 ) - return( ret ); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8); + if (ret < 3 || ret > 4) + return (ret); - ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), - c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE), + c, (size_t)ret); + if (ret != 0) + return (ret); - return( 0 ); + return (0); } -int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, - unsigned char ns_cert_type ) -{ +int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx, + unsigned char ns_cert_type) { unsigned char buf[4]; unsigned char *c; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; c = buf + 4; - ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 ); - if( ret < 3 || ret > 4 ) - return( ret ); + ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8); + if (ret < 3 || ret > 4) + return (ret); - ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, - MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), - c, (size_t)ret ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE, + MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE), + c, (size_t)ret); + if (ret != 0) + return (ret); - return( 0 ); + return (0); } -static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, - unsigned char *buf, - size_t size, - unsigned char *sig, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, + unsigned char *buf, + size_t size, + unsigned char *sig, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; size_t sig_oid_len = 0; @@ -150,114 +141,110 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg ); + psa_algorithm_t hash_alg = mbedtls_psa_translate_md(ctx->md_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ c = buf + size; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf, - ctx->extensions ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf, + ctx->extensions)); - if( len ) - { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + if (len) { + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_oid( - &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_oid( + &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, + MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ))); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)); - MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, - buf, c - buf ) ); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key, + buf, c - buf)); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, - ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf, + ctx->subject)); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); /* * Sign the written CSR data into the sig buffer * Note: hash errors can happen only after an internal error */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) + return (MBEDTLS_ERR_X509_FATAL_ERROR); - if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS ) - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + if (psa_hash_update(&hash_operation, c, len) != PSA_SUCCESS) + return (MBEDTLS_ERR_X509_FATAL_ERROR); - if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len ) - != PSA_SUCCESS ) - { - return( MBEDTLS_ERR_X509_FATAL_ERROR ); + if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len) + != PSA_SUCCESS) { + return (MBEDTLS_ERR_X509_FATAL_ERROR); } #else /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); - if( ret != 0 ) - return( ret ); + ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash); + if (ret != 0) + return (ret); #endif - if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, + f_rng, p_rng)) != 0) { + return (ret); } - if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) ) + if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) pk_alg = MBEDTLS_PK_RSA; - else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) + else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) pk_alg = MBEDTLS_PK_ECDSA; else - return( MBEDTLS_ERR_X509_INVALID_ALG ); + return (MBEDTLS_ERR_X509_INVALID_ALG); - if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len)) != 0) { + return (ret); } /* * Move the written CSR data to the start of buf to create space for * writing the signature into buf. */ - memmove( buf, c, len ); + memmove(buf, c, len); /* * Write sig and its OID into buf backwards from the end of buf. @@ -265,76 +252,71 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed. */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, - mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len, - sig, sig_len ) ); + MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, + mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len, + sig, sig_len)); /* * Compact the space between the CSR data and signature by moving the * CSR data to the start of the signature. */ c2 -= len; - memmove( c2, buf, len ); + memmove(c2, buf, len); /* ASN encode the total size and tag the CSR data with it. */ len += sig_and_oid_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, - mbedtls_asn1_write_tag( - &c2, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, + mbedtls_asn1_write_tag( + &c2, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); /* Zero the unused bytes at the start of buf */ - memset( buf, 0, c2 - buf); + memset(buf, 0, c2 - buf); - return( (int) len ); + return ((int) len); } -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, + size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret; unsigned char *sig; - if( ( sig = mbedtls_calloc( 1, MBEDTLS_PK_SIGNATURE_MAX_SIZE ) ) == NULL ) - { - return( MBEDTLS_ERR_X509_ALLOC_FAILED ); + if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) { + return (MBEDTLS_ERR_X509_ALLOC_FAILED); } - ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng ); + ret = x509write_csr_der_internal(ctx, buf, size, sig, f_rng, p_rng); - mbedtls_free( sig ); + mbedtls_free(sig); - return( ret ); + return (ret); } #define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" #if defined(MBEDTLS_PEM_WRITE_C) -int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ +int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t olen = 0; - if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size, - f_rng, p_rng ) ) < 0 ) - { - return( ret ); + if ((ret = mbedtls_x509write_csr_der(ctx, buf, size, + f_rng, p_rng)) < 0) { + return (ret); } - if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR, - buf + size - ret, - ret, buf, size, &olen ) ) != 0 ) - { - return( ret ); + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR, + buf + size - ret, + ret, buf, size, &olen)) != 0) { + return (ret); } - return( 0 ); + return (0); } #endif /* MBEDTLS_PEM_WRITE_C */ diff --git a/common/mbedtls/xtea.c b/common/mbedtls/xtea.c index 4b8c9c077..4ff9c8529 100644 --- a/common/mbedtls/xtea.c +++ b/common/mbedtls/xtea.c @@ -60,116 +60,100 @@ } #endif -void mbedtls_xtea_init( mbedtls_xtea_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_xtea_context ) ); +void mbedtls_xtea_init(mbedtls_xtea_context *ctx) { + memset(ctx, 0, sizeof(mbedtls_xtea_context)); } -void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) -{ - if( ctx == NULL ) +void mbedtls_xtea_free(mbedtls_xtea_context *ctx) { + if (ctx == NULL) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_xtea_context)); } /* * XTEA key schedule */ -void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ) -{ +void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16]) { int i; - memset( ctx, 0, sizeof(mbedtls_xtea_context) ); + memset(ctx, 0, sizeof(mbedtls_xtea_context)); - for( i = 0; i < 4; i++ ) - { - GET_UINT32_BE( ctx->k[i], key, i << 2 ); + for (i = 0; i < 4; i++) { + GET_UINT32_BE(ctx->k[i], key, i << 2); } } /* * XTEA encrypt function */ -int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode, - const unsigned char input[8], unsigned char output[8]) -{ +int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx, int mode, + const unsigned char input[8], unsigned char output[8]) { uint32_t *k, v0, v1, i; k = ctx->k; - GET_UINT32_BE( v0, input, 0 ); - GET_UINT32_BE( v1, input, 4 ); + GET_UINT32_BE(v0, input, 0); + GET_UINT32_BE(v1, input, 4); - if( mode == MBEDTLS_XTEA_ENCRYPT ) - { + if (mode == MBEDTLS_XTEA_ENCRYPT) { uint32_t sum = 0, delta = 0x9E3779B9; - for( i = 0; i < 32; i++ ) - { + for (i = 0; i < 32; i++) { v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); sum += delta; - v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); + v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum >> 11) & 3]); } - } - else /* MBEDTLS_XTEA_DECRYPT */ - { + } else { /* MBEDTLS_XTEA_DECRYPT */ uint32_t delta = 0x9E3779B9, sum = delta * 32; - for( i = 0; i < 32; i++ ) - { - v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); + for (i = 0; i < 32; i++) { + v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum >> 11) & 3]); sum -= delta; v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); } } - PUT_UINT32_BE( v0, output, 0 ); - PUT_UINT32_BE( v1, output, 4 ); + PUT_UINT32_BE(v0, output, 0); + PUT_UINT32_BE(v1, output, 4); - return( 0 ); + return (0); } #if defined(MBEDTLS_CIPHER_MODE_CBC) /* * XTEA-CBC buffer encryption/decryption */ -int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, - unsigned char iv[8], const unsigned char *input, - unsigned char *output) -{ +int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx, int mode, size_t length, + unsigned char iv[8], const unsigned char *input, + unsigned char *output) { int i; unsigned char temp[8]; - if( length % 8 ) - return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH ); + if (length % 8) + return (MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH); - if( mode == MBEDTLS_XTEA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - mbedtls_xtea_crypt_ecb( ctx, mode, input, output ); + if (mode == MBEDTLS_XTEA_DECRYPT) { + while (length > 0) { + memcpy(temp, input, 8); + mbedtls_xtea_crypt_ecb(ctx, mode, input, output); - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); + for (i = 0; i < 8; i++) + output[i] = (unsigned char)(output[i] ^ iv[i]); - memcpy( iv, temp, 8 ); + memcpy(iv, temp, 8); input += 8; output += 8; length -= 8; } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); + } else { + while (length > 0) { + for (i = 0; i < 8; i++) + output[i] = (unsigned char)(input[i] ^ iv[i]); - mbedtls_xtea_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 8 ); + mbedtls_xtea_crypt_ecb(ctx, mode, output, output); + memcpy(iv, output, 8); input += 8; output += 8; @@ -177,7 +161,7 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, } } - return( 0 ); + return (0); } #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* !MBEDTLS_XTEA_ALT */ @@ -188,24 +172,34 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, * XTEA tests vectors (non-official) */ -static const unsigned char xtea_test_key[6][16] = -{ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 } +static const unsigned char xtea_test_key[6][16] = { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f + }, + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f + }, + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f + }, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + }, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + }, + { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + } }; -static const unsigned char xtea_test_pt[6][8] = -{ +static const unsigned char xtea_test_pt[6][8] = { { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, @@ -214,8 +208,7 @@ static const unsigned char xtea_test_pt[6][8] = { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } }; -static const unsigned char xtea_test_ct[6][8] = -{ +static const unsigned char xtea_test_ct[6][8] = { { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, @@ -227,43 +220,40 @@ static const unsigned char xtea_test_ct[6][8] = /* * Checkup routine */ -int mbedtls_xtea_self_test( int verbose ) -{ +int mbedtls_xtea_self_test(int verbose) { int i, ret = 0; unsigned char buf[8]; mbedtls_xtea_context ctx; - mbedtls_xtea_init( &ctx ); - for( i = 0; i < 6; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " XTEA test #%d: ", i + 1 ); + mbedtls_xtea_init(&ctx); + for (i = 0; i < 6; i++) { + if (verbose != 0) + mbedtls_printf(" XTEA test #%d: ", i + 1); - memcpy( buf, xtea_test_pt[i], 8 ); + memcpy(buf, xtea_test_pt[i], 8); - mbedtls_xtea_setup( &ctx, xtea_test_key[i] ); - mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf ); + mbedtls_xtea_setup(&ctx, xtea_test_key[i]); + mbedtls_xtea_crypt_ecb(&ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf); - if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + if (memcmp(buf, xtea_test_ct[i], 8) != 0) { + if (verbose != 0) + mbedtls_printf("failed\n"); ret = 1; goto exit; } - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); + if (verbose != 0) + mbedtls_printf("passed\n"); } - if( verbose != 0 ) - mbedtls_printf( "\n" ); + if (verbose != 0) + mbedtls_printf("\n"); exit: - mbedtls_xtea_free( &ctx ); + mbedtls_xtea_free(&ctx); - return( ret ); + return (ret); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/common/mbedtls/xtea.h b/common/mbedtls/xtea.h index 473dd4b79..0b7714e4f 100644 --- a/common/mbedtls/xtea.h +++ b/common/mbedtls/xtea.h @@ -50,8 +50,7 @@ extern "C" { /** * \brief XTEA context structure */ -typedef struct mbedtls_xtea_context -{ +typedef struct mbedtls_xtea_context { uint32_t k[4]; /*!< key */ } mbedtls_xtea_context; @@ -65,14 +64,14 @@ mbedtls_xtea_context; * * \param ctx XTEA context to be initialized */ -void mbedtls_xtea_init( mbedtls_xtea_context *ctx ); +void mbedtls_xtea_init(mbedtls_xtea_context *ctx); /** * \brief Clear XTEA context * * \param ctx XTEA context to be cleared */ -void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); +void mbedtls_xtea_free(mbedtls_xtea_context *ctx); /** * \brief XTEA key schedule @@ -80,7 +79,7 @@ void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); * \param ctx XTEA context to be initialized * \param key the secret key */ -void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ); +void mbedtls_xtea_setup(mbedtls_xtea_context *ctx, const unsigned char key[16]); /** * \brief XTEA cipher function @@ -92,10 +91,10 @@ void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] * * \return 0 if successful */ -int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, - int mode, - const unsigned char input[8], - unsigned char output[8] ); +int mbedtls_xtea_crypt_ecb(mbedtls_xtea_context *ctx, + int mode, + const unsigned char input[8], + unsigned char output[8]); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** @@ -111,12 +110,12 @@ int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, * \return 0 if successful, * MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 */ -int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output); +int mbedtls_xtea_crypt_cbc(mbedtls_xtea_context *ctx, + int mode, + size_t length, + unsigned char iv[8], + const unsigned char *input, + unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_SELF_TEST) @@ -126,7 +125,7 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_xtea_self_test( int verbose ); +int mbedtls_xtea_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */